Is your supply chain ethical as well as efficient? (page 1 of 3)

The Sarbanes Oxley Act became law in July 2002 and introduced major new requirements for companies listed on a US Stock Exchange.

The changes introduced are numerous and range from the composition and remuneration of the board to the need attest to the adequacy of internal controls - section 404 requires companies to: "state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting."

Not surprisingly, the majority of attention has been focused on the accounting accuracy and transparency of company results, but attention is being placed increasingly on the company's total corporate governance.

There are many different definitions of corporate governance. In essence, however, corporate governance is about management mitigating risks to shareholder value. It should therefore include: managing operational risk and reducing accounting surprises; compliance with laws and regulations; promoting and assuring ethical business conduct in order to protect the "brand value" of the business.

In other words, corporate governance means managing risks that could damage shareholder and stakeholder value. Standard and Poors, which undertakes corporate governance evaluations, states in its Criteria, Methodology And Definitions : "Increasingly, the debate on corporate governance extends beyond a company's own shareholders to include other stakeholders such as creditors, employees, customers, the environment and the local community."

The United States Sentencing Commission issued proposed changes last December to the Federal Sentencing Guidelines. The effect of these proposals is to "emphasise the importance of expanding the compliance standard to better address a corporation's ethical culture; establish the governance and oversight responsibilities of the board and senior management; frame the need for appropriate resources and authority; and recommend that companies conduct ongoing risk assessments to form the basis for continuous improvement of their compliance programmes."

The proposed amendments also address the responsibility of the company beyond the actions of its own employees. They expand the scope of the objective of a compliance programme by defining the term "violation of law" more broadly than in the current guidelines, which refer only to violations of criminal law and prevention of criminal conduct. They also expand the objective of a compliance programme more broadly to include prevention and detection of "violations of any law, whether criminal or noncriminal (including a regulation), for which the organization is, or would be, liable".

The proposed changes retain the requirement that an organization exercise due diligence to prevent and detect violations of law, and add the requirement that an organization shall also "otherwise promote an organizational culture that encourages a commitment to compliance with the law". This is intended to reflect the emphasis on ethics and values incorporated into recent legislative and regulatory reforms, as well as the proposition that compliance with all laws is the expected behaviour within organisations.

In its white paper2 aboveIntegrity-Driven Performance, PwC stresses the importance of ethics: "Culture. Integrity. Ethics. Many have the impression that these soft elements are nice concepts but are not hard-hitting topics having any real bearing on risk, performance and value. The reality is that they are the foundation for both sustainable value and an integrated approach to Governance, Risk and Compliance."

These values are of course not new but as companies have striven to survive the recent economic downturns their attention has been more focused on "harder" measures such as revenue growth and profitability.