Page 203 - COSO Guidance Book
P. 203
The leaders’ attitudes toward risk and their conservative or aggressive positions on estimates or
policy choices and degree of formality (in a small family business, for example, controls may be more
informal) all set the tone of the organization. Personal indiscretions, lack of receptiveness to bad
news, or unfairly balanced compensation practices could influence the culture and ultimately provide
an incentive for inappropriate conduct. In contrast, a history of ethical and responsible behavior by
management and the board of directors and demonstrated commitment to addressing misconduct
send strong messages in support of integrity. Employees are likely to develop the same attitudes
about right and wrong — and about risks and controls — as those shown by management. Individual
behavior is often influenced by the knowledge that the CEO has behaved ethically when faced with a
tough business-based or personal decision and that all managers have taken timely action to address
misconduct.
Point of focus — Establishes standards of conduct
The expectations of the board of directors (those charged with governance) and senior management
concerning integrity and ethical values are defined in the entity’s standards of conduct and
understood at all levels of the organization and by outsourced service providers and business
partners.
Standards of conduct guide the organization in behavior, activities, and decisions in the pursuit of
objectives by
– establishing what is right and wrong;
– providing guidance for what lies in between; and
– reflecting governing laws, rules, regulations, standards, and other expectations that the
organization’s stakeholders may have, such as corporate social responsibility.
The organization demonstrates its commitment to integrity and ethical values by applying the
standards of conduct and continually asking challenging questions, particularly when faced with
difficult decisions.
Additionally, all employees and outside service providers might be required to sign an annual
statement that they understand and will comply with the entity’s standards of conduct.
Point of focus — Evaluates adherence to standards of conduct
Processes are in place to evaluate employees’ performance with respect to the entity’s standards of
conduct.
For example, consider an entity that is a small community bank with 10 branches. This community
bank has a policy that if there is a relationship between a loan officer and a loan applicant, then the
loan officer must recuse himself from making lending decisions. The bank’s policy manual provides
the following example of an improper relationship:
The loan officer’s child’s soccer coach is applying for a loan. The bank’s policy manual states that
it might appear that a loan was made based on this relationship rather than objective lending
criteria. There might be an expectation of a quid pro quo: if the loan officer approves the loan,
then the loan officer might expect more favorable treatment for the child, such as more play time.
If a branch manager becomes aware that this policy was violated, then the branch manager,
based on the bank’s policy, would report this violation from the established standard lending
policy to senior management for appropriate action.
© 2020 Association of International Certified Professional Accountants. All rights reserved. 3-5
