Publicly traded companies abide by stringent governance practices. This compliance is, in part, due to regulations such as the Sarbanes-Oxley Act of 2002 (SOX). While SOX’s reach does not extend directly to privately held companies, many small and closely held companies have adopted some of its provisions nonetheless. Sometimes referred to as “SOX lite,” these best practices include developing written governance policies.
The reasoning is sound: Putting governance policies in writing keeps everyone on the same page. Clear governance policies also provide the transparency that banks, private equity firms, and other financial sources seek these days.
With that in mind, consider putting pen to paper on these three governance policies that are wise for companies of any size.
Code of Ethics
A code of ethics (or code of conduct) can be short and pithy or long and detailed. Verizon’s corporate code of conduct, for example, contains almost 40 pages of rules and guidelines. By contrast, Kraft Foods’ code of conduct consists of 10 short rules —including “Make food that is safe to eat,” “Compete fairly,” and “Keep honest books and records.”
Whatever its length, an ethics policy should define expectations for corporate behavior. It should also provide concrete examples of acceptable conduct in areas such as:
- Confidentiality. What information can and cannot be shared with other employees? What are the specific requirements regarding sharing information with someone outside of the company, including the media?
- Relationships with customers and suppliers. Are certain types of professional and personal relationships unacceptable? If so, how and when must they be disclosed? What are the ramifications?
- Conflicts of interest. Define what constitutes a conflict of interest and provide examples of potential triggers (e.g., a related-party transaction between the company and a director). Also, establish policies for reviewing and addressing potential conflicts before they happen.
Document Retention & Destruction Policy
It makes sense to have a management policy for paper and electronic records. In particular, a sound document retention policy can help companies comply with state and federal employment laws that, among other things, require employers to maintain payroll records for certain periods of time.
A policy should include:
- Timelines for keeping documents. This part of the policy can be a list of document categories (such as financial, personnel, contracts, and leases) along with each category’s length of retention.
- Guidelines for disposal and destruction. By using a documented disposal procedure for records that are no longer needed or required by law, a company may be more prepared to defend itself against any allegations that an employee purged documents in a manner that violated guidelines.
- Procedures for halting document destruction. If the organization comes under investigation by a law enforcement agency or a subpoena, then the document retention policy should have provisions for suspending and resuming routine document destruction procedures.
Download CRI’s record retention schedule to learn what timelines work best for your organization.
A written whistleblower policy creates outlines procedures by which employees can safely report unethical activity to management. A whistleblower policy should contain the following:
- Formal mechanisms for reporting violations. Effective methods include anonymous fraud hotlines and mailboxes.
- A process for voicing concerns. Establish a chain of command that begins with a particular contact person in the organization (e.g., a human resources professional) to whom whistleblowers should report.
- A clear message that no employee who speaks up will face retaliation. In addition to noting that whistleblowers will not face punishment, the policy should also outline consequences for those who try to retaliate.
Governance Policies by the Book
Creating written governance policies (and training employees to make sure they operate “by the book”) can go a long way in running your company more efficiently and effectively. Contact your CRI advisor to discuss governance practices that can take your organization to the next level – hopefully a “happily ever after” level.