Big4Guy

Section 406 of the Sarbanes Oxley Act requires companies to disclose in its annual reports whether or not it has adopted a code of ethics for its CEO, CFO, CAO or controller and persons performing similar functions. If the company has not adopted such a code of ethics, it has to explain reasons for the same. One of my friends in SEC believes that in case of any ethical issues the company's CEO is the person responsible. I agree with him, but my view is the resposniblity has to go beyond the CEO and should extend to all high level company executives.

A “Code of Ethics” means standards reasonably necessary to deter wrongdoing and to promote -

(a) honest and ethical conduct,
(b) avoidance of conflicts of interest,
(c) full, fair, accurate, timely and understandable disclosures in reports and documents,
(d) compliance with applicable rules and regulations,
(e) prompt internal reporting of code violations and
(f) accountability for adherence to the Code.

Going further, the SOX Act also specifies that the code of ethics should be made available to the public in any one of the following ways:

1. filed as an exhibit to the company’s annual report (i.e. Form 10 K)
2. posted on website with notation in Form 10 K or
3. undertaking in Form 10 K to provide copy upon request

Now here's my opinion, If one does a through reading of this section, one finds that SEC has intentionally not described details a company must address in its code of ethics. But, SEC encourages companies to adopt Codes of Ethics which are broader in purview rather than a narrow code which fails to serve the purpose.

More on Sarbanes Oxley >>

COSO Framework , Guidance for Small Public Companies