This idea of integrity and ethical values is not unique to the government contracting environment. Auditors performing financial audits are equally concerned about internal control systems in general and integrity and ethics in particular. Management must "set the tone at the top". Management must convey the message that integrity and ethical values cannot be compromised, and employees must receive and understand that message through continuous demonstration of words, actions, and commitment to high ethical standards.
Following are just a few of the audit steps that an auditor will walk through to assess the adequacy of a contractor's integrity and ethical values.
- Verify the existence of a written code of conduct and review the contents to ensure it addresses ethical business practices, conflicts of interest, and expected standards of ethical and moral behavior. The code should cover dealings with customers, suppliers, employees, and other parties (required by FAR 52.203-13(b)(1)).
- Obtain evidence that the code of conduct was made available to each employee (see FAR 52.203-13(b)(1)). Verify that written codes of conduct
- (a) are periodically communicated to all employees,
- (b) are formally acknowledged, and
- (c) cite consequences for violations.
- Perform procedures to ascertain that the requirements in FAR 52.203-13, Contractor Code of Business Ethics and Conduct, and FAR 52.203-14, Display of Hotline Poster are being followed.
- Verify that the business ethics awareness and compliance program includes an ethics training program for all principals and employees.
- Verify that the contractor performs periodic reviews (i.e., at least annually) of company business practices, procedures, and internal controls for compliance with the contractor’s code of business ethics and conduct and special requirements of Government contracting, including the specific requirements in FAR 52.203-13(c)(2)(ii)(C).
- Verify that the contractor has an internal reporting mechanism, such as a hotline, which allows for anonymity or confidentiality, by which employees may report suspected instances of improper conduct, and instructions that encourage employees to make such reports (see FAR 52.203-13(c)(2)(ii)(D)).