Facebook-f Twitter Linkedin
Anti Corruption Consultants Australia Logo

Code of Conduct

Guidance on developing, reviewing and implementing Codes of Conduct, including behavioural standards, conflicts of interest, ethical decision making, complaints and investigations for councils, government and businesses.

Why Every Small Business Needs a Code of Conduct (Before It’s Too Late)

by

Why every small business needs a Code of Conduct—Most Don’t have one

Many small and medium-sized businesses (SMEs) run on trust. Owners know their staff; small teams work closely together. As a result, many business owners believe formal policies or a Code of Conduct are unnecessary.

Workplace investigations and tribunal decisions reveal this approach can expose a business to major legal and financial risks.

The reality is simple:

If you employ people, you must have clear behaviour rules.

That is exactly what a Code of Conduct does.

This article explains why a Code of Conduct matters for SMEs, what happens without one, and where many small businesses go wrong.

What is a Code of conduct?

A Code of Conduct defines the expected standards of workplace behaviour. It typically covers issues like:

  • Bullying
  • Sexual harassment
  • Discrimination
  • Conflicts of interest
  • Theft and fraud
  • Use of company property
  • Social media behaviour
  • Confidential information
  • Workplace safety
  • Reporting misconduct

For small businesses, a Code of Conduct can be brief and simple. But it must clearly define what employees can and cannot do.

Equally importantly, it must explain:

  • What happens if someone breaches the Code
  • How to report a problem
  • How the business will investigate complaints

Do small businesses really have codes of conduct?

Research shows many small businesses lack a formal Code of Conduct or workplace policies.

This is rarely because business owners are careless. Usually because:

  • They think policies are only for large corporations
  • They depend on “common sense”
  • They believe problems will not happen in a small team
  • They do not know what policies they are legally expected to have
  • They do not know how to write policies
  • They do not know how to investigate complaints properly

Workplace complaints are common in small businesses, especially involving:

  • Bullying
  • Sexual harassment
  • Theft
  • Fraud
  • Conflicts between employees
  • Misuse of company money or resources

When these issues arise without a Code of Conduct or policies, the business is exposed.

The Biggest Mistake SMEs Make

Many small businesses with policies make an important mistake:

They have policies but fail to implement them.

Workplace decisions and investigations repeatedly face the same problems:

  • Employees say they never saw the policy
  • No training was provided
  • Policies were not explained at induction
  • The policy was written but never used
  • Complaints were handled informally
  • The business owner tried to investigate without training
  • No records were kept
  • Different employees were treated differently
  • The business could not show it followed a proper process

Legally, a policy not communicated and enforced is nearly the same as having no policy.

Why a Code of Conduct protects a business

A Code of Conduct is more than just rules. It is about safeguarding the business.

If a bullying or sexual harassment claim arises, one of the first questions will be:

“What did the business do to prevent this behaviour?”

A business must show it:

  • Had a Code of Conduct
  • Had bullying and sexual harassment policies
  • Trained staff
  • Had a complaint procedure
  • Investigated complaints properly
  • Acted when misconduct was found

Without these, a business struggles to defend a claim.

This is why a Code of Conduct is not just an HR document — it is a risk management tool.

Small business owners often try to handle complaints themselves

This is yet another high-risk zone.

In a small business, the owner, or manager often:

  • Knows both people involved
  • Wants to fix the problem quickly
  • Tries to “have a chat” to sort it out
  • Does not document the process
  • Does not interview witnesses properly
  • Does not follow procedural fairness
  • Decides without proper evidence

This can make the situation worse and expose the business to claims of:

  • Unfair dismissal
  • Bullying
  • Failure to investigate properly
  • Bias
  • Victimisation

Many SMEs now hire external investigators—not because of the complexity, but because the risk is high.

The cost of not having a Code of Conduct

For SMEs, lacking a Code of Conduct or workplace policies risks:

  • Unfair dismissal claims
  • Bullying claims
  • Sexual harassment claims
  • General protections claims
  • Workers compensation stress claims
  • Staff resignations
  • Loss of reputation
  • Time spent dealing with complaints instead of running the business
  • Legal costs
  • Settlement payments

Most of these problems cost far more than putting proper policies and training into practice.

The policies a small business must have

Every SME should have at a minimum:

  1. Code of Conduct
  2. Bullying Policy
  3. Sexual Harassment Policy
  4. Discrimination Policy
  5. Complaint Handling Procedure
  6. Workplace Investigation Procedure
  7. Disciplinary Procedure
  8. Conflict of Interest Policy
  9. Fraud and Theft Policy (especially for staff handling money)
  10. Social Media Policy

These need not be long or complicated.

But they must exist, be explained to staff, and be used when needed.

Final Thoughts

The Code of Conduct and policies must exist, be explained to staff, and used when needed.

Many companies do not realise how vulnerable they are when things go wrong at work.

A Code of Conduct and workplace policies are more than just paperwork.

They protect the business, the owner, and the employees.

From my experience investigating workplace complaints, the businesses that struggle most are not those with the worst behaviour — they are the ones with:

  • No policies
  • No training
  • No investigation process
  • No documentation
  • No understanding of their legal obligations

These problems can be fixed.

With the right policies, training, and investigation processes, a small business can significantly reduce its risk and handle problems properly when they arise.

As a small business, you need:

  • A Code of Conduct
  • Workplace policies
  • Training for managers on handling complaints
  • Workplace investigation services
  • Advice on bullying, sexual harassment, fraud, or misconduct investigations

If you have none of these, then contact ACCA ([email protected]). I can help protect you, your business, and your employees by ensuring you have the proper policies and ensuring matters are handled properly, fairly, and legally.

 

Why Every SME Must Have a Code of Conduct: A Governance, Compliance, and Risk Management Necessity

by
Code of conduct and business risk

Why Every SME Must Have a Code of Conduct: A Governance, Compliance, and Risk Management Necessity

One of the most common and dangerous gaps I see when working with small and medium-sized enterprises (SMEs) is the complete absence of a Code of Conduct, or a document so outdated or generic that it is effectively useless. Many SME owners believe a Code of Conduct is something only large corporations, government departments, or highly regulated industries need. That belief is not only incorrect—it is risky.

A Code of Conduct is not a “nice to have” document. It is one of the most important governance, compliance, and risk management tools an organisation can implement. Without it, organisations risk misconduct, workplace disputes, bullying and harassment claims, fraud, conflicts of interest, reputational damage, and sometimes legal liability.

A Code of Conduct defines the expected behaviour within an organisation to ensure compliance and good governance. It tells employees what they can and cannot do, what they must do, what their rights are, and what will happen if the rules are broken. Without clear rules, organisations create situations where bad behaviour can happen because no one has clearly explained the rules.

The Situation in Small and Medium-sized Enterprises: “We’ve Never Had One and We’re Fine”

I often hear this when doing compliance checks or workplace investigations in small and medium-sized businesses. This sentence is often said right before a serious problem happens at work, such as bullying, harassment, theft, fraud, conflicts of interest, or serious wrongdoing by a manager or longtime employee.

Just because there is no Code of Conduct does not mean people are not behaving badly. It usually means the organisation has no framework for dealing with it when it happens.

It means the organisation does not have a plan for handling it when it happens.

If you have never told employees the rules, it is hard to punish someone for breaking them.

This is where many small and medium-sized businesses risk unfair dismissal claims, general protection claims, and workplace disputes that could have been prevented with a clear and well-communicated Code of Conduct.

A Code of Conduct Protects Both the Employer and the Employee

Many people mistakenly believe that a Code of Conduct protects the employer. A Code of Conduct protects both the organisation and its workers.

For employees, a Code of Conduct shows:

  • What behaviour is expected in the workplace
  • What behaviour is unacceptable
  • Their right to a safe workplace
  • Their right to report inappropriate behaviour
  • How complaints will be handled
  • Protection from retaliation or victimisation
  • Expectations around confidentiality
  • Conflicts of interest requirements
  • Use of company property and systems
  • Social media behaviour
  • Workplace health and safety obligations

For employers, a Code of Conduct means:

  • Sets behavioural standards
  • Supports disciplinary action when misconduct occurs
  • Demonstrates compliance with workplace laws
  • Reduces legal risk
  • Supports workplace investigations
  • Provides a framework for managing complaints
  • Demonstrates governance and leadership
  • Protects organisational reputation
  • Helps create a respectful workplace culture

A Code of Conduct shows that an organisation has told its staff what behaviour is expected. This is especially important if the organisation ever has to explain a decision in a tribunal, court, or regulatory investigation.

Misconduct Thrives in Silence and Uncertainty

A major cause of bad behaviour at work is unclear expectations, not bad people. When employees are not clearly told what counts as bullying, harassment, conflicts of interest, fraud, or misuse of company resources, they often make their own decisions about it. That judgement does not always match legal or organisational expectations.

I have noticed situations where workers:

  • Awarded contracts to friends because no conflict of interest policy existed
  • Used company vehicles for personal business because no policy said they could not
  • Sent inappropriate messages to coworkers, thinking it was “just a joke”
  • Accessed confidential information because no one told them it was restricted
  • Engaged in secondary employment that directly conflicted with their employer’s interests

In many of these cases, the employee’s initial reaction during an investigation is: “No one ever told me I couldn’t do that.”

Sometimes they are correct.

This is why a Code of Conduct is more than just a document; it helps manage risks.

A Code of Conduct is a Key Part of Compliance and Risk Management Frameworks

If an organisation genuinely wants to follow rules, manage risks, and have good leadership, it needs a Code of Conduct along with other important policies such as:

  • Workplace Behaviour Policy
  • Bullying and Harassment Policy
  • Sexual Harassment Policy
  • Conflict of Interest Policy
  • Whistleblower Policy
  • Fraud and Corruption Control Policy
  • Workplace Health and Safety Policy
  • Social Media Policy
  • Complaint Handling Procedure
  • Workplace Investigation Procedure

These documents combine to create rules that keep the organisation and its workers safe.

Small and medium-sized businesses that want to grow, bid for government contracts, get certified, or show good corporate governance often need to have a Code of Conduct. Many government contracts and ISO standards now require organisations to show they have ethical conduct systems and behaviour rules.

In other words, if your organisation wants to grow, having a Code of Conduct is now required.

Culture is Driven by What Leadership Tolerates

A Code of Conduct is also a guide for leaders. It shapes the workplace atmosphere. It tells employees what leadership cares about and what it will not accept.

If a company does not have a Code of Conduct, employees will observe how leaders act and think that is the normal way to behave. If managers bully staff, ignore complaints, swear at employees, or treat some people better than others, that becomes the workplace culture, even if leaders did not mean for it to happen.

A well-constructed Code of Conduct communicates:

  • This defines us.
  • This is how we act.
  • We will not accept this.
  • That is a strong tool for managing and leading.

A Code of Conduct is Critical During Workplace Investigations

From an investigation point of view, a Code of Conduct is one of the most important documents for evaluating claims. Investigators determine whether the behaviour broke the rules. Did it breach the

  • The Code of Conduct
  • Workplace policies
  • Employment contracts
  • Legislation
  • Reasonable and lawful directions

If there is no Code of Conduct, investigators must use more general rules like “reasonable behaviour,” which are harder to support in court.

A clear Code of Conduct helps identify things like:

  • Breach of the Code of Conduct
  • Failure to follow a lawful and reasonable direction
  • Conflict of interest not declared
  • Bullying behaviour in breach of workplace policy
  • Harassment in breach of workplace policy
  • Misuse of company resources
  • Breach of confidentiality

This makes disciplinary decisions easier to justify and lowers the risk for the organisation.

Communication is Just as Important as the Document

One of the biggest mistakes organisations make is making a Code of Conduct and then storing it somewhere no one looks at, like a drawer or shared drive.

A Code of Conduct must be:

  • Provided to all employees
  • Explained during induction
  • Reinforced through training
  • Signed or acknowledged by the employees
  • Reviewed regularly
  • Applied consistently

If a Code of Conduct is not shared and followed, it has no value for compliance.

Final Thoughts: Prevention is Always Cheaper Than Investigation

Workplace investigations cost a lot, take a long time, cause stress for employees, and can be risky for companies. Legal expenses, lost work time, harm to reputation, and time spent by managers can be substantial.

A Code of Conduct is an easy and effective way to stop workplace problems before they begin. It sets clear expectations, offers guidance, helps managers, protects employees, and lowers the risk for the organisation.

From the standpoint of following rules, managing governance, and handling risks, the question should not be:

“Do we really need a Code of Conduct?”

The real question should be:

“Can we afford not to have one?”

For small and medium-sized businesses, a Code of Conduct is not just paperwork—it is a useful tool to protect the company, its workers, and its leaders.

In today’s workplaces, where rules, behaviour, and company culture are closely watched, having a clear, easy-to-understand, and well-shared Code of Conduct is essential.

It is essential.

When Employers Fail – The Discipline Process

by
When Employers Fail – The Discipline Process

How Should Employers Respond to Misconduct Allegations?

Employers must act appropriately when investigating allegations of misconduct. The application of procedural fairness is essential when conducting such investigations.

Case Study Example

The Fair Work Commission examined this concept in Deng v Westpac Banking Corporation (30/11/18).

Mr Deng was, at the relevant time, employed as a Mobile Lending Manager with Westpac. Westpac terminated his services because of breaches of the Code of Conduct, the Westpac Group Technology Code of Use, and Mr Deng’s attestation certificate.

The Commission considered the investigation process. It was determined Westpac sent a letter to Mr Deng advising him to report for an interview the following day. The interview was deferred one day to allow Mr Deng’s wife to act as a support person. The letter included limited advice as to the alleged misconduct.

He was interviewed for five hours with only two short breaks. Neither he nor his wife were offered any food, tea or coffee during the interview process.

Approximately five weeks later he received a notice of advice of intention to terminate employment. This notice addressed, in detail, eight allegations reaching a determination that each one had been substantiated.

He was given one day to respond to the letter. He did so and provided a further explanation as to his conduct.

Commissioner Riordan determined Westpac did have the right to terminate employment. However, the Commissioner highlighted inappropriate conduct by Westpac employees. He referred to the interview process as a “Star Chamber”. The investigation process was, in his opinion, “flawed”. He highlighted that the investigator did not make any enquiries relative to any information provided by Mr Deng.

There was no independent review of the report provided by the investigator – Westpac accepted the report without questioning any of the findings. It was the opinion of the Commissioner that the investigation was, at best, nothing more than a statement of the “opinion” of the investigator. There was no attempt to obtain any form of corroboration or to conduct any enquiries in relation to any of the responses provided by Mr Deng.

The Commissioner highlighted the lack of procedural fairness. He stated the method of interview (five hours without a substantive break) was inappropriate. Providing only one day for Mr Deng to respond to the “Intent to terminate employment” notice was not in accordance with procedural fairness.

The Commissioner highlighted that “innuendo and assumption are poor substitutes for primary evidence”.

The Commissioner directed that Mr Deng should be reinstated.

What can we learn from this?

This decision highlights the complexities of conduct investigations. They should only be conducted by experienced personnel who are fully aware of the evidentiary requirements, the need to explore all relevant avenues and the essential need to provide the respondent with procedural fairness at all stages of the investigation.

It is important to appreciate that conduct investigations have the potential to impact on the respondent, his or her family, the organisation and other employees within the organisation. If they are not conducted in accordance with administrative guidelines, then these investigations can destroy lives.

ACCA is experienced in these investigations and can provide independent advice and expertise.

FREE Fraud Health Check for Small Businesses

Think you might be the Victim of Fraud? 

Fill out the form below to get sent our free survey that provides you with an indication of the potential vulnerability of your business to fraudulent activities.

    FREE Fraud Health Check for Businesses

    Think you might be the Victim of Fraud? 

    Fill out the form below to get sent our free survey that provides you with an indication of the potential vulnerability of your business to fraudulent activities.