Code of conduct in control systems of service providing SMEs in the Netherlands.

MASTER THESIS

Code of conduct in control systems of

service providing SMEs in the Netherlands

Author: Syske van Denzen

Student number: 0593370

Version: Draft 6.0

Submitted: February 10, 2014

Qualification: MSc in Executive Programme in Management Studies Institution: Amsterdam Business School, University of Amsterdam First supervisor: Dr. Frank Jan de Graaf

Preface

This master thesis in front of you is the result of approximately one and a half year work. Writing this report has gone through a lot of ups and downs. Especially the extensive

literature review and actual writing of the report has cost me a lot of time. The reason for this was because I came across so many interesting literature, which made me doubt where to go with my research. Even when I thought I was getting to an end and I was writing my report I experienced the problem of finding my focal point.

Next to that I, as a mother, had another focus, which was my two little children as well as a baby who was born during the writing of this report. Therefore I dedicate this report to them: Jasmine, Jennifer and Jordy, when you all are adults I hope you can learn from my

experience. It has been one of the toughest jobs I have ever had but when you begin something you have to finish what you have started.

My first word of thanks goes to my supervisor, Frank Jan de Graaf. He helped me to formulate my research question, develop a good conceptual model and remain focused. A second word of thanks goes to all respondents for allowing me to interview them and get access to their company data. Special thanks also goes to my boyfriend, family, colleagues and friends. Without their support I would never have been able to finalize this report.

Abstract

Since 2004 the Dutch trust branch is regulated by the Dutch Central Bank. In 2013 the branch association for the entire trust branch decided to implement a sector code of conduct for all its members. Literature suggests that sector codes of conduct are ineffective. In this thesis I analyse to what extend the sector code of conduct will increase the internal control in small and medium-sized trust offices. A combination of primary data (ten interviews with

employees in trust offices) and secondary data (theoretical, internal and sector association documentation as well as regulations and documentation from the Dutch Central Bank is used to perform this qualitative case study.

Results has shown that SMEs trust offices did not implement the code of conduct yet. The size facilitates an informal discussion of situations in which managers and compliance officers can directly influence employees and show ethical leadership in behaviour. Theory has shown that a mix of formal and informal controls ensures an optimal working of control in companies. Embedding the code of conduct in daily practice will prevent the code from becoming just a piece of paper. The interviews provided a need from practitioners to be provided with more practical guidelines on how to behave in certain situations in which regulation of the Dutch Central Bank remain vague. For the practitioners to accept the code of conduct and implement it, the code should provide clear guidelines on behaviour and take a stand on certain ambiguities.

Empirical results have shown a limited support for the code of conduct. Respondents state the ethical leadership and culture as well as the size of their company as an obstacle for implementing the code in their internal controls. The nature of the code itself, as being not practical enough and therefore more proof to the outside world, than a control instrument is another reason for postponing implementation.

Table of contents

1. Introduction ... 6

1.1 Problem definition ... 7

1.2 Research question ... 9

1.3 Methodological approach ... 10

1.4 Relevance of the research ... 11

1.5 Structure of thesis ... 11

2. Codes of conduct ... 12

2.1 Ethics and integrity ... 12

2.2 Code of conduct ... 13

2.2.1 Definition of code of conduct ... 13

2.2.2 Function of code of conduct ... 14

2.2.3 What should a code of conduct look like ... 16

2.2.4 How to implement an effective code of conduct ... 17

2.3 Organizational culture ... 20

2.4 Ethical leadership ... 22

2.5 Codes of conduct in SMEs ... 22

2.6 Conclusion ... 24

3. Management Control ... 27

3.1 Corporate governance ... 27

3.2 Management Control Systems ... 28

3.2.1 Simons ... 29

3.2.2 Merchant and Van der Stede ... 31

3.2.3 Simons vs. Merchant and Van der Stede ... 32

3.3 Code of conduct and management control ... 33

3.4 Soft control ... 34

3.5 Management control in SMEs ... 35

3.6 Conclusion ... 36

4. Data and methodology ... 40

4.1 Research design ... 40

4.2 Data collection ... 42

4.3 Data analysis ... 44

5. Case branch and participating companies ... 46

5.1 Trust sector ... 46

5.2 Holland Quaestor ... 47

5.3 Participating companies ... 49

6. Results and discussion ... 50

6.2 Results of analysis interview data ... 52 6.2.1 Cultural control ... 53 6.2.2 Personnel control ... 59 6.2.3 Internal control ... 61 6.3 Discussion ... 62 7. Conclusion ... 67 8. Limitations ... 71 Bibliography ... 73 Appendix I: ... 79

Appendix II: Interview manual ... 83

Appendix III: Interview transcripts ... 85

Appendix IV: Code of conduct Holland Quaestor ... 124

1.

Introduction

The area of corporate governance and compliance is becoming more important because of the economic crisis and the accompanying demand for more transparency and a more responsible approach to business in the financial sector. On-going scandals have given rise to public distrust and a call for more regulation and or governance.

Corporate governance and compliance consists of legal (formal) and ethical (informal) compliance mechanisms (Arjoon, 2005). The last two decades there is an increased attention to the ethical perspective in corporate governance and compliance. Various studies have shown that poor supervision on management boards was an important factor in various corporate scandals (Hoffman and Rowe, 2007).

Most inhabitants of the Netherlands are not aware that their home country was part of these corporate scandals. The fraudulent U.S. energy company Enron had 140 Dutch

companies, so-called "mailbox companies". Likewise in an accounting scandal by the complicated Italian group Parmalat fraudulent transactions were dealt through Dutch BV’s. These Dutch companies were managed by trust offices. These Dutch companies play an important role as intermediaries in international financial transactions (Van den Berg et al., 2008). The reason for foreign clients to establish their offices in the Netherlands is divers. An important reason is to reduce the transaction costs, e.g. taxes, for foreign clients (Van der Berg et al., 2008). Taxes are reduced because the Netherlands has a large Double Taxation Treaty network, which reduces taxes on dividends, interest and royalty payments. Next to that the Netherlands has the so-called ‘participation exemption’. This exempts dividend and capital gains from foreign subsidiaries from Dutch corporate income tax.

As a result of the scandals the government in the Netherlands introduced the Act on the Supervision of Trust Offices1 (WTT) that came into force on March 1, 2004. From that date the Supervision of Trust Offices Act started. The primary objective of the WTT is to promote the integrity of the Dutch financial system, and the trust service industry in particular. The WTT has a two-pillar structure to achieve this. Firstly, the WTT lays down minimum requirements on the trust offices’ administrative organization. The system of internal control measures must meet certain requirements to safeguard adequate control of potential integrity risks (Van den Berg et al., 2008). Secondly the policymakers at a trust

1 _{Wet Toezicht Trustkantoren (WTT), Law of 17 December 2003, Stb. 2004, 9.}

office are assessed on their trustworthiness and expertise2. Article 35 of the Act on prevention of money laundering and financing of terrorism3 also has requirements for staff of a trust office. This article applies to employees of trust companies but these requirements are limited.

1.1 Problem definition

In the last couple of years the implementation of ethical codes of conduct in business has taken a major importance as part of many companies’ agenda (Fleege and Adrian, 2004). In the trust sector corporate governance, compliance, risk management and ethics are key components of the everyday work. From this perspective it is surprising to see that not all staff of trust offices in the Netherlands is obliged to adhere to an ethical code of conduct in business. There is not even a specific training for them while accountants, lawyers and notaries (whom often work in or for trust offices) do have these facilities.

The new branch association of trust offices, Holland Quaestor4 (HQ), is working to alleviate this shortcoming. The goal of HQ is to improve the position of the trust industry in the Netherlands through informing and through cooperation between trust offices and

regulatory bodies. HQ wants all her members, small, medium-sized and large trust offices, to be held to a code of conduct and to be obliged to have yearly education for all employees who have integrity-sensitive positions to keep the level of knowledge high and updated. During the writing of this thesis, in January 2013, the code of conduct has been approved by the members of HQ. From that moment all members of HQ should comply with this code of conduct. Implementation of a trade association or profession/industry code is part of the

professionalization process of the trust sector.

The trust sector in the Netherlands has a difficult time because politics have taken the sector under fire. Next to that newspapers and reporters regularly report mostly negative news about the sector. But what should not be forgotten is that according to the SEO report of 2011 (Risseeuw and Dosker) trust offices together employ 2.200 professionals and that these service providers offer another 1.300 jobs in professional business and the financial industry. Next to this highly qualified employment, the benefits for the Netherlands consist of just over

2 _{http://www.toezicht.dnb.nl/4/6/50-204758.jspl}

3 _{Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft), Law of 15 July 2008.}

4 _{HQ is the new branch association for trust offices and was set up in 2012. Before that there were two branch}

one billion euro in taxes (in 2009), extra demand for business travel and hospitality services, and above all a strong position as a hub in international financial services and international trade (Risseeuw and Dosker, 2011). This should be an important motivator for the

Netherlands to keep the sector alive.

Currently, the trust sector is already under Supervision of the Dutch Central Bank. What will a code of conduct contribute to increase the internal control and finally the integrity of trust companies? The code of conduct is a fact for members of HQ. The question is: Does members see what is the benefit of this code? And will they embedding the code in their organization, in such a way that it will be an effective instrument to improve internal control and improve ethics in their organization.

When looking at codes of conduct literature much is written about effectiveness, but little in relation to internal control. Codes of conduct are the most widely adopted instruments to stimulate and monitor Corporate Social Responsibility (CSR) (Spence, 2010). Many multinational enterprises (MNEs) have adopted a code of conduct while in small and medium sized enterprises (SMEs) this instrument is less common (Spence, 2007). There are two schools of thought in codes of ethics. One states that there is no evidence that codes of conducts are effective instruments to influence employees’ behaviour. Other states that codes of conduct are effective when the right conditions are in place. The challenge for a good and effective code of conduct is that it will not be just a piece of paper but that it will be

embedded in the organizational culture (Stevens, 2008) and organization processes (Nijhof et al., 2003).

Since Dutch trust offices are under supervision of the Dutch Central Bank and even though HQ has introduced a sector code of conduct for its members (small, medium-sized and large offices) and the fact that there is little written about the effect of a code of conduct on internal control makes it an interesting topic to research. Especially for SMEs because there are not so many SMEs that implemented a code of conduct. Moreover, the effectiveness of these codes in SMEs is doubtful. Therefore the goal of this research is to get insight in codes of conduct in SMEs and what it can contribute to internal control and integrity to ultimately determine what value a code of conduct has to integrity and internal control in trust offices.

1.2 Research question

As just mentioned the aim of this research is to get insight in codes of conduct in SMEs and what it can contribute to internal control and finally integrity to ultimately determine to what extend a code of conduct can contribute to integrity and internal control in trust offices. Therefore the research question central in this thesis is:

To what extent will a sector code of conduct contribute to increase the internal control of service providing SMEs in the Netherlands?

In order to answer this research question four questions have been prepared. These sub-questions support the research question.

1. What is an effective code of conduct?

2. Does the new code of conduct for the association of Dutch trust offices adhere to the theoretical norm?

3. What internal control system is used in trust offices?

4. What is the effect of a code of conduct on internal control and integrity in trust offices?

Figure 1: Conceptual model I

This model shows that it is expected that ethics will influence to what extend a sector code of conduct will contribute to increase the internal control in service providing SMEs. Currently, t model is still abstract. It will become more precise after each chapter.

1.3 Methodological approach

The subject of this thesis is researched by an exploratory qualitative study in the implementation of a sector code of conduct in service providing SMEs to determine if implementation of a sector code of conduct will have benefits for internal control.

The thesis starts with a literature review. In the literature review I discuss what an effective code of conduct should look like and which conditions should be met to have an effective code of conduct. In addition common systems of internal control in use in SMEs are examined. Finally, a conclusion is giving on what the effect of a code of conduct is on

internal control and integrity in the trust sector. The literature review will come to a

preliminary conclusion. After that, I will face literature with information gathered in the field. Information in the field is gathered by performing a qualitative case study. I will review internal documentation, documentation from HQ and regulations and documentation from DNB. Next to that direct observation takes place because I am a participant observer of one of the case companies. Moreover, I take interviews in six service providing SMEs under ten

SMALL AND MEDIUM-SIZED COMPANIES (SMEs)

CODE

OF

CONDUCT

employees in different layers of the organisation. The primary and secondary data is validated by applying triangulation. This means that I will analyse the claims of the data sources and check with other sources.

1.4 Relevance of the research

The question can arise why to do research to the contribution of the code of conduct to

integrity and internal control in trust offices while the code of conduct of HQ has already been approved by the members of HQ. However, HQ’s code of conduct is dynamic and can change over time. Next to that a political debate is going on if the trust sector in the Netherlands should be restricted or not. Integrity plays an important role in this debate. Therefore this research is social relevant. It will give insight if introduction of a code of conduct has the intended effect to increase the level of integrity and control.

The study also has a scientific relevance because little is known about the relation codes of conduct and internal control. This study will research this relation and therefore will contribute to scientific knowledge in this field.

1.5 Structure of thesis

The structure of this thesis is as follows. Chapter two starts with theoretical background on codes of conduct, followed in chapter three with the theoretical background on management control. In chapter four the methodology of the research is described. Chapter five contains a description of the sector and participating companies and the research framework. In chapter six, the results of the desk and field research are discussed. The last two chapters are the conclusion and limitations.

2.

Codes of conduct

Many organizations use codes of conduct as an instrument to manage ethics and integrity (Nijhof et al., 2003; Kaptein, 2004).This chapter starts therefore with an introduction of the concepts ethics and integrity. Both concepts will be viewed from a business perspective. The goal of codes of conduct is to help employees to understand what behaviours are expected even in the absence of a specific rule or principle.

Afterwards I will view how these concepts affect the content and implementation of a code of conduct. Thereafter I will specifically look at characteristics of SMEs and what literature says about codes of conduct in SMEs. At the end of this chapter an answer can be given to the sub-question: “What is an effective code of conduct?”

2.1

Ethics and integrity

In recent years many corporate scandals have taken place. For this reason concepts as ethics and integrity have gotten increased attention from legislators and companies. But what is ethics? What is integrity?

Ethics is about moral acceptable behaviour and gives general guidance for employees to know how to behave and make rules to determine what is right and what is wrong. Ethics also play an important role in personnel or cultural control. If an ethical approach can be encouraged in an organization it can be a substitute for actions and results control (Merchant and Van der Stede, 2007).

Business ethics is a relatively young academic discipline, started in the eighties, and is merely an extension of personal ethics. The challenge for business ethics is to balance

business and ethics (Kaptein and Wempe, 2002). In ethics analysis there are three competing approaches: consequentalism, deontology, and virtue ethics. Virtue ethics is about whom the agents are, deontological ethics about what the agents do and consequential ethics about the impact of what agents do. An agent can be an individual, group, or an entity, such as an organization (Kaptein and Wempe, 2002).

A code of conduct can be seen in all three of these ethical perspectives. Traditionally the deontology view is most commonly used. Action is determined by prevailing moral rules. These moral rules can be a code of conduct and form formal criteria to which employees should comply. Nowadays virtue ethics is becoming more important. A code of conduct in

perspective of virtue ethics is about stimulating corporate social responsible behaviour. Ethical behaviour should be learned, understood and accepted. Learning ethical behaviour cannot be taught at in one instance. Rather it is an ongoing learning process (Demmke and Bossaert, 2004: 61). In this study the virtue ethics perspective is used, since introduction of a code of conduct is not just a formal rule to which an organization should apply or not. It should stimulate corporate social responsibility and ethical behaviour which will be integrated in the organization´s culture and procedures.

Integrity is a central topic in business ethics. There are various definitions of the word

integrity. Since integrity has different characters, so it is difficult to define integrity. The most cited definition of integrity is "wholeness" (Weaver and Treviño, 1999) (Kaptein and Wempe, 2002). Palanski and Yammarino (2009) say that there is little agreement in literature about the conceptualization of integrity. In their 2007 article they classify the various meanings of integrity in management literature in five main categories. They noted that these five

categories showed a large overlap and they suggested considering integrity as a virtue. From this point of view they suggested the best way is to define integrity as consistency between words and actions (Palanski and Yammarino, 2007). In this thesis integrity is seen from this virtue perspective. As mentioned before, in this virtue ethics perspective it is important that the individual does its best to be a good person, act as a moral agent and associate with others who do the same. In this way they contribute in creating a context that supports ethical

behaviour (Treviño and Nelson, 2010). In their book Treviño and Nelson state that a virtue ethics approach is useful for individuals who work within a professional community that developed high standards of ethical conduct for community members. This fits well with the sample of this thesis.

2.2

Code of conduct

As instrument of managing ethics and integrity in this paragraph you can read what a code of conduct is, what is its function, how it should look like and how an effective code of conduct should be implemented.

2.2.1 Definition of code of conduct

which management would like the organization to function (Kaptein and Wempe, 2002) (Merchant and Van der Stede, 2007). The goal of codes of conduct is to help employees to understand what behaviours are expected, even in the absence of a specific rule or principle. The name “code of conduct” is also used in other forms, for example, “codes of ethics” or “business codes”. The meaning of these codes is more or less the same (Kaptein, 2004).

However, it is important to know that there are four different types of codes (OECD, 2001): company codes, trade association codes, multi-stakeholder codes and inter-governmental codes. Difference between the different type of codes of conduct is relevant because literature makes a distinction between the various types of codes and implementation of one or the other might have different effect. In this working paper of the OECD (2001) they explain that the difference between these codes is the variety of audience. Codes can be set up for employees, others for suppliers and business partner’s conduct while others provide a statement of the companies commitment towards the public. Next to that, codes can also fall in one or more of these categories. This means that a code might be prepared part for business partner’s conduct while another section is intended for the public. Kaptein and Schwartz (2008) make more or less the same subdivision. They say that there are three layers of codes, a company code (micro), a profession or industry code (meso) and an international code (macro). This study focuses on trade association and profession and industry codes. Implementation of trade association or profession/industry code is part of the professionalization process of a profession.

2.2.2 Function of code of conduct

As started in this chapter codes of conduct are an instrument to manage ethics and integrity (Nijhof et al., 2003; Kaptein, 2004). Conform to the fact that a code of conduct can be prepared for different stakeholders Kaptein et al. (1999) and Nijhof et al. (2003) both agree that a code of conduct has an internal and external function. Kaptein et al. (1999) makes it explicit to enumerate six internal functions and three external functions.

He formulates the following six internal functions:

• orientation function: increase of awareness of values;

• explicitation function: clarifies the responsibility of employees; • guiding function: sets a number of expectations to employees; • internal corrective function: creating checks and balances;

• initiating function: promotes activities aimed to protect and improve the organization identity and image.

And the following three external functions:

• distinguishing function: increase the visibility of the organization;

• legitimating function: increase of confidence of people and groups (e.g. clients, media);

• external corrective function: creating checks and balances;

Nijhof et al. (2003) state that integrating a code of conduct leads not only to responsible individual behaviour but also to a responsible organization. They say that the concept of a responsible organization refers to the embeddedness of clearly defined and prioritized responsibilities in the strategy and policy of the organization. In order to become a

responsible organization it should translate its corporate social responsible philosophy into supportive management instruments and processes. This aspect will be discussed in the next chapter.

A code of conduct can also be used as a quality label to show that an organization or sector is affiliated with a code of conduct, which ascertains a conduct standard. In this respect it is also important to know to what extent a company complies with the code. Because if it is just about having a code, everyone can join a code without complying with the code. Specific to professional codes of conduct Frankel (1989) identifies eight functions:

• Enabling document: guidance to individual professionals;

• Source of public evaluation: mechanism for holding the profession and individual professionals accountable;

• Professional socialization: strengthen professional identity and loyalty; • Enhance profession’s reputation and public trust ;

• Preserve entrenched professional biases: secure protection of members’ professional monopoly;

• Deterrent to unethical behaviour;

• Support system: source of support for unreasonable violation of power or inappropriate demand on their skills from externals;

• Adjudication: serve as a base for court ruling among members of the profession or members and externals;

included in a code of conduct. A code of conduct will not only be used for internal purposes but also as social and communicative tool. Next to that it can be used to protect from external interference.

2.2.3 What should a code of conduct look like

Last two subparagraphs were about what a code of conduct is and what its function is.

Question now is, how a code of conduct should look like. The content of a code of conduct is dependent on the type of code and its function. There are limited empirical studies about how a trade association or profession/industry code should look like. Therefore here I partly rely on the general terms.

When looking at corporate codes of conduct, there is a great diversity in the content of it (Kaptein, 2004). They can vary from general rules about working hours and accepting gifts to conduct based on ethical values. Research of Kaptein (2004) has shown that most codes of conduct include (i) shareholders responsibilities and principles, (ii) corporate values, (iii) internal conduct and (iv) compliance. Schwartz (2002) is in line with Kaptein (2004) and considers that a code of conduct should be drawn up based on six moral standards

(trustworthiness, respect, responsibility, fairness, caring and citizenship). In consideration of these six standards Schwartz (2002) says that a code of conduct should comply with the following: (i) it should indicate who the stakeholders are, (ii) comply with the six moral standards, (iii) prioritization (for example priority over other values such as profit maximization or self-interest), (iv) provide the underlying idea of the code content, (v) procedural provisions (notice of implications of violating the code) and (vi) written in comprehensible language.

Nijhof et al. (2003) have a somewhat different approach but also show a large overlap with Schwartz (2002). Nijhof et al. (2003) are in the opinion that a code of conduct should (i) include guidelines about desirable and prohibited behaviour, (ii) relate the code to individual behaviour of employees and to collective behaviour of the organization, (iii) indicate how responsibility is distributed within the organization and (iv) use it as an instrument enhancing corporate social responsibility.

When looking at the limited research about trade association or profession/industry code Gaumnitz and Lere (2002) identified nine major categories of ethical themes, which are frequently present in trade association or profession/industry codes. These categories are: (i)

confidentiality, (ii) honesty and integrity, (iii) responsibilities to employees/clients, (iv) obligations to the profession, (v) independence and/or objectivity, (vi) legal and/or technical compliance, (vii) discreditable or harmful acts, (viii) social values and (ix) ethical conflict resolutions.

These categories are similar to the provisions prepared by the Council for European Liberal Professions (CEPLIS). In the General Assembly of the members of CEPLIS

(held on 20 June 2007 it has been agreed that codes of conduct should contain provisions covering the following eight topics: (i) confidentiality, (ii) participation in continuous professional development, (iii) independence and impartiality, (iv) fairness and integrity, (v) supervision of support staff, (vi) regulatory compliance, (vii) professional liability insurance and (viii) conflict with moral or religious beliefs.

When looking, for example, to the profession code of conduct of accountants in the Netherlands most of the provisions as mentioned by CEPLIS are included. The profession code of conduct of accountants states that accountants have to obey the following

fundamental principles: (i) professionalism, (ii) integrity, (iii) objectivity, (iv) professional expertise and accuracy and (v) confidentiality. Although comparison of professional codes are scarce, Jamal and Bowie (1995) compare the codes of three of the largest professions,

accounting, engineering and law, and suggested that professional codes share a common base because they all contain provisions which:

• address the problem of moral hazard; • provide the norms of professional courtesy; • define the public interest.

Since this study focuses on trade association and profession and industry codes in service providing firms (whom fall under liberal professions) most important are the provisions as prepared by Gaumnitz and Lere (2002) and CEPLIS. But since a professional code will be integrated in individual companies these aspects are also of importance.

2.2.4 How to implement an effective code of conduct

Much time and energy is spent by organizations fixing the code’s content but many

organizations get stuck in the challenge of implementing and maintaining the code of conduct. (Nijhof et al., 2003) In this paragraph we will examine under which conditions a code of conduct should be implemented to be successful.

Blake and Carroll (1989) consider that a code of conduct by itself is not likely to encourage real day-to-day behavioural change. It should be embedded in the organization to be effective. According to Nijhof et al. (2003) there are six important processes in embedding a code of conduct:

• First it is important to determine what function a code of conduct should have and what obstructions exists within an organization which hinder responsible behaviour; • Second, the mission statement and list of core values has to be part of the code; • Third, employees need to assume the code. This requires an introduction of the code,

dilemma training, focus groups and so on;

• Fourth, employees have to enact the code. This process is part as an integral process of responsibility;

• Fifth, monitoring is important. Monitoring which refers to controlling the application of the code and sanctions when the code is violated. Next to that also understanding the causes of such behaviour which will probably lead to adaption of the code; • Sixth, the process of accountability which covers the communication between the

organization and its stakeholders about the organizations responsibility in which the adaption of the code is foreseen.

These six processes are closely related to each other and more parallel than sequential. At the same time, if one of the processes is not filled, the integration of the code of conduct is at risk.

Higgs-Kleyn and Kapelianis (1999) say that implementation of professional code demands deliberation of the leadership, structure, recruitment, selection, training, culture and control systems of organizations (both professional and corporate). Steps to take in order to effectively implement a professional code are:

• ensure that the leaders of the professional community put forward the importance of ethical conduct;

• developing an organizational structure which is directed at development of ethical behaviour. Structure refers to the formal organizational mechanisms that promote ethical decisions;

• ethical organizations must focus on recruiting, selecting and promoting people with strong moral character. Professionals are likely to receive ethical training from three sources: tertiary education programs, the profession, and the organizations in which they work;

• development of an ethical organizational culture (the informal organizational climate). Important in this process is ensuring that managers exhibit model behaviour, facilitate the open discussion of ethical issues, emphasizing the importance of shared ethical values and using organization stories to provide employees with sanctioned and/or unsanctioned types of behaviour. Next to that important is the involvement of employees in creating and implementing codes;

• controlling for unethical behaviour which includes external and internal audits to include compliance with ethical codes and implementing a penalty system for violations.

Many of the elements as mentioned by Higgs-Kleyn and Kapelianis (1999) are also used by Stevens (2008). According to Stevens (2008) culture and effective communication are key components to a code's success. Next to that managers must model the desired behaviour and employees need to be informed about the sanctions when violating the code. As a

consequence it can be stated that when codes are embedded in the organizational culture and communicated effectively, they can form ethical behaviour and guide employee decision-making. Schwartz et al. (2005) and Treviño et al. (1999) endorse this conclusion of Stevens.

Treviño et al. (1999) found that ethical leadership and open discussions of ethics in the organization contribute to increased ethical behaviour. In a survey by Touche (1988)

respondent’s supportive self-regulation though adoption of ethical codes as the most effective measure for incite ethical business behaviour and legislation by the governance as least effective. Important for the effectiveness of the code is that the sanction of codes is violated and communication is necessary for codes to be successful. To maximize the effect of codes of conduct it is best to include the statement in a formal training session or at least in a discussion session between employees and their supervisors. This is also in line with the research of Higgs-Kleyn and Kapelianis (1999).

Communication is a main requirement for codes to be successful. Employees must be aware of the content in their ethical codes and participate in discussions about the codes so they have fully understanding of the meaning. Codes do not work when they are written by management and passed down to employees as a mandate. Employees must perceive the ethical code as a personal document of which they have ownership, as a key component of the organizational fabric, and as one that is central to the organization's strategic functions. The next two paragraphs therefore go into more detail of organization culture and ethical

2.3

Organizational culture

Organizational culture is a relatively new construct, started in the 1980s. Ethical culture is part of the company’s organizational culture (Treviño, 1986). Treviño and Weaver (2003) define ethical culture as the aspects of the organizational context that prevent unethical behaviour and promote ethical behaviour. Different research shows that there is a relation between the organization culture and the performance of an organization.

Ouchi (1981) investigated if there is a relation between organizational culture and the performance of an organization. In this research he used the three forms of organizational control he defined in his earlier study; market, bureaucracy and clans (Ouchi, 1980). It seems like that a unique organizational culture will only have significant performance efficiencies under certain conditions. Clans (with strong cultures) perform well when there is a stable membership and high degree of interaction between members. While sometimes bureaucracy is preferable and in other circumstance coordination is better to be dealt by the market.

Treviño and Weaver (2003) define ethical culture as the aspects of the organizational context that prevent unethical behaviour and promote ethical behaviour. This definition is very similar to the definition of integrity. Empirical studies have shown a positive relation between ethical culture and ethical programs and therefore Kaptein (2009) states that to improve the ethical culture in an organization an ethics program can be used. Treviño at al. (1998) use a one-dimensional measure for ethical culture. Kaptein (1998, 2008) developed a multi-dimensional measure: the Corporate Ethical Virtues Model. This model is defined by virtue ethics and results in eight virtues:

1. Clarity: the extent to which ethical expectations, such as values, norms and rules are concrete, comprehensive, and understandable for managers and employees. Question: do managers and employees know what the ethical expectations are and are these expectations concrete, comprehensive and understandable?

2. Congruence of management: the extent to which the board and middle management act in accordance with ethical expectations. Question: provide role models within the organization a good example with respect to (un)ethical behaviour?

3. Congruence of supervisors: the extent to which supervisors (local management) act in accordance with ethical expectations. Question: provide role models within the organization a good example with respect to (un)ethical behaviour?

4. Feasibility: the extent to which organizations makes available sufficient time, budget, equipment, information and authority to management and employees to fulfil their

responsibilities. Question: have managers and employees sufficiently space to act ethically? Do they have sufficient time, resources and knowledge?

5. Supportability: the extent to which the organization stimulates identification with, involvement in a commitment to ethical expectations among managers and employees: Question: are managers and employees sufficiently motivated to act ethical? What is the level of involvement with the strategy of the organization?

6. Transparency: the extent to which unethical and ethical conduct and its consequences are visible to those managers and employees who can act upon it. Question: do managers and employees have sufficiently eye for ethical behaviour in order to recognize unacceptable ethical behaviour?

7. Discussability: the extent to which managers and employees have the opportunity to raise and discuss ethical issues. Question: are dilemmas for managers and employees addressable and are they sufficiently accountable for their behaviour?

8. Sanctionability: the extent to which managers and employees believe that unethical behaviour will be punished and ethical behaviour will be rewarded, as well as the extent to which the organization learns from unethical conduct. Question: Are offenders punished, people valued for desired behaviour and do they learn from mistakes and offenses?

The more of these qualities are present and the more they are embedded in the organization, the higher the ethical culture standard and the higher the moral standard of staff. These eight factors can be used to measure the ethical culture.

Communication is an important method to create a strong and ethical culture of employees who act ethical. Therefore communication is also important when implementing a code of conduct. Frequently codes of contact are communicated by just providing them to employees. But to keep the code alive it is important that the code is discussed within the organization. In this way the code will become part of the organizational culture. And in this way employees are known and familiar to the specific content and intent of the code (Stevens, 2008).

Schwartz (2004) adds that training is also an effective method to keep employees known with the usefulness and content of the code. Stevens (2008) say that it is important that there are sanctions set when ethical values are violated. Schwartz (2004) says that it is

behaviour of employees. Without consistent enforcement of the code is not taken seriously. All of the factors mentioned above have already been integrated in the steps enumerated as summarized in paragraph 2.2.4 by Higgs-Kleyn and Kapelianis (1999).

2.4

Ethical leadership

Brown et al. (2005: 120) defined ethical leadership as “the demonstration of normatively appropriate conduct through personal actions and interpersonal relationships, and the promotion of such conduct to followers through two-way communication, reinforcement, and decision-making”.

Leaders set the ethical tone of an organization. The style of leadership does not only have direct effect on the integrity of employees but also on the organizational culture. Next to that, ethical leadership also depends on the organizational culture. The management of the organization is responsible for an ethical organization as well as live up to the rules within the organization. By being a role model within the organization and give a good example with respect to (un)ethical behaviour the board sets the "tone at the top" (Schwartz et al., 2005). Stevens (2008) agrees that the tone at the top is crucial. When the management gives a good example it has a positive effect on the effectiveness of a code of conduct. It is also important that the organizational values are openly discussed with the rest of the organization so that everyone is involved and is able to give their opinion.

Ethical behaviour of the management is about fairness, caring, open communication, consideration for others and the environment when making decisions and guiding employees in ethical dilemmas. By giving a good example and building trust with the employees, managers can create ethical leadership (Kalshoven et al., 2011).

2.5

Codes of conduct in SMEs

Codes of conduct are the most widely adopted instruments to stimulate and monitor Corporate Social Responsibility (CSR) (Spence, 2010). They are also used as an instrument for self-regulation. For example, a code of conduct can be set up as self-regulation instrument when companies are united in a branch association. Complying with the code of conduct can be set as a condition for membership of an association. Next to that, it can be used as an instrument to impose penalties in case of non-compliance. In this way a code of conduct in a specific

industry is applicable for all types of companies (large, medium- and small sized). However, adoption of a code of conduct in SMEs is not as common as for large firms.

SMEs are the largest part of the business and in the European Union represent 99% of the businesses5. According to Spence (1999) there are specific characteristics of SMEs that may influence the fact that ethical issues are different in kind compared to large firms. These specific characteristics are:

1. Owner-managed;

In large firms the typical principal-agent problem can arise in the organization when ownership and control are separated. In small firms most of the time the same person(s) who own the business also control it. And for this reason these issues will not arise. At the other hand small firms may experience tension at the moment that its operations are financed by partners and shareholders, where the managing director has a good personal relationship with.

2. Independent;

Small firms might have a lack of connectivity with their local community, economy and environment because of the desire of the owner-manager to be autonomic in their decision-making. This can lead to a reduced focus on ethical issues.

3. Personal relationship;

A small firm has unique characteristics: personal relationship between owner-manager and employees, high level of employees loyalty, adaptive to changing market

opportunities, close individual contact, direct services to customers, trust relationships and an open and honest dialogue.

4. Informality

In small firms there is an absence of bureaucracy. Informal methods of control are

preferred. Because small firms have less bureaucracy they are more flexible and therefore have an advantage above larger firms.

Graafland et al. (2003) found that the size of a company is positively correlated with the use of ethical instruments, such as codes of conduct. Perrini (2007, p. 296) has a somewhat similar conclusion and found partial support for his hypothesis that “the larger the firm is, the more it undertakes formal CSR strategies”. Clear is that ethics and instruments which can

control ethics are different for large firms than SMEs. The question is if ethical instruments for SMEs are necessary and, if introduced, if they are effective.

The limited research available in the field of codes of conduct and SMEs most have more or less the same conclusion and say that codes of conduct for SMEs are ineffective (Spence and Lozano, 2000) because they require investment in time, energy and finance from small firms which is limited (Spence, 1999) and inappropriate because ethical behaviour is communicated by leadership (tone at the top). The last point is important because the owner-manager of SMEs has an important role in CSR.

Because of the specific characteristics of SMEs (e.g. size and informal and personal relationships between employees (Spence and Lozano, 2000)) it is relatively easy for SMEs to communicate among employees the importance of CSR. For this reason the ethical approach of the leader will be rooted in the organisational culture. This confirms the result of other authors (Spence et al., 2003 and Murillo and Lozano, 2005) that the values of the founding entrepreneur/owner are of major importance when deciding on CSR strategies. Next to that the personal values and business ethics are closer because of the important role of the owner/manager compared to large firms (Vyakarnam and Myers, 1997). Graafland et al. (2003) say that SMEs make less use of codes of conduct and say that the most popular instrument used by SMEs it to let a board member be answerable for ethical questions.

Research by Tilley (2000) says that due to a lack of structure in SMEs formal standards such as codes of conduct are not effective. Fassin (2008), at the other hand, says that formal standards in SMEs are not needed because implementation of CSR in SMEs should be encouraged by good leadership. He also says that formal standards could be used as a CSR tool. However, the use of such instruments will not provide evidence of CSR in itself.

Last important factor to mention is loyalty of employees. In SMEs the loyalty of employees is often higher because employees are more committed towards the company where they work for compared to employees working for larger firm. Because employees in SMEs will become more involved with CSR it will have a greater success in SMEs. From this point of view the informal approach of SMEs have positive effect on CSR.

2.6 Conclusion

As the literature review has shown, there are three layers of codes, a company code, a profession or industry code and an international code. Because a code of conduct can be prepared for different stakeholders, it also can have different functions: internal and external.

When looking specifically at professional codes of conduct, these codes normally include ethical themes such as: confidentiality, honesty, and integrity, responsibilities towards stakeholders, professional development, independence and/or objectivity, compliance and supervision. Effective implementation of a professional code demands deliberation of the leadership, structure, recruitment, selection, training, culture and control systems of

organizations (both professional and corporate). If the code is included in the organizational culture and leaders communicate ethical values by showing the correct behaviour, this contributes significantly to the effectiveness of the code.

Therefore next to a code of conduct also informal systems such as culture and values within the organization are important to manage ethics and integrity. When looking particular to SMEs, they have specific characteristic which influence the fact that ethical issues in SMEs are different in kind compared to large firms.

As a conclusion and as answer to the sub-question “What is an effective code of conduct?” it is clear that the success of a sector code of conduct is depended on two important factors: the content of the code and the implementation which ensure embedding the code in the organisation. Leadership and culture are two important factors that contribute to

embedding the code in the organisation, especially in SMEs.

Based on the knowledge gather in chapter 2 the conceptual model can be expended as shown in figure 2.3

Figure 2: Conceptual model 2.

This figure 2 shows that it is expected that culture, leadership, structure, time, personal values, budget and education and training will influence to what extend a sector code of conduct will contribute to increase the internal control in service providing SMEs. Next to that a code of conduct is depended on the corporate values in the organisation and legalisation and internal control is depended on monitoring, compliance and recruitment.

Corporate values Legislation STRUCTURE Mo BUDGET PERSONAL VALUES EDUCATION / TRAINING TIME

SMALL AND MEDIUMSIZED COMPANIES (SMEs)

CODE

OF

CONDUCT

Guide ethical dilemmas Open discussion

Communication

Ethical leadership Role models Tone at the top

3.

Management Control

Literature has numerous definitions for management control. Management control is also known as internal control. The definitions of these two constructs are the same (Van Kessel, 2002). Generally speaking management control has an internal focus and is about employees behaving based on the organizations strategy (Merchant and Van der Stede, 2007).

Management Control Systems (MCS) are the systems of instruments implemented in the organization to manage behaviour according to the organization’s structure and strategy.

In the first paragraph of this chapter the construct corporate governance is studied in relation to management control. Thereafter MCS will come up for discussion. In paragraph 3.3 the link will be outlined between codes of conduct and management control. Since this thesis is about the “soft” aspects of MCS the topic soft control will be discussed in paragraph 3.4. Where in paragraph 3.5 MCS and soft control in SMEs are addressed. In the last

paragraph of this chapter an integration will be made of management control and codes of conduct. In this way knowledge is gathered to the effect of a code of conduct on internal control and integrity and helps to answer sub-question 4 of this thesis.

3.1 Corporate governance

Corporate governance systems and MCS are inextricably linked because corporate

governance are the mechanisms and processes implemented to create value for their owners and fulfil responsibilities to other stakeholders (e.g. employees, society) and MCS are designed for the top management and ensure appropriate behaviour of employees (Merchant and Van der Stede, 2007). Therefore the definition of MCS is narrower compared to the corporate governance system. Changes in corporate governance mechanisms and practices have direct effect on the effectiveness of the MCS.

Corporate Governance is defined by the Organization for Economic Cooperation and Development (OECD6) as `”procedures and processes according to which an organisation is directed and controlled”. “Corporate Governance is one key element in improving economic efficiency and growth as well as enhancing investor confidence. Corporate governance involves a set of relationships between a company’s management, its board, its shareholders

and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined.” (OECD 2004, p. 11). This broad definition shows the tendency started from the 1990’s to a switch in literature from the design, to the effectiveness of

corporate governance. In business economics it is called Behavioural Governance.

Some authors make a distinction between formal and informal mechanisms (Arjoon, 2005) (Treviño et al., 1999) others between compliance-based and value based mechanisms (Rossouw, 2008). This difference is not that important, more important is to see that all this literature says that corporate governance should be based on the core values of integrity and trust (Arjoon, 2005). In this way a company can attract and retain talent and have a successful organization. Effective corporate governance can be achieved by adopting a set of principles and best practices. A great deal depends on fairness, honesty, integrity and the manner in which companies conduct their affair. A disadvantage of overemphasis on formal control systems is that employees have less reason to create their own opinion and take responsibility for their own decisions. Therefore in the pursuit of 'good governance' arises again and again the dilemma of whether legislation or self-regulation is the best suitable solution.

3.2 Management Control Systems

Management control is also known as internal control. Much research is available on management control. The development of research in this field will be discussed in this paragraph. A MCS is the system that companies use to gather information and evaluate their performance. The concept management control was introduced by Anthony (1965). He classified control in strategic planning, management control and operational control. This perspective was about managing the financial performance of organizations. Nowadays MCS has a broader perspective where, despite the financial performance, also organizational culture and correlatively regulation of behaviour of resources forms part of the MCS of companies.

The most commonly used frameworks to operationalize MCS are the framework of Merchant and Van der Stede (2007) and Simons (1995). The framework by Merchant and Van der Stede (2007) is based on the work by Ouchi (1979). The framework by Ouchi (1979) was of great importance for the broader perspective of MCS. It defined three control

mechanism: market, bureaucracy and clan controls. The framework was one of the first that conceptualized culture and control in one framework.

Merchant and Van der Stede (2007) defined MCS as the system that managers use to ensure that behaviours and decisions of their employees are consistent with the object and strategy of the organization. Merchant and Van der Stede relabelled the controls of Ouchi into result control, action control, personnel control, and cultural control. Simons (1995) has a different approach, his view is concerned with implementing the strategy of the organization into the MCS. In his framework he makes a distinction between four control systems: belief systems, boundary systems, diagnostic control systems and interactive control systems. This framework also implements organizational culture and regulation of behaviour of

organizational resources in the MCS of the organization.

Since Simons and Merchant and Van der Stede are the most commonly used and all make use of organizational culture in their framework these two frameworks will be further discussed below. There are other perspectives (e.g. Anthony, Management Planning and Control Systems and Otley, The performance management framework) but these are left out of the research.

3.2.1 Simons

Simons (1995) defines Management Control Systems as “formal information-based routines and procedures which managers use to maintain or change patterns in organizational activities”. For this reason he does not include informal mechanisms in his Management Control framework. The framework of Simons (1995) distinguishes four ‘levers of control’: belief systems, boundary systems, diagnostic control systems and interactive control systems.

Belief systems are used by managers to inspire and guide organizational search and discovery and herewith give direction in the search for new initiatives or opportunities. Belief systems express basic values, purpose and direction for the organization based on the

company’s business strategy. Because of the increasing complexity of business many

companies and industries find it difficult for individuals to understand organizational purpose and direction. Through discussions, managers can increase the commitment of employees to the company’s goals and mission. It is also important that regardless the position of an employee, the direction should appeal to them.

To give this further direction the organization will make use of boundary systems. Boundary systems are the second lever of control. They are used to set limits to behaviour, for example when searching for new initiatives or opportunities. They are the limits of freedom,

boundary systems are a condition for freedom and entrepreneurship within the organization. The goal is to determine the rules, focus on behaviour and actions to be avoided. At an individual level it clarifies what the penalties are in case an employee crossed the boundaries. In contrast to belief systems they do not specify positive ideals but instead they establish limits, based on defined business risk, to opportunity seeking. They describe the decisions and actions that do not fit with the core values of the organization. Violation of these boundaries will bring the organization harm. According to Simons (1995) in business organizations there are two types of boundaries: business conduct boundaries and strategic boundaries. Codes of business conduct are an example of business conduct boundaries systems. Strategic

boundaries are for example business opportunities in which managers do not want to organization to invest resources.

The third lever of control of Simons (1995) is diagnostic control systems. Diagnostic control systems are used to serve to motivate, monitor and achieve specified intended strategies. It can be seen as a standard (traditional) control system used in almost every organization. An example of such a control system is formulation of goals and objectives making plans and budgets and afterwards comparing these with the results for the period. Simons (1995) states that diagnostic control systems allow organizations to achieve goals without constant management supervision. It gives employees freedom how to organize processes, but since individuals are held accountable for the results management do not need to have constant surveillance on their employees. Formal goals or standards, which are necessary for diagnostic control, provide focus and motivation.

Interactive control systems are used to gather and share information up and down the organization about strategic uncertainties and emerging opportunities, to stimulate the learning organization and the facilitate new ideas and strategies. They are used by managers involved in decision activities of subordinates and provide frameworks, or agendas, for debate and motivate information gathering outside of routine channels.

Together belief systems, boundary systems, diagnostic control systems and interactive control systems form four levers to manage releasing the tension between profit, growth and control. Belief systems and interactive control systems can be seen as positive, inspiring creativity and stimulating forces. On the other hand there are the boundary systems and diagnostic control systems that are negative, impose restrictions and enforce compliance. Simons (1995) believes that it is not about the parts of the framework separately but their use in concurrence.

3.2.2 Merchant and Van der Stede

Management Control is defined by Merchant and Van der Stede (2007) as the system that managers use to ensure that behaviours and decisions of their employees are consistent with the object and strategy of the organization. Controls are necessary in order to avoid that employees will do things that the organization does not want them to do or fail to achieve what they want them to achieve. The need for control has three reasons: lack of direction, motivational problems and personal limitations (Merchant and Van der Stede, 2007). These three categories are reasons why employees do not comply with the expectations of the organization. The question if employees will behave as the organization wants them to do can therefore be divided into these three areas:

1. Do employees know what the organization wants from them? When there is a lack of direction the likelihood of desired behaviour is minimal.

2. Even when it is known what the organization wants from them, employees can have individual objective, which are going beyond the organization objectives. This might lead to fraud, lost revenues because of damaged reputation, etc.

3. When employees know what the organization wants from them, are motivated to act on the organization objectives but are unable to perform well because of personal limitations. Personal limitations can be a lack of intelligence, training experience, knowledge, information, etc.

Merchant and Van der Stede (2007) define four different types of controls: Results control, action control, personnel control and cultural control. Results control can be seen as a performance measure. It is about involving and rewarding employees for generating good results. According to the authors results control is particular dominant as controlling

mechanisms to behaviours of managers with decision authority. Results controls are usually used as a major component of the management control system used in all organizations. Exceptions for this are very small organizations.

Actions controls ensure that employees act in the best interest of the organization by making their action themselves the focus of control. Personnel controls are built on

employees’ natural tendencies to control and/or motivate themselves. It will help to ensure that the employees know what the organization wants from them and have all the capabilities (e.g. experience, intelligence) and recourses (e.g. information and time) to be able to do a

engage in self-monitoring. Methods to implement personnel controls are section and placement of employees, training, job design and prevision of necessary resources.

Cultural controls are group norms and values and power of group pressure on individuals. This type of control is most effectively when members of a group have an emotional relationship to each other. Organizational cultures are relatively fixed over time, even while goals and strategies change, culture has less fluctuation. The organizational culture is part of written and unwritten rules that govern employees’ behaviours. Managers attempt to create and shape organizational cultures in different ways by words and by example. Most important methods to shape culture are: codes of conduct and group rewards. Other methods are interorganizational transfers, physical & social arrangements, and tone at the top.

3.2.3 Simons vs. Merchant and Van der Stede

In relation to the two frameworks of Simons (1995) and Merchant and Van der Stede (2007) and comparing the different types of control many similarities can be recognized. Boundary systems of Simons (1995) look like action control of Merchant and Van der Stede (2007) because both are dealing with rules and limitations. Next to that, diagnostic control systems of Simons (1995) and results control of Merchant and Van der Stede (2007) have in common that reward systems are integrated in which good results are rewarded. Targets are set and performance is measured. Also similar is the belief system of Simons (1995) and personnel and cultural control of Merchant and Van der Stede (2007). Both have in common that they can contribute in influencing ethical behaviour. Only the interactive perspective of Simons (1995) is not included in the framework of Merchant and Van der Stede (2007).

When looking more in depth to codes of conduct Merchant and Van der Stede (2007) see the code of conduct as one of the most important methods to organize and shape culture and therefore as a part of the cultural control. Simons (1995) also is in the opinion that the code of conduct should define the appropriate behaviour of employees. However, he thinks that belief systems are used to communicate the company’s values, beliefs and norms to the employees and are written down in the code of conduct. Therefore in his view codes of business conduct are an example of business conduct boundaries systems. As a result Simons (1995) sees the codes of conduct as hard controls (formal controls) instead of soft control (informal control), unlike Merchant and Van der Stede (2007).

3.3 Code of conduct and management control

In paragraph 3.1 I already started that corporate governance and management control are linked. Corporate governance provides procedures and processes to create value and fulfil responsibilities for an organization as a whole (Merchant and Van der Stede, 2007). Management control goes one way down and helps to ensure appropriate behaviour of

employees (Merchant and Van der Stede, 2007). A code of conduct is even more specific and is used as a tool to help employees to understand what behaviours are expected. Nowadays a code of conduct is part of the soft control system within an organization. Soft control is an internal control instrument and is part of the management control framework. In the research field of corporate governance little attention is paid to guide, control or measure performance based on soft controls. In the next chapter further attention will be paid to this issue.

The two MCS frameworks of Simons (1995) and Merchant and Van der Stede (2005) have clear links with codes of conduct. Hereinafter these links will be outlined. Starting with the framework of Simons (1995), in his first lever of control, beliefs systems, has a clear connection with the code of conduct. Belief systems express basic values based on the company’s business strategy. Managers would like that employees are committed to these values. This is equal to what a code of conduct is referring to. To give direction to the belief systems an organization will make use of limits. A code of conduct can very well set these limits, which is therefore a boundary system. The code of conduct exactly describes what behaviour is expected and what is not. For compliance with a code of conduct diagnostic control systems can be used. These systems are used to motivate, monitor and achieve specified intended strategies. For example, a reward system can be used to encourage desirable behaviour. Last, interactive control systems can serve as a tool to examine if the code of conduct leads to the desired behaviour. Based on this examination, the code of conduct can be adjusted.

In a different way the framework of Merchant and Van der Stede (2007) also has links with codes of conduct. Personnel and cultural controls are used to influence ethical behaviour of employees. Codes of conduct can set the principles to which employees should comply. At the same time when the management gives a good example it positively affects ethical

behaviour of employees. Since results control is like the diagnostic control, this type of control also is linked to a code of conduct because it can be used as a tool to examine compliance with the code. Actions controls can be integrated in the internal procedures and

set the conditions to act ethically. Compliance with the code of conduct can be part of the internal procedures.

Both Simons and Merchant & van de Stede state that when an organization pays attention to all their four ‘levers of control’ (Simons, 1995) or four types of control (Merchant and Van der Stede, 2007) it will contribute to internal control. In particular codes of conduct can contribute in belief and boundary systems (Simons, 1995) and cultural control (Merchant and Van der Stede, 2007). At the other hand, the frameworks of Simons and Merchant and Van der Stede can contribute to the effectiveness of codes of conduct.

3.4 Soft control

Last years organizations pay more attention to behaviour in the organization and investing in soft controls. Soft control is also known as informal control, hard control is also known as formal control. In this report we use both constructs. Where soft control (informal control) have their focus on behaviour while hard control (formal control) has its focus on

administrative control. Culture and values in the organization connect and integrate soft and hard controls (Burlaud, 1990)

As shown in the previous paragraph Merchant and Van der Stede (2007) pay specific attention to these soft aspects that influence behaviour. To be more precise personal and culture are soft controls. There is not a generally accepted definition of soft controls. The aim of soft controls is to promote integrity and desired behaviour among employees and

management. Examples are culture and exemplary behaviour (Kaptein en Wallage, 2010). In contrast to formal/hard controls, these controls are less easy to measure.

Formal or hard control systems are written procedures to achieve the goal of the company by direct control on behaviour (Leatherwood and Spector, 1991; Ouchi, 1977). Organizational goals, budgets, reward criteria, performance appraisal standards are all examples of part of the organizational formal control system (Falkenberg and Herremans, 1995). As said before soft control systems are comprised of common values, beliefs and traditions that direct the

behaviour of employees (Ouchi, 1980; White, 1980). According to Falkenberg and Herremans (1995) it is important to combine formal and soft control systems. They argue that soft control systems dominate integrity influencing but are insufficient to ensure ethical behaviour within an organization.