Supporting Practices
9.1 The board articulates its expectations of conduct, and the consequences for
misconduct, for the people involved with the organisation
9.2 The board oversees compliance with relevant laws, regulations and internal
policies
9.3 Conflicts of interest are identified, disclosed and managed
9.4 There is a process for investigating misconduct and relevant instances are
brought to the attention of the board
For an organisation to work effectively, there must be
clear expectations about how the people involved with
it are expected to behave. Boards play an important role
in defining acceptable behaviours and in establishing
frameworks that enable action when unacceptable
behaviours occur.
Although much can be done through policies and practices
to shape behaviour, one of the most powerful influences
on the behaviour of people involved with an organisation
is culture. For this reason, Principle 9: Conduct and
Compliance is closely linked with Principle 10: Culture.
Codes of conduct
Codes of conduct are policy documents that describe
the behaviours (conduct) expected of the people involved
in an organisation. The board will generally approve the
code of conduct and it will apply to all people involved
in the organisation such as staff, volunteers, members
and directors.
These codes will generally include:

Codes of conduct take many forms; some are highly
prescriptive, prohibiting certain actions or behaviours,
while others are more principles-based. The common
goal of codes of conduct is to provide guidance to the
people involved with an organisation about how they are
expected to behave. For this reason, it is common for codes
of conduct to include a discussion of these expectations,
relevant examples and links to relevant internal policies.
It is important that a code of conduct is enforced. The
consequences for failing to comply with the code of conduct
should be clearly set out, as well as the mechanisms for
how this will be determined and enforced. Boards should be
prepared to make difficult decisions to enforce the code of
conduct and to empower management to do the same.
Back to top
Complying with the law
All organisations must comply with the law. It is important
that boards understand the legal framework that applies to
their organisation and that they are satisfied with the steps
taken to comply.
The laws that apply to an NFP will depend on the nature of
the organisation. Some laws, such as taxation laws and the
criminal code, apply to all organisations. Other laws may
only apply based on the type of activity the organisation is
undertaking such as the laws around preparing and storing
food or fundraising.
It is generally not possible for a board to know every law
that applies to their organisation in detail or to evaluate
for themselves whether the organisation is complying with
every relevant law. However, there are ways that a board
can oversee compliance with the law, for example, by:
- Seeking independent review of proposed decisions;
- Establishing a policy framework that requires staff to
follow relevant laws;
- Maintaining integrity of internal and external audit
processes;
- Promoting a culture of compliance;
- Seeking independent legal advice where necessary; and
- Establishing robust systems for reporting and
investigating misconduct.
Boards can and should apply a similar approach to
requiring compliance with their governing documents
and internal policies. Boards may be interested to inquire
into how management maintains compliance with policies
such as through providing regular training, internal
communications or through requiring compliance through
employment contracts.
Back to top
Conflicts of interest
Directors have a duty to act in the best interest of their
organisation. At times, a director’s personal interests (such
as their investment interests) or their other duties (such as
to another organisation of which they are a director) may
conflict with this duty. This is called a conflict of interest.
Conflicts of interest can also affect other people
involved with the organisation, such as management
and staff, and it is important that these conflicts are also
identified and managed.
There are three types of conflicts of interest:
Figure 10: Types of conflict of interest

Conflicts of interest can’t always be avoided and do not
necessarily represent a problem. However, it is important
that they are managed properly so that directors are acting
in the best interest of the organisation and to protect the
organisation’s reputation.
The first step to managing conflicts of interest is
identification. Conflicts of interest should be recorded so
that there is transparency about what directors’ interests
are. Many organisations maintain a register of directors’
interests, which records any relevant interests that may give
rise to a conflict now or in the future. This also assists with
appropriate oversight and transparency of these interests.
It is good practice for the chair to invite directors to declare
any conflicts of interest at the beginning of a meeting.
An organisation’s governing documents
and any laws that apply to it may set out
requirements about the management and
disclosure of conflicts of interest.
Once a conflict has been identified, the board must decide
how it will be managed. For example, it may be required
that the conflicted director:
- Refrain from participating in any discussion about
related matters;
- Remove themselves from the room; or
- Abstain from voting on any matter related to the
conflict
This is called taking remedial action. The appropriate
remedial action will depend on the nature of the conflict
and boards will need to determine how best to manage
a conflict based on the circumstances of the situation.
If a remedial action is taken to manage a conflict of
interest, it should be recorded in the minutes. In certain
circumstances, a directors’ interests may be conflicted so
regularly or to such an extent that it is not practical for
them to continue in their role and it will be in the best
interests of the organisation that they resign.
It is a good idea to set out in a policy how conflicts of
interest will be managed. This policy should provide
guidance on when disclosures are expected, how they
are to be made and how failures to identify conflicts
will be responded to. It should also reflect any relevant
requirements in the organisation’s governing documents
and any laws that apply to it.
Importantly, a conflicts of interest policy should emphasise
the importance of creating a culture of disclosure. If in
doubt about whether something could be a conflict of
interest, it is always best to err on the side of caution
and to disclose it. This can also assist in promoting
accountability, especially if there is visibility of the
disclosure by an organisation’s stakeholders.
Back to top
Reporting and responding to misconduct
Even the best policies and procedures will not always
prevent wrongdoing within organisations. Where this
occurs, it is important that there are systems in place to
investigate reports of wrongdoing and to take action to
address any misconduct.
The board plays an important role in this, particularly
in driving a culture of reporting and not turning a ‘blind
eye.’ Bad news should travel quickly and easily through
the appropriate parts of organisation so that it can be
responded to at the earliest opportunity. Boards should
encourage reporting of wrongdoing and satisfy themselves
that the organisation has appropriate processes in place
to detect and address it. It may be appropriate for certain
types of information about wrongdoing to be brought
to the attention of the board so that they can provide
appropriate oversight of the organisation’s investigation
and response.
One way boards can approach this issue is through
regularly reviewing information about the organisation’s
performance against the standards of behaviour it seeks to
meet, whether those standards are set by the organisation
(such as through its code of conduct) or by the law
(such as through regulation) or another source (such as
accreditation standards).
There are several standard indicators that organisations can
use to assess their conduct performance:
Figure 11: Examples of conduct performance measures

Other aspects of performance measurement are discussed
in greater detail in Principle 6: Performance.
Back to top
Protecting whistleblowers
Boards should also be satisfied that the people who
report wrongdoing are protected from any retribution.
These people are often referred to as ‘whistleblowers’.
Reports of wrongdoing may come from a range of sources
including current and former staff, contractors, volunteers,
clients and suppliers. These people are an important line
of defence against wrongdoing and providing them with
adequate protection against retribution can encourage
them to come forward with valuable information.
There are laws that provide protection to
whistleblowers where they raise issues of
wrongdoing in certain circumstances. It is
important to know and understand how
these laws apply and to comply with them.
It is a good idea to establish a whistleblower policy that
sets out:
- Who can make a disclosure (which should ideally include
as broad a range of people as reasonably practical);
- How they can make a disclosure (including to whom, by
what method and whether they can do so anonymously);
- The matters about which they can make a disclosure;
- The protections they will receive (including any
protections under the law);
- How their disclosure will be investigated;
- How the organisation will communicate with them about
the investigation; and
- The consequences for people who take retribution
against whistleblowers.
"Whistleblowers are an important
line of defence against wrongdoing
and providing them with adequate
protection against retribution can
encourage them to come forward
with valuable information.”
Back to top
Questions for Directors
- Are the behavioural expectations of the board clearly articulated?
- What are the consequences for failing to meet behavioural expectations?
- How effectively are conflicts of interest managed by the board?
- How does the board respond to bad news?
- What processes are in place to protect whistleblowers?
Case Studies
HelpfulCare
The board of HelpfulCare have authorised a code
of conduct which applies to all staff, volunteers and
directors involved with the organisation. The code sets
out clear expectations of behaviour for these people and
includes detail on how the organisation will respond to
instances of misconduct.
All staff and volunteers at HelpfulCare are taken
through relevant policies, including the code of conduct,
as part of their induction. The board has also set a goal
for management to deliver ongoing and regular training
to staff and volunteers on key policies.
The board has a detailed policy on the management of
conflicts of interest. All directors are required to record
relevant interests in a register as soon as they become
aware of the conflict. The minutes always record any
interests relevant to decision-making and the remedial
action taken to address them.
HelpfulCare employ an independent third party to
provide a confidential service through which staff
and volunteers can report misconduct. Aggregate
information about reports is provided to the board and
any report concerning serious misconduct is provided
to the board in full. The board has also established a
whistleblower protection framework to protect the
people who report wrongdoing.
The Friendlies
The Friendlies’ have a behavioural code called ‘The
Friendly Way’ which sets out the minimum behavioural
expectations for members including positive behaviours.
The code also requires that members comply with other
organisational policies.
All members of the Friendlies are required to follow the
code. The governing documents of the Friendlies set out a
process that can be used in instances of misconduct (not
complying with the code is a form of misconduct).
At the beginning of board meetings, the chair invites
members to disclose any conflicts of interest relevant to
items on the agenda. The chair reminds directors that it
is a legal requirement to declare any personal interest.
The board requires directors leave the room for any issue
in which they have a conflict and that is noted in the
minutes. They choose to be ‘better safe than sorry.’
The board has established a complaints policy which
includes a procedure for responding to instances of
misconduct. It makes sure all new members get a copy
of the policy (and ‘The Friendly Way’) when they first
become members, or when changes are made.