Code of Conduct

The ERP Risk Advisors Code of Conduct is one of the ways we put ERP Risk Advisors’ values into practice. It is built around the recognition that everything we do in connection with our work at ERP Risk Advisors will be, and should be, measured against the highest possible standards of ethical business conduct. We set the bar that high for practical as well as aspirational reasons: Our commitment to the highest standards helps us hire great people, build great products, and attract loyal customers. Respect for our customers, for the opportunity, and for each other are foundational to our success, and are something we need to support every day.

So please do read the Code and ERP Risk Advisors’ values, and follow both in spirit and letter, always bearing in mind that each of us has a personal responsibility to incorporate, and to encourage other ERP Risk Advisor team members to incorporate, the principles of the Code and values into our work. And if you have a question or think that one of your fellow employees at ERP Risk Advisors or the company may be falling short of our commitment, do not be silent. We want – and need – to hear from you.

Who Must Follow Our Code?

We expect all team members to know and follow the Code. Failure to do so can result in disciplinary action, including termination of employment. Moreover, while the Code is specifically written for ERP Risk Advisors team members, we expect members of our extended workforce (temps, vendors, and independent contractors) and others who may be temporarily assigned to perform work or services for ERP Risk Advisors to follow the Code in connection with their work for us. Failure of a member of our extended workforce or other covered service provider to follow the Code can result in termination of their relationship with ERP Risk Advisors.

Team Members and extended workforce members must complete in a timely fashion all training that are required for their roles.

What If I Have a Code-Related Question or Concern?

If you have a question or concern, do not just sit there. You can contact your manager and be a part of finding answers. If you believe a violation of law has occurred, you can always raise that through the admin@erpra.net line or with a government agency.

To notify the company, please mail your concern to:

ERP Risk Advisors
Attn: Workplace Concern
209 N 52^nd Ave
Greeley, CO 80634

You may report your concerns to ERP Risk Advisors anonymously. However, we encourage you to provide your name and contact information so that we may contact you directly, if necessary.

No Retaliation

ERP Risk Advisors prohibits retaliation against any worker here at ERP Risk Advisors who reports or participates in an investigation of a possible violation of our Code, policies, or the law.

1. Serve Our Customers
   Our customers value ERP Risk Advisors not only because we deliver great products and services, but because we hold ourselves to a higher standard in how we treat customers and operate more generally. Keeping the following principles in mind will help us to maintain that high standard:
2. Integrity
   Our reputation as a company that our customers can trust is our most valuable asset, and it is up to all of us to make sure that we continually earn that trust. All our communications and other interactions with our customers should increase their trust in us.
3. Usefulness
   Our products, features, and services should make ERP Risk Advisors more useful for all our customers. We have many different types of customers, from individuals and partners to large businesses, but one guiding principle: “Is what we are offering useful?”
4. Privacy, Security, and Freedom of Expression
   Always remember that we are asking customers to trust us with their personal information. Preserving that trust requires that each of us respect and protect the privacy and security of that information. Our security procedures limit and/or prohibit access to and use of customers’ personal information and require that each of us take measures to protect user data from unauthorized access. Know your responsibilities under these procedures, and collect, use, and access user personal information only as authorized by our Security Policies, our Privacy Policies, and applicable data protection laws. ERP Risk Advisors is committed to advancing privacy and freedom of expression for our customers around the world. Where user privacy and freedom of expression face government challenges, we seek to implement internationally recognized standards that respect those rights as we develop products, do business in diverse markets, and respond to government requests to access user information or remove customer content. Contact your manager if you have questions on implementing these standards in connection with what you do at ERP Risk Advisors.
5. Responsiveness
   Part of being useful and honest is being responsive: We recognize relevant customer feedback when we see it, and we do something about it. We take pride in responding to communications from our customers, whether questions, problems, or compliments. If something is broken, fix it.
6. Take Action
   Any time you feel our customers are not being well-served, don’t be reserved – let someone in the company know about it. Continually improving our products and services takes all of us, and we are proud that ERP Risk Advisors champion our customers and take the initiative to step forward when the interests of our customers are at stake.

Support and Respect Each Other

Our principles
ERP Risk Advisors has an unwavering commitment to prohibiting and effectively responding to harassment, discrimination, misconduct, abusive conduct, and retaliation. To that end, ERP Risk Advisors adheres to these Guiding Principles:

Commitment: ERP Risk Advisors sets a tone at the top of commitment to a respectful, safe, and inclusive working environment for all employees and members of the extended workforce.

Care: ERP Risk Advisors creates an environment with an emphasis on respect for everyone at all levels of the organization, including specifically by helping and showing empathy to employees and members of the extended workforce throughout and after the complaint process.

Transparency: ERP Risk Advisors is open and transparent as an organization regarding the frequency with which complaints arise regarding harassment, discrimination, misconduct, abusive conduct, and retaliation, and the Company’s approach to investigating and responding to those allegations.

Fairness & Consistency: ERP Risk Advisors ensures that individuals are treated respectfully, fairly, and compassionately in all aspects of Management’s interactions and applies policies, procedures, and outcomes consistently regardless of who is involved.

Accountability: ERP Risk Advisors holds all individuals responsible for their actions, and ensures that where appropriate, those individuals hold others accountable too. Extreme Ownership.

1. Our practice
   Consistent with the Principles, ERP Risk Advisors are expected to do their utmost to create a supportive work environment, where everyone can reach their fullest potential, and be free from harassment, intimidation, bias, and unlawful discrimination.
2. Equal Opportunity Employment
   Employment here is based solely upon individual merit and qualifications related to professional competence. We prohibit unlawful discrimination or harassment based on race, color, veteran status, national origin, ancestry, pregnancy status, sex, gender identity or expression, age, marital status, mental or physical disability, medical condition, or any other characteristics protected by law. We also make all reasonable accommodations to meet our obligations under laws protecting the rights of people with disabilities.
3. Harassment, Discrimination, and Bullying
   ERP Risk Advisors prohibits discrimination, harassment and bullying in any form – verbal, physical, or visual, as discussed more fully in our Policy Against Discrimination, Harassment and Retaliation. If you believe you have been bullied, harassed, or discriminated against by anyone at ERP Risk Advisors, or by an ERP Risk Advisors partner or vendor, we strongly encourage you to immediately report the incident to your supervisor. Similarly, supervisors and managers who learn of any such incident should immediately report it to the CEO. A prompt and thorough investigation of any complaints and appropriate action will be taken.
4. Drugs and Alcohol
   Our position on substance abuse is simple: It is incompatible with the health and safety of our employees, and we do not permit it. Consumption of alcohol is not banned at our offices but please use good judgment and never drink in a way that leads to impaired performance or inappropriate behavior, endangers the safety of others, or violates the law. Illegal drugs in our offices or at sponsored events are prohibited. If a manager has reasonable suspicion to believe that an employee’s use of drugs and/or alcohol may adversely affect the employee’s job performance or the safety of the employee or others in the workplace, the manager may request an alcohol and/or drug screening. A reasonable suspicion may be based on objective symptoms such as the employee’s appearance, behavior, or speech.
5. Safe and Healthy Workplace
   We are committed to a safe, healthy, and violence-free work environment. Behavior that poses risk to the safety, health, or security of ERP Risk Advisors, our extended workforce, or visitors is prohibited. If you become aware of a risk to the safety, health, or security of our workplace, you should report it to ERP Risk Advisors’ CEO immediately. If it is life-threatening or an emergency, call your local police, fire, or other emergency responders first, and then report it to ERP Risk Advisors’ CEO.

Avoid Conflicts of Interest

When you are in a situation in which competing loyalties could cause you to pursue a personal benefit for you, your friends, or your family at the expense of ERP Risk Advisors or our customers, you may be faced with a conflict of interest. All of us should avoid conflicts of interest and circumstances that present the appearance of a conflict.

When considering a course of action, ask yourself whether the action you are considering could create an incentive for you, or appear to others to create an incentive for you, to benefit yourself, your friends or family, or an associated business at the expense of ERP Risk Advisors. If the answer is “yes,” the action you are considering is likely to create a conflict-of-interest situation, and you should avoid it.

Below, we provide guidance in seven areas where conflicts of interest often arise:

• Personal investments
• Outside employment, advisory roles, board seats, and starting your own business.
• Business opportunities found through work.
• Inventions
• Friends and relatives; co-worker relationships
• Accepting gifts, entertainment, and other business courtesies
• Use of ERP Risk Advisors products and services

In each of these situations, the rule is the same – if you are considering entering a business situation that creates a conflict of interest, do not. If you are in a business situation that may create a conflict of interest, or the appearance of a conflict of interest, review the situation with your manager. Finally, it is important to understand that as circumstances change, a situation that previously did not present a conflict of interest may present one.

Personal Investments
Avoid making personal investments in companies that are ERP Risk Advisors competitors or business partners when the investment might cause, or appear to cause, you to act in a way that could harm ERP Risk Advisors.

When determining whether a personal investment creates a conflict of interest, consider the relationship between the business of the outside company, ERP Risk Advisor’s business, and what you do at ERP Risk Advisors, including whether the company has a business relationship with ERP Risk Advisors that you can influence, and the extent to which the company competes with ERP Risk Advisors. You should also consider 1) any overlap between your specific role at ERP Risk Advisors and the company’s business, 2) the significance of the investment, including the size of the investment in relation to your net worth, 3) whether the investment is in a public or private company, 4) your ownership percentage of the company, and 5) the extent to which the investment gives you the ability to manage and control the company. Investments in venture capital or other similar funds that invest in a broad cross-section of companies that may include ERP Risk Advisors’ competitors or business partners do not create conflicts of interest. However, a conflict of interest may exist if you control the fund’s investment activity.

Outside Employment, Advisory Roles, Board Seats, and Starting Your Own Business
Avoid accepting employment, advisory positions, or board seats with ERP Risk Advisors competitors or business partners when your judgment could be, or could appear to be, influenced in a way that could harm ERP Risk Advisors. Additionally, because board seats come with fiduciary obligations that can make them particularly tricky from a conflict-of-interest perspective, you should notify your manager before accepting a board seat with any outside company. ERP Risk Advisors board members and employees who are VP and above should also notify Ethics & Business Integrity. Finally, do not start your own business if it competes with ERP Risk Advisors.

Business Opportunities Found Through Work
Business opportunities discovered through your work here belong first to ERP Risk Advisors, except as otherwise agreed to by ERP Risk Advisors.

Inventions
Developing or helping to develop outside inventions that a) relate to ERP Risk Advisors’ existing or reasonably anticipated products and services, b) relate to your position at ERP Risk Advisors, or c) are developed using ERP Risk Advisors corporate resources may create conflicts of interest and be subject to the provisions of ERP Risk Advisors’ Confidential Information and other employment agreements. If you have any questions about potential conflicts or intellectual property ownership involving an outside invention or other intellectual property, consult your management.

Personal Relationships at Work
Certain relationships within ERP Risk Advisors may compromise or be seen to compromise your ability to perform your job responsibilities, may create uncomfortable or conflicted positions, and may raise issues of fairness, favoritism, or harassment. Therefore, be mindful of how your relationships within ERP Risk Advisors could impact or be perceived by others. Romantic, physical, or familial relationships are not permitted between an ERP Risk Advisors and another ERP Risk Advisors or member of the extended workforce where one individual is able to exercise authority or supervision over the other. This prohibition includes any situation where one person is in the reporting line of the other, or, for example, a situation where one person is a project or a technical lead on a project on which the other person is working.

Accepting Gifts, Entertainment, and Other Business Courtesies
Accepting gifts, entertainment, and other business courtesies from an ERP Risk Advisors competitor or business partner can easily create the appearance of a conflict of interest, especially if the value of the item is significant. Value is in the eye of the beholder; therefore, everything has value. Contact your manager or the CEO who can provide specific guidance on when it is appropriate for ERP Risk Advisors to accept gifts, entertainment, or any other business courtesy (including discounts or benefits that are not made available to all ERP Risk Advisors) from any of our competitors or business partners.

Acceptance of inexpensive “token” non-cash gifts is permissible. In addition, infrequent and moderate business meals and entertainment with clients and infrequent invitations to attend local sporting events and celebratory meals with clients can be appropriate aspects of many ERP Risk Advisors business relationships, if they are not excessive and do not create the appearance of impropriety. Before accepting any gift or courtesy, consult the CEO or your manager, and be aware that you may need to obtain direct manager approval.

Use of ERP Risk Advisors Products and Services
Avoiding potential conflicts of interest also means that you should not use ERP Risk Advisors products, services, internal tools, or information in a way that improperly benefits you or someone you know or creates the appearance that you have an unfair advantage over customers outside of ERP Risk Advisors. For example, you should never approve ERP Risk Advisors accounts, services, or credits for yourself, your friends, or family members. Similarly, you should not use the tools, information, or access that you have as a ERP Risk Advisor to participate in or to generate a financial benefit for yourself or others from invalid ad traffic (IVT) on ERP Risk Advisors products, such as generating IVT, purchasing or selling IVT (except for the purposes of company sanctioned research), or linking to (or appearing to link to) business partners that may be engaging in IVT. If you find yourself subject to a conflict of interest regarding the use of ERP Risk Advisors’ products, services, tools, or information, discuss the situation with your manager, Legal, or the CEO.

Reporting
Ethics & Business Integrity will periodically report to the ERP Risk Advisors Compliance Steering Committee all matters involving ERP Risk Advisors officers – VPs and above – approved under this section of the Code and will periodically report to the ERP Risk Advisors Nominating and Corporate Governance Committee all matters involving ERP Risk Advisors executive officers and Board members approved under this section.

Preserve Confidentiality
We get a lot of press attention around our innovations and our culture, and that is usually fine. However, certain kinds of company information, if leaked prematurely into the press or to competitors, can hurt our product launches, eliminate our competitive advantage, and prove costly in other ways. Our responsibilities extend beyond not revealing Confidential ERP Risk Advisors material – we must also:

• properly secure, label, and (when appropriate) dispose of Confidential ERP Risk Advisors material.
• safeguard Confidential information that ERP Risk Advisors receives from others under non-disclosure agreements.
• take steps to keep our trade secrets and other confidential intellectual property secret, especially within new technology like AI (artificial intelligence) platforms.

1. Confidential Information
   Make sure that information that is classified as “Need to Know” or “Confidential” is managed in accordance with ERP Risk Advisors’ Data Security Policy. At times, a particular project or negotiation may require you to disclose Need to Know or Confidential information to an outside party: Disclosure of that information should be on an “only as needed” basis and only under a non-disclosure agreement. In addition, ERP Risk Advisors policy may require a prior security assessment of the outside party that is to receive the confidential information. Be sure to conduct the appropriate due diligence and have the appropriate agreement in place before you disclose the information.

There are, of course, “gray areas” in which you will need to apply your best judgment in making sure you do not disclose any confidential information. Suppose a friend who works at a non-profit organization asks you informally how to improve the ERP Risk Advisors search ranking of the group’s website: Giving your friend site-optimization tips available in public articles and on websites isn’t likely to be a problem, but giving tips that aren’t publicly known would be. If you are in a gray area, be cautious in what advice or insight you provide or, better yet, ask for guidance from your manager.

And do not forget about pictures you and your guests take at ERP Risk Advisors – it is up to you to be sure that those pictures do not disclose confidential information.

Finally, some of us will find ourselves having family or other personal relationships with people employed by our competitors or business partners. As in most cases, common sense applies. Do not tell your significant other or family members anything confidential, and do not solicit confidential information from them about their company.

2. ERP Risk Advisors Partners
   Just as you are careful not to disclose confidential ERP Risk Advisors information, it is equally important not to disclose any confidential information from our partners. Do not accept confidential information from other companies without first having all parties sign an appropriate Non-disclosure Agreement (NDA) approved by the CEO or Legal. Even after the agreement is signed, try only to accept as much information as you need to accomplish your business objectives.

Do not disclose any confidential information about any ERP Risk Advisors company, including financial, partner, business, technical, or IP information, before obtaining appropriate sign-off from Legal, which may include getting consent from affected ERP Risk Advisors companies.

3. Competitors/Former Employers
   We respect our competitors and want to compete with them fairly. But we do not want their confidential information. The same goes for confidential information belonging to any ERP Risk Advisors’ former employers. If an opportunity arises to take advantage of a competitor’s or former employer’s confidential information, do not do it. Should you happen to come into possession of a competitor’s confidential information, contact Legal/the CEO immediately.
4. Outside Communications
   You know that our policy is to be extremely careful about disclosing confidential proprietary information. Consistent with that, you should also ensure your outside communications (including online and social media posts) do not disclose confidential proprietary information or represent (or otherwise give the impression) that you are speaking on behalf of ERP Risk Advisors unless you are authorized to do so by the company. The same applies to communications with the press. Finally, check with your manager before accepting any public speaking engagement on behalf of the company.
5. Protect ERP Risk Advisors’ Assets
   ERP Risk Advisors has a well-earned reputation for generosity with our employee benefits and openness with confidential information shared within the company. Our ability to continue these practices depends on how well we conserve company resources and protect company assets and information.
6. Intellectual Property
   ERP Risk Advisors’ intellectual property rights (our trademarks, logos, copyrights, trade secrets, “know- how”, and patents) are among our most valuable assets. Unauthorized use can lead to their loss or serious loss of value. You must respect all copyright and other intellectual property laws, including laws governing the fair use of copyrights, trademarks, and brands. You must never use ERP Risk Advisors’ (or its affiliated entities’) logos, marks, or other protected information or property for any business or commercial venture without pre-clearance from the Marketing Team. We strongly encourage you to report any suspected misuse of trademarks, logos, or other ERP Risk Advisors intellectual property to Legal/the Marketing Team/CEO.

Likewise, respect the intellectual property rights of others. Inappropriate use of others’ intellectual property may expose ERP Risk Advisors and you to criminal and civil fines and penalties. Please seek advice from Lega l/ your manager before you solicit, accept, or use proprietary information from individuals outside the company or let them use or have access to ERP Risk Advisors proprietary information. You should also check with your manager if developing a product that uses content not belonging to ERP Risk Advisors.

A word about open source – ERP Risk Advisors is committed to open-source software development. Consistent with our policy of respecting the valid intellectual property rights of others, we comply with the license requirements under which open-source software is distributed. Failing to do so may lead to legal claims against ERP Risk Advisors, as well as significant damage to the company’s reputation and its standing in the open-source community. Please seek guidance from your manager before incorporating open-source code into any ERP Risk Advisors product, service, or internal project.

7. Company Equipment

ERP Risk Advisors gives us the tools and equipment we need to do our jobs effectively but counts on us to be responsible and not wasteful with the equipment provided to us. Nobody is going to complain if you snag an extra bagel on Friday morning, but company funds, equipment, and other physical assets are not to be requisitioned for purely personal use. Not sure if a certain use of company assets is okay? Please ask your manager.

8. The Network

ERP Risk Advisors’ communication facilities (which include both our network and the hardware that it uses, like computers and mobile devices) are a critical aspect of our company’s property, both physical and intellectual. Be sure to follow all security policies. If you have any reason to believe that our network security has been violated – for example, you lose your laptop, smart phone, or think that your network password may have been compromised – please promptly report the incident to your manager and Victory Technology Services.

9. Physical Security

If you are not careful, people may steal your stuff. Always secure your laptop, important equipment, and your personal belongings, even while on ERP Risk Advisors’ premises. Do not tamper with or disable security and safety devices.

Use of ERP Risk Advisors’ Equipment and Facilities

Anything you do using ERP Risk Advisors’ corporate electronic facilities (e.g., our computers, mobile devices, network, etc.) or store on our premises (e.g., letters, memos, and other documents) might be disclosed to people inside and outside the company. For example, ERP Risk Advisors may be required by law (e.g., in response to a subpoena or warrant) to monitor, access, and disclose the contents of corporate email, voicemail, computer files, and other materials on our electronic facilities or on our premises. In addition, the company may monitor, access, and disclose employee communications and other information on our corporate electronic facilities or on our premises where there is a business need to do so, such as protecting employees and customers, maintaining the security of resources and property, or investigating suspected employee misconduct.

1. Employee Data
   We collect and store personal information from employees around the world. Access this data only in line with local law and ERP Risk Advisors’ internal policies and be sure to handle employee data in a manner that is consistent with ERP Risk Advisors’ other policies.
2. Ensure Financial Integrity and Responsibility
   Financial integrity and fiscal responsibility are core aspects of corporate professionalism. This is more than accurate reporting of our financials, though that is certainly important. The money we spend on behalf of ERP Risk Advisors is not ours; it is the company’s. Each person at ERP Risk Advisors – not just those in Finance – has a role in making sure that money is appropriately spent, our financial records are complete and accurate, and internal controls are honored. This matters every time we hire a new vendor, expense something to ERP Risk Advisors, sign a new business contract, or enter any deals on ERP Risk Advisors’ behalf. To make sure that we get this right, ERP Risk Advisors maintains a system of internal controls to reinforce our compliance with legal, accounting, tax, and other regulatory requirements in every location in which we operate. Stay in full compliance with our system of internal controls, and do not hesitate to contact the CFO or your manager if you have any questions. What follows are some core concepts that lie at the foundation of financial integrity and fiscal responsibility here at ERP Risk Advisors.
3. Spending ERP Risk Advisors’ Money
   A core ERP Risk Advisors value has always been to spend money wisely. When you submit an expense for reimbursement or spend money on ERP Risk Advisors’ behalf, make sure that the cost is reasonable, directly related to company business, and supported by appropriate documentation. Always record the business purpose (e.g., if you take someone out to dinner on ERP Risk Advisors, always record in our expense reimbursement form the full names and titles of the people who attended as well as the reason for the dinner) and comply with other submission requirements. If you are uncertain about whether you should spend money or submit an expense for reimbursement, check with your manager. Managers are responsible for all money spent and expenses incurred by their direct reports and should carefully review such spending and expenses before approving.

Signing a Contract
Each time you enter a business transaction on ERP Risk Advisors’ behalf, there should be documentation recording that agreement, approved by the CEO. Signing a contract on behalf of ERP Risk Advisors is a big deal. Never sign any contract on behalf of ERP Risk Advisors unless all the following are met:

• You are authorized to do so. If you are unsure whether you are authorized, ask your manager.
• The contract has been approved by Legal. If you are using an approved ERP Risk Advisors form contract, you do not need further Legal approval unless you have made changes to the form contract or are using it for other than its intended purpose.

All contracts at ERP Risk Advisors should be in writing and should contain all the relevant terms to which the parties are agreeing – ERP Risk Advisors does not permit “side agreements,” oral or written.

1. Recording Transactions
   If your job involves the financial recording of our transactions, make sure that you are fully familiar with all the ERP Risk Advisors policies that apply.

Immediately report to Finance (CEO/CFO and your manager) any transactions that you think are not being recorded correctly.

1. Reporting Financial or Accounting Irregularities
   It goes without saying (but we’re going to say it anyway) that you should never, ever interfere in any way with the auditing of ERP Risk Advisors’ financial records. Similarly, you should never falsify any record or account, including time reports, expense accounts, and any other ERP Risk Advisors records.

If you suspect or observe any of the conduct mentioned above or, for that matter, any irregularities relating to financial integrity or fiscal responsibility, no matter how small, immediately report them.

1. Hiring Suppliers
   As ERP Risk Advisors grows, we enter more deals with suppliers of equipment and services. We should always strive for the best possible deal for ERP Risk Advisors. This always requires that you solicit competing bids to make sure that you are getting the best offer. While price is important, it isn’t the only factor worth considering. Quality, service, reliability, and the terms and conditions of the proposed deal may also affect the final decision.
2. Retaining Records
   It is important that we keep records for an appropriate length of time. The ERP Risk Advisors Records Retention Policy suggests minimum record retention periods for certain types of records. These are great guidelines, but keep in mind that legal requirements, accounting rules, and other external sources sometimes specify longer retention periods for certain types of records, and those controls where applicable. In addition, if asked by Legal to retain records relevant to a litigation, audit, or investigation, do so until Legal tells you retention is no longer necessary. If you have any questions regarding the correct length of time to retain a record, contact your manager.

Obey the Law

ERP Risk Advisors takes its responsibilities to comply with laws and regulations very seriously and each of us is expected to comply with applicable legal requirements and prohibitions. While it is impossible for anyone to know all aspects of every applicable law, you should understand the major laws and regulations that apply to your work. A few specific laws are easy to violate unintentionally and so are worth pointing out here:

1. Trade Controls
   U.S. and international trade laws control where ERP Risk Advisors can send or receive its products and/or services. These laws are complex, and apply to:

• imports and exports from or into the U.S (United States).
• imports and exports of products from or into other countries, with additional concerns when those products contain components or technology of U.S. origin.
• exports of services or providing services to non-U.S. persons
• exports of technical data, especially when the technical data is of U.S. origin.

What constitutes an “import” or “export” under the law is broad. For example:

• exposing or allowing access by non-U.S. persons to U.S. technical data can be an “export,” regardless of what country the exposure occurred in
• sending a server from one country (“country X”) into another country (“country Y”) is an export from country X and an import into country Y.
• permitting the download of software from one country (“country X”) into another country (“country Y”) is an export from country X.
• transporting technical data or software on your laptop, or tools or equipment in your luggage, may be an export and import.

The bottom line: If you are in any way involved in sending or making available ERP Risk Advisors products, services, software, equipment, or any form of technical data from one country to another, work with your manager to be sure that the transaction stays well within the bounds of applicable laws. If you or your manager are not sure, please contact Global Trade Compliance.

2. Competition Laws
   Most countries have laws – known as “antitrust,” “competition,” or “unfair competition” laws – designed to promote free and fair competition. These laws prohibit 1) arrangements with competitors that restrain trade in some way, 2) abuse of intellectual property rights, and 3) use of market power to unfairly disadvantage competitors.

Certain conduct is absolutely prohibited under these laws, and could result in your imprisonment, not to mention severe penalties for ERP Risk Advisors.

Examples of prohibited conduct include:

• agreeing with competitors about prices
• agreeing with competitors to rig bids or to allocate customers or markets.
• agreeing with competitors to boycott a supplier or customer.

Other activities can also be illegal, unfair, or create the appearance of impropriety. Such activities include:

• sharing competitively sensitive information (e.g., prices, costs, market distribution, etc.) with competitors
• entering a business arrangement or pursuing a strategy with the sole purpose of harming a competitor
• using ERP Risk Advisors’ size or strength to gain an unfair competitive advantage.

Although the spirit of these laws is straightforward, their application to situations can be quite complex.
ERP Risk Advisors is committed to competing honestly, so please contact your manager if you have any questions about the antitrust laws and how they apply to you. Any personnel found to have violated ERP Risk policy will, subject to local laws, be disciplined, up to and including termination of employment. If you suspect that anyone at the company is violating the competition laws, notify management immediately.

3. Insider Trading Laws
   As we said earlier, internally we share information, including non-public information, about ERP Risk Advisors’ business operations freely. In addition, you may overhear a hallway conversation or come across a memo at a copy machine, either of which might involve confidential information. To use this nonpublic information to buy or sell stock, or to pass it along to others so that they may do so, could constitute insider trading. Insider trading not only violates this Code, but it also violates the law. Do not do it.
4. Anti-bribery Laws
   Like all businesses, ERP Risk Advisors is subject to lots of laws, both U.S. and non-U.S., which prohibit bribery in every kind of commercial setting. The rule for us at ERP Risk Advisors is simple – do not bribe anybody, anytime, for any reason.
5. Non-government relationships
   You should be careful when you give gifts and pay for meals, entertainment, or other business courtesies on behalf of ERP Risk Advisors. We want to avoid the possibility that the gift, entertainment, or other business courtesy could be perceived as a bribe, so it is always best to provide such business courtesies infrequently and, when we do, to keep their value moderate. Consult management before providing any business courtesies or if you have any questions.
6. Dealing with government officials
   Offering gifts, entertainment, or other business courtesies that could be perceived as bribes becomes especially problematic if you are dealing with a government official. “Government officials” include any government employee; candidate for public office; or employee of government-owned or -controlled companies, public international organizations, or political parties. Several laws around the world, including the U.S. Foreign Corrupt Practices Act and the UK (United Kingdom) Bribery Act, specifically prohibit offering or giving anything of value to government officials to influence official action or to secure an improper advantage. This not only includes traditional gifts, but also things like meals, travel, political or charitable contributions, and job offers for government officials’ relatives. Never give gifts to thank government officials for doing their jobs. By contrast, it can be permissible to make infrequent and moderate expenditures for gifts and business entertainment for government officials that are directly tied to promoting our products or services (e.g., providing a modest meal at a day-long demonstration of ERP Risk Advisors products). Payment of such expenses can be acceptable (assuming they are permitted under local law) but may require pre-approval from the CEO or higher management.

The U.S. also has strict rules that severely limit the ability of a company or its employees to give gifts and business courtesies to a U.S. government official and limit the official’s ability to accept such gifts. The Honest Leadership and Open Government Act prohibits giving any gifts, including travel and other courtesies, to Members, Officers, and employees of the U.S. Senate and House of Representatives unless they fit within one of several specific exceptions. Gifts to employees of the U.S. executive branch are also regulated and subject to limits. Finally, state, and local government officials in the U.S. are also subject to additional legal restrictions. Consult the CEO or higher management before giving any such gifts or business courtesies and obtain all required pre-approvals. Carefully follow the limits and prohibitions described and obtain any required pre-approvals.

Conclusion

ERP Risk Advisors aspires to be a different kind of company. It is impossible to spell out every possible ethical scenario we might face. Instead, we rely on one another’s good judgment to uphold a high standard of integrity for ourselves and our company. We expect all ERP Risk Advisors to be guided by the letter and spirit of this Code. Sometimes, identifying the right thing to do is not an easy call. If you are not sure, do not be afraid to ask questions of your manager.

And remember… do not be evil, and if you see something that you think is not right – speak up!