Do you need a whistleblowing system?
It's a good question, and one could easily answer it with, nah, not really.
But before you answer that, take a look at your business historically.
Has your business ever suffered a prior breach? Here's the kicker. You may not necessarily know the true answer to that.
Because there are plenty of studies that show that many ethical breaches go unreported in the workplace for the simple reason that employees don't think anything will be done if they did come forward.
Aside from potential breaches you possibly know nothing about, there are a number of criteria a company should assess if it's toying with the decision of implementing a whistleblower system, internally run, or via a third-party.
There's the whole regulatory environment to think about for one. Something to consider is that now the SOX whistleblower provisions shield not only employees of publicly traded companies, but also employees of privately held contractors and subcontractors who perform work for a public company.
Publicly traded corporations must establish procedures for employees to file internal whistleblower complaints, and have procedures in place that protect the confidentiality of employees who file complaints.
It's also a good idea to take a look at your existing corporate culture and the ability, if any, that employees currently have for coming forward with complaints.
As mentioned above, many employees won't come forward because they feel nothing would be done anyway. Having an internal program in place for reporting wrongdoing is a very common option for companies and in many cases, works very well. But if employees feel there's a history of ignoring complaints, or even worse, retaliation, they will hesitate to let you know about ethical breaches.
One big issue that many companies may face when deciding on implementing a program, is the geographical factor. Plenty of companies have operations that spread over many locations globally. What this means is that employees, who could potentially be reporting ethical breaches, will be doing so in their native languages. It may seem a bit overwhelming for a company to sort through this clutter of details, so holding off implementing a program, or not implementing at all, is a possibility. This will then prolong the life of potential wrongdoing if there's no place for employees to report, or nobody who understands what they are trying to say.
If a company is toying with idea of implementing a whistleblower program internally, the first thing typically on the list for discussion is price, and how much time and resources will be taken putting everything together. And a big factor is the fact that if a company does decide to implement internally, but also has a global reach, what happens when employees in other parts of the world want to file a report to head office that is currently closed for the day?
One other item to think about is what type of best practices are recommended for your type of company, whether public, private, or not for profit. We know that US Sarbanes Oxley and Canadian Multi-Lateral Instrument 52-110 state that public companies need a whistleblower program in place.
And private companies tend to suffer a lot from lost revenue. In fact, plenty of small to medium private companies don't have a fraud response plan in place at all. The ACFE reports that two thirds of reported fraud cases in their study were from private and public companies. They suffered the largest median losses, however, private companies are less prepared financially to cover losses compared to their public counterparts.
Not for profits have even more to lose from ethical breaches, including their reputation and the elimination of much needed funding. Imagine Canada’s Standards Program offers a Canada-wide set of shared standards for charities and nonprofits, including the need for a whistleblower policy and procedures. The lack of a place to report wrongdoing in an NPO could potentially spell disaster for the organization.
Ultimately, the better a company is at collecting and responding to information brought forward by employees, the better they will be at detecting and limiting losses.
The fact is that fearful employees will not come forward. Whatever system a company chooses to use should empower and protect employees.
Organizations that successfully encourage internal reporting of wrongdoing are empowered to respond quickly to internal misconduct, thereby potentially reducing financial losses and reputational damage. Successful organizations also improve employee morale, engagement, open communication and transparency. This in turn creates a culture of ethics, integrity and often, better bottom line performance.