A whistleblower policy provides employees and others the opportunity to report questionable activities for investigation. Providing employees with the knowledge of how and where to report, what information to report, how employees will be protected, and how the company will handle investigations.
Whistleblowing policies help reduce workplace fraud and shortens the lifespan of fraud schemes. According to The Association of Certified Fraud Examiners (ACFE), whistleblower tips uncovered 43% of all fraud schemes. Approximately half of those tips came from employees, while the other half came from vendors and customers.
An organization’s chance of uncovering fraud or other noncompliance issues increases significantly when employees, vendors, and customers can report abnormalities, discrepancies, and other potential problems.
7 Things a Whistleblower Policy Should Include:
- How to report fraud
- The ability to report but remain anonymous
- Ability to report to a non-employee
- Information to include in a whistleblower report
- Protections available to the whistleblower
- How incidents reported are investigated
- Rewards for whistleblowers
How to Report Fraud
Providing multiple ways for employees to report fraud is critical. When setting up reporting channels, it is essential to remember that not all employees may work from an office or access online reporting tools. This makes a case for continuing to have mail-in options and phone lines available for reporting.
Companies that maintain a phone hotline are more likely to receive tips. Hotlines play a key role in being able to uncover fraud up to six months earlier and cutting the potential losses nearly in half.
The following methods are the most popular methods for reporting:
The Ability to Report but Remain Anonymous
Anonymity is a significant factor in people being able to report. Often, they can feel that they are unsure whom to report to in order to feel safe. Providing the ability to report fraud but remain anonymous provides the informant more security in that they will not receive retribution.
Some of the channels mentioned earlier that employees could use to report fraud, such as mailed letters, phone calls, or online forms, should also allow for the informant’s anonymity.
Ability to Report to a Non-employee
Several employees feel more confident in reporting possible fraudulent situations to a non-employee. Ways to provide this is to have the reporting for incidents be written to or checked by a board member or an outside Attorney’s office.
External or internal auditors can also be confidants for employees. When employees are provided access to auditors, they will raise concerns and receive feedback on whether the situation warrants further investigation by the auditors.
Information to Include in a Whistleblower Report
List the type of information that you would like to be disclosed in a fraud report. Employees utilizing methods other than a web form will need to know what information will be most helpful. Question boxes on web forms can collect relevant information about the fraud.
- Specific date(s) of occurrence
- Location(s) effected
- Companies or departments effected
- Individuals(s) involved
- Incident(s) being report
- Reason for concern
- How the issue came to light
- Possible witnesses or people with additional information
- Any other information or support for the claim that maybe valuable
Protections available to the Whistleblower
Whistleblowers need to feel safe and know that they will be protected from retribution if they bring up concerns. A policy should state how you will protect the individual and deal with retaliation towards them.
How Incidents Reported are Investigated
Investigate reported incident(s). If employees feel like their concerns are going unanswered, then they likely will not continue reporting. If employees stop reporting, big frauds may go uncaught for an additional length of time and be much more costly.
List procedural steps followed in an investigation:
- Determine if the fraud report is legitimate
- Determine if additional expertise is necessary to investigate the claim, such as a Certified Fraud Examiner (CFE)
- When does local law enforcement need to become involved
- When the FBI should be involved
As an auditor and now as a consultant, employees often approach me with things they think might be fraud or are suspicious to them. Those employees, when given a chance to talk, will voice their concerns. Some of the issues have been a simple misunderstanding by the employee about company policies. Other times I have had to do additional inquires and dig into the problem because their concerns did raise potential red flags.
Rewards for Whistleblowers
Companies can incentivize employees to come forward with information. However, the number of companies that provide rewards to employees for whistleblowing is relatively low. Only 16% of businesses with more than 100 employees have implemented a whistleblower reward program, while only 4% of businesses with less than 100 employees have a reward program, according to the ACFE.
The US government provides rewards for whistleblowers:
- The False Claims Act provides between 15-30% of the money collected in association with the prosecution of government contracting and government programs if the whistleblower assists.
- The Dodd-Frank Act provides between 10-30% of the money collected in association with securities and commodities fraud if the whistleblower assists.
- The IRS whistleblower law provides between 15-30% of the money collected in association with tax fraud if the whistleblower assists.
Rewards help to incentivize an employee to report misconduct in the business. The National Whistleblower Center has a great article on The Importance of Rewards.
3 Additional Ideas to Incorporate in a Whistleblower Policy
- Whistleblower policy accessibility by employees
- Culture of Strong Ethical Values and a Good Tone at the Top
- Testing the Whistleblower System
Whistleblower policy Accessibility by Employees
The policy should be readily available to employees to help provide confidence that they can safely report their concerns without fear of retaliation from management.
Some ways policies can be distributed include:
- Provided to employees in new hire packets
- In company policy and procedure manuals
- Posted in break rooms, on company bulletin boards, in stairwells
Culture of Strong Ethical Values and a Good Control Environment
When executives, managers, presidents, and other top leaders at a company display honesty, integrity, and confidence in their employees, the employees also demonstrate these attributes. There is a trickle-down effect in attributes that the company displays and upholds, which starts at the top of the company also known as the control environment or tone at the top.
It’s like the old saying, “When Mom isn’t happy, no one is happy.” Everyone in the group can feed off of the individual who is running the show. The same is true in the workplace. If the top employee is taking excessive time off or talking about unethical things, the employees will think that this behavior is acceptable.
Testing the Whistleblower System
Periodically a test should be performed to ensure that communication lines are open and adequately monitored. A test is simply using the email system saying, “This is a test of the whistleblower system, please call me at XXX-XXX-XXXX or reply to this email when you receive it.” You can determine:
1) if the systems are working and
2) how often the system is checked
Rotate testing different delivery methods. Do not perform the tests sequentially. If you try one system right after the next, the person will be on alert to look for all the tests in one short time frame. Instead, you want to make sure the system is always up and running and on high alert.
Example Whistleblower Policy
You can find an excellent example of a well-crafted whistleblower policy here.
Resources
The Association of Certified Fraud Examiners (ACFE) Report to the Nations 2020