Why do we need a best practise whistleblowing program?
A whistleblower is an organisation member who, on reasonable grounds, makes a disclosure of illegal, immoral or illegitimate practices under the control of their employers, to persons or organisations that may be able to effect action (Miceli & Near 1984:689).
The Australian cliche “don’t dob on your mates” is losing its appeal, with more employees feeling comfortable with their moral obligation and duties to their employer in this respect. Whistleblower Programs are now a key plank within an organisation’s governance framework.
ACFE report 2016*
- Employee tip offs are the leading detection method with approx. 40% of frauds being detected. Surprisingly only 60% of victim organisations had a hotline available. The second closest control mechanism is internal audit at 17% of frauds being detected.
- Over 80% of organisations have external auditors asses their financial statements yet below 4% of frauds were detected by external audits.
- While telephone hotlines are the most common more than half of complaints were submitted via online reporting
An effective compliance framework must have a whistleblowing program
It’s not only acts of fraud and corruption that can be reported under a whistleblower policy. Bullying, harassment, workplace safety, misconduct and a range of other conduct types should be included.
A true commitment from an organisation’s board/governing body, CEO and senior executives is a crucial first step in developing a robust program.
Once the tone is set at the top, the key components include:
- Whistleblowing policy
- Protection policy
- Internal and external reporting pathways (including anonymous reporting)
- Appropriate Resourcing
- Key controls
- Ongoing communication
A key component of a best practice program is the development and ongoing commitment of a ‘speak up’ corporate culture — spanning the entire supply chain. Clearly written and board approved policies, although important, are not effective without the tone being set at the top. Your organisation’s reputation and commercial elements are not protected by simply having an approved policy.