Whistleblowing and Internal Audit Need to Be Together
The role of internal audit in an organization’s ethics reporting policies – an important piece of the puzzle!
We’re seeing more and more whistleblowers in the news lately. They are becoming bolder, whether motivated through conscience or fear.
The evening news is seemingly plastered with reports of someone who has gone public about misuse of public money, bad behaviour by bankers, or violations of personal privacy.
There is a relationship between blowing the whistle and an organization’s culture. A strong and effective internal ethics program is an important component of a healthy corporate culture; effective whistleblowing depends on the right corporate culture that encourages concerns to be raised.
Whistleblowing acts as a deterrent to corrupt practices, encourages openness, promotes transparency, establishes the risk management systems, and helps protect the reputation of an organization.
Appropriate ethics reporting policies and procedures play a big role in the effectiveness of an organization’s corporate governance. Corporate governance is fundamental to effective risk management within an organization. That means whistleblowing policies need to be part of internal auditors’ responsibilities.
Last year, the SEC announced a whistleblower award of more than $300,000 to a company employee who performed audit and compliance functions. This employee reported wrongdoing to the SEC after the company failed to take action when the wrongdoing was reported it internally.
Sean McKessy, Chief of the SEC’s Office of the Whistleblower stated that “individuals who perform internal audit, compliance, and legal functions for companies are on the front lines in the battle against fraud and corruption. They often are privy to the very kinds of specific, timely, and credible information that can prevent an imminent fraud or stop an ongoing one. These individuals may be eligible for an SEC whistleblower award if their companies fail to take appropriate, timely action on information they first reported internally.”
Internal audit has a central role to play in effective whistleblowing procedures, given the nature of the issues brought up by whistleblowers and the position internal audit plays in offering boards advice, support and assurance.
Whistleblowing should be seen as a safety valve, an essential one at that, and should be part of an organization’s internal controls. Having a whistleblowing process in place does not mean failure. Boards need to consider the effectiveness of whistleblowing policies and procedures as part of their oversight of internal controls, and internal audit plays an important role in supporting boards in this area.
Employees who sound the alarm about misconduct early enough can help to ensure that problems come to light before it is too late, helping to prevent disasters from taking over. An organization’s whistleblowing procedures should encourage individuals to disclose concerns using appropriate channels before those concerns become serious problems, damaging an organization’s reputation through negative publicity, regulatory investigation, violations and fines.
In many organizations, internal audit plays a big role in an organization’s whistleblowing practices. They are sometimes a primary point of contact for that initial complaint that’s been submitted. They investigate complaints that relate to fraud, bribery or corruption. And in some cases, they are the person on the other end of the case management system who is confidentially communicating with the complainant, gathering more information as it relates to the misconduct. Internal audit then has to take any key information learned from the incident and apply it to internal controls.
Should an internal auditor find his or herself face to face with fraud, or corruption while doing their due diligence, and if those concerns are not taken seriously or remedied, that internal auditor could face the prospect of considering whether or not to take that information outside the organization, either by external whistleblowing to a regulator or other authority, or by public disclosure. The SEC has shown that audit functions are eligible for an SEC whistleblower award.
It’s just another reason to implement an ethics reporting system, and why internal audit should be promoting it to their organizations. Here are a few more reasons – get the free eBook now. Stop wrongdoing from getting out of hand.