Anonymous Whistleblower Reporting Systems

The Sarbanes Oxley Act passed in 2002 requires audit committees of publicly traded companies to have an anonymous whistleblowing channel accessible to employees for reporting instances of internal financial fraud.

Posted by Joe Gerard in Ethics & Compliance, Whistleblower on April 7th, 2010

A study conducted at the University of Hampshire has lead to some interesting conclusions regarding the handling of tips provided through anonymous reporting tools for whistleblowers. The study is titled “Effects of Anonymous Whistle-Blowing and Perceived Reputation Threats on Investigations of Whistle-Blowing Allegations by Audit Committee Members” and has been published in the Journal of Management Studies by Wiley Publications. The study is also the first study based on the effects of anonymous reporting and the threats whistleblowing imposes on the reputation of those within the company associated with committing fraud. The overall conclusion of the study is that anonymous whistleblower systems are ineffective, as many of the tips received through anonymous sources are ignored and deemed “less credible” than those reported through non-anonymous means.

Disturbing Conclusions:

The Sarbanes Oxley Act passed in 2002 requires audit committees of publicly traded companies to have an anonymous whistleblowing channel accessible to employees for reporting instances of internal financial fraud. The reasoning behind keeping the system anonymous is for whistleblower protection from workplace retaliation or prosecution. This study has questioned the effectiveness of anonymous reporting systems. In the article “Anonymous Whistle-Blowing Systems Are Often Dysfunctional“, Co-author of the study, Jacob Rose stated that:

“We concluded that audit committee members who evaluate whistleblowing allegations, and determine whether or not allegations should be investigated, treat anonymous and non-anonymous allegations very differently. Audit committee members find anonymous allegations to be less credible than non-anonymous ones. As a result, audit committee members often choose not to investigate an anonymous allegation, even when the allegation indicates very serious threats to the integrity of the financial reporting system. When an identical allegation is not anonymous, audit committees allocate significant resources to the investigation of the allegation. In brief, anonymous allegations appear to be ignored in many cases.”

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

The findings in this study demonstrate that those involved in the study have been using anonymity and reputation as a way to prioritize and distinguish between cases worthy of investigation. This method is unprofessional and needs to be fixed, as many are even admitting that the leads they have received through anonymous reporting tools have been qualified as posing a threat to the company. This method would certainly not hold up in court, as the law requires employers to demonstrate an immediate reaction to any tip received through instated reporting channels- many companies have developed a policy for conducting preliminary investigations that determine if the issue reported needs to be investigated any further.  Rose also noted an additional finding in their results:

“What is particularly disturbing, however, is that we also find evidence that reputation threats faced by corporate directors have significant influences on decisions to investigate allegations. Essentially, when audit committee members recognize that an allegation threatens their reputations, they have incentives to not investigate the allegation. These incentives cause the audit committee members to perceive that the allegation is less credible, which provides justification for deciding not to investigate the allegation. The data indicates that reputation threats can create conflicts of interest, and directors appear to favor personal reputations over obligations to oversee financial reporting quality.”

Necessary Changes

The purpose of a reporting system is to identify fraudulent actions, catch those responsible for the act and decrease the level of risk within the company to avoid negative media attention and significant fines. This case raises the question, who makes the decision whether to investigate a tip or not? It’s important that companies select people for this position wisely, as the person must be neutral to reputation threats, in order to make sure that each case receives a fair evaluation before deciding not to follow through with an investigation. In many cases, this role is taken on by a third party that handles the responsibility of maintaining anonymity for claimants throughout the investigation process.

Anne Simmons is the co-founder, president and CEO of Board Advisory Services, she contributed an article to Ethisphere entitled, “Want to Avoid Unpleasant Compliance Surprises? Embrace a Strong Whistleblowing Policy.” In this article, she suggests:

“Emphasize the company’s, as well as your own commitment to non-retaliation. Word will quickly spread that ethics is an important part of the company’s culture and that employees should feel safe reporting wrongdoing. Work with a third-party to develop a system for collecting reports, verifying the information from employees anonymously and following up with those employees while still maintaining their privacy. Block mid-level interference- reports of wrongdoing, once vetted by a third-party, should go to the Board. Exposure to the Board all but mandates that serious issues be investigated. Failure to do so usually results in cover-ups or sidetracking by those responsible for troubles.”

You may also want to focus on developing a conflict of interest policy that covers conflicts of interest throughout your entire organization- particularly when handling investigation decisions. Many of the respondents in the study reported that the decision to investigate or not was based on the ability to protect employee reputations, therefore, the issue of conflicting interests hindered their judgment of the situation. To provide some insight on what to consider when developing policies to eliminate conflict of interest in your workplace, Brad Holman, Investigative Specialist at IRG writes the following about conflict of interest:

“It’s important that an organization’s culture be consistent to understand what a conflict of interest is. Organizational values such as honesty, integrity, professionalism, trust, commitment, competency, excellence and credibility are fundamental in the development of effective conflict of interest policies. It’s important that a comprehensive risk and threat analysis be completed- including a review of existing policies, guidelines, culture, legislative and employee expectations. Once completed, the development of an action plan to mitigate the risks can be undertaken. Additionally, culture must foster an environment where all employees, from top to bottom, are expected to avoid situations of conflict and immediately and willingly disclose any pecuniary interests. This is particularly important in the fields of finance, securing contracts, procurement of any goods and services, and human resources where nepotism can be problematic.”

Joe Gerard
Joe Gerard

CEO, i-Sight

Spend my days showing off the i-Sight investigative case management software and finding ways to help clients improve their investigations. Usually working with corporate security, HR & employee relations, compliance and legal teams.

Visit Website