All too often companies uncover fraud by chance rather than through conventional risk management. Over 42% of larger European companies have suffered fraud in the past two years, according to new research by PricewaterhouseCoopers.
Despite this, many companies are convinced that their existing systems of oversight and control will protect them. Good controls are indeed vital, but they can be circumvented by collusion or management override.
A potentially valuable supplement to internal controls is a well-structured whistle-blowing policy. This can enable organisations to enlist the support of a powerful ally – the workforce.
I have encountered numerous cases where, after a fraud has come to light, employees have admitted to having had suspicions, but felt unable to come forward or were unsure whom to turn to.
The main causes of inaction include fear of the consequences of reporting suspicions and the absence of any sense of responsibility for reporting.
In some cases, employees resort to anonymous letters to draw attention to their concerns. But an anonymous tip-off is one thing; proper use of a formalised whistleblowing channel is quite another. The latter allows a dialogue to take place, where the scope of the problem can be much more precisely defined and a more effective strategy for dealing with it can be devised.
So what makes a ‘good’ whistleblowing policy? Essential ingredients include absolute clarity of a reporting line to someone in a suitably independent position and clear procedures for responding to concerns raised, including adequate feedback to the whistleblower as to how their information has been followed up. It is also important for top management to send strong and repeated messages throughout the organisation that the risk of fraud is taken seriously and concerns everyone. The implementation of such a policy need not cost much, and could save a great deal.