Risk & Compliance

Phoning It In

In a recent study of nearly 200,000 whistle-blower reports of alleged infractions, almost two-thirds of the complaints were made via hotlines witho...
John McPartlinFebruary 27, 2007

What’s the best way for an employee to blow the whistle on fraud or related infractions? The most popular way seems to be via hotlines or similar reporting tools. According to a joint report from the CSO Executive Council, an organization of corporate and government security executives, and The Network (a hotline provider), almost two-thirds of the nearly 200,000 reports it studied were made via hotlines without first alerting anyone in management.

Few of those alerts prove to be false alarms. The study, which tracked incidents at 500 organizations over the past four years, found that 65 percent of the reports were serious enough to warrant investigation, while 46 percent led to some type of action being taken. Corruption and fraud accounted for 10 percent of the incidents, well behind personnel-management situations (51 percent). Company and professional-code violations accounted for 16 percent and employment-law violations 11 percent.

Tony Malone, CEO of The Network, maintains that internal audits are not as effective as anonymous tips in shedding light on serious problems. “Whether it’s sexual harassment, racial discrimination, corruption, or fraud, companies need to give employees an easy way to speak up about what is going on,” he says. About 54 percent of the 200,000 incidents tracked in the report were made anonymously.

But critics say even the best hotline system won’t work if a company’s culture doesn’t support ethical behavior. David Gebler, president of consulting firm Working Values Ltd., says companies should train midlevel managers to be better listeners and train high-level executives to lead by example. “If your CEO says, ‘We’re going to walk away from any opportunities that might compromise our ideals,’” says Gebler, “that’s much more effective than just publicizing a hotline number and mandating that everyone take a Web-based compliance module.”