more-arw search

Q&A Forum

In implementing a whistle blower policy, what are some of the must-haves and what are some common pitfalls to avoid?

Many of the whistleblower templates are similar and seem pretty basic. I am interested in avoiding mistakes that others may have made in implementing a policy at their place of employment


Lisa McCormack
Title: VP, Client Services
(VP, Client Services, ) |


I recommend speaking with your legal counsel before implementing a Whistleblower policy. Attached is a link to good article by Littler published in August of this year. Here are a few points from the Employer Responsibility section and the link to the article follows:

-Update policies to encourage employees to report their reasonable good faith concerns with any issues within the company;
-Update policies to clearly articulate that the employer will not tolerate any reprisals or retaliation by anyone against an individual who reasonably in good faith makes a complaint;
-Develop and implement whistleblower reporting procedures for employees and procedures for handling such reports;
-Consider implementation of a Code of Conduct;
-Train management about whistleblower protections, handling of internal complaints, including how managers deal with employees who have complained about those same managers, and reporting procedures. In this regard, Littler Mendelson just completed a year-long project in conjunction with its Legal Learning Group and subject matter experts and has a new training product on Retaliation and Whistleblowing, which can be tailored to an employer's organization;
-Review mandatory arbitration agreements and revise as necessary.

I hope you will this information useful.

Randal Shields
Title: Consultant/CFO
Company: Randal Shields, CPA
(Consultant/CFO, Randal Shields, CPA) |

Good stuff from Lisa. What follows is an example from personal experience.

One of my SOX clients had a Whistleblower policy and outsourced the service provider. As it turned out, the service provider was previously owned by the then HR Director, as the company was sold to an employee to carry on. Seems to be a conflict, but the point was to create some arms length firewall. The Chairman and the BOD knew of this relationship and were OK with it.

The "guts" of their policy providing employees the 1-800 phone contact information for the employee hotline. Was supposed to be available 24/7/365, as one would expect, with confidentiality guaranteed, the caller was not required to disclose their name. Reporting to the company was supposed to be in place, where the employee wanted to remain not disclosed, this was supposed to be maintained.

Simple SOX test, called the 1-800 number. Result : Failed. I called early afternoon, middle of the week, got a recording no one currently available, to leave phone number for call to be returned. Pretty much broke the confidentiality commitment if the caller left the call back info, the rest is obvious.

CFO was surprised, he called, got the same response. As a consultant to the company, the working relationship with the HR Director went south quickly. Not real confident the ownership interest wasn't still in play. Also, the company had no evidence of any reporting of calls into the 1-800 service available -- comments were they never received.

Moral to the story, in picking a 3rd party hotline service provider, make sure they are appropriately scaled to provide the service level committed (this example was not), make sure their service offering is in sync with company policies and procedures surrounding the whistleblower program, make sure there was some reporting mechanism on a pre-determined frequency, whether there were and calls or not.

J. Ed Neufer CPA
Title: Consultant
(Consultant, CONSULTING) |

One time I was "forced" to report someone because a peer in management (a random peer, not a close associate) dumped it on me. Didn't think it needed to get to me in the first place, but they involved me for whatever reason (perhaps strength in numbers or she wasn't a credible source or she was limited by her own fear). At that point I thought I couldn't ignore it. It was quit or report it internally, appropriately. Would do the same thing again.

The problem is an entity or individual retaliating after the fact, giving a bad reference, potential defamation, etc. All one can do is alert various parties such as law enforcement, the legal community, etc. Even worse, when someone repeatedly tries to pummel you, and officials are slow to act, one is forced to fight fire with fire. One must put some faith in the FBI, SEC, and/or Attorneys General, among others to keep bad people from being bad.


Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email [email protected] to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.