An October 4, 2011 CFO.com article “When Your Compliance Program Fails” by Tracy L. Coenen covers how to handle fraud reports through an organization’s hotline. It covers a step by step on what to do from the time the hotline report comes in through adjusting systems and processes when the investigation is complete.
Highlights include taking all fraud hotline reports seriously, completing a thorough investigation that is started immediately, determining who in the organization needs to be part of the investigation, whether to engage outside expertise, and ensuring that data is protected. These steps are important for mitigating government and legal sanctions and building trust in the organization and to external government investigatory units.
When an organization takes each hotline report seriously, completes a thorough investigation, and ensures that no retaliation or retribution comes from a report, employees will be more open to providing reports directly to management in the future. Given that the government is allowing bounty payment (such as under Dodd-Frank), affected companies should do everything they can to ensure that whistleblowers report fraud and malfeasance internally.
Beyond fraud, each organization determines what additional reporting categories to include in their hotline. Reporting categories can be customized with a third party hotline provider, such as Ethical Advocate. The steps outlined in the article above can be leveraged to ensure proper investigation of other reporting categories, as well. Many of the key components, including government and legal sanctions, still apply for categories such as occupational safety, harassment and discrimination, and environmental impact. Ethical Advocate assists each client in assessing unique risk areas to determine what reporting categories are needed and in reviewing the investigation process that the organization plans to use.