Have you got a game plan for when a whistleblower blows? Sometimes narrowing your options will help keep you from making the wrong move.
Since President George W. Bush signed the Sarbanes-Oxley Act of 2002 into law on July 30, 2002, some companies have already cemented solutions to comply with Section 301(4), the whistleblower feedback mandate. Some have elected to wait. Yet with legislative deadlines looming, why would any company want to wait to learn about potentially explosive issues within its corporate ranks? Most delays result from not understanding the myriad options for compliance.
Many companies offer a variety of compliance solutions and strategies, including Web sites, voice mail, intra-company hotlines, or independent, live-answer call centers. Each possible solution must promise and ensure complete privacy to a whistle-blowing employee and instill complete confidence that their issue will be reported accurately and timely. The company’s privacy must also be ensured given the possible negative effect such a report might have if it is inadvertently leaked to the street. Balancing the requirements of the Sarbanes-Oxley Act, the concerns of the employee, and the needs of the company is key.
Exploring the pros and cons of each option can help a company decide how they will comply with Sarbanes-Oxley Section 301(4).
In-house or outsourced?
When companies build an in-house whistleblower reporting system, it can be a corporate live-answer hotline, voicemail hotline, e-mail address, or dedicated post office box. In-house solutions are often made for reasons of perceived corporate cost or corporate convenience. Yet corporations fail to take into consideration that the employee is likely to view in-house solutions, no matter how appropriately each is established, as not truly confidential. Employees feel corporations can easily identify the source of emails they receive. Fellow employees might recognize their voices, tape the calls for repeated playback or use caller ID to root out the identity of the caller. Even a person’s handwriting style might be recognized within an organization. An independent reporting system outside of the company better fits the spirit of the Sarbanes-Oxley Act and is a more compelling message to employees seeking the security of direct contact with an impartial third-party. Such third-party independence comes at a very low cost compared to the cost of creating such functions internally, often for less than $1 per employee.
Human voice or Web site?
For those who choose to outsource their Sarbanes-Oxley compliance, there are still a few more decisions to make. The first choice is to decide between the telephone and the Internet. While email solutions seem tempting at first, offsite Internet use is not readily accessible to many employees. Without Web access at home, filing a complaint from the office may become the only option, thereby compromising anonymity. Despite the many technological advances of the Internet, identity security and confidentiality are not among its highlights.
However, when opting for a live-answer hotline, it is important to consider how the calls will be handled and how the resulting call reports will be delivered to the appropriate Board Members and officers. The best services available use top-of-the-line technology (including Oracle platforms), which is important in supporting advanced telesystems and delivering immediate and accurate reporting.
Interview/investigation or verbatim reporting?
Even after opting for a human operator, the door is still open to a few more choices. Will it be an ad hoc discussion or a uniform, verbatim reporting style?
An interviewer/investigator who engages the whistleblower in a two-way dialogue may easily and unwittingly misinterpret a caller’s words, resulting in a convolution of the true intent of the message. As complex as accounting and auditing issues can be, there’s plenty of room for error. Consider Sherron Watkins from Enron. Some of her quotes include: “…we recognized $500 million of revenue from the equity derivatives offset by market value changes in the underlying securities,” and “…valuation issues with our international assets and possibly some of our EES MTM positions…”
These phrases made sense to certain experienced Enron employees and may seem perfectly decipherable to someone with an accounting background, but consider the interviewer who gets this call. Despite training on how to be an interviewer, he is likely to find the subject matter incomprehensible. Worse yet, he may have some training in accounting and believe he knows enough to paraphrase the caller’s comments when, in fact, most CPAs would find the Enron level of complexity head-spinning and difficult to summarize in a few pages of text. Interview-style compliance solutions are dangerous and may lead to well-intentioned and misleading reporting to a corporation.
Verbatim reporting with an automated confidential employee hotline might seem sterile, but it offers the most reliable and safest solution. Beginning with an automated greeting, the caller is reminded of the issues that can be reported. An agent then personally greets the caller and records the caller’s words verbatim. At the end of the caller’s remarks, the statement is read back to the caller to ensure complete accuracy and to allow the caller to modify their statement. At the call’s conclusion, the call report is immediately and automatically dispatched to the appropriate combination of people. For those who prefer to remain anonymous, neither a name nor phone number is required. A code word can be selected by the caller to link additional calls from a single anonymous caller. The caller also is instructed to call back in ten days to address any clarifying questions that might be posed by the company. The system knows to prompt the agent with the right questions when the code-named caller returns. In this system, there is absolutely no freestyle interviewing or cross-examination. Accuracy and confidentiality, the prime objectives of Sarbanes-Oxley Section 301(4), are easily achieved.
Who gets the report when the whistleblower blows?
Once the report is complete, the next decision is who gets it? In a recent study of over 100 publicly traded companies, 52 percent reported they had designated one individual or department (usually the Audit Committee or General Counsel) to investigate Sarbanes-Oxley complaints; 48 percent issued the report to multiple people or departments.
Of equal concern among corporate decision makers has been the issue of how to process non-accounting and auditing complaints through a system created specifically to handle Sarbanes-Oxley issues. Employees are known to use Sarbanes hotlines to report other types of human resource issues. To avoid unnecessary Board reporting, it is crucial to choose a compliance solution sophisticated enough to separately dispatch call reports to the appropriate internal department.
No company wants to receive a Sarbanes-Oxley complaint. Nor does any company want to miss a legitimate Sarbanes complaint. There are convenient solutions available that will fit your firm’s needs. Compliance is easy and can often by established within a few days. Given the enormity of the risk, the best way your company can handle any incident is without incident.
Ron Coben is the president and CEO of MessagePro (www.messagepro.net), a company that provides teleservices and hotline services for public, private and government businesses. MessagePro can be reached at 800-293-3260 or [email protected]