Whistleblowing is key in the fight against economic crime, and getting it right is good for business. An effective response to whistleblower concerns can:
But what makes an effective whistleblowing framework?
In this blog, the latest in a series on whistleblowing, we discuss our target operating model and set out the six key components that make for an effective whistleblowing framework.
Documented artefacts should tell users who can make whistleblowing reports, what and how to report and what outcomes to expect, along with details of timelines, protections against retaliation and document retention periods. They should be accessible and clearly set out the scope of the whistleblowing framework, including any limitations, and remain compliant with local and international regulations.
The whistleblowing framework should have appropriate resources for the scale of the organisation, with defined roles and responsibilities for stakeholders to be able to deal confidently with matters in a timely manner and in accordance with policy. There should be an independent team with the technical skills and knowledge to investigate issues reported, which may include fraud, corruption, misconduct and workplace harassment. In order for the team to be effective it must be empowered with adequate training, budget and authority.
A good whistleblowing framework is effective for both individual users and the business as a whole. The interface for submitting reports must be accessible, facilitating anonymous multi-channel reporting, and it should be managed independently of business unit leaders. From the organisation’s point of view, it should create a single point of record with reliable audit trails and outputs that enable insightful management information and analytics and efficient review and monitoring.
It is important to connect with your audience and tailor communications for the specific stakeholders you are dealing with – including the whistleblower. Communication channels should allow whistleblowers to maintain anonymity if they choose to, and the organisation should establish and adhere to a timeline for updating whistleblowers. Consider which platforms and formats are best to raise awareness of the whistleblowing framework and resonate with people – for instance emails, internal and external websites or staff training – and the frequency of communications. Content should be clear, concise and digestible.
Design an investigation strategy that considers triage, risk assessment, stakeholder communications and wellbeing and reporting, among other areas. Implement measures to safeguard whistleblower- and stakeholder-wellbeing by signposting support services such as counselling and HR, and by tailoring communications to support whistleblowers. Conduct post-investigation follow-ups to identify and remedy any retaliation against them. Set expectations for the timing of responses and ensure any requirements are monitored and met.
Consider what management information is required for those accountable for the whistleblowing framework, for instance which KPIs to measure and how frequently they are reviewed. Tailor reporting channels and output format to fit the organisation and relevant stakeholders. Ensure that meaningful, actionable outcomes are identified and reported . Reporting and analytics should also be used as a key input into the feedback loop to help drive action enhance organisational culture and issue prevention.
A whistleblowing framework is a visible embodiment of an organisation’s tone at the top, and robust governance and a culture of integrity are essential for it to succeed. They wrap around the six components set out above and without them the organisation will struggle to create an effective whistleblowing framework. If the organisation gets it right, however, and creates an environment where it can support the six components we have identified, the whistleblowing framework can help the organisation thrive.
For a confidential discussion on how your organisation can optimise its whistleblowing framework, please contact Ian Hughes iphughes@deloitte.co.uk or Chris Watt cwatt@deloitte.co.uk.
Stay tuned for our next blog, in which we present our views on how the new failure to prevent fraud offence will impact the whistleblowing landscape.
Ian Hughes is a Director in Deloitte’s Forensic & Dispute Services practice in Manchester. He joined Deloitte in 2002. Ian qualified as a Chartered Accountant in 2005 whilst in the Assurance & Advisory department of Deloitte, before transferring to Forensic at the start of 2006. Ian splits his time between Manchester and London and has gained experience in a wide range of investigation matters on behalf of global organisations operating in several industry sectors. He has carried out fraud reviews, accounting investigations, regulatory market conduct investigations, and bribery and corruption investigations. His recent investigation projects have been within the, finance industry, construction industry and logistics industry.
Chris helps clients respond to fraud, corruption and regulatory issues, with a particular focus on complex cross-border matters. Chris returned to Deloitte Forensic in 2023 after two years at a boutique investigations firm. He had previously worked with Deloitte Forensic in London from 2014 to 2017 and Deloitte Forensic in Hong Kong/China from 2017 to 2021. He has experience across the UK, Europe, Asia and the Middle East. Chris is a Chartered Accountant and Certified Fraud Examiner. He trained in assurance with another Big 4 firm, and previously worked as a news reporter. He has served clients across a broad range of industries, including consumer goods, TMT, oil and gas, pharmaceuticals and cryptocurrency.