Digital Transformation » Systems & Software » Internal Policing – Easing the path of the whistleblowers

The “Whistleblowers Bill”, otherwise known as the Public Interest Disclosure Bill, currently going through parliament seeks to give protection to employees from being penalised or sacked if they reveal misconduct or malpractice which is against the public interest.

The main thrust of the bill is to protect employees, whether in the private or public sectors, who “shop” their organisations. The implicit message is that its proposers want employees to be able to police the conduct of their organisations without fear of reprisal.

There are useful parallels which companies can draw from this on how they could actually use their employees to police fraud within their own organisation.

It is very common for fraud investigations to reveal that many people in the victim organisation were already aware of what was happening and did not speak out. Unfortunately, this often happens too late for any action to be taken.

In each of the three case studies, undertaken by Arthur Andersen and detailed below, the frauds had been perpetrated over a number of years and had been common knowledge to a large number of people both inside and outside the organisation. They highlight many of the most common reasons why staff often fail to report suspicions of fraud at an earlier stage.

Common explanations for this are:

staff turning a blind eye, thinking their suspicions were not sufficient evidence to make a fuss;

staff believing it is somehow accepted practice because previous allegations have not been investigated thoroughly;

staff not believing they would get the full support of management and there would be personal repercussions for speaking out; and,

frauds extend to various senior levels of management and staff are left feeling unsure of who to trust.

Setting out a company policy on fraud – particularly one which spells out how people can raise their suspicions in a confidential way – can significantly increase the chances of fraudsters being named by their colleagues and hence significantly reduce the losses from the fraud.

A clear unambiguous policy statement is also important when it comes to dismissing employees for fraud or other related misconduct – particularly in grey areas such as receiving expensive gifts from suppliers.

To encourage whistleblowers, organisations should have a policy statement which:

encourages employees to come forward if they are aware of dishonesty.

It might be stressed that employees are not “informing” but are acting in the interests of their fellow employees and are helping to safeguard the future of the company;

requires all employees to report losses, suspected frauds and other incidents.

(This policy should also be properly enforced);

sets out the various methods by which employees can inform management of suspected frauds (eg. by letter, by telephone or face to face). There should also be a pre-printed form for reporting suspected losses;

identifies a person(s)/address/telephone number to whom the allegations can be forwarded;

states clearly that any information provided will be treated on a strictly confidential basis and that names will not be used. It should also be stressed that the person will not be required to come forward and give evidence unless he/she wishes to do so; and,

stresses that no action will be taken against employees alerting management to a suspicion which it later transpires is unfounded, provided the alert is made in good faith.

In addition, the statement on fraud shouldmake it absolutely clear that it applies to everybody including senior management and directors. Clear definitions should be established as to of what constitutes unacceptable gifts, particularly regarding client entertaining, and, even if it is accepted that receiving gifts does not represent any form of dishonesty, procedures should be set out for all gifts received to be reported.

Furthermore, in respect of gifts received, company policy should be made as clear as possible, ie should they be shared out or not accepted under any circumstances, also guidelines must be put in place as to what is considered fraudulent or dishonest. For example, an accidental overstatement of expenses by a few pounds might not be regarded as dishonesty, but continuous overstatement of expenses by such an amount might be. It is important todistinguish between the seriousness of different offences – the receipt of a gift might be treated differently from actual theft of cash of a similar value.

Companies must be careful to make provision in respect of misstatement or destruction of accounting and operational records. Although a person might not receive a direct benefit from such an action, that person might benefit indirectly as the results of the operation may affect bonuses and continued employment etc.

Finally, companies should make their positions clear in respect of either a complete ban on, or an obligation to, disclose interests in other companies/ventures/contracts.

The statement should include a definition of what is considered an interest (eg. a shareholding in a company or a brother working at a supplier etc); and, ensure that there are policies in place which inform customers/suppliers that employees are bound by a code of conduct (this will reduce the possibility of gifts etc being given or the likelihood of dishonesty arising in the first place).

Of course, having a policy is one thing, communicating it is another.

There is little value if the statement is kept filed away in the personnel manager’s office. The policy should be provided to all employees when they join – perhaps as part of their induction – and they should be expected to sign stating that they understand it and will adhere to it. In areas where compliance is required – such as the declaration of interests in companies or the receipt of gifts – there should be a routine compliance document sent to employees for them to complete and return, even if there is a nil return. This should be enforced for employees at all levels.

As well as having a policy and communicating it, the organisation must be seen to be enforcing it and acting on occasions where frauds are brought to their attention. If the organisation fails to investigate promptly when a fraud is reported, the “whisper machine” will ensure that all employees are aware of this and should they become aware of a fraud in the future they will fail to inform management.

Unfortunately, the number of reported cases of fraud is continually increasing.

However, the more actions an organisation takes to create a culture in which dishonesty will not be tolerated, the less chance fraudsters will have. As any journalist and policeman knows, the best tip-offs usually arrive anonymously – by encouraging the whistle to be blown on fraudsters internally, organisations may well uncover frauds that otherwise would have never been discovered.

Simon Bevan is head of the Fraud Services unit at Arthur Andersen.

THE DANGER OF IGNORING ALLEGATIONS

In the first case, Andersens investigated a series of allegations made against a senior member of staff of company X. These allegations were made to a public sector organisation’s external consultants. The whistleblower asked not to be identified. As part of their work Andersens reviewed the manager’s personnel file and discovered a sealed envelope with “do not open except with permission of personnel director” printed on it. The required permission was obtained and the envelope was found to contain two anonymous letters. Both were dated ten years previously and contained allegations of the same nature against the manager as those which had prompted the current investigation.

Questioning of the personnel director highlighted that a very brief investigation had been carried out at the time and nothing untoward had been found.

The letters had simply been attributed to the fact that the manager was an autocratic, domineering individual who had obviously made enemies.

It was concluded that the allegations were completely without substance.

However, Andersens’ investigation came to the opposite conclusion.

A number of suppliers who had been paid a substantial amount in cash were found to be non-existent. Their names and other details had been concocted by the manager. In addition, the invoices which had been used to support the expense claims he had submitted to reclaim the cash payments had also been fabricated. All of the allegations were founded and a trail of fraud was uncovered which went back as far as the records would allow.

Each person interviewed was aware of the frauds but had assumed that, since the allegations in the previous anonymous letters had been ignored, management condoned what was occurring. Andersens believed the frauds had been perpetrated for at least ten years, as indicated by the previous anonymous letters. The manager was sacked and was lucky to escape prosecution by the police.

ACTING ON THE ANONYMOUS LETTER

The second case involved the operations manager of an international conglomerate. During the initial briefing, it was explained that an anonymous letter had been received and the board of directors wanted an investigation to be undertaken in order to determine, once and for all, whether the operations manager was innocent of the alleged fraud. Andersens were also told there had been a previous investigation which had uncovered allegations of impropriety against the same operations manager but they had been dismissed as being “impossible” by the chief executive and the matter had proceeded no further.

During the investigation, when interviewing various members of staff, the recurrent theme was that they all knew that the operations manager had been involved in a number of frauds but did not think Andersens would be able to prove anything against him. The general feeling was that, if we did, the operations manager would not be disciplined as he was “too close” to the chief executive.

Andersens came to the conclusion that, for this reason, members of staff were not being completely open and frank. It was only after a lot of persuasion, and a declaration from the company to their staff that an investigation was taking place, that the members of staff revealed where “the skeletons were hidden”. The allegations contained in the anonymous letter were not fully substantiated. Some of the contents were found to be inaccurate.

However, the majority of the allegations were proved and during the investigation further frauds were brought to light which had not been referred to in the letter. The operations manager was subsequently sacked.

THE POWER OF THE FEAR FACTOR

The third case also involved allegations made in an anonymous letter.

The letter stated that the writer represented a group of disillusioned employees who had seen fraud spread throughout the organisation over a lengthy period.

The letter concluded with the statement that the writer and group of employees would not declare themselves during any investigation unless they were given a written undertaking by the managing director that their jobs would be safeguarded.

When the Andersens team read this letter it was thought a strange request.

It was only after the investigation started that it became apparent why the staff feared for their jobs.

A number of years previously, a colleague of theirs had approached the board of directors when he became concerned about improprieties in his department. Senior management took no action and the individual in question was made redundant even though his job still existed.

During the course of the interviews with staff, this incident was recounted again and again. They had not forgotten how one of their colleagues had been dealt with and were convinced it would happen again.

The frauds were only brought to the attention of the directors when they became so large and blatant that the employees could no longer ignore them. As the investigation proceeded, the picture of how the frauds had progressed emerged.

Initially, they had been small scale expense frauds. On seeing they were successful, the employees had gained confidence and the scale of the frauds had increased as well as the number of staff involved. By the time the Andersens investigation commenced, members of staff were defrauding the company of # 100,000 at a time.