Introduction
Welcome to the GRCReady Whistleblower Protection Assessment (WPA). Whistleblowing is an invaluable means of protecting companies and the public from financial and reputation damage. Despite what people may think, sounding the alarm often leaves whistleblowers in a vulnerable position and even more so if they’re unaware of their legal rights. Organisations need to support and encourage whistleblowers by raising awareness about the laws and provisions protecting those who lodge complaints. However, this is not easy as most countries protect whistleblowers their own way, and usually with very specific and limited laws.
An efficient whistleblowing system complements a company policy by providing the tools for employees to anonymously report information relating to harmful, illegal, unethical or fraudulent activity. By using a system that provides anonymity and protection, an employee is far more likely to report practices in an organisation that they are uncomfortable with, particularly if it involves people they work with in close proximity or report to.
Having a well communicated whistleblower program can also increase employee trust, leading to higher employee satisfaction, increased engagement, improved job performance and lower employee turnover. Knowing that the business has an effective system in place creates an insurance policy for the employee, meaning that they don’t have to deal with ethical dilemmas of whether they should or shouldn’t report something. This, in-turn, helps to decrease workplace stress and concern and helps avoid unnecessary staff turnover.
GRCReady has partnered with Whispli, a secure, innovative and progressive SaaS Whistleblowing platform, in developing this self-assessment tool to help organisations improve the maturity of their Whistleblowing / Speak Up program.
Is whistleblowing mandatory?
A whistleblower system is mandatory in some countries and can help a business comply with its regulatory responsibilities. If you’re operating in an industry (e.g. government) where a whistleblower policy and system is mandatory, and you don’t comply by implementing an effective policy and system, this can result in unnecessary penalties.
Some countries have introduced overarching employment laws protecting employees who blow the whistle in a work-related context (e.g. Australia, New Zealand, Japan and the UK). The type of conduct which attracts protection if reported varies by country. Typically, employees are protected if they report concerns about suspected unlawful conduct by their employing organisation, but Australia (for example) goes further by protecting whistleblowers who report an "improper state of affairs" including, for example, conduct which does not live up to an organisation's own codes.
The US has numerous federal laws protecting whistleblowers, including the Sarbanes-Oxley Act, the Dodd-Frank Act, the Foreign Corrupt Practices Act and the False Claims Act. Whistleblowers under these laws stand to gain monetary payments if their employer is successfully prosecuted as a result of their disclosure.
From a best practice perspective, many companies do have channels in place for employees to raise concerns and procedures for investigating any concerns raised even though they are not legally bound to have such systems in place.
Why should I care about Whistleblower Protection?
Whistleblowing is an ethical thing to do. Honesty amongst employees helps to cultivate commitment towards the company's mission. Similarly, transparency facilitates clear and effective business communication. Whistleblowing is vitally important in protecting a company's customers and in directly protecting your organisation against fraud and misconduct. Failure to provide a mechanism for reporting misconduct could lead to the risk of legal prosecution, major fines and brand erosion not to mention a substantial loss of reputation. Removing these risks means that employees can focus on more important matters, such as core business needs and the organisation's success.
It is important that you and your employees are familiar with both whistleblower rights and responsibilities. You can promote whistleblowing as a fundamental means of adopting an open culture. Thorough and regular whistleblower training can also help provide you and your workforce with the skills necessary to prevent fraud and misconduct in the workplace. The following WPA will help you assess the current state of your whistleblower protection program and provide valuable insights into those measures that you should consider implementing to create a more effective program.
About the Whistleblower Protection Assessment
The WPA assessment includes 28 questions that have been specifically aligned to ISO 37002:2021 – Whistleblowing management system – Guidelines and should take you no longer the 15-20 minutes to complete. Each question uses a five-point Likert scale ranging from 'strongly agree' to 'strongly disagree' to allow you to express how much you agree or disagree with a particular statement. The questionnaire is suitable for organisations of all sizes, including SMBs as well as those with international operations.
Once you have completed the questionnaire, you will be able to generate a visual picture of the state of your organisation’s whistleblower arrangements. You can then download a free report that highlights potential deficiencies in your current program and provides guidance for implementing, managing, evaluating, maintaining and improving a robust and effective management system for whistleblowing.
We take data security seriously
The GRCReady environment has been designed and built to comply with the Center for Internet Security (CIS) Amazon Web Services Foundations Benchmarks and follows the ‘Secure by Design’ (SBD) principles, ensuring that security controls are implemented within and across each component layer. Rest assured that any personal or sensitive information you provide by registering to complete these questionnaires, including your response to the questions, will be protected by us in accordance with our privacy policy.
Completing the questionnaire
You will need to first register in order to complete the questionnaire and view the scorecard showing the results of your assessment. The results will be accompanied by some practical tips that can be taken to improve your Whistleblowing management system. The potential actions listed should not be construed as providing legal or commercial advice. They are simply area(s) that have been identified by your responses to the questions asked, where you may wish to seek professional advice or purchase documents, tools and resources to support further work in these area(s).
I consent to GRCReady sharing the results of my whistleblower protection assessment with my professional adviser / hosting service provider.