Ethics & Employees

Whistleblowing and Hotlines

Repeatedly, major scandals result from effective whistleblowing by employees. Their actions, often taken at considerable personal risk, have opened the door for investigations that time and again have found serious abuses. Many corporate ethics officers believe that systems need to be in place to encourage whistleblowers. Developing such systems, however, is difficult.

On this page

• Global Survey of Workplace Hotline Reports Shows Improvements in Key Industries
• Whistleblowing in the Australian Public Sector
• Europeans Reluctant to Blow the Whistle
• Most Hotline Reports Made Without Alerting Management
• Who Detects Corporate Fraud and Why?
• 18 Best Practice: EU on Whistleblowing
• New Whistleblower Documents in Guidant Case
• Whistleblowing in the Health Sector
• NBES on Whistleblowing

* * *

Global Survey of Workplace Hotline Reports Shows Significant Improvements in Some Key Industries – Data Obtained from 650 Companies

Detailed analysis of the use of workplace hotlines provides a key set of benchmark data for corporations in 10 industries. The analysis has been published by the Security Executive Council, a U.S.-based international professional membership organization.  This is the Council’s second Corporate Governance and Compliance Hotline Benchmarking Report.

The analysis embraces more than 277,000 hotline incident reports from more than 650 organizations across all major industries over a five-year period. Rate data analyses across years are based on a four-year period from 2003-2006, as data volume for 2002 was too low for this type of analysis. Participants - or those who made reports - may be employees, former employees, vendors and the public. The data was masked to protect confidentiality.

This year’s survey covered the following industries: Agriculture, Forestry, and Fishing; Construction; Finance, Insurance, and Real Estate; Manufacturing; Mining; Public Administration; Retail Trade; Service Industries; Transportation, Communication, and Utilities; and Wholesale and Trade.  The new study found that the retail trade had the highest rate of incident reports.

This benchmarking study was developed to help companies monitor their hotline systems and determine how well their awareness mechanisms work, said the Security Executive Council (formerly the CSO Executive Council). The goal is to help individual companies see how they stack up against others in their industries in terms of how many incident reports are logged, how employees are finding out about these hotlines, and the nature of the incidents reported.  Therefore, the report includes in-depth analysis of each individual industry.  However, some overall trends can also be observed.

Over the last five years that data was being collected, the numbers show smaller organizations are reporting fewer incidents, whereas mid-sized to large companies are reporting more incidents over time.  In 2006, the retail trade industry had the highest incident rate reported (the rate is determined by how many incidents are reported for every 1000 employees), and the construction, mining, and service industries had the lowest rate of incident reports. The authors emphasize these numbers are not meant to point to any specific conclusions.  They could mean the retail trade industry has better reporting mechanisms, it has a better awareness program, or it simply has a higher rate of employee misconduct.  The organization encourages companies to investigate all possibilities.

It also highly stresses the importance of awareness programs.  Over the past five years, the numbers show that most employees found out about their company’s hotline by a poster, followed by the Intranet and another employee. 

The survey also notes that 53 percent of the reports were made anonymously.  A total of 65 percent of the incidents were serious enough to warrant investigation and 45 percent only required corrective action.  The authors were surprised to find that those reporting incidents of corruption and fraud were the least likely to remain anonymous.  

Posted 11/27/07

Back To Top  

* * *

Whistleblowing in the Australian Public Sector Lacks Robust Policies, Report Says

A study was recently conducted, called Whistling While They Work, on whistleblowing in Australian public sector agencies. With funding from the Australian Research Council and support from Griffith University in Australia, results were found to show that whistleblowers can blow the whistle without necessarily a fear of reprisal, but only if they do it inside the organization and carefully, have realistic expectations, and organize their own support.

Starting in 2005 and continuing to the present, over 7,000 public officials from 118 public agencies in Australia were surveyed.

Clear Legislation and Trust Drive Effective Whistleblowing

Some employees are hesitant to blow the whistle. Overall, 71.4 percent of respondents had directly observed at least one of a wide range of nominated examples of wrongdoing in their organization, and 61.1 percent rated at least one form of wrongdoing as at least “somewhat serious.”  Surprisingly, 28.5 percent of respondents who observed wrongdoing they considered “very” or “extremely serious” did not report it.

The level of trust in management, the degree to which the whistleblower may be penalized, and whether or not the report would be investigated play an important role in whether or not incidences are reported. The survey did show that there is little evidence to support a view of whisteblowers as disgruntled and embittered employees, driven to report by perverse personal characteristics.  The decision to blow the whistle was most likely influenced by perceptions of the seriousness of the wrongdoing and belief that whistleblowing would serve some good purpose. 

Comprehensive Internal Policies Are Significant, But Most Need Work

The majority, 97.1 percent, of respondents reported wrongdoing internally in their agency in the first instance, the report said.  A similar number of public interest whistleblowing, 90.3 percent, ended internally as well.  Only 9.7 percent of whistleblowing involved an external agency or the media at any stage. The researchers suggest internal whistleblowing reflects strong trust in management, and it also increases the obligation on agencies to manage whistleblowing well, and to protect whistleblowers.

It is interesting to note that in case study agencies, 48 percent of caseholders and managers surveyed believed that employees who report wrongdoing often or always experience problems as a result; however, survey results show that in reality, only 22 percent of whistleblowers said they were treated badly by management and/or co-workers as a result of reporting wrongdoing. By contrast, 56 percent of those whose reports were investigated indicated the investigation resulted in improved outcomes.  Most bad treatment, if any, tended to come from management in the form of intimidation, harassment, heavy scrutiny of work, ostracism, or unsafe or humiliating work.

Agencies Should Boost Whistleblower Protection Procedures

In general, most managers had a high level of support for whistleblowing, the report said.  However, 40 percent of managers still did not know if they and their staff were covered by whistleblowing legislation, and were more likely than non-managers to agree they needed more information and training about the legislation.  The level of sophistication among agency whistleblowing legislation greatly varied.  Agency internal disclosure procedures were typically weakest on procedures to do with support and protection of whistleblowers.  A rather high percentage of agencies had no procedures to protect whistleblowers, 46 percent.

These survey results were taken from a draft report. In-depth analysis of the survey findings are available in .pdf form. The editor, AJ Brown, of Griffith University, encourages readers to send their comments on the draft.  See the full draft report for more information.

Posted 10/30/07

Back To Top

* * *

Europeans Reluctant to Blow the Whistle

Fraud and unethical behaviour are facts of corporate life. But with a new European survey finding employees still fearful of the consequences if they blow the whistle, it is clear that many large firms could be doing far more than they claim to be doing to combat the problem. 

The article about the survey was released by Management-Issues.com on June 4, 2007.

Ernst & Young interviewed 1,300 employees of multinational companies in eight Western European and five Central and Eastern European countries to explore their views on how anti-fraud measures were implemented in their organisations. The survey found there was almost total unanimity that whistleblower rights should be protected, but many employees fear reprisals, even loss of employment, if they do blow the whistle.

Nine out of 10 staff believe companies should have a code of conduct to address fraud, bribery and corruption. Yet only half of Central and Eastern European respondents and two-thirds of Western European respondents have such a code or are aware of one.

One in five said that fear of repercussions would prevent them from blowing the whistle if they did suspect a collegue was involved in unethical behavior.

Employees are "crying out for their employers to provide clarity and encouragement for them to act positively in the interests of the company," said Ernst & Young's David Stulb. " Employees want strong codes of conduct and make high ethical demands on companies in return. Regrettably some employers are failing to persuade staff they feel the same."

The article notes there are huge variations across countries concerning willingness to report unethical behavior. Overall, French employees are the least likely to report suspicions of fraud, whereas British employees are the most willing.

Ultimately, the responsibility lies with the company. "Good education and awareness programs will help but in the final analysis it is how the company and its leadership behave that sets the standard for the whole organisation," Stulb said.

Posted 6/20/07

Back To Top

* * *

US Study Finds 2/3 of Hotline Reports Made
Without Alerting Management

A benchmarking report by CSO Executive Council, an international organization of corporate and government security executives, The Network, a US-based hotline provider, and the Association of Certified Fraud Examiners, an international anti-fraud training and education organization, shows that almost two-thirds of the 182,715 ethics reports studied were made via hotlines without first alerting anyone in management. The study is based on an analysis of reports from employees, former employees, vendors and the general public from 550 U.S. organizations across all industries over a four-year period (2002-2005).

Among the study’s key findings:

• Seriousness of Reports: For those reports where case outcome was provided, the majority of reports (65%) were serious enough to warrant an investigation and 46% resulted in corrective action taken.

• Anonymity: 71% of participants do not notify management of an issue before making a report and 54% of reports were made anonymously.

• Types of Violations: The majority of reports received pertain to personnel management incidents (51%). Beyond the personnel management category, company/professional code violations (16%), employment law violation (11%) and corruption and fraud (10%) are the most commonly reported incidents regardless of industry.

• Corruption, Fraud and Anonymity: Participants reporting corruption and fraud incidents were less likely to remain anonymous than any other incident category. They remained anonymous only 36% of the time.

• Hotline Awareness: The largest percentage of participants (39%) acknowledged awareness of a hotline through a poster or sign.

• Incidence of Reports in Small vs. Large Organizations: An overall average of 14.9 incidents are reported per 1,000 employees. However, smaller organizations (those with less than 5,000 employees) receive an average of 21.8 incidents reported per 1,000 employees. In contrast, organizations with an employee count between 10,000 and 19,999 receive an average of 13.6 incidents reported per 1,000 employees. Those organizations with more than 50,000 employees receive an average of 14.3 incidents reported per 1,000 employees.

For the full report and methodolgy click here.

Posted 2/27/07

Back to Top

* * *

Who Detects Corporate Fraud and Why?

New Study Shows Limits of Sarbanes-Oxley in Encouraging Fraud Detection

What external control mechanisms are most effective in detecting corporate fraud? To address this question, authors Alexander Dyck of the University of Toronto’s School of Management, Luigi Zingales of the National Bureau of Economic Research, and Adair Morse of the University of Michigan’s School of Business studied all reported cases of corporate fraud in the U.S. (over 230) in companies with more than 750 million dollars in assets between 1996 and 2004. In their paper Who Blows the Whistle on Corporate Fraud? for the National Bureau of Economic Research, a New York-based economic research organization, the authors find that fraud detection does not rely on one single mechanism, but on a wide range of often improbable actors.  Their findings include:

On who detects fraud at companies

• Only 6% of the frauds are revealed by the U.S. Securities and Exchange Commission, which regulates U.S. publicly-traded companies, and 14% by corporate auditors.
  
  
• More important monitors are media (14%), industry regulators (16%), and employees (19%).

On Sarbanes-Oxley’s effects on whistleblowing

• From 1996 until Sarbox's enactment, employees made up 21 percent of fraud detectors. Since then, that number has dropped to 16 percent.
• Before the Sarbanes Oxley Act of 2002 (which sets requirements for corporate internal control mechanisms) only 35% of the cases were discovered by actors with an explicit mandate.
• After the Sarbanes Oxley Act, the performance of mandated actors improved, but still account for only slightly more than 50% of the cases.
  
  

On employee disincentives to blow the whistle

• According to the authors, “In no case is the tension between access to information and lack of incentives to reveal fraud more intense than for employees.”
  
  
• Employees face significant disincentives to engage in whistleblowing: in 82% percent of cases with named employees, the whistle-blower "alleged that they were fired, quit under duress, or had significantly altered responsibilities as a result of bringing the fraud to light."

On the use of monetary incentives for whistleblowing

• Monetary incentives for detection in frauds against the government influence detection without increasing frivolous suits, suggesting gains from extending such incentives to corporate fraud more generally.
  
  

For the full paper and methodology visit NBER's website.

Posted 2/22/07

Back to Top

* * *

18 Best Practices: The EU on Effective Whistleblowing Policies

A recent report by RCC Risk Communications Concepts for the European Parliament entitled, "Whistleblowing Rules: Best Practice; Assessment and Revision of Rules Existing in EU Institutions" examines the history, context, and the strengths and weaknesses of current whistleblowing approaches of EU Institutions. Then, drawing upon its study of whistleblowing policies in both EU and non-EU states, the report presents a benchmark list of 18 "Best Practices,", which it measures against existing EU policies. While the benchmark was published for the purpose of EU reform, the 18 practices are an excellent tool for measuring and improving the effectiveness of whistleblowing policies in other institutions and companies.

Benchmark of 18 Best Practices for Whistleblowing Policy
For the full report follow this link.
See below chart for an explanation of the benchmark

Explanation of Benchmark

The Benchmark and criteria have been adopted from the Study and take particular regard to the situation of the EU Communities. The issue of the study is certainly not a matter of statistics. However, since all criteria are essential, a performance of

- less than 50% on an overall average, or
- less than 2/5 on more than one element

raises serious doubt about the effectiveness of the system, even where parts were outstanding. Currently the EU Staff Regulations reach an overall average of 43 % – on the first glance not so far from an acceptable 50 % - however with three elements at only 1/5 points. The situation has to be rated as clearly below minimum standards, if one considers that the rules fail (2/5 points or less) on two thirds of the criteria. That means, on two thirds of the criteria current rules and practice are clearly below what has to be expected as against the benchmark. Only 6 out of 18 criteria are clearly in the acceptable region, none is outstanding.

In order to improve,

- first, all marks of 1/5 need to be addressed. These are clearly unacceptable but also relatively easy to bring in regions of acceptability;

- next all marks of 2/5 should be addressed. These need to be improved to an overall “pass” (equal or better than 3/5);

- from time to time it will be easy and obvious to make improvements on other points as well.

With this strategy and understanding the complexities of changing the Staff Regulations, an overall “pass” should  be achievable within one year (by 2007). The necessary cultural improvements can be expected to a certain extent even throughout that first year, because the process will have to be taken very seriously. Beyond that it will take much longer to build up a host of positive experiences for all, which in turn will influence the underlying culture. An overall mark of at least 66 % (~50% improvement) should be aimed for and seems achievable within 3 years. Better marks than 75% will only be possible once there is trust in safe internal risk communication. Trust needs repeated positive experiences and time to build up. Along this ambitious schedule this can be possible within 5 years.

Back to Top

* * *

Whistleblower Reveals Ethical Dilemmas at Medical Supply Company, Guidant Corporation

UPDATE, June 7, 2006: The New York Times reported that newly released company records show that Guidant Corporation drafted a detailed letter in January 2005 to physicians disclosing the electrical flaws in its defibrillators and its intention to pull back devices not yet implanted into patients. The letters, however, were not sent and the defibrillators continued to be implanted. These records challenge Guidant executives defense last year of their decision not to tell doctors about significant device defects, citing concerns that doing so could have exposed patients to risks from unnecessary device replacement.

UPDATE, April 27, 2006: The New York Times reported that the Heart Rythm Society, which represents implant device specialists, called for sweeping changes in how the medical device industry and government oversee implanted heart devices. It stongly urged companies to use outside experts to help them decide when to issue alerts about potential product safety problems, recommended ways of collecting product performance data, and proposed methods for standardizing how doctors and patients are made aware of problems.

Newly released court documents are shedding light on a case that raises questions about the ethical obligations that medical supply companies have to their customers – doctors, and, by extension, their patients. The company has now responded publicly, but behind today’s headlines is a story that raises critical ethical business issues.

Guidant Corporation, a leading manufacturer of heart defibrillators, has cautioned doctors to check the voltage on certain implantable defibrillators after the company received reports of defective devices. This is the latest development in a case that was featured in a March 10, 2006, U.S. Senate Judiciary Committee hearing on potential new legislation that would prohibit corporate executives from intentionally distributing defective products.

In a press release on March 13, 2006, Guidant announced that it is voluntarily advising physicians about important product information regarding CONTAK RENEWAL 3 RF and RENEWAL 4 RF devices.  Guidant said it has apprised the United States Food and Drug Administration (FDA) of this action and the FDA may classify this communication action as a recall. Guidant said physicians should use this information to decide how best to treat their patients. This is a key issue highlighted by earlier Guidant events:

On March 8, 2006, the New York Times reported that a Guidant consultant, Dr. Richard N. Fogoros, had told the company that he believed it had an ethical responsibility to inform doctors of the defects found in one of the life-saving heart defibrillators the company manufactures. His concerns related to a different problem with the defibrillators than the the one addressed on March 13 by Guidant, but his warnings, just like today’s announcement, go to the heart of the question of how early a medical supply company should warn doctors when there is evidence of a product defect.

Memos from Dr. Fogoros challenge Guidant’s decision not to publicize flaws on the basis that it believed patients would face a greater risk from replacement surgery than they did from the units themselves. It appeared that Guidant did not go public because it did not believe it had a sufficient number of cases of defects.

Dr. Fogoros argued in memos back on May 18, 2005, that while Guidant’s decision was statistically defensible, the company had violated a “sacred obligation” that it had to doctors by interjecting its medical judgment for theirs. “Neither the doctor nor the patient consider themselves to have signed up to have Guidant dictate any treatment plans,” he reasoned. Furthermore, he wrote, the situation presented Guidant with a clear conflict of interest, which would predispose it to divulge product malfunctions only when “absolutely necessary.”

Dr. Fogoros, according to the report in The New York Times, added that “[The conflict] is obvious for all to see….This means that when a tragedy occurs our decisions will be viewed in the harshest light possible, without any objective consideration of the statistical niceties supporting our actions.”

Dr. Fogoros stressed in his memo that while he believes Guidant’s products to be extremely dependable, he worried that the company’s use of numbers to defend its choices under circumstances which involve people’s lives would generate “bitter derision towards our protests that we were only acting with the patients best interests at heart.”

Complicating the situation was the fact that the company was at the time negotiating a merger with the Johnson and Johnson Company.  Dr. Fogoros suggested in his memo that the company could profit from revealing the defects by simultaneously announcing a marketing program for a new product that would enable doctors to monitor the progress and effectiveness of Guidant devices. However, despite Dr. Fogoros’s urgings, it was not until November, six months later, that Guidant began to disclose some of the risks related to the defibrillators.

The memos were written just after Guidant informed a Minneapolis physician, Dr. Barry J. Maron, of a defect in its defibrillators, which could cause it to short circuit and malfunction (defibrillators use electricity to interrupt potentially lethal heart rhythms, and are usually replaced every five years). The company informed Dr. Maron of the problem after one of his patients died as a result of a dysfunctional Guidant defibrillator, one of seven patient deaths tied to the devices. Dr. Maron urged the company to warn doctors of the product’s potential risks, which it had known about for three years. When the company failed to do so, Dr. Maron and a colleague, Dr. Robert G. Hauser, notified other physicians and contacted the New York Times, which ran an article in late May 2005 about the defibrillators.

Since the article, Guidant has recalled over 10,000 implantable heart devices and is under inspection by the Justice Department and the Food and Drug Administration. Guidant has responded to criticism by insisting that its decisions are motivated solely by the concern for patients well-being (October 20, 2005 Guidant Press Release) and by creating an independent panel of experts to propose guidelines for physician communications (August 29, 2005 Guidant Press Release).

Back to Top

Health and Governance

Many cases of alleged malfeasance in the health sector come to light as a result of the courage of whistleblowers. The Global Corruption Report 2006, to be published by Transparency International on February 1, 2006, highlights numerous instances of massive corruption and unethical activities in the health area across the globe – time and again these cases would not have been discovered had it not been for whistleblowers. The latest example was reported on January 24, 2006:

Suit Accuses Medtronic of Bribing Doctors

UPI reported from Memphis in the United States that a whistleblower lawsuit accuses Medtronic (a leading U.S. manufacturer of healthcare products) of paying doctors thousands of dollars in consulting fees to get them to use its spinal implants. In court papers, lawyers say that one Wisconsin surgeon received $400,000 for a consulting contract that required eight days of work, while another, in Virginia, was paid almost $700,000 in the first nine months of 2005. UPI noted a story in the New York Times that reported that Jacqueline Kay Poteet, a former manager of travel services for Medtronic, filed the lawsuit in Memphis. Her job included making travel arrangements for doctors who traveled to conferences on Medtronic's dime.

UPI reported that if the Minneapolis-based company settles with the Justice Department, Poteet, who left her job because of disability in 2003, will get a percentage of the settlement. The Justice Department has not yet formally intervened in the lawsuit, although the Times said it has offered Medtronic a $40 million settlement. A company spokesman said that consulting arrangements with doctors are critical to improving its product.

Back to Top

* * *

The NBES on Whistleblowing

2005 National Business Ethics Survey: How Employees Perceive Ethics at Work in the United States (NBES)
Ethics Resource Center (www.ethics.org)

A section of the 2005 National Business Ethics Survey highlights the serious problems that now exist with regard to whistleblowing.

Outcomes for Whistleblowers

The NBES asked employees who reported misconduct what personal consequences they faced after they reported what they had seen.

Findings:

• Of employees who reported misconduct, 48% received positive feedback, while 52% did not.

• Of employees who reported misconduct, 22% experienced retaliation, while 78% did not.

The analysis by the NBES found that most striking is the fact that misconduct is widespread. More than half of all employees witness an act of misconduct each year (52% of respondents), and more than 36% of those who see it also witnesses at least two or more incidents.

One possibility that this finding suggests is that an act of misconduct does not always take place in isolation. If misconduct happens within employees' circle of associations, at least one-third of the time some form of misconduct is likely to happen again in the course of their work. Fifteen percent of employees who feel pressure to compromise the standards of their organization say this pressure is inflicted by their coworkers, and 94% of employees who feel pressure say that they have observed at least one type of misconduct.

Back to Top

* * *