Audit Committee Considerations for Whistleblower Hotlines

June 1, 2010

Audit committees should consider the following questions when assessing the design effectiveness of a hotline:

 

  • Does the hotline have a dedicated hotline number, fax number, website, e-mail address, and regular mail or post office box address to expedite reports of suspected incidents of misconduct?
  • Does the hotline demonstrate confidentiality, including showing how caller ID, e-mail tracking, and other technologies cannot be used to identify the whistleblower? Has the entity considered use of an independent hotline operator to enhance the perception of confidentiality in addition to any real improvement?
  • Does the hotline use trained interviewers to handle calls to the hotline rather than a voice mail system?
  • Is the hotline available 24 hours a day, 365 days a year?
  • Does the hotline have multilingual capability to support hotline callers with different ethnic backgrounds or who are calling from different countries?
  • Are callers provided with a unique identification number to enable them to call back later anonymously to receive feedback or follow-up questions from investigators?
  • Does the entity have a case management system to log all calls and their follow-up and to facilitate management of the resolution process, testing by internal auditors and oversight by the audit committee? To download a sample tracking report that audit committees can use for this purpose, click here.
  • Has the entity established protocols for the timely distribution of each type of complaint, regardless of the mechanism used to report the complaint, to appropriate individuals within the company and to the audit committee and board of directors where appropriate? Are complaints of any kind involving senior management automatically and directly submitted to the audit committee without filtering by management or other entity personnel?
  • Does the entity effectively distribute comprehensive educational materials and training programs to raise awareness of the hotline among potential users? Are these materials available in all relevant languages given the potential user base, and do they take into consideration cultural differences that may require alternative approaches to achieve the desired goal?
  • Does the entity support outreach to potential stakeholders other than employees?
  • Do the entity’s internal auditors periodically evaluate the design and operating effectiveness of the hotline? What were the internal auditors’ conclusions regarding (a) how the hotline reflects changes in the company’s operations and in best practices, (b) whether the hotline is receiving satisfactory support from management, employees and other participants, and (c) whether protocols established for forwarding information to the audit committee have been followed?

 

—Prepared by the AICPA Antifraud Programs and Controls Task Force.

 

More from the JofA:

 

 Find us on Facebook      Follow us on Twitter

 

PROFESSIONAL DEVELOPMENT: EARLY CAREER

Making manager: The key to accelerating your career

Being promoted to manager is a key development in a young public accountant’s career. Here’s what CPAs need to learn to land that promotion.

PROFESSIONAL DEVELOPMENT: MIDDLE CAREER

Motivation and preparation can pave the path to CFO

CPAs in business and industry face intense competition to land a coveted CFO job. Learn how to best prepare yourself for the role.

PROFESSIONAL DEVELOPMENT: LATE CAREER

Second act: Consulting

CPAs are using experience to carve out late-career niches. Learn how to successfully make a late-career transition to consulting, from CPAs who have done it.