July 3, 2009
 
About the AICPA
Member Service Center
Membership Information
AICPA Mission
Corporate Governance
Understanding the Organization
Frequently Asked Questions
Media Center
People and Places
Jobs at the AICPA
Vision Project
Legal Briefs
Professional Resources
Accounting and Auditing
Accounting and Auditing Technical Help
Accounting Standards
Audit and Attest Standards
Audit Committee Effectiveness Center
Authoritative Standards
Business Reporting Assurance & Advisory Services
Considerations for the Economic Crisis
Enhanced Business Reporting
FASB Accounting Standards Codification
IFRS
Private Company Financial Reporting
Sarbanes-Oxley Resources
SEC Regulations Committee
XBRL
Tax
Business, Industry, and Government
Financial Management Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Public Accounting Firm Resources
Center for Audit Quality
Employee Benefit Plan Audit Quality Center
Governmental Audit Quality Center
PCPS Firm Practice Center
Small Firm Corner
Peer Review
AICPA Peer Review Program
Peer Review Public File
Center Peer Review Program
Peer Review Transparency
Professional Ethics/Code of Conduct
Code of Conduct
Disciplinary Actions
Professional Ethics
Personal Financial Planning
Forensic and Valuation Services
Information Technology
Antifraud Resource Center
Financial Literacy
Exposure Drafts
CPA Marketing Toolkit
Public Meeting Notices
Conferences, Publications, CPE & the AICPA Library
AICPA Conferences
CPE
Publications
AICPA Library
Magazines and Newsletters
The CPA Letter
Journal of Accountancy
Journal of Accountancy Classified Ads
Newsletters
The Tax Adviser
Weekly News Updates
Copyright Information
Becoming a CPA/Academic Resources
Accounting Education Center
Students and CPA Candidates
Minority Initiatives
Start Here. Go Places.
Career Development and Workplace Issues
What's New
Career Advice
Job Search Tools
Mentoring Guidelines
Women in the Profession
Work-Life Balance
Young CPA Network
Consumer Information
360 Degrees of Financial Literacy
Antifraud Resource Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Disciplinary Actions
Find a CPA
Peer Review Firm Terminations
Peer Review Public File
Web Trust
Media Center and Video Library
Media Center
Video Library
Legislative Activities and State Licensing Issues
Congressional and Federal Affairs
Mobility and State Licensing Issues
State News and Info
Home > Professional Resources > Business, Industry, and Government > Audit Committee Effectiveness Center
 
  Anonymous Submission of Suspected Wrongdoing (Whistleblowers)
 

Prepared by the AICPA Antifraud Programs and Controls Task Force. Copyright © 2005 by American Institute of Certified Public Accountants, Inc., New York, NY 10036-8775

ANONYMOUS SUBMISSION OF SUSPECTED WRONGDOING (WHISTLEBLOWERS)ISSUES FOR AUDIT COMMITTEES TO CONSIDER

Download this Tool

PURPOSE OF THIS TOOL: A key defense against management override of internal controls is a process for anonymous submission of suspected wrongdoing (whistleblowing) that typically incorporates a telephone hotline. Respondents to a 2004 survey by the Association of Certified Fraud Examiners (ACFE) revealed that various forms of fraud are detected 40 percent of the time by tips, which made this the leading method for detecting fraud.1 Although the Sarbanes-Oxley Act requires that confidential reporting mechanisms be made available only to employees,2 opening the system to suppliers, customers, and others can increase the number of reports by approximately 50 percent.3 This tool is intended to assist audit committees in its evaluation of the entitys whistleblowing hotline.

To learn more about whistleblower laws and rights, see the document at http://fvs.aicpa.org/
 

Design effectiveness

In assessing the design effectiveness of the hotline, an audit committee should consider the following questions:

  • Does the hotline have a dedicated hotline number, fax number, web site, e-mail address, and regular mail or post office box address to expedite reports of suspected incidents of misconduct?

    •  
  • Does the hotline demonstrate confidentiality, including showing how caller ID, e-mail tracking, and other technologies cannot be used to identify the whistleblower? Has the entity considered use of an independent hotline operator to enhance the perception of confidentiality in addition to any real improvement?

    •  
  • Does the hotline utilize trained interviewers to handle calls to the hotline rather than a voice mail system?

    •  
  • Is the hotline availability 24 hours a day, 365 days a year?

    •  
  • Does the hotline have multi-lingual capability to support hotline callers with different ethnic backgrounds or that are calling from different countries?

    •  
  • Are callers provided with a unique identification number to enable them to call back later anonymously to receive feedback or follow-up questions from investigators?

    •  
  • Does the entity have a case management system to log all calls and their follow-up, to facilitate management of the resolution process, testing by internal auditors and oversight by the audit committee? For a sample tracking report that audit committees may use for this purpose, see http://www.aicpa.org/audcommctr/toolkitscorp/14.htm.

    •  
  • Has the entity established protocols for the timely distribution of each type of complaint, regardless of the mechanism used to report the complaint, to appropriate individuals within the company and to the audit committee and board of directors where appropriate? Are complaints of any kind involving senior management automatically and directly submitted to the audit committee without filtering by management or other entity personnel?

    •  
  • Does the entity effectively distribute comprehensive educational materials and training programs to raise awareness of the hotline among potential users? Are these materials available in all relevant languages given the potential user base and take into consideration cultural differences that may require alternative approaches to achieve the desired goal?

    •  
  • Does the entity support outreach to potential stakeholders other than employees?

    •  
  • Do the entitys internal auditors periodically evaluate the design and operating effectiveness of the hotline? What were the internal auditors conclusions regarding (a) how the hotline reflects changes in the companys operations and in best practices, (b) whether the hotline is receiving satisfactory support from management, employees, and other participants, and (c) whether protocols established for forwarding information to the audit committee have been followed?

Educating employees and others about the hotline

In assessing the whether management is actively promoting the existence and use of the hotline, an audit committee should consider the following questions:

  • Is confidentiality of communications made to the hotline stressed?

    •  
  • Is training provided to employees upon hiring and periodically thereafter?

    •  
  • Does employee training include issues related to the Sarbanes-Oxley Act and address issues such as accounting irregularities, insider trading, improper loans to executives, related party transactions, and conflicts of interest? Does the training emphasize that the Sarbanes-Oxley Act makes it illegal for the company to retaliate against an employee who reports accounting or auditing irregularities?

    •  
  • For suppliers, is information incorporated into a vendor approval process, in purchase contracts, and on purchase orders?

    •  
  • For customers, is information provided in sales contracts, invoices, and statements as well as in the customer service section of the companys website?

    •  
  • Is the hotline number and other contact information provided on the companys public web site, intranet, newsletters, invoices, purchase orders, pay stubs, checks, and even company vehicles?

Evaluating communications received

In evaluating the communications received, an audit committee should consider the following questions:

  • Is management taking all communications made to the hotline seriously? Are allegations appropriately investigated?

    •  
  • Does the entity have a process for reporting back to the whistleblower on a timely basis, where possible, the action taken?

1 Association of Certified Fraud Examiners, 2004 Report to the Nation on Occupational Fraud and Abuse, (Austin, TX: ACFE, 2004), p 18.

2 A whistleblowing hotline is now the statutory responsibility of the audit committee and cannot simply be delegated to entity officials. Section 301 of the Sarbanes-Oxley Act of 2002 requires that audit committees establish effective whistleblowing procedures, a statutory responsibility that they did not have before.

3 Association of Certified Fraud Examiners, 2004 Report to the Nation on Occupational Fraud and Abuse, (Austin, TX: ACFE, 2004), p 19.

 

  
 
To ensure that you can receive email messages from the AICPA, remember to update your member profile. Also, add the AICPA's email domains ("aicpa.org" and "email.aicpa.org") to your Sender Safe List, or contact your IT administrator to update your firm's email software.

©2006-2009 The American Institute of Certified Public Accountants, ISO 9001 Certified
AICPA Privacy Policy and Copyright Information | Jobs at the AICPA | Contact Us
AICPA, 1211 Avenue of the Americas, New York, NY 10036
Trusted Commerce