×

Homepage Feature

Explore our Professional & Executive Learning Solutions designed with a focus
on promoting effective decision-making supported by a System and Culture of Risk Ethics and Awareness

Upcoming Programs & Events

Upcoming Programs & Events

Whistleblowing Policy: How to get it right to have an effective tool for fraud prevention and detection in your organization

Fraudulent or corrupt acts may occur in your organisation right now. They may include a wide range of behaviors such as breach of trust, employee misconduct, fraudulent statements, assets misappropriation, criminal offence, and so on. The consequences of those fraudulent activities for organizations can go well beyond the direct financial loss to include regulatory investigations and media embarrassment leading to further damage to reputation, loss of staff’s motivation, loss of customers and ultimately destruction of shareholder value.

Why would a Whistleblowing Policy help your organization in your Fraud Risk management Efforts?

Over the past couple of decades, well publicized corporate troubles and collapses such as Enron, Worldcom, NKF, Olympus, UBS, HSBC and NSA scandals just to name a few have highlighted the key role of whistle blowers in bringing to the surface these frauds. Indeed researchers agree that about 70 to 80% of fraud losses are usually committed by the internal staff of an organization and that in most of the cases, they were eventually detected because somebody from the inside or outside blew the whistle.

Indeed it is not far-fetched to assume that when someone is involved in a fraud or any kind of misconduct, there will most likely be somebody else inside or outside the organization who knows about it or at the very least suspect it. Hence when looking to uncover possible frauds in your organization, one of the key source of information could therefore be your own staff and other key relevant stakeholders such as suppliers for example. Regrettably organizations too often fail to capitalize effectivelly on their employees as a potential essential resource in their fraud detection and control mechanisms.

The sad reality illustrated by the many stories making the news headlines is that if they had used this resource properly with an effective whistle blowing policy in place, those organizations could have stopped the fraud they were the victim of much earlier and possibly saved themselves a lot of troubles and even ensured their survival.

What will happen if your organization do not have a Whistle Blowing Policy or if the Policy is improperly designed, implemented and communicated?

In such cases, people will usually NOT report spontaneously about what they see or know. They will likely keep quiet about it for a number of reasons I will explore later in this post one of them is the fear of getting themselves into troubles. This in turn will prevent the organization from identifying and hence addressing the issues until it is unfortunately too late for effective corrective actions to be taken and to avoid painful consequences..

Those who do dare to report something will usually prefer to do it anonymously often by-passing the ‘official’ reporting procedure set by the organization in order to avoid exposing themselves. Although this kind of random anonymous disclosures might be considered as better than nothing, it is in fact a real problem for organizations as it means that if the management decide to act upon it, they may have to go on “a wild goose chase” based on often too limited or even dubious information. It is also important to keep in mind that in some cases of anonymous allegations, the whistleblowers can also have malicious intentions making partially or totally incorrect allegations to promote their own agendas. If not managed carefully, those malicious allegations could destroy the reputation of the wrongly accused employee, severely affect the morale of the rest of the staff and damage the credibility of the management who mishandled the situation.

On the other side, if the management decide to do nothing about the anonymous disclosures, there possibly missing an opportunity for early detection and action on a real fraud situation leaving it as a time bomb that will inevitably explode sooner or later. Furthermore if the management is perceived to do nothing or move too slowly in its investigations by the whistle blower, the situation can get worse on that front as he/she may contact the media and/or the regulatory authorities and /or the police. Any suspicions of fraud or corruption that are brought to the attention of the media have the potential to blow off into a major public scandals creating tremendous damages to the reputation of an organization and even in some cases, possibly threatening its survival.

Why people will often not want to blow the whistle openly using official channels set by the organization?

There are a number of reasons for that and I will now review them in more details:

1 – Fear of Retaliation: The main reason is the same everywhere! FEAR! While many regulations have been enacted all around the world to provide some protection for whistleblowers such as for example the Sarbanes-Oxley Act in the United States and despite reassurance from the management in many organizations that retaliation against whistle blowers will not be tolerated, many employees arround the world strongly fear they will likely suffer from “blowing the whistle”. Indeed for those people who do blow the whistle, the consequences can be disastrous! It is an unfortunate fact to stress that far from being celebrated as corporate heroes saving their organizations from potential destruction, the data from many documented cases with my own experience as a whistleblower included shows that most whistleblowers are somewhat “punished” and often have their careers ruined by their honest actions. Many publicized cases have highlighted how whistleblowers are ostracized, bullied, over-looked for promotion, or treated so badly that they have to leave a job that has become untenable. In worse case scenario, they can even end up in prison or face life-threatening situations. Furthermore considering that the current volatile economic climate reinforces the general feeling of insecurity among employees, whether it is true or not, that their jobs are always potentially at risk, many employees fear that they will increase the likelihood of losing their jobs if they make noise and rock the boat by raising their concerns!

2 – Cultural Impediments: There are also a number of cultural factors that discourage employees from reporting the acts of misconduct they are aware of. These factors and their importance may differ from one cultural environment to the other and hence as such adding a significant level of complexity for multinational organizations to learn to manage effectively. Examples of cultural factors include the issues of Divided Loyalties and Submission to Authorities that play an important role in influencing people behaviors in many societies. The problem can be particularly acute in certain Asia countries first due to the essential importance of families and personal ties in business relationships and second because of the hierarchical nature and the importance of power distance in those societies as defined by Geert Hofstede in his research study on “cultural dimensions theory”. For example in Korea and Japan, a strict seniority system is dictating that employees must show unbounded loyalty to their superior and co-workers. This kind of environment will discourage those employees from questioning management decisions even when facing life or death situations. The Historical background of a country can also exacerbate an existing bias against whistleblowing policies as it can bring back negative memories to employees such as the horrors of the Nazi surveillance system in Germany, the denunciations of the Cultural Revolution in China, the apartheid-era informants in South-Africa and so on. All these factors are making it very difficult to make whistleblowing procedures acceptable in those countries.

3 – System & Processes issues: Corporate whistleblowing resources are often under utilized simply because from a practical point of view, they are often insufficient, badly designed and improperly communicated to the employees who are then confused about what to do with them. There is also often a basic problem of trust in the reliability and effectiveness of the system put in place especially when influencial and powerful figures are the subject of the disclosure. Potential whistle blowers who have concerns that they want to report must feel the whistleblowing policy and system can be relied on. They may feel, it is often not the case.

How to connect effectively with the people who might be aware of possible wrongdoings?

The earlier an organization can detect a fraud, the faster they can deal with it appropriately. Early detection may save the organization by allowing them to take the appropriate actions diminishing the damage to its operations, reputation and business. When the whistleblowers can be identified, the organization will be able to obtain more complete and accurate information about the allegations raised and eliminate incorrect or malicious allegations while clearly identifying the areas that need further investigations. Hence organizations should encourage whistleblowers to come forward and report suspicions of fraud and misconduct in a formalised manner through a well-designed whistle blowing policy.

The policy should be designed to really encourage employees including former employees, customers and suppliers – to raise concerns to the management using properly defined channels, rather than keeping quiet about the problem or throwing out through various means random anonymous allegations. To achieve that, it is essential to understand the issues from the whistle blower’s perspective i.e. fear of retaliation and cultural impediments and address them appropriately. This means sending a clear message to potential whistleblowers that unambiguously responds to the concerns that would otherwise stop them from coming forward. Questions potential whistleblowers will ask include: What sort of concerns I am right to raise? What evidence do I have to provide? What will you do about my disclosure? How are you going to investigate? What will happen to me? How are you going to protect me?

The organisation should be seen as responding positively to concerns raised, and acting both to protect the whistleblower and fix the issue raised. Therefore the objective of an effective whistleblowing policy should be to create an environment where people feel safe and confortable raise the concerns about possible fraud and misconduct issues they may have observed within the organisation.

With that in mind, implementing a whistle blowing policy should involve the following key steps:

  1. Assess the existing culture of the organisation and clarify the cultural impediments and other obstacles;
  2. Clarify the sort of whistleblowing policy approach that is most likely to be effective within that environment;
  3. Decide on the scope of the whistleblowing policy;
  4. Define and allocate the resources necessary both to promote whistleblowing and manage the system put in place;
  5. Communicate and ensure appropriate training about the whistleblowing procedure and what are the options available to those who have concerns they wish to raise;
  6. Managing the disclosures and subsequent investigations in a way that reinforces the message that the organisation will act on legitimate whistleblowers disclosures and treat any case of fraud or misconduct very seriously;
  7. Finally verify effectiveness and ensure periodic reviews of the Whistleblowing policy and procedures in place.

The Whistleblowing policy should include the following key elements:

  • clarifies the wrongdoings that need to be reported in a clearly written code of code of conducts and ethics;
  • Set and map the different ways by which employees can make their concerns known about suspected acts of fraud or misconduct;
  • Outlines how the organization will deal with such instances;
  • Ensure independent confidential investigation proceedings;
  • Protect both those people who raise concerns as well as the people subject of the disclosure;
  • Ensure no double standards with zero tolerance to fraud and misconduct with tough enforcement on the rules set in the policy;
  • Finally it must linked to commitment to the development of a culture of ethics based on honesty, integrity and accountability.

This last point is very important. Indeed while having a robust whistle blowing policy in place is an essential best practice for the management of any organization, in addition, to be really effective, organizations need to nurture a culture in which employees will do the right thing knowing that their concerns will be taken seriously, and that the protection provided by both the law and internal corporate policies is real and effective.

To conclude, a whistleblowing policy is at the heart of a strong culture & system of corporate ethics and compliance. By promoting a strong whistleblowing policy, your organisation sends a clear message to all staff and others that compliance with certain principles and values is fundamental to the long-term success of the organisation and by this potentially discouraging some would-be fraudsters from taking actions while encouraging other employees to report concerns appropriately.

 

I was invited to speak and share my views on “How to Encourage Whislteblowing as an effective tool to prevent and detect fraud” during the 2013 ASLI Internal Fraud Conference in Kuala Lumpur and I thought it would helpful to share the presentation I gave at that conference. Therefore I have attached it in this post below. Enjoy and if you have any questions do not hesitate to contact me.

Stock Options Compensation: The Highway to Corporate Performance Troubles!

Back in 2008, in the wake of the subprime debacle as the financial crisis was affecting every corners of the world economy,  equity-based compensation packages of senior executives and traders in financial institutions came under the scrutiny as one possible culprits for the excessive risk-taking behaviors that eventually led to the financial crisis.

IRONICALLY, equity-based compensation systems and in particular Stock Options were initially devised as a form of risk control to resolve the conflict of interests inherent in the agency problem in organizations i.e. the possibility of opportunistic, self-interested behaviour on the part of the Management (i.e. the AGENT) that could work against the welfare of the Shareholders (i.e. the PRINCIPAL). How do Stock Options work? In simple terms, the stock options mechanism allows the recipient to purchase stock in the future at the price it is valued today (i.e. option price). It means that if the share price rises above the option price, the recipient will be able to pocket the difference when he/she exercises the options after a certain required period (i.e. the vesting period).

To its advocates, stock options were seen as the “magic carrot and stick”, an ideal and cheap incentive designed to foster great management performance by encouraging optimal risk-taking and management simply because it was supposed to ALIGN smartly an organisation top management interests with those of the shareholders.

Let’s now take a closer look at how stock options were supposed to resolve the inherent conflict of interests between the management and the shareholders. The rationale was that shareholders are essentially interested to see an increase of the share price of the companies they have invested into. So, it means that share price movements upward…

  • seemed directly related to shareholder’s wealth creation
  • furthermore, it is easy to monitor as the share price is publicly listed for everybody to see

On the contrary, if the share price stagnates or worse goes down, the stock options are worthless penalising the management for its poor performance. It means that options would pay off ONLY if the company’s share price went up.

Hence share price movements seemed at first glance to be a fair and reasonable way to:

  1. evaluate senior executives contributions to an organization wealth creation and
  2. reward them in reasonable proportion of it.

Based on that understanding, from the late 80’s, stock options started to be widely granted to the seniors management and senior traders quickly becoming an essential part on their compensation packages.

Unfortunately, it did not work as it was initially intended to (Here is another example of the law of ‘Unintended Effects’).. Data about corporate failures/troubles over the past 2 decades have showed that Stock Options FAILED to resolve the Agency Problem. In fact, they made the problem worse by the exacerbating the the moral hazard issue in senior management behaviour.

Obviously, something went wrong.. painfully wrong! Let’s try to find out what happened… I would now like to elaborate on the following 2 key reasons that will shed light and explain the ineffectiveness and dangers of using Stock Options as a top executives performance management tool:

  1. The mechanism of stock options was perverted by the management to ensure and magnify rewards
  2. Even when used as it was intended, Share Price is NOT very well-suited as a Performance Management metric on its own

1- Perversion of the Stock Options mechanism

Stock Options RepricingIn many public-listed organizations, stock options became an additional form of compensation that was often just added up on the top of already very generous packages. Furthermore the stock options system was quickly perverted by the management through the use of various techniques that essentially aimed to ensure that the management would get ‘their huge bonuses’ no matter what was their individual performance and the performance of their organizations.

I have listed below some of the most popular techniques used for that purpose:

  • Backdating (Allows the recipient to purchase stock at yesterday’s price, resulting in immediate wealth increase)
  • Spring-loading (Granting of a stock option at today’s price, but with the inside knowledge that stock’s value is improving)
  • Bullet dodging (Delaying of a stock option grant until right after bad news)

Many organizations distributed options to their senior management teams like candies in ever-growing numbers and it ended up to generate the biggest bonanza yet for top executives leading to exponential growth in their compensation packages.

Advocates of options compensation, postulate that options mechanisms shouldn’t be judged on the basis of the perverted use made of them in some organizations, that the issues highlighted can be corrected with proper controls (i.e. better oversight, longer vesting periods, etc) ensuring that organisations will benefit from the option mechanism. They also claim that exponentially rising senior executives compensation is not the result of the use of options but is rather due to the intense competition for top experienced managers in a globalised world. They finally claim that stock options have helped to foster business innovation, by giving young and promising but cash-poor start ups a bait with which to attract the human capital talents necessary to engineer their growth. Let’s now explore this issue.

2 – Share Price is NOT well-suited as a Performance Management Metric

Can stock options really help align the interests the management with those of the shareholders and provide a fair and reasonable basis for executive compensation?

In order to be able to answer that question, we must realise that the validity of the stock options mechanism is based on a very important hidden assumption.. It goes as follows: “If the share price is going up, it MUST mean that the management team has done a good job!”… Is this assumption realistic and reasonable?

A primary school child should be able to figure out that this kind of reasoning is not just simple, it is simplistic! As a matter of fact, the assumption it is based on, proved over time to be highly questionable and incidentally highlights one key ROOT Cause of Management’s Problems in organizations.

This root cause of management’s problems is that… People and Organizations are typically evaluated on OUTCOMES i.e. Results (often financial) Metrics/Indicators such as revenue, earnings, share price, turnover, etc.

Why are Results Metrics PROBLEMATIC?

It is because they work like ‘thermometers’. These ‘temperature indicators’ aim to tell you if you are healthy or not! For example, when the share price goes up, it is supposed to indicate that the organisation is doing well. On the contrary, if it goes down, it is a sign of troubles!

However one essential limitation of those kind of metrics is that it will NOT tell you HOW you achieved the Results!

This limitation is easily overlooked as people are naturally inclined to assume that the positive movement of a result metric (in our example the share price) must indicate that there is a very effective leader doing a great job.

Unfortunately the reality is that, beside somebody doing a good job, there are many other problematic reasons that can lead to GOOD RESULTS on the short to medium term.  Results could LOOK good because of:

  1. Luck. Even when there is excessive risk-taking, randomness can play in your favour as brilliantly demonstrated by Nassim Taleb (author of the Black Swan Theory);
  2. Taking credit for somebody else work (All too common in large organizations. There is always a team behind who also deserves credit);
  3. Benefiting from a favorable situation (Should the management be rewarded for key external factors they had no control over?)
  4. Benefiting from timing issues where short-term gains are made at the expense of long-term costs and risk exposure;
  5. Hiding losses by fudging the figures through creative and fraudulent accounting (You will all too often find out when it is too late).

As Warren Buffett once declared: ‘Risk comes from not knowing what you’re doing’.

The disconnect between Results on one side and decision/actions on the other side is a so-called unintended “side effect” of the focus on metrics such share price and will inevitably lead to the creation of black boxes in organizations… And black boxes will open the door for all kind of abuses by the managers in charge who can do whatever they want with no proper scrutiny of they decisions and activities as long as they operate within the perimeter of the black boxes.

Business sharksI trust I have highlighted both the ineffectiveness and dangers of stock options schemes. Do keep in mind that from a risk management perspective, if you evaluate performance using indicators that are not clearly related the critical success factors of your business model, it means that you do not understand what you are doing, and that you are actually GAMBLING away the assets of your organization.

Hence it is time to recognise that stock options should never be used on their own as a performance management and reward mechanism. In fact, don’t waste your time trying to improve something that is inherently flawed. The best solution is probably to drop or at least limit drastically your stock options compensation scheme and reward primarily your staff based on metrics that put the spotlight on their real risk-adjusted performance. I know it will not be easy … indeed why would senior executives who are, by their human nature, primarily self-interested, agree to change a flawed system that is so skewed in their favors? How we can make that happen will be the subject of another post..

HR: A key Role to play in Crisis Management &x Organisational Sustainability Preparedness

Tsunamis, oil spills, political turmoil, corporate frauds, terrorism, workplace accidents and health concerns such as pandemic flu, and contaminations are some threats that could affect your organisation and employees leading to disastrous impact on an organisation’s business profitability and even sustainability.

A CRISIS can be defined as an event/situation that results in a:

  1. total or partial disruption of key business and operational processes due to harm to people/ relationships or damage to property, equipment or the environment
  2. and/or influence stakeholders‘ perception negatively

Which, as a consequence of the direct impact and of the stakeholders’ negative responses, may dramatically impact an organisation’s profitability, reputation and hence long-term operational sustainability potential.

Crises can occur at any time and hence the challenge of identifying, preventing, and managing crisis events has become a critical concern for many organisations.

The HR function has a key role to play not only in protecting the welfare and safety of affected employees but also in supporting organizational sustainability. Why? The simple and obvious reason is that there is always a human side to a crisis as people are likely to get hurt physically and/or psychologically. Unfortunately, one of the critical errors in crisis management planning is the strong tendency to focus the attention and efforts on reinforcing systems, operations, infrastructure and public relations, with people issues coming in last on the list of concerns and as a result often ending up neglected. Organizations should not wait for something terrible to happen to find out just how unprepared they and their employees are. This neglect is a serious problem as organizations really need to pay greater attention to the impact of critical events on their employees, their families and the community as a whole as effective crisis management, business survival and recovery cannot happen without well-prepared, safe and motivated employees.

For organisations with inadequate HR crisis plan in place, the effects of any crisis will be catastrophic and may include:

  1. Impacts on the People
  • Get physically injured, have permanent disabilities and/or die
  • Be psychologically traumatized, change of personality & values
  1. Impact on the Organization
  • Loss of key staff and intellectual knowledge
  • Absenteeism & high turnover
  • Underperforming staff due to trauma, low morale & demotivation
  • Increasing health benefits costs
  • HR-related legal concerns and costly litigations
  • Negative publicity for the organization and badly damaged reputation

 

Looking at the Human Side of Crisis Management Is Essential For Business Sustainability

Today’s business environment requires a robust, enterprise-wide plan to deal with risks and crises. Company reputation and brand, as well as the trust and loyalty of stakeholders, are all critical assets at stake during a crisis. It should beobvious to everybody that a Crisis and its Management has a lot to DO with PEOPLE:

  1. First, people are a source/factor of risk, e.g., people making wrong decisions, people doing sloppy work, being complacent, etc.
  2. Second, people are victims of risk, e.g. injuries, deaths, psychological impact, etc.
  3. Third people are essential in managing risk, e.g., people using their knowledge, skills, experience and ingenuity to resolve expected and unexpected risk issues.

Hence based on the abovementioned reasons, the Human Resources function should be play a strategic and proactive role in Risk, Crisis & Business Continuity Management because they are the primary caretaker of an organization’s human capital welfare and motivation. HR is in the best position to ensure that an organization’s human capital can be prepared, preserved and can continue to create value under any adverse circumstances.

 

Defining HR’s Role in Crisis Management

In today’s Information & Knowledge Economy, Organizations increasingly rely more on Human Capital (knowledge workers) to build competitive advantages and generate their profits, rather than just on equipment, technology and systems. Hence no matter their size, durability and successes, organizations are very VULNERABLE when something go wrong with their people. At the same time, people are the solution too!

HR leaders have a strategic role and responsibility to ensure their organizations are aware of internal vulnerabilities on the human side to different types of crises and to ensure their crisis management plan covers all potential risks and concerns.

To be included as a strategic partner in crisis management, with other functions such as risk management and business continuity management, HR professionals have to understand and speak the “lingo” of crisis management.

HR has the opportunity to ascertain that the human capital is taken care of in all crisis management and business continuity plans. HR can offer real value protection or enhancement through deliverables such as crisis communication plans, crisis resource planning, safety and security training, talent management and succession planning to help reassure and prepare employees.

In partnership with other organizational leaders, HR can develop an infrastructure for crisis management by motivating the company’s human capital to support what need to be done. The support and commitment that an organization will need from its employees during and after a crisis can be facilitated by HR professionals who can understand both the business and employees’ perspectives.

 

Preparing an Organization & its Human Capital For Crisis

HR professionals can influence the organizational culture and capabilities to provide effective preparation and capacity building before the crisis and effective management and leadership during and after a crisis. Effective crisis response requires an understanding of what people need from management, and how to provide it. Some recommended strategic and practical steps regarding crisis management planning are as follows:

  • To establish a diagnostic of the human side vulnerability of your organization to crisis to ensure adequate attention to human needs in the wake of a disaster
  • To identify and prepare specifically for crisis scenarios affecting employees To Develop HR policies and procedures specifically related to crisis management to avoid panic ad hoc actions and to ensure effective delivery of crisis-related human services
  • To Provide training to address specifically the human side of what happens during a crisis
  • To provide employees with an opportunity to understand and learn to cope with the effect of stress and traumatic events by conducting crisis simulation exercises
  • To train and program employees to know what to do during a crisis
  • To establish an online resource with information about crisis management, employee benefits and other employee-related policies and programs linked to crisis.
  • To provide employees with 24-hour easily accessible information and communication means

Additionally, a number of other activities may be necessary such as to protect and backup HR records, to identify and reserve emergency office space and to provide sufficient manpower for business recovery and so on.

 In summary, HR should take responsibility to :

  1. ensure their organizations are aware of the impact of internal strengths & vulnerabilities on the human side to different types of crises and
  2. to ensure the crisis management plan covers all potential HR risks, concerns and needs.

To be most effective, HR leaders should work collaboratively with other key organizational functions involved in crisis management such as risk management and business continuity management, build the business case and obtain top management commitment to support the development of enterprise-wide crisis readiness plans that fully integrate the human side of crisis.

I was invited to speak and share my views on the “Role of HR in Crisis Management & Organisational Sustainability Preparedness” during the 2013 HRM summit in Singapore and I thought it would helpful to share the presentation I gave at that conference. Therefore I have attached it in this post below. Enjoy and if you have any questions do not hesitate to contact me.