Operational resilience and the importance of the corporate whistle-blower
The sheer notion of whistleblowing immediately strikes an unsavoury chord with most people. Polarising figures such as Julian Assange and Edward Snowden have perhaps become two of the most recognisable whistle-blowers of our time. Their actions have shed new debate on the concepts of integrity, secrecy, privacy and public interest. At work, people have mostly become accustomed to minding their own business, getting on with the job and not interfering with anything that doesn’t directly affect or concern them. This notion is certainly embedded in Australian culture and contributes to our very functional and prosperous society. We also recognise that nobody is perfect and people make mistakes, so the thought of escalating something to a workplace superior is quite foreign to most, particularly if we are not directly involved. Moreover, people can sometimes be afraid to “blow the whistle” on the basis that they become implicated in the issue, ostracised by their peers and/or fear falling victim to any repercussions as a result.
What about honesty, trust and integrity?
A corporate whistle-blower is someone who reports something that they consider detrimental, illegal, immoral, unethical or not correct. They can choose to report internally to management or externally to the authorities, depending on the issue and their perception of its magnitude. Most senior execs are well aware of the risks associated with poor integrity management. In recent times we have seen large scale instances of bribery, fraud and corruption – both in Australia and around the world. Countries such as the US and UK have enacted legislation that permit boards and/or executive managers being charged domestically for acts of non-compliance occurring in foreign geographies. As a result, corporate audit and compliance functions, together with integrity management systems are now considered critical business enablers and are well resourced by top management. No matter how large or small your organisation or department you can be guaranteed that your people either have or soon will be confronted with decisions that will test their honesty and integrity. Integrity risk management is now very serious business.
Back to the importance of whistleblowing. Unless you can be 100% sure that each and every one of your people (staff, managers, officers, agents, contractors etc), no matter where they reside, will absolutely never be embroiled in misconduct associated with a bribery, fraud or corruption incident – you need a whistleblowing programme. In its most basic form, that programme will consist of a whistleblowing policy, procedures, people, training and a set of guidelines as to how to manage the inevitable “what next” question once the whistle is blown. The proceeding investigation should facilitate the exchange of information between stakeholders, paying close attention to discretion and confidentiality, where appropriate. It should be factual, evidence based and objective in methodology ensuring that each case is managed legally, ethically and professionally. In some cases you will have the expertise to conduct this type of investigation internally. In others, you will need to hire a professional to lead the investigation. We’ll leave incident management and response to another post.
Integrity risk management is a key element of an organisations operational resilience programme. It starts at the top and has potential to affect the entire organisation should it be handled poorly. The importance of creating an integrity management framework and/or whistleblowing programme cannot be overstated in the digital age. A robust whistleblowing programme will protect your organisation from integrity related risks, that you may not be aware exist. Astute business leaders combine integrity risk management with resilience functions such business continuity, emergency management and crisis management to give their organisation the very best chances of survival.
If you aren’t currently investing in an integrity risk management programme, then perhaps you should be.
about author

Ray Harris is Managing Director and Principal (SCEC Endorsed) Security Consultant at Inverus Group Pty Ltd, with a focus on risk, resilience and security related functions and disciplines.
He specialises in assisting his clients become more secure, compliant and resilient; enabling them to thrive in times of uncertainty and increased operational complexity.
subscribe to newsletter
If you would like to stay up to date with our latest products and services, please enter your email below and we will keep you informed.