Recent scandals in the for-profit and nonprofit worlds have highlighted the importance of integrity within an organization. Fraud prevention has recently been addressed in new legislation and accounting standards. This new level of fraud awareness applies to nonprofit organizations just as much as it does to for-profit organizations, and it is therefore important that nonprofit organizations establish a means for employees to report concerns about misconduct, dishonesty, or fraud. Such a reporting structure should be recorded and communicated to employees in a written policy on suspected misconduct, dishonesty, and fraud.
Whistle-blower protection. One of the two provisions of the Sarbanes-Oxley Act of 2002 that applies to nonprofit organizations (the other provision relates to document destruction) is the legal protection of whistle-blowers. The Act makes it illegal for a corporate entity to punish whistle-blowers who risk their careers by reporting suspected illegal activities in an organization. No form of punishment, including firing, demotion, suspension, harassment, failure to consider the employee for promotion, or any other kind of discrimination, is allowed.
Punishing a whistle-blower in any way is a criminal offense. Even when an employee's claims are unfounded, the nonprofit may not reprimand him. To receive whistle-blower protection, an employee does not have to demonstrate misconduct; a reasonable belief or suspicion that violation of a federal law exists is sufficient.
As a result of this legislation, it is important that nonprofit organizations develop procedures for receiving and handling complaints. Nonprofits need to create and implement a formal process to receive and investigate complaints and prevent retaliation. As a part of this process, a confidential and anonymous mechanism should be established to receive employee complaints. These needs for whistle-blower protection can be incorporated into a general policy on misconduct, dishonesty, and fraud.
Important policy components. Typically, the audit committee has ultimate responsibility for the processes that define the confidential communication system relating to significant employee concerns. Fraud prevention and whistle-blower policies should:
-
Provide confidentiality and anonymity to the submitter. Both the perception and the reality of safety are necessary to encourage people to speak up about sensitive topics.
-
Enable anyone who may have information about wrongdoing to make a report. This includes employees, vendors and suppliers, internal and external auditors, consultants, advisors, and board members.
-
Facilitate the reporting of all varieties of wrongdoing. Many Federal and state laws prohibit retaliation for reporting illegal acts. Examples that may apply to your organization include;
a. Title VII, which protects employees who report, oppose or participate in the investigation of unlawful discriminatory practices.
b. Age Discrimination in Employment Act and state equivalents
c. Americans with Disabilities Act and state equivalents
d. Fair Labor Standards Act
e. Employee Retirement Income Security Act (ERISA)
f. False Claims Act
g. State worker’s compensation laws
h. State child labor laws.
-
Give submitters choice and convenience. A phone call to truly skilled listeners elicits the most complete set of facts about a case. However, the preferences driven by age and background may dictate allowing people to use the web or write a letter. Make the service available at all times, and support foreign languages if some organization employees are non-native English speakers.
-
Focus on obtaining a full set of facts from the submitter. More information is better than less. Experienced and well-trained listeners are better equipped to obtain the information necessary to begin solving problems before they become emergencies.
-
Adhere to a compliance approach, with checks and balances built into the case review and closure steps. The process must include systematic follow-up and tracking capabilities. Instill a culture of accountability that precludes the potential for management to sweep problems under the rug.
-
Put the information into the hands of people who can and will act on it. Invest the time up front to determine specific roles and responsibilities. Establish rules for action and oversight. Retain each and every report, even those that appear to lack substance, so that no bits and pieces are lost.
-
Have options for investigation and resolution. If you use a third-party hotline, the provider must not be the same firm as the one doing the investigating. It is an inherent conflict of interest to listen objectively and at the same time seek additional revenue from investigation activity. Investigation is not the role of audit committee members; use staff personnel who are unrelated to the submitter who are experienced in conducting investigations.
-
Freely publicize the existence of the confidential reporting service. Communicate the safety and availability of the process, and give permission to use it. The whistle-blower policy should be included in the organization's employee handbook and policy manual, discussed in the organization's newsletters, presented in training of new employees, and periodically (at least annually) be communicated to all current employees.
-
Protect the whistle-blower. Nonprofits should take every step possible to protect the confidentiality of the whistle-blower. Organizations must ensure that no director, officer, or employee who in good faith reports a violation will suffer harassment, retaliation or adverse employment consequence.
(Click here for Word document)
SAMPLE POLICY FOR A LARGER MINISTRY
Policy on Suspected Misconduct, Dishonesty, Fraud,
and Whistle-blower Protection
XYZ Ministry is committed to the highest possible standards of ethical, moral, and legal conduct. Consistent with this commitment, this policy aims to provide an avenue for employees to raise concerns about suspected misconduct, dishonesty, and fraud and to provide reassurance that they will be protected from reprisals or victimization for whistle-blowing in good faith.
PROCEDURE
Reporting
Employees and any other person who has a concern relating to suspected misconduct, dishonesty or fraud may make a report. The XYZ Ministry wants to hear of possible problems in these areas.
Concerns or suspected misconduct, dishonesty or fraud may be reported by telephone, email or regular mail, at the employee’s or reporter’s preference:
An employee may telephone: (---) --- ---- . We have retained an independent company to receive calls and descriptions of possible issues. Reports they receive will be forwarded to the Chairman of the Audit Committee.
An employee can email directly the Chairman of the Audit Committee at:
An employee may write a letter to the Chairman of the Audit Committee at the following address:
Comment: Telephone number, name of Audit Committee Chairman, email and postal addresses must be kept current.
Timing
The earlier a concern is expressed, the easier it is to take action.
Investigating the Concern
Following the receipt of any complaints submitted, the Audit Committee will investigate each matter so reported and take corrective and disciplinary actions where appropriate.
The Audit Committee may enlist committee members, employees of the ministry and/or outside legal, accounting or other advisors, as appropriate, to conduct any investigation of complaints regarding financial reporting, accounting, internal accounting controls, auditing matters, or any other form of misconduct, dishonesty, or fraud. In conducting any investigation, the Audit Committee shall use reasonable efforts to protect the confidentiality and anonymity of the complainant.
Further Information
The amount of contact between the complainant and the body investigating the concern will depend on the nature of the issue and the clarity of information provided. Further information may be sought from the complainant.
Report to Complainant
The complainant will be given the opportunity to receive follow-up on their concern within two weeks:
-
Acknowledging that the concern was received;
-
Indicating how the matter will be dealt with;
-
Giving an estimate of the time that it will take for a final response;
-
Telling them whether initial inquiries have been made; and
- Telling them whether further investigations will follow, and if not, why.
Information
Subject to legal constraints the complainant will receive information about the outcome of any investigations.
Document Retention
The Audit Committee shall retain as a part of the records of the Committee any such complaints or concerns for a period of at least seven years.
SAFEGUARDS
No Retaliation
No director, officer, or employee or other person who in good faith reports a violation shall suffer harassment, retaliation or adverse employment consequence. An employee who retaliates against someone who has reported a violation in good faith is subject to discipline up to and including termination of employment. This policy is intended to encourage and enable employees and others to raise concerns within the organization prior to seeking resolution outside the organization.
Additionally, no employee shall be adversely affected because they refuse to carry out a directive which, in fact, constitutes corporate fraud, or is a violation of state or federal law.
Confidentiality
Violations or suspected violations may be submitted on a confidential basis by the complainant or may be submitted anonymously. Reports of violations or suspected violations will be kept confidential to the extent possible, consistent with the need to conduct an adequate investigation. Every effort will be made to protect the complainant's identity.
Anonymous Allegations
Employees are encouraged to put their names to allegations because appropriate follow-up questions and investigation may not be possible unless the source of the information is identified. Concerns expressed anonymously will be investigated, but consideration will be given to:
-
The seriousness of the issue raised;
-
The credibility of the concern; and
-
The likelihood of confirming the allegation from attributable sources.
Acting in Good Faith
Anyone filing a complaint must be acting in good faith and have reasonable grounds for believing the information disclosed indicates misconduct, dishonesty, or fraud. Any allegations that prove not to be substantiated and which prove to have been made maliciously or knowingly to be false will be viewed as a serious disciplinary offense.
DEFINITION OF TERMS
For purposes of this policy, the definition of misconduct, dishonesty, and fraud includes but is not limited to:
-
Acts which are inconsistent with ministry policy
-
Theft or other misappropriation of ministry assets
-
Misstatements or other irregularities in ministry records
-
Incorrect financial reporting
-
Misuse of ministry resources
-
Illegal activities
-
Immoral or unbiblical activities
-
Forgery or alteration of documents
-
Any other form of fraud
XYZ Ministry reserves the right to modify or amend this policy at any time as it may deem necessary.
SAMPLE POLICY FOR A SMALLER MINISTRY
Policy on Suspected Misconduct, Dishonesty, Fraud,
and Whistle-blower Protection
If any person knows of or has a suspicion about misconduct, dishonesty or fraud, the Executive Director should be contacted. If the alleged wrongdoing concerns the Executive Director, then the President or other officer or director of the organization should be notified instead.
If the Executive Director, President or other officer of the organization receives information about misconduct, dishonesty or fraud, they shall inform the Board (or, alternately, the Executive Committee, if such a Committee exists), which shall determine the procedure for investigating all credible allegations.
At all times, the privacy and reputation of individuals involved will be respected. There will be no punishment or other retaliation for the reporting of conduct under this policy. If the person providing the information requests anonymity, this request will be respected to the extent that doing so does not impede any investigation.
This text is provided with the understanding that ECFA is not rendering legal, accounting, or other professional advice or service. Professional advice on specific issues should be sought from an accountant, lawyer, or other professional.