ACFE’s Fraud Magazine published an online exclusive article by Jan Tadeusz Stappers about the new ISO standard dedicated to whistleblowing management systems. Below is a summary of the article. The original article can be found here.
Whistleblowing is often seen as a risk for boards, committees directors and an organization’s reputation. But with a sound whistleblowing infrastructure in place, whistleblowing provides an opportunity to better understand and manage culture, and solve irregularities internally before they become uncontrollable externally.
A growing number of countries are introducing or revising legislation aimed at protecting whistleblowers. Some examples are Australia’s Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2017, Italy’s Law No. 179/2017 and France’s Loi Sapin II.
The European Commission made great strides in 2018 when it proposed a new law to strengthen whistleblower protection across the EU. The commission claims that whistleblowers can play an important role in uncovering activities that damage the “public interest and the welfare of our citizens and society.” The proposal includes an obligation for organizations to implement safe channels for internal reporting. The European Parliament adopted the EU whistleblowing directive at its first reading on April 16.
Although organizations have many useful reference points, no single, internationally recognized standard on whistleblowing exists. Documentation now is largely focused on legal obligations and what governments should be doing in whistleblowing legislation. While this is important, it isn’t suitable or practicable for organizations to understand whistleblowing principles and how to implement policies and procedures effectively.
ISO 37002 will provide practical guidance to organizations on a broad array of whistleblowing management aspects. It doesn’t specify requirements but provides guidance on whistleblowing management systems and recommended practices. ISO 37002 is intended to be adaptable. Its use can differ depending on the size, nature and complexity of an organization’s activities.
Organizations that haven’t adopted management system standards will be able to adopt ISO 37002 as stand-alone guidance. Organizations will be able to choose to extend the scope of the whistleblowing management system to include reporting from outside their organizations.
WG3 states that it intends to provide a framework for establishing a clear and robust organizational whistleblowing system. WG3 acknowledges that creating a protective environment where people can confidently report concerns is crucial to effectively preventing and dealing with wrongdoing.
ISO 37002 is scheduled for completion by the end of 2021.