-
Informing/involving stakeholders
-
Which stakeholders should be informed about/involved in the project in advance of or during the conception/implementation phase?
-
-
Personal scope of application
-
Which legal entities should be the subject of the whistleblower system?
-
-
Material scope of application
-
Which types of violations/reports should be addressed, and which not?
-
-
Organization, scope, structure, roles, and responsibilities of key stakeholders responsible for the end-to-end whistleblower system
-
Are roles and responsibilities clearly defined and communicated? How/where?
-
What processes are in place to facilitate regular collaboration amongst key stakeholders?
-
What is the whistleblower case management system?
-
-
Policies and procedures governing the initial intake, evaluation, and triaging of whistleblower hints; the investigation of hints; and processes to discipline confirmed misconduct
-
What policies are in place regarding the intake, evaluation, triaging, investigation, and discipline related to whistleblower reports?
-
What processes are in place to ensure that target timelines (across all phases of the whistleblower system) are defined, tracked, and monitored?
-
What processes are in place to ensure/allow confidential reporting of whistleblower reports?
-
What anti-retaliation policies are in place?
-
-
Resources responsible for administering and supporting the whistleblower system, including qualifications, expertise, and training
-
What process are in place to ensure the whistleblower system is administered/supported by individuals with relevant knowledge, training, experience, and skills to effectively maintain the system?
-
-
Communication and training of employees with regards to key aspects of the whistleblower system, including confidential reporting; anti-retaliation policies; speak-up culture; and processes to enhance accountability and transparency of the whistleblower system
-
Availability and accessibility of whistleblower reporting channels
-
Should we offer only personal reporting or also anonymous reporting?
-
Which reporting channel would you favor?
-
Describe the availability and accessibility of the internal and external reporting channels
-
Does the hotline allow users to report confidentially/anonymously? How is this ensured?
-
-
Information management and reporting, including processes to share the results of whistleblower investigations with key stakeholders for continuous improvement and root cause analysis
-
Oversight and monitoring, including processes to monitor the effectiveness of the whistleblower system
Internal Reporting Systems
Appendix 3-O: Checklist of Processes and Controls to Consider When Establishing a Whistleblower System
Don't show this message again
Navigation
Table of Contents
- Front Matter
- Chapter 1: Overview of Compliance and Ethics Practice
-
Chapter 2: Foundational Materials and Program Infrastructure
- Essential Elements of an Effective Ethics and Compliance Program
- Sample Letter to Vendors on Gift-Giving Limitations
- Model Anti-Retaliation Policy
- APPENDIX 2-C: Sample Compliance Officer Job Description
- Sample Compliance Audit Report Form
- Sample Compliance Committee Member Confidentiality Commitment
- Compliance Issue Report Intake Form
- Glossary of Compliance-Related Terms
- The History of the Organizational Sentencing Guidelines and the Emergence of Effective Compliance and Ethics Programs
- Beyond the Sentencing Guidelines: Governing Directives, Guidelines, and Standards from the United States
- Components of an Effective Compliance and Ethics Program
-
Chapter 3: Implementing a Program
-
Getting Started
- Initial Steps for Building a Compliance and Ethics Program
- Compliance Program Implementation Checklist
- APPENDIX 3-B: Compliance Job Description
- Compliance Program Risk Catalog and Assessment
- APPENDIX 3-D: Sample Compliance Committee Charters
- APPENDIX 3-E: Sample Policies and Procedures
- Making the Business Case: Selling Compliance and Ethics to Management
- Calculating the Value of Your Corporate Compliance Program
-
Compliance Standards and Procedures
- Creating an Effective Code of Conduct and Code Program
- Communicating Values Across Cultures: Globalizing Your Code of Ethics
- Considerations for Global Code Implementation and Rollout
- Developing and Implementing Policies for an Effective Program
- Model Policy Management Policy
- Sample Policy Template
- Sample Compliance Policy Management Checklist
- Sample Compliance Communications Plan
- Program Oversight and Management
- Delegation of Authority
-
Education and Awareness
- Essential Steps for Ethics and Compliance Program Branding and Marketing
- Appendix 3-M: Branding and Marketing Resources
- Training by Design
- Creating Effective Compliance Training
- Fraud Awareness Training: Enhancing a Low Cost, High Impact Control in Challenging Economic Times
- 3M’s Transparency Journey: Using Ethics and Compliance Cases as Teaching Tools
- Onboarding as a Key to an Effective Compliance Program
- Auditing and Monitoring
- Internal Reporting Systems
-
Investigation and Response
- Creating an Organizational Investigations Program and Conducting Effective Workplace Investigations
- Checklist of Core Internal Investigator Competencies
- Model Internal Investigations Policy
- Sample Upjohn Warning
- Sample Investigation Report Form
- Sample Investigator Script
- Independent Investigations Overseen by the Audit Committee: Procedures and Guidance
- Root Cause Analysis: A Critical Ethics and Compliance Practice for Getting to the Why
- What to Do When the Government Comes Knocking
- Discipline and Incentives
- Risk Assessment and Management
-
Getting Started
- Chapter 4: Measuring Effectiveness
-
Chapter 5: Specific Compliance and Ethics Risks
-
Anti-Corruption and Anti-Bribery
- Anti-Corruption and Anti-Bribery Compliance Programs
- APPENDIX 5-A: Additional Resources on Anti-Corruption and Anti-Bribery
- Considerations in Compliance Education Program Development
- Best Practices Checklist for Managing Third-Party Risk
- Common Red Flags Indicating Heightened Potential for Corruption
- The UK Bribery Act 2010
- APPENDIX 5-E: Bribery Act Resources
- A Global Standard to Address Bribery Risk: ISO 37001
- Anti-Corruption Laws/Regulations in Latin America
- APPENDIX 5-F: Latin America Anti-Corruption Resources
- Anti-Money Laundering
- Antitrust/Competition Law
- Conflicts of Interest
- Entity-Specific Risk Management
- Environmental Liabilities
- Government Contracting and Relationships
- Government Enforcement Actions and Disclosures
- Identity Verification
-
Labor/Employment
- Wage and Hour Compliance Under Federal and State Laws
- Harassment in the Workplace: Leadership Impact and the Role of the Compliance and Ethics Practitioner
- Building Cultures of Integrity in Remote and Hybrid Environments
- The Changing Landscape of Cannabis Legalization: Compliance and Ethics Program Challenges
- Mergers and Acquisitions
-
Privacy and Data Protection
- A Data Privacy Compliance Program Primer: A Snapshot of Data Privacy Regulations, Risks, and Compliance and Risk Management Effectiveness Strategies
- Does GDPR Apply to My Organization?
- The Role of the Data Protection Officer in Europe
- Privacy in the European Union: A Data Safekeeping Revolution
- A New Decade in Data Privacy: Complying with the CCPA
- Bring Your Own Device Policies and Practices
- Cybervigilance in Establishing Security Cultures
- Cyber Insurance Guidelines for Corporate Compliance and Ethics Executives and Boards of Directors
- Self-Assessment to Determine Cyber Insurance Risk
- Recommendations to Prepare for and Reduce the Cost of Cyber Insurance
- Common Cyber Insurance Mistakes to Avoid
- Data Mapping: A Necessary Risk Management Tool for Data Compliance
- Security Incident and Data Breach Response
- Records Management and Retention
- Social Media
- Supply Chain
- Technology and Compliance
- Trade Compliance
-
Anti-Corruption and Anti-Bribery