Whistleblowing Management Systems Quiz

Questions and Answers

What is essential for a whistleblowing management function?

A public reporting system

A dedicated team of investigators

Direct access to top management (correct)

Frequent external audits

Which of the following is NOT considered a risk associated with whistleblowing?

Confidentiality breaches

Malicious and false reports

Improvement of corporate governance (correct)

Retaliation against whistleblowers

What should be included in the planning for the achievement of whistleblowing objectives?

Annual budget reports

How resources will be allocated (correct)

A list of potential whistleblowers

Market analysis reports

Which of the following is true regarding the effectiveness of whistleblowing management systems?

They need to be evaluated and updated regularly

What is a key objective of a whistleblowing policy?

To prevent and detect wrongdoing early

What should be done to protect the identity of the whistleblower?

Share information on a need-to-know basis.

Which principle ensures that all subjects are presumed innocent during an investigation?

Impartial investigation

What is an important action to take if there is an immediate risk to health and safety?

Secure evidence and suspend the subject.

What is the primary purpose of assessing the risk of detriment to the whistleblower?

To ensure the whistleblower's safety and protection.

What should happen after an investigation has concluded?

Communicate the decision and reasons to the whistleblower.

What is a necessary consideration when addressing detrimental conduct?

Use the same reporting channels for reporting.

Why is it essential to manage personal data adequately during an investigation?

To protect the individuals involved from potential risks.

What is the role of feedback in the whistleblowing process?

To keep the whistleblower informed about the case progress.

What is the primary role of the governing body in relation to the whistleblowing management system (WMS)?

To oversee and approve the WMS

What does the whistleblowing policy NOT include?

Rewards for those who report

Which of the following is a responsibility of top management regarding the WMS?

To promote a culture of speaking up

What should the whistleblowing management function ensure about the reports received?

They are properly received and assessed

Which aspect is crucial for protecting whistleblowers within the WMS?

Providing assurance of no detriment

What does the scope of the WMS need to consider?

Types of wrongdoing and regions for reporting

How often should the whistleblowing policy be reviewed?

At planned intervals

What is a key feature of the whistleblowing management function?

It reports directly to top management and the governing body

What is one of the main objectives of the WMS?

To facilitate impartial investigations

Which of the following represents a requirement for the WMS?

To prohibit detrimental conduct against whistleblowers

What measures should be taken to protect the identity of subjects in a report?

Limit information sharing to a need-to-know basis

Which of the following describes the conclusion of a whistleblowing case?

No investigation is warranted after fact-finding

What is a key component of monitoring and evaluating a whistleblowing management system?

Establish methods for measurement and analysis

When wrongdoing is identified in a whistleblowing case, what should be done?

Take action to resolve the wrongdoing

What is an internal audit's purpose in a whistleblowing management system?

To evaluate the effectiveness of the system

Which indicator is relevant for evaluating a whistleblowing process?

Proportion of reports sustained by an investigation

What should be included in an internal audit program for a whistleblowing management system?

Frequency, methods, and reporting requirements

How should organizations support other parties involved in a whistleblowing case?

By maintaining confidentiality and providing assistance

What is the first step that should be taken when planning changes to the whistleblowing management system?

Define the purpose of the change

Which action is recommended to take if a change to the whistleblowing management system is unsuccessful?

Prepare for how to reverse the change

What is one of the competencies required for personnel involved in the whistleblowing management system?

Maintaining a level of impartiality

What is necessary for effective whistleblowing policy implementation by managers?

Training on the whistleblowing management system

What should be included in the communication plan regarding the whistleblowing management system?

When and how to communicate updates

What role do awareness measures play in the whistleblowing training for personnel?

They make sure personnel know their contributions to the system.

Which of the following is a potential consequence of ineffective communication regarding the whistleblowing management system?

Confusion among employees about reporting procedures

What is crucial for the continuous improvement of the whistleblowing management system?

Periodic review of the effectiveness of changes

What should top management do at planned intervals regarding the whistleblowing management system (WMS)?

Review the WMS and report findings

Which factor is NOT considered input for a management review of the WMS?

Training schedules for all employees

What is one of the aspects that should be considered for continual improvement of the WMS?

Whistleblower recognition and reward

What must be done after identifying a nonconformity within the WMS?

Determine the cause and implement corrective actions

Which of the following is a requirement for the whistleblowing management system according to ISO 37002:2021?

Creating secure reporting channels

What is the primary goal of the whistleblowing management system?

To support whistleblowers and ensure the system's effectiveness

What should an organization do to manage nonconformities effectively?

Keep detailed documentation of nonconformities and actions taken

What is necessary to ensure the effectiveness of the WMS?

Conducting internal audits at planned intervals

Which of the following describes a crucial part of the WMS according to ISO 37002:2021?

Ensuring adequate competence and awareness among relevant parties

How should corrective actions be treated after they are implemented in response to nonconformity?

They should be evaluated for effectiveness

Study Notes

ISO 37002:2021 Whistleblower Management System

• ISO 37002:2021 is an international standard for whistleblower management systems, providing guidelines, not specific requirements.

Structure of the Course

• The course structure follows the clauses of ISO 37002:2021, covering:
  • Introduction to the whistleblower management system
  • Organizational context (clause 4)
  • Leadership (clause 5)
  • Planning (clause 6)
  • Support (clause 7)
  • Operation (clause 8)
  • Performance evaluation (clause 9)
  • Improvement (clause 10)

Whistleblower Management System

• Demonstrates transparency and ethical behavior.

Whistleblowing Management System

• A whistleblower is a person who reports actual or suspected wrongdoing, having a reasonable belief in the truthfulness of the information at the time of reporting.
• Wrongdoing is any action or omission causing harm (e.g., breach of law, policy, gross negligence, bullying).

Principles

• Trust, impartiality, and protection form the core principles.

Management System

• A management system is a set of interrelated elements within an organization to establish policies, objectives, and processes for achieving those objectives.

Expected Outcomes for a Whistleblower Management System (WMS)

• Encourage reporting of wrongdoing.
• Protect whistleblowers from negative consequences.
• Appropriately handle received reports.
• Enhance organizational culture and governance.
• Reduce the risk of wrongdoing.

Plan-Do-Check-Act Cycle

• Plan: Establish objectives, identify risks and opportunities.
• Do: Receive, assess, and address reports of wrongdoing, conclude cases.
• Check: Monitor, measure, analyze, evaluate performance, conduct internal audits, and management reviews.
• Act: Continuously improve the WMS, manage nonconformities .
• The cycle is a continuous improvement component

ISO 37002:2021 Clauses

• Contains clauses and subclauses providing detailed guidance across different aspects of the WMS.

Context of the Organization

• Internal issues (size, structure, locations, organizational culture, business sector, scale of operations, business model, personnel nature).
• External issues (business associates, controlled entities, related organizations, legal requirements, regulatory requirements, contractual obligations, public interest obligations).

Identify Stakeholders

• Relevant stakeholders for the whistleblowing management system.

Scope of the Whistleblower Management System (WMS)

• Determine the boundaries and applicability of the WMS, documenting the types of wrongdoing, reporting regions, and reporting parties.

Governing Body & Top Management

• Owners, governing body, top management, middle management, and workers.
• Governing Body: Oversees the WMS, approves the policy, communicates its importance, defines objectives, monitors top management, reviews the WMS, and ensures allocated resources..
• Top Management: Communicates effectively, makes resources accessible, ensures expected results, encourages a supportive culture, and promotes impartial investigations and ongoing improvement.

Whistleblower Policy

• Established by top management with personnel participation.
• Documented, available to stakeholders, communicated, reviewed regularly, appropriate to the organizational purpose, and providing a framework for objectives.
• Includes commitment to continuous improvement, explains the WMS scope, prohibits detrimental conduct, promotes a speak-up/listen-up culture, and outlines steps.
• Provides guidance on reporting, confidentiality, data retention, and contractual reporting.
• Explains consequences of non-compliance and explains alternative reporting channels and the function independence.

Whistleblower Management Function

• Appointed by top management, adequately resourced, with competency, integrity, authority and independence.
• Has direct and unrestricted access to top managers and the governing body.
• The function is not necessarily dedicated, but can be outsourced.

Risks and Opportunities

• Determine risks and opportunities:
• Prevent/reduce unintended consequences
• Ensure achievements of intended results
• Achieve continual improvement; Examples of risks (retaliation, breach of confidentiality, malicious reports) and opportunities (improved governance, customer loyalty), legal compliance, and early detection of problems.

Addressing Risks and Opportunities

• Evaluate the effectiveness of actions, address external reporting of wrongdoing, and provide feedback.

Whistleblower Objectives

• Consistent with policy, measurable if possible, considers applicable requirements, ensures early wrongdoing detection, monitored, evaluated, and updated, and documented and communicated.

Planning for the Achievement of Objectives

• What to do, resources needed, responsible parties, completion timeline, monitoring, evaluation, communication, and updates to objectives.

Planning of Changes

• Purpose identification, consequence evaluating, assigning responsibilities.
• Testing (if possible), preparing for unsuccessful changes, resource availability, change communication, and post-implementation reviews.

Resources

• Determine and provide all necessary resources for WMS establishment, implementation, maintenance, and continual improvement.
• Certain functions can be outsourced.

Competence

• Identifying necessary competence, ensuring personnel are competent (based on education, training and experience) .
• Taking action to acquire/maintain competence .

The Responsibility of Investigation/Protection/Support Parties

• Display trustworthy, emotional intelligence, diplomacy, integrity, leadership , confidentiality, sound judgement

Awareness

• Individuals under the organization's control should be aware of the whistleblower policy, the management system objectives, their contributions, and non-compliance implications.

Training for Personnel/Leaders

• Provide training, and awareness measures to all personnel regarding internal situations.
• Top management, the WMS function, managers, and authorities need training to operate whistleblowing policy and address wrongful conduct reporting.

Internal/External Communication

• Determine necessary communication, for what, when,how ,with whom, and language.
• Introduce/update policy briefings, for new personnel joining the company, regarding reporting or updated information concerning the policy.

Documented Information

• Include recommended documents from ISO 37002.
• Include any additional documentation deemed necessary by the organization.

Document Creation and Updates

• Consideration of identification, description, formatting, media, and review and approval.

Control of Documented Information

• Controls cover distribution, accessibility, storage, preservation, change control.
• These controls will pertain to both internally and externally sourced documents.

Data Protection

• Consider access to data, data management, and data protection rights, providing notice and permitting anonymous reporting.

Confidentiality

• Establish processes to protect confidentiality by addressing situations where confidentiality may be compromised.

Whistleblower Reporting Process

Flowchart of the reporting process, covering steps such as receiving, assessing, coordination etc.

Operational Planning and Control

• Feedback to whistleblowers.
• Document information gathering during each reporting process step.
• Control of externally provided processes, products, and services.

Receiving Reports of Wrongdoing

• Establish visible, accessible, and secure reporting channels (at least one channel separate from the management hierarchy).
• Avoid asking for evidence proactively from the whistleblower.

Assessing Reports of Wrongdoing

• Establish process for impartial assessment, triage, and management of reported issues.
• Prioritize reports based on risk.

Assessing Reports of Wrongdoing

• Determine if the wrongdoing falls within the WMS scope.
• Determine if the event is criminal.
• Evaluate the timing of the event.
• Assess for immediate threats (business, health, safety, rights, environment).
• Determine if evidence needs immediate protection.
• Understand how media involvement might arise.
• Consider if the same incident has been previously reported.

Possible Decisions Following Assessment.

• Engage with other organization departments
• Gather additional information
• Take preliminary measures (e.g., evidence protection, suspensions)
• Inform relevant authorities
• Start an investigation
• Conclude the case and communication.

Risks of Detrimental Conduct

• Evaluate risk from the whistleblower and interested persons.
• Protect whistleblowers by protecting identity, need-to-know basis, and mitigating factors causing potential detriment to whistleblowers and others.

Investigating Wrongdoing

• Design impartial investigations, led by appropriately qualified investigators.

Principles for the Investigation

• Adequate resources and clearly defined parameters.
• Maintain the principle that all subjects are considered innocent.
• Avoid interfering with judicial investigations.
• Safeguarding evidence.
• Manage data regarding the subjects and adequately safeguard it.
• Appropriately adaptable scale/scope.
• Clear and concise communication.
• Regular progress updates given to whistleblowers.

Protect the Whistleblower

• Protect whistleblowers from detriment, considering identified risks.
• Provide support (emotional, financial, legal), as necessary.

Address Detrimental Conduct

• Report detrimental conduct using the established reporting channels.
• An investigation can be conducted, if needed.
• Take actions to stop and address detrimental conduct
• Remediation may be required.

Protecting the Subject of a Report

• Protect the subject's identity (need-to-know basis).
• Presume innocence.
• Prompt and impartial investigation.
• Remedial measures (if needed).
• Provide support (as needed) to the subject.

Protection for Other Parties

• Support witnesses, investigators, or family members from any negative consequences.

Concluding Whistleblower Cases

• Case moves to closure when no action is needed, when fact-finding determines no action required, or when the case is referred to another department or when investigation is officially concluded.
• Key items concerning the case closure encompass actions based on findings, lessons learned, improvement or updating procedures, and keeping records of the case information.

Concluding Whistleblower Cases (additional)

• Act in line with recommendations, gather feedback, determine lessons to be learned, improve controls/procedures/policies.
• Maintain and improve documented information.

Monitoring, Measurement, Analysis, and Evaluation.

• Determining what needs monitoring/measurement
• Identifying parties responsible
• Defining/Developing methods for measurement/analysis/evaluation
• Determining when the monitoring/measuring will occur
• Indicating procedures/methods/schedule concerning the analysis and evaluation stages
• Recognizing parties to whom the monitoring and analysis are reported

Indicators for Evaluation

• Number of reports received.
• Nature of the wrongdoing.
• Average investigation time.
• Proportion of reported issues outside the scope of the WMS.
• Proportion of successful corrective action.
• Proportion of reports containing false information
• Seriousness level of reported issues.
• Trust level of the process.
• Percentage of whistleblowers who leave the company

Internal Audit

• Conduct internal audits at planned intervals of the WMS
• Implement audit programmes containing frequency, methods, responsibilities, planning, reporting requirements.
• Utilize the outcomes of previous audits when establishing the frequency and scope for future internal audits.
• Auditing the WMS involves establishing objectives, scope, and criteria, documenting the audit plan, considering auditor impartiality, and presenting results to relevant managers with meticulous documentation.

Management Review

• Top management reviews the WMS at planned intervals and reports findings to the governing body.
• Inputs from previous reviews, changes in internal/external factors, stakeholder needs, WMS performance, and opportunities for improvement or learning.
• Decisions related to continual improvement and changes needed for the WMS system.

Continual Improvement

• Organizations should continually improve the WMS suitability, adequacy, and effectiveness.
• Implement improvement-planning changes in a planned manner.
• Considerations should include training/awareness, confidentiality protection, impartiality of investigations, a speak-up/listen-up culture, whistleblower recognition/reward, and potential improvements.

Nonconformity Management

• Nonconformity = non-fulfillment of a requirement.
• React to nonconformity, correct the issue and deal with any consequences.
• Identify any causes of the nonconformity.
• Implement corrective actions
• Evaluate the corrective actions
• Maintain documented information on actions taken and outcomes.

Overview of the WMS according to ISO 37002:2021

• (various points covering the different aspects of establishing and maintaining a WMS)

Description

Test your knowledge on the essential components of whistleblowing management functions. This quiz covers risks associated with whistleblowing, planning for objectives, and evaluating effectiveness. Discover key objectives of whistleblowing policies and enhance your understanding of this important governance aspect.