Sarbanes-Oxley Question of the Week
Question:
Section 301 of the act provides that audit committees must establish procedures for the receipt of complaints concerning the company's accounting, including confidential "whistleblower" communications. What type of procedures should an audit committee adopt in response to this new requirement?

Answer: From Dennis P. McDonough ESQ, Bethel, CT.: Within the context of Section 301 of Sarbanes-Oxley and referenced by the Board of Directors of NASDAQ in their Code of Conduct "Encouraging the reporting of any illegal or unethical behavior… The Act directs the Audit Committee to establish procedures for employees to confidentially ("anonymously") submit concerns regarding questionable accounting or auditing practices."

Of particular concern, when evaluating your clients / companies options for a confidential, anonymous reporting method, is whether or not the employees believe that their anonymity will be protected. A major objective of the Sarbanes-Oxley Act is to restore shareholder confidence. Shareholders believe that the company's employees are an effective and important resource as "their eyes and ears inside the company" protecting their investment. Consequently, ensuring anonymity is critical to the spirit and purpose of this act.

The methods used to provide an anonymous channel is particularly challenging and potentially damaging if the chosen method is determined, within the "Court of Public Opinion" to be ineffective. The punitive recourse available to investors is ultimately the company's stock price. In addition, further pressure on the company comes from D&O Insurance providers who also hold leverage over a company's compliance to Sarbanes-Oxley that can take the form of higher rates, non-renewal or contested claims. Choosing effective reporting channels with an eye on managing employees "perception of safety" can contain landmines.

For example, assume that a company promotes the use of email, web-based reporting tools (Internet or Intranet) and/or in-house Hotlines for the reporting of concerns with the companies Code of Conduct. The company supports that decision with the idea that firewalls and passwords will offer the autonomy an employee would need to feel safe.

Following is an extract from a publicly traded companies employee handbook covering the use of electronic equipment, their Cyber Policy.

"E-Policy" - Use Of Electronic Resources - Computers (desktops and portable computer systems), pagers, telephones, faxes, voicemail, e?mail, electronic bulletin boards, Internet, intranet, and worldwide web access has been provided to employees for the benefit of the Company. Employees have no right to privacy as to any information, document or file maintained in, transmitted through, or received by the use of the Company's electronic resources. The Company reserves the right to override any passwords, codes or other locking devices to further its interests in security, safety and other operational interests of the Company.

Establishing trust in the integrity and believability of the communication channels offered to company's employees is best accomplished by creating as much distance as possible from the company and dependency on the use of its resources to report concerns. The use of independent, third party providers who have neither a vested interest in the company nor access to the identity of the employee appear to be the most prudent choice.

 

  
Home
Our Solutions
Reporting Options
TeleSentry Services
Legal Resources
Contact Us
 

 

 
© 2002 TeleSentry