Whistle Blower Program Guidance for small company 1976



  • I am currently in the implementation phase of a small companies SOX program and in review of their entity level controls have a concern with regard to their whistleblower program.
    The program in place is that burried within the code of ethics, three company contacts are identified (audit commitee chairman, CFO, and the internal auditor) who employees may contact via verbally or in writing.
    My concern based on the requirements of SOX that this is not adequate as the employees may not feel they can ‘safely’ contact these individuals and annoymity seems like a challenge. (one would have to write a annonymous letter)
    Can anyone provide guidance on whether the companies program is adequate or if not if there are any examples of how other small companies achieved compliance efficiently?
    The Requirements of the Sarbanes-Oxley Act
    Section 301(4) of the Sarbanes-Oxley Act (SOX Act) requires that public companies establish procedures for the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters, and procedures for the confidential, anonymous submission, by employees of the issuer, of concerns regarding questionable accounting or auditing matters. The SOX Act prohibits public companies from taking any retaliatory action against an employee for commencing or participating in an investigation of conduct the employee reasonably believes violates U.S. securities or antifraud laws.



  • I don’t know how this has been done in the US, but, in Europe, Data privacy acts have recommended that Companies encourage whistleblowers to provide details in regards to the issue as opposed to the person, and where a person is named, that the accused be advised straight away.
    This is to avoid the business being sued for slander… but has implications with regards to how annonymous any report can actually be.



  • Hi and welcome 🙂
    The whistleblower aspects of SOX can never be deemed as totally safe. ‘Humans are humans’ and thus even though laws might protect a person, those who have been turned in for violations could reciprocate later or make the work place unpleasant.
    Using the SEARCH button above, you might enter ‘whistleblower’ as a keyword and see that we’ve had extensive discussions. Still with that said, there is protection under the law so that a person won’t loose their job. Even though as a shared earlier, folks could make work life miserable if the incidents were in the direct chain of command.
    Also, while anonymous reporting is also not the best approach, a ‘fraud’ or other hotline or form submission facility might help make folks more comfortable to gather any data for investigative reasons (esp. if audit or security departments are the contact points).
    Below are a few quick links from a small business perspective:
    Please paste to browser and add www
    google.com/search?hl=en-and-q=sox whistleblower small company
    bizjournals.com/houston/stories/2004/07/05/focus13.html
    nfib.com/object/IO_22288.html
    Please paste to browser and add www
    pro2net.com/x53765.xml
    ‘Whistleblower protections should be something that they really embrace,’ she said, adding, ‘Whistleblowers deserve a raise when they speak up because they often save a company X number of dollars.’
    She contends that a good whistleblower protection program goes beyond a written policy. It should also:

    • outline how the employee should report a problem (such as an anonymous hotline);
    • designate at least one board member responsible for whistleblower reports;
    • embed a culture or system that ensures employees there will be no negative consequences, such as harassment or reprimands, should they report a problem.

Log in to reply