Enterprise ESG, centralised data, consolidated real-time view

Secure, confidential, multilingual information collection

Management System Design & Build

Messaging, reports, SMS

Surveys, primary research, feelings, thoughts

Deploy modular training

Enterprise ESG, centralised data, consolidated real-time view

Confidential, need to know, protect

ESG initiatives inside

Risk areas, assess, receive guidance

Assess procedures, policies, programmes

Obtain ranking, validation, compliance

Attain verification, certification, recognition

Communicate, build trust

Roles we support

Reduce risk. Avert

Implement ESG initiatives. Drive

Effect change. Culture-first

Identify issues. Resolve

Analyse root cause. Rectify

Alignment with partners, resilience

Our Expertise across 19 key ESG Focus Areas

Your role as a board member of a company with a whistleblowing programme

If you are a board member of a company that has a whistleblowing programme, you have a role to play and it is important that you understand your obligations.

If you are not a board member, but you are an operator of a programme, this article might still be useful as a training guide for directors to understand their role.

Until now, there has been little that really helped directors know their specific duties when it came to the company’s whistleblowing programme. Directors have typically just followed their own intuition for their oversight of the programme and developed their own priorities around giving strategic direction to those in management for resourcing the programme. The good news is that we already have specific guidelines on how a board director should be supporting the whistleblowing programme.

Using the ISO whistleblowing guidance

In late 2021, the International Organization for Standardization (ISO) formally enacted the International Standard ISO 37002 – Whistleblowing Management Systems – Guidelines (ISO Whistleblowing Guidelines). The ISO Whistleblowing Guidelines are now available, and you are able to get a copy from the ISO website in your country for a small fee.

The ISO Whistleblowing Guidelines are the first comprehensive guide for companies that operate whistleblowing management systems. The guidelines provide advice for organisations to create whistleblowing management systems based on the principles of trust, impartiality and protection. The guidelines are adaptable, and their use will vary with the size, nature, complexity and jurisdiction of the organisation’s activities.

Following the ISO Whistleblowing Guidelines can assist an organisation to improve its existing whistleblowing policy and procedures, or to comply with applicable whistleblowing legislation.

What do the ISO Whistleblowing Guidelines say about the role of directors in the whistleblowing programme?

The ISO guidelines have two significant sections that discuss the role of leadership and management. They say that the governing body (meaning the board or the highest level of the organisation that is strategic in nature and addresses broad risk management oversight) should do the following:

List of activities a governing body should do according to the ISO guidelines

The top-ten things for a board member to ask about the whistleblowing programme

As a board member, these are the questions that you could ask your top management or the programme managers to learn about the whistleblowing programme and meet your requirements under the ISO Whistleblowing Guidelines.

  1. Have you set objectives for an effective whistleblowing management system? What are these objectives? Are there clear owners and timelines to meet these objectives? How do we know if the objectives have been met? What are the criteria for success?
  2. How do you monitor the objectives? Do you have the team regularly report to the board (or a committee) about whether the objectives are being met? Is there a focus on measuring these objectives? Is there a clear picture that shows each objective and how close it is to being achieved?
  3. Did the board formally approve the organisation’s whistleblowing policy? Is this approval recorded (e.g. in the meeting minutes)? Are the approval date and approving board directors indicated on the approval document?
  4. Have we as a board effectively communicated our approval of the programme to both management and the company at large? Are the messages about its existence, importance and use clear to everyone? Has this communication been tracked and stored with the documentation for the programme? When was the last time that you communicated the board’s approval? Are the communications regular enough?
  5. How have you demonstrated your commitment by embracing the policy and the whistleblowing management system? Have you talked about it in staff forums, or at shareholder meetings? Have you been able to discuss the existence of the policy to major shareholders and give them comfort that it exists and that you are supportive of it? Have you checked yourself to see if the system actually works?
  6. How have you been updated on the programme? Do you receive scheduled updates about the content and operation of the organisation’s whistleblowing management system? Are these scheduled at the right intervals and is the information enough? Do you feel that the information is complete and that the requirements of the ISO Whistleblowing Guidelines have been met?
  7. Do you feel that there are adequate and appropriate resources for effective operation of the whistleblowing management system? Have you listened to the team’s feedback on their resource needs? Have you made sure that the right budgets are provided and somewhat protected from any job cuts or programme cuts that could mean the company did not meet its programme commitments?
  8. Have you validated that the people that operate the programme have the right skills? Have they received training on the ISO Whistleblowing Guidelines and the operation of whistleblowing programmes? Do they understand their obligations around privacy, confidentiality and independence? Are they highly qualified, competent and acting fairly in the eyes of any reporter?
  9. Have you exercised adequate oversight of the implementation, integrity and improvement of the organisation’s whistleblowing management system?
  10. Do you see evidence that the programme is being improved? Have you reviewed any complaints? Have you engaged someone independent to review the programme and provide a gap analysis against the ISO Whistleblowing Guidelines?

If your top management can answer all of the questions positively, it is likely that the board has exercised its duties under the ISO Whistleblowing Guidelines and that the organisation has a comprehensive and effective whistleblowing programme.

If you are an operator of a programme, can you comfortably say that your board meets all of the requirements? If it is apparent that there is still work to be done, the priority would be for the board to endorse provision of adequate resources. There is nothing better than having the board behind you on the resources side. If management ever trims the budget to a level that does not allow you to run ‘an effective whistleblowing management system’, then pull the ‘board and leadership’ card. This alone is a good enough reason to operate according to the ISO Whistleblowing Guidelines.

How to learn more

The ISO Whistleblowing Guidelines are available to purchase from the ISO stores in each country. Check the ISO website for further details.

If you are interested in building your programme from scratch or for consultative advice on the ISO Whistleblowing Guidelines, please contact us here.

Get a free trial of the Speeki platform now