Whistle-Blower Woes - CFO Magazine - October Issue 2003 - CFO.com: "Whistle-Blower Woes
Many companies think the whistle-blower provisions of Sarbanes-Oxley will spark nuisance suits by disgruntled employees. The truth is far more complex.
Alix Nyberg, CFO Magazine
When Matthew Whitley was laid off from his job last March as a finance manager at The Coca-Cola Co., along with about 1,000 other employees, he didn't take it lying down. Two months later, Whitley approached his former employer seeking a whopping settlement $44.4 million on the grounds that he had been fired in retaliation for raising concerns about accounting fraud. When Coke balked, Whitley turned for relief to a new ally: the Sarbanes-Oxley Act of 2002. He filed for whistle-blower protection under the act's Section 806 provisions, and initiated federal and state lawsuits that charged seven Coke executives, including CFO Gary Fayard, with crimes ranging from racketeering to mail and wire fraud."
Many companies are scrambling to establish toll-free hotlines and Web-based mechanisms that allow audit-committee members to hear directly from employees, suppliers, and customers who want to voice concerns about accounting or internal controls. According to the Sarbanes-Oxley Act of 2002 and Securities and Exchange Commission rules, such systems must allow for anonymity and be in place by a company's first annual meeting after January 15, 2004, or by October 31, 2004, whichever comes first.
But CFOs may do well to become better listeners. Most whistle-blowers say they never would have gone public with their concerns about the financial statements if senior management had been more attentive to them. And opening up the lines of communication doesn't necessarily mean opening Pandora's box.
The key to Pandora's Box is sitting in front of every CFO at any firm who has skeletons in the closet. The internal audits that are common in large public companies put these issues on the table each quarter. Individuals who uncover items that are questionable have been hired to do so. It is their job to raise "red flags" when audit practices need more questioning.
Mitigation of risk is about addressing each of these red flags early and often. This is when your investigation will uncover the truth and determine whether there are any other related matters that could be impacted. The big picture is vital here in understanding any down stream implications of making a change or fixing a problem. One thing is for certain. Fixing the problem immediately and all the connected issues will be far less costly in the long run. Waiting until later could put that Internal Auditor under Section 806 provisions of the Sarbanes-Oxley Act of 2002. This is when the key to Pandora's Box is no longer in your control anymore.