Leadership · Insight · Knowledge
Welcome to the Institute of Internal Auditors New Zealand, the professional body for internal auditing
By James Rees-Thomas
Institute of Internal Auditors New Zealand Board Member
Internal Audit has a part to play in all of this. The recently published State Services Commission (SSC) report into the aftermath of the Ministry of Transport (MOT) fraud is a useful catalyst for action for the profession. The report is valuable because it prompts the reader to reflect on, for the first time in recent memory, the legislative and organisational frameworks that should exist to support the act of whistleblowing.
These include:
While the Protected Disclosures Act provides a (albeit limited) basis for protecting the courageous among us, it is fair to say many New Zealanders either don’t understand it or don’t trust its application. Incidents like that which led to the SSC’s investigation of whistleblowing by MOT staff has the unfortunate result of reinforcing such perceptions.
Internal Audit’s professional standards, social obligation and corporate responsibilities coupled with its natural independence makes it the ideal guardian for disclosures of wrongdoing. This means an organisation’s Chief Internal Auditor (CIA) or equivalent is best placed to ensure the following are in place. The table below, previously published in our May and June newsletters, and now expanded in light of the SSC’s findings:
Reccommedation |
Expansion |
---|---|
Organisations should maintain a whistleblower mechanism (phone, email or personal disclosure) that enables employees to report their concerns safely and confidentially. |
Internal Audit should administer, monitor and maintain the organisation’s whistleblowing mechanism. This should be configured to ensure wrongdoing concerns are disclosed directly and confidentially to the Chief Internal Auditor (CIA) or equivalent. |
The recipient of the disclosure should be knowledgeable in the Protective Disclosure Act, and its practical application in a work setting. |
The CIA should be knowledgeable in the Act and its limitations and ensure that staff are encouraged and able to raise concerns of wrongdoing even if these do not fall within the narrow definition of the Act. |
Mechanisms should exist to ensure and safeguard the independence of the recipient of the disclosure, or alternatively, effectively workflow the disclosure while protecting the integrity of the disclosed information and that of the whistleblower. |
The whistleblowing mechanism should be regularly tested for confidentiality and security. Underlying policies and processes should be in place to manage disclosures in a manner that protects the whistleblower and ensures the organisation meets its obligations to them as a good employer. |
The recipient of the disclosure should hold an office of sufficient authority (organisational hierarchy, reporting lines and mandate) to reassure the whistleblower that the disclosure will be safeguarded and pursued. |
The CIA should occupy a position of sufficient seniority and possess delegated authority to give staff confidence and guarantee that they will be protected without fear of punishment or reprisal. |