A new research report on employee calls to company hotlines finds that smaller businesses are fielding fewer complaints per worker today than they were five years ago, while large companies have seen the complaint rate more than double.
Exactly why that divergence has occurred—and even whether it’s a good thing or a warning sign that workers at small companies are declining to report problems they see—is unclear. But it is one of the more notable findings in the 2007 “Corporate Governance and Compliance Hotline Benchmarking Report,” an in-depth analysis of hotline calls published by the Security Executive Council.
The report analyzes nearly 280,000 hotline calls over the span of five years, from 650 corporations large and small. In 2006 (the latest year for which data was available), companies received an average of 8.3 complaints per 1,000 employees—up from an average of 4.93 complaints in 2003. But for companies with less than 5,000 employees, the complaint rate fell from 13.7 in 2003 to 8.84 in 2006. At large companies (50,000 employees or more) the rate rose from 4 to 8.48 over the same period.
“I think that’s pretty interesting,” says Kathleen Kotwica, vice president of research and product development at the Security Executive Council. She readily admits the reason for the split is unknown. “We have to query these kinds of companies on what that trend means.”
The report explores numerous other trends in hotline calls as well. For example, 71 percent of callers did not notify management of an issue before picking up the phone. That may be because half of all calls pertained to complaints about management personnel themselves, Kotwica says.
Hayes
Bob Hayes, managing director of the Security Executive Council, adds that while hotlines were not explicitly intended for personnel issues, many times companies can address trouble if the complaints suggest some long-term pattern of abuse. “And so the personnel cases, although not what the law was designed for, can be an indicator,” he says.
The report is based on hotline data from The Network, a company that operates complaint and whistleblower hotlines for many companies in the United States. Among its other findings:
65 percent of calls were serious enough to warrant an investigation, and 46 percent resulted in some form of corrective action;
27 percent of complaints in the retail industry were deemed to merit no additional investigation, the most for any industry studied; it was followed by the finance, insurance, and real estate industries (23 percent); and the services industries (8 percent);
Beyond personnel complaints, the most common subjects for hotline calls were professional code violations (16 percent), employment law violations, (11 percent) and corruption and fraud (10 percent), regardless of industry.
Anonymous Calls
The research also revealed that 53 percent of reports in 2006 were made anonymously. Industries with the most anonymous hotline reports were the transportation, communication, and utilities industries (59 percent); followed by retail trade (56 percent). The only industry where less than one-third of all reports were anonymous was public administration (17 percent). That figure, while six percent greater than 2005, was still the lowest for all industries.
CALL CENTER
The text below summarizes key findings of the 2nd annual “Corporate Governance and Compliance Hotline Benchmarking Report.”
Aggregated Frequencies Across All Reports Over Five Years:
For those reports where case outcome was provided, most reports (65%) were serious
enough to warrant an investigation and 45% resulted in corrective action taken.
71% of participants did not notify management of an issue before making a report.
One of the most surprising findings was that
participants reporting corruption and fraud
incidents were less likely to remain anonymous
than any other incident category. They remained
anonymous only 34% of the time.
The research showed that half of the reports
received concerned personnel management
incidents. Beyond the personnel management
category, company/professional code violations
(16%), employment law violations (11%) and
corruption and fraud (10%) were the most
commonly reported incidents regardless of
industry.
53% of reports were made anonymously.
The largest percentage of participants (34%)
acknowledged awareness of a hotline through a
poster.
Aggregated Rate Data (2006 Only):
For the year 2006, a rate of 8.3 incidents was
reported per 1,000 employees overall
(regardless of incident type).
Smaller organizations showed a general decrease of
incidents reported over time. Mid-sized and larger
companies showed a general increase of reported incidents over time.
Source
Security Executive Council (2007).
One of the most surprising findings, Hayes says, is that only 34 percent of callers reporting fraud chose to do so anonymously—less than any other category of complaint. When the Sarbanes-Oxley Act was passed in 2002 and mandated hotlines, the idea that workers needed a way to report fraud anonymously was a key rationale for its passage.
Hayes said such a small number is commendable, “where people are still willing to go out on a limb and trying to change things that they think are inappropriate.”
Unanswered Questions
Kotwica
Kotwica and Hayes stress that much more analysis of the data is necessary and lies ahead. “All we can do is report what we’ve found in this database,” Kotwica explains. “What we want to do in subsequent reports is find out why some of these results came out of the hotline database.”
The divergence in complaints to small and large companies is one such issue. Another notable finding, Kotwica says, is that many companies declined to give “The Network” information about how their investigations ended, “which might mean that they decided to keep it all internal and don’t want to give it to a hotline database,” says Kotwica.
“If you’re trying to get a big picture of what’s happening with your company, I would think you’d would want all the data in one place,” she says. “If people are going to a start using this report as a benchmark, that might make them more inclined to give that kind of information.”
For that benchmarking to happen, however, companies must provide more information about their hotline activities and work with researchers, Kotwica says. “One of the things we would like companies to do is ask questions,” she says. “What else can we research or analyze that is going to help them with their corporate governance and compliance hotline programs?”
Making Use of the Data
Kotwica and Hayes say companies can use the report data to help coordinate different departments in the company as they develop new ideas to prevent risk. Hayes notes that hotlines were originally created for corporate security purposes, and, “Corporate security has the most training to lead it, because they’re used to handling allegations and investigations.”
Today, however, all departments conduct investigations, so developing best practices “has to be a coordinated effort,” Hayes says. “It really is a team issue.”
When analyzing the data from the report, organizations should ask themselves the following questions:
Are you spending too much money if your numbers are well below others in your industry?
Are you spending too much on controls and stifling business?
If your numbers are high, are you not spending enough money on security and risk management and putting the corporation’s and management’s reputation at risk?
Companies should also remember that outsourced hotlines are increasingly a global necessity. “We’re seeing the development of Japan SOX and German SOX and other areas,” Hayes says, so expanding the operation and analysis to a global scale is something companies should consider.
“One would surmise that the longer you report this data and the more you do awareness training and enforcement actions in a company, calls should drop,” says Hayes.
Even then, the results are not always conclusive. “Hotline incident reports going down could be good because you have a good program, or bad because you don’t have a good awareness program,” Kotwica says. “We can’t tell that yet.”
Hayes adds: “I think it will be a couple of years before we can look at this and draw a really strong conclusion and predictive analysis.”
No comments yet