Recent revelations of the identity of “Deep Throat” and the controversy regarding

Mr. Felt’s intentions prompted me to pound the table for the most valuable component of The Sarbanes-Oxley Act of 2002—its whistleblower provisions.

As most Compliance Week readers know by now, Section 301 of The Sarbanes-Oxley Act of 2002 requires that audit committees establish procedures for "the receipt, retention, and treatment of complaints" regarding auditing and accounting matters. Specifically, the committee must establish a procedure for the "confidential, anonymous submission by employees" of concerns regarding those matters.

Now, I’m not going to describe how I feel about SOX and its implementation generally; the Act has already had plenty of critique, and I’m not interested in getting my hand slapped by the Securities and Exchange Commission.

Despite some of the complaints I’ve heard of the whistleblower requirements—namely, that they’ve increased workload for audit committee members—I find the whistleblower provisions extraordinarily critical to my understanding of what’s really happening at Paychex, the $1.2 billion payroll outsourcing firm on whose board I sit, and whose audit committee I chair.

Peers Know All

As a parent, I don’t know what my 16-year-old is up to every day.

However, I know her friends do.

And that’s critical, because as kids get older, they get smarter about evading parents; in fact, the tougher the rules, the better they get at evading them.

And that’s pretty much what happened with SOX. As everyone knows—and as the Commission staff has acknowledged many times, including last week in its report on off-balance sheet arrangements—standards and rules aren’t the answers to all problems. And SOX won’t make fraud go away; it will just require new techniques from its perpetrators.

And this, of course, is where the whistleblower provisions come in.

Because while teenagers can fool their parents, they can’t fool their friends—or at least not for very long. That’s because their friends are just as clever, and just as observant as they are (perhaps more so), and are subject to the same pressures, challenges, and—more importantly—temptations.

The same, of course, holds with your employees. While they can easily fool their bosses, it’s virtually impossible for them to fool the people who really get the work done every day: their peers. Their peers are omniscient: They see all, and they know all.

REPORTING MISCONDUCT AT PAYCHEX

Excerpted from Paychex Code of Business Ethics and Conduct, "Reporting Corporate Misconduct, Complaints, Concerns":

Anyone who has a concern about the conduct of a Paychex executive or other

officer, or about the Company's accounting, internal accounting controls

or auditing matters, may communicate that concern directly to the Audit Committee

Chairman of the Paychex Board of Directors.

Employees may use a toll-free number published on the Company's website

to initiate this communication. The toll-free number

(1-866-494-3161 extension 400) is established and coordinated by a confidential

and independent third party service. Prior to engaging the Audit Committee

Chairman, the employee should consider using the Paychex Problem Solving

Policy (refer to the employee handbook) to communicate a complaint or concern.

The Audit Committee Chairman will receive all complaints or concerns

relating to corporate misconduct and internal controls or auditing matters

and may designate a person within Paychex to assist with the investigation.

The status of all complaints will be reported on a quarterly basis to

the full Audit Committee and, if the Committee so directs, to the full

Board.

The Audit Committee may request the retention of outside counsel or other

advisors, for any complaint addressed to it.

A complaint may be submitted on an anonymous basis. However, it will

be more difficult to investigate the complaint if the Audit Committee or

the designee is unable to discuss the matter with the employee or employees

involved.

The Audit Committee will designate a person to maintain a confidential

filing system for the retention of all complaints or concerns as well as

the final determination of the investigation. Only members of the Audit

Committee and their designees have access to these files.

Any employee of the Company may not directly or indirectly terminate, demote,

suspend, threaten, harass, or otherwise discriminate against an employee

who has provided information or otherwise assisted in any investigation regarding

corporate misconduct.

All retaliation complaints relating to financial misconduct and internal

control or accounting matters should be directed to the Audit Committee Chairman.

The Chairman may notify the Internal Audit Manager or Human Resources to

handle the complaint. The complaint must be true or believed to be true and

must provide a sufficient amount of detail to support the claim of retaliation

and proceed with an investigation. Based on the all information collected,

the appropriate disciplinary action will be taken including possible termination.

Coverage, Guidance

Click Here For Coverage Of Whistleblower Issues, Including Case Studies And Q&As

Click Here To Download Whistleblower Policies, And For Insights From Experts

So make sure that they have a mechanism to “tell all,” too.

SOX doesn’t have to be about dramatically increasing oversight, which means additional external and internal audit resources and costs. Your best auditors are already on the payroll, and they are 1,000-to-one more numerous than your combined audit resources.

The Wrong Name

But the whistleblower provisions shouldn’t only be leveraged for the reporting of fraud.

Your employees are not only more numerous than your audit resources, they’re also more knowledgeable about how work actually gets done—as opposed to, say, what the official flow chart says.

They also have 1,000-to-one more numerous ideas about how to improve processes, reduce costs, serve customers, and grow revenues. Your employees already know how to make the business stronger, but have been too scared to confront the status quo. Your whistleblower system provides a direct channel to corporate decision makers who will listen to their suggestions, and it provides the protections for them to speak up.

Of course, most board members will read this and shrug, “We already do this through our suggestion box.” Ah yes, the infamous suggestion box—a truly irrelevant device. When was the last time a suggestion went straight to the audit committee chair? A whistleblower system provides exactly that channel.

Now, CEO’s hate the whistleblower channel, because it forces them to answer some pretty tough operational and strategic questions. When it comes from an employee seven layers down, it’s easy to dodge the question, “Why have we always done it this way?” But when the question comes from the board of directors, well, it’s simply not a question that can be sidestepped.

At Paychex, management, the board of directors, and the audit committee have set a very clear mandate that the whistleblower provisions be implemented with both excellence and endurance in mind. Whistleblower education is part of every new employee’s training, and awareness is refreshed annually. The company’s internal audit department even tests employees in branch audits for knowledge of how, when, and why they should use the Paychex whistleblower hotline.

And the results are as expected: Paychex employees are proud of, and care deeply about, the integrity of the company. Their questions and comments have helped us examine areas before they became visible to top management, and—more importantly—before they became problematic, or more so. And for individuals who have chosen to go “on the record,” we have visibly thanked them for their concerns and insight. As a result, our whistleblower system has become a valuable asset generating growing shareholder value.

If I could change one thing about the whistleblower provision, I would change the negative-sounding name of the program to reinforce its positive value—perhaps an acronym like DTRT for “do the right thing.”

Being a whistleblower takes courage and conviction—we should celebrate employees who help make their company stronger through their insights. And we should champion and support—not denigrate—the proliferation of a system that is making public companies stronger, more transparent, and more valuable to investors; that’s what SOX was supposed to be about, anyway.

The column solely reflects the views of its author, and should not be regarded as legal advice. It is for general information and discussion only, and is not a full analysis of the matters presented.

What did you think of this column? If you'd like to react or respond, we urge you to write a letter to the editor.