You would think that there was a simple answer to the question: “How many hotline reports should I receive through my anonymous hotline? However, when you start to really look at an answer, it is far more complicated than you think.
Over the past 7 years, I have discussed hotline benchmarking with compliance officers, HR executives, auditors, and legal counsels at organizations all over the globe. The common expectation is that about 1% of all employees will use a hotline every year. This metric is not so cut and dry however, as factors such as demographics of the workforce, geography and culture at your facilities, and the other processes that you support for issue reporting.
According to the Corporate Executive Board almost 80% (50% unreported & lost, 30% stuck or siloed) of all risk data gets lost, stuck or siloed. Over the years, I have probably read over 1,000 codes of conduct, and have found that a great majority of the time the code suggests that “to raise a concern and employee should go to management, senior management, human resources, compliance and ethics, or use the anonymous reporting process.” In the majority of situations the code also provides for non-retaliation, which means that the company is guaranteeing that regardless of how the employee raises a concern, they are protected. These two written statements seem like a utopia compared to reality. Since we know that employees don’t bring information forward and retaliation does exist in organizations, how can we make effective decisions without employees feeling confident in reporting all issues?
So now, let’s take a look at how many reports you should get per year based using industry metrics as our variables (Sources: Compliance & Ethics Leadership Council, Ethics Resource Center)
- 10,000 employees * 15% = 1,500 employees observed misconduct
- 1,500 observed issues * 50% actually brought forward by employees = 750 reports
- 750 Reports * 5% reported through the hotline = 38 hotline reports per year.
Note: This assumes that of those 15% they each only saw one issue of misconduct. We know that more than one issue is observe, so these are very conservative estimates
This means that there are 712 issues that are never reported because they are lost or stuck and siloed in the organization. Your hotline gives you a very small window into the actual risk in the organization, and while valuable, is not a good representative example of what his happening in your company.
Now that we have given you a model for determining a baseline answer of the number of reports your ethics hotline should receive, it is still not accurate because there are so many factors into why issues are not reported. If you are trying to minimize risk, increase transparency and improve culture you can start by:
- Analyzing your code of conduct – highlight any areas that provide instructions for people to report – open door, employee hotline service, conflict of interest, gift approval etc.
- Analyzing the current process and determine if they are consistent and measurable.
- Developing process to minimize data getting lost stuck and siloed.
If you follow these three steps, it will give you a good starting point to improving your reporting program and giving you even better insight into not only the number of hotline reports but misconduct overall but improving reporting across the board.
Whistleblower Compliance Webinar
The SEC recently issued its final regulations to Dodd-Frank's whistleblower bounty provisions. This presentation will highlight salient aspects of those provisions, identify the attendant risks, and provide practical ways to head-off whistleblower claims and strengthen defenses where litigation is unavoidable.
Check out our archived webinar to learn about whistleblower compliance and the Dodd-Frank Act.