Data help benchmark your reporting and fraud hotlines
Data help benchmark your reporting and fraud hotlines
Many risk managers use hotlines to encourage reporting of fraud and other potential problems, but how do you know if your hotline is really working? New data from an analysis of corporate fraud hotlines may help you know whether the hotline is working or just giving a false sense of security.
A new report has been issued by the CSO Executive Council, an international professional membership organization for corporate security officers (CSOs), based in Framingham, MA. Working with the Association of Certified Fraud Examiners in Austin, TX, the group recently released the 2006 Corporate Governance and Compliance Hotline Benchmarking Report, which sought to give an analytical view on how hotlines are being used and managed in the corporate community.
The benchmarks are based on data released by 500 businesses and organizations over the last four years, totaling some 200,000 incident reports given to hotlines and help lines. The CSO Executive Council coordinated the review of the data, which was submitted anonymously by affiliated companies. These are some of the findings from the report:
- For those reports where case outcome was provided, most reports (65%) were serious enough to warrant an investigation and 46% resulted in corrective action taken.
- 71% of participants do not notify management of an issue before making a report.
- One of the most surprising findings was that participant reporting corruption and fraud incidents were less likely to remain anonymous than any other incident category. They remained anonymous only 36% of the time.
- The research showed that most reports received pertain to personnel management incidents (51%). Beyond the personnel management category, company/professional code violations (16%), employment law violation (11%), and corruption and fraud (10%) are the most commonly reported incidents regardless of industry.
- 54% of reports were made anonymously.
- The largest percentage of participants (39%) acknowledged awareness of a hotline through a poster or a sign.
- Overall, an average of 14.9 incidents are reported per 1,000 employees.
- Smaller organizations (those with less than 5,000 employees) receive an average of 21.8 incidents reported per 1,000 employees. In contrast, organizations with an employee count between 10,000 and 19,999 receive an average of 13.6 incidents reported per 1,000 employees. Those organizations with more than 50,000 employees receive an average of 14.3 incidents reported per 1,000 employees.
Management not always the best
The data also showed that working through management channels wasn't always the best method of reporting incidents. Of the employees who reported an incident to management before they ever made the call to the hotline, some two-thirds still chose to remain anonymous. The report notes that one possible reason for this behavior may be that "the person making the report did not want their manager to find out that the issue had been escalated." Still, most employees never report an incident to their manager before making a report on a company hotline, in fact, for most businesses, less than 30% of hotline reports had previously been made directly to management.
Copies of the 36-page report can be obtained through the CSO Executive Council web site at www.csoexecutivecouncil.com. On the home page, select "research and benchmarks" on the left, then find the report halfway down the page. A complimentary copy also can be obtained by calling (888) 814-9770.
Many risk managers use hotlines to encourage reporting of fraud and other potential problems, but how do you know if your hotline is really working?Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.