*This article does not constitute legal advice. We recommend consulting an attorney for professional advice on your particular situation.
The whistle-blower provision of the Sarbanes-Oxley Act is one of the Act’s provisions that must be followed by nonprofit organizations as well as publicly traded companies. Under the Sarbanes-Oxley Act, criminal penalties, including fines and prison sentences up to 10 years, may be enforced against any person who retaliates against someone who provides truthful information about a federal offense. What this means in practical terms is that all companies, including nonprofit groups, should establish procedures for receiving and dealing with concerns and complaints about the organization, such as the organization’s financial practices. Complaints and/or concerns may originate from staff members, volunteers, board members or partnering organizations and do not necessarily imply any wrongdoing has occurred. However the organization has a responsibility to investigate all reports of suspected wrongdoing, protect those individuals making the report and fix any problems or justify why corrections are not needed.
One place to include a whistle-blower policy is within personnel policies and/or employee handbooks. The whistle-blower policy can be similar to procedures for reporting harassment, and should include protections against retaliation for reporting the concern. Organizations can also charge their audit committee with adopting procedures for handling complaints about the organization’s financial procedures.
Following is a sample policy that may be included in organization’s personnel policies.
No retaliation. Employees and volunteers are encouraged to report any conduct or activities that they believe are inappropriate or illegal. [NONPROFIT NAME] does not retaliate or punish in any way, including without limitation by firing, demotion, suspension, harassment or failure to consider for promotion, anyone who reports truthful information.
Reporting procedures. Employees or volunteers who are subject to, or aware of, inappropriate conduct or activity should immediately report it to his/her supervisor or the organization's President. Employees should not report the conduct to anyone who they believe is involved in the conduct. Information reported remains confidential to the extent possible. Failure to report an incident of harassment or discrimination may indicate that the employee does not consider the conduct unwelcome or problematic.
Investigation. All reports of inappropriate conduct are investigated and appropriate action is taken to correct the situation and/or to discipline involved staff, including termination. If, after investigation, substantial facts cannot be established, the situation will be monitored for a period of time.
Following is a sample, brief whistleblower policy that may be adopted by an organization’s board of directors. After adoption, the policy must be publicized so that staff, volunteers and the public are aware of the policy and how to use it.
Any questions or concerns about Foundation's financial practices should immediately be reported to an officer of the Foundation's Board, or any one on the Contact Person list. Information reported remains confidential to the extent possible. The Foundation prohibits retaliation of any kind with respect to the reporting of financial concerns. The Foundation and/or the Foundation's external auditors investigate all reports of financial impropriety and takes appropriate action.
Following is a sample description of the composition and responsibilities of an organization’s audit committee. Included in the responsibilities of the audit committee is responding to complaints about financial matters.
The committee shall include the President-elect (as chair), and at least two other voting board members appointed by the President. The audit committee members must not have had any direct financial transaction responsibilities on behalf of the organization (i.e., account signature authority, account reconciliation) during the period to be audited. It is recommended that at least one member of the committee have appropriate financial expertise meaning that they have the financial background and experience to understand, analyze and reasonably assess the financial statements of the organization and the competency of the auditing firm. If no member of the committee has this expertise, the committee should consider engaging a non-director advisory member to assist the committee.
Develops board policies and guidelines for:
- Establishing a code of ethics for persons handling financial matters;
- Hiring an external auditor supervised by the audit committee and/or board of directors and not by the paid management staff;
- Requiring the external auditor to provide a management letter and ensuring the organization properly responds to all recommendations in the management letter;
- Receiving and responding to concerns and complaints regarding financial matters;
- Establishing document retention and destruction guidelines; and
- Requiring that meeting minutes reflect the “best practice” standards followed with respect to financial procedures and controls.