An uncertain protection: internal auditors may not be protected as corporate fraud whistleblowers under Sarbanes-Oxley Section 806.INVESTIGATORS. GATEKEEPERS. WHIS-tleblowers. Internal auditors Internal auditor
An employee of a company who analyzes the company's accounting records to that the company is following and complying with all regulations. adopt each of these titles at various times as they fight the ongoing and very public battle against corporate fraud and malfeasance The commission of an act that is unequivocally illegal or completely wrongful.
Malfeasance is a comprehensive term used in both civil and Criminal Law to describe any act that is wrongful. . Given the very nature of the job, the internal auditor is in a better position than just about any other employee to discover fraudulent The description of a willful act commenced with the Specific Intent to deceive or cheat, in order to cause some financial detriment to another and to engender personal financial gain. activity and report it to the appropriate internal or external authorities--but at what cost?
Internal auditors sometimes fear adverse employment action from reporting fraudulent activity, especially when high-level company officers are involved. Are auditors entitled en·ti·tle
tr.v. en·ti·tled, en·ti·tling, en·ti·tles
1. To give a name or title to.
2. To furnish with a right or claim to something: to legal protection from such retaliation RETALIATION. The act by which a nation or individual treats another in the same manner that the latter has treated them. For example, if a nation should lay a very heavy tariff on American goods, the United States would be justified in return in laying heavy duties on the manufactures and ? Perhaps, but the answer is not nearly as clear as internal auditors would undoubtedly prefer.
In late 2001 and early 2002, the U.S. Congress faced an acute crisis: revelations of mass corporate fraud threatened to destroy investors' faith in U.S. financial markets and jeopardize jeop·ard·ize
tr.v. jeop·ard·ized, jeop·ard·iz·ing, jeop·ard·izes
To expose to loss or injury; imperil. See Synonyms at endanger. the stability of those markets and the economy. In response, Congress passed the Sarbanes-Oxley Act See SOX. of 2002 with strong enforcement tools, including new regulations and reporting requirements, expanded corporate oversight, and new criminal provisions.
Key to the success of these new tools was protecting whistleblowers from retaliation. Recognizing the critical role of whistleblowers in combating corporate fraud, Congress observed that "often, in complex fraud prosecutions ... insiders are the only firsthand first·hand
Received from the original source: firsthand information.
first witnesses to the fraud." That, it would seem, is where internal auditors prominently enter the picture.
Internal auditors obviously serve an important risk management and risk control function. More and more, internal auditors are taking on the challenge of proactive risk-based assurance, rather than limiting themselves to the traditional reactive, control-based functions. Public and private companies alike increasingly rely on internal auditors to help management understand, assess, and manage risks, and report on the effectiveness of the organization's risk management process. This is in addition to the expectation that internal auditors will evaluate the system of internal control objectively. Unlike external auditors The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. , whose focus is generally limited to a periodic audit of the company's financial statements and the assessment of controls over financial reporting, internal auditors more comprehensively examine the organization's operations and controls, and they are interested in the prevention of fraud in any form.
Quite naturally, internal auditors must remain ever vigilant to the risks the organization confronts. They should regularly advise the organization's executive management and the audit committee on significant risk exposures and control issues, including corporate governance Corporate Governance
The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. issues and fraud prevention and detection. Internal auditors may be precisely the type of "insider" Congress had in mind when it recognized that whistleblower whis·tle·blow·er or whis·tle-blow·er or whistle blower
One who reveals wrongdoing within an organization to the public or to those in positions of authority: "The Pentagon's most famous whistleblower is . . protection was key to its statutory response to corporate fraud.
Section 806 of Sarbanes-Oxley imposes significant civil penalties on employers who retaliate against corporate fraud whistleblowers (the act also separately imposes criminal liability for retaliation). Essentially, Section 806 protects employees from retaliation or discrimination for blowing the whistle about conduct that may defraud To make a Misrepresentation of an existing material fact, knowing it to be false or making it recklessly without regard to whether it is true or false, intending for someone to rely on the misrepresentation and under circumstances in which such person does rely on it to his or shareholders. One judge observed, "it is sufficient for an employee to provide information regarding possible fraudulent conduct to a person with supervisory authority over the employee." (Richards v. Lexmark International Inc., 2004-SOX-00049 at 14, Oct. I, 2004). Does that protection apply to internal auditors who may be uniquely positioned within the organization to identify and disclose potentially fraudulent activity?
It would seem obvious from the legislative history, public comments, and very goal of the statute that internal auditors are protected under Section 806. Congress, after all, drafted Sarbanes-Oxley to battle corporate fraud broadly and encourage insiders to blow the whistle on matters about which the public might be unaware. And the statute speaks expansively in terms of protecting "an employee" who blows the whistle.
Not so fast, though. At least one administrative law judge administrative law judge n. a professional hearing officer who works for the government to preside over hearings and appeals involving governmental agencies. They are generally experienced in the particular subject matter of the agency involved or of several agencies. has determined that Section 806 does not necessarily protect internal auditors. In the case, Robinson v. Morgan Stanley To comply with Wikipedia's , the introduction of this article needs a complete rewrite. , a former senior internal auditor, Beverly Robinson, complained that she was unlawfully terminated after reporting perceived deficiencies in the organization's financial operations, including failures in audit controls and management fraud, to senior executives. As part of the company's response to her complaint, it argued that Robinson did not engage in a protected activity under Section 806 because she identified and reported the issues as part of her regular responsibilities as a company internal auditor, not independently as a whistleblower.
In part, the judge agreed with Morgan Stanley; however, the judge concluded that Robinson had engaged in an activity protected by Section 806 based on the specific facts of her situation. Examining Robinson's complaint, the judge started with the legal proposition that to engage in a protected activity, "the report or complaint must involve actions outside the complainant's assigned duties." In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke"
put differently , if the employee's job is to report instances of potential shareholder fraud to the audit committee, blowing the whistle to the audit committee about shareholder fraud may not be protected under Section 806 provisions. To arrive at this seemingly seem·ing
Outward appearance; semblance.
seeming·ly adv. odd result, the judge noted that the concept of whistleblower protection is to protect employees who risk their job security by taking steps to protect the public good. If whistleblowing is your job, blowing the whistle does not pose a risk to your job, and you are, therefore, not entitled to protection.
Internal auditors should obviously be interested in such a result. The judge ultimately determined that Robinson had engaged in a protected activity because while she discovered the fraud "in course of her auditor work, the manner and method she chose to convey that finding to the president and chief financial officer went beyond her role as a senior auditor. Consequently, despite her job status as a senior auditor, Robinson engaged in a Sarbanes-Oxley protected activity on Feb. 5, 2004, since she did not prepare and present the complaint as part of her assigned senior auditor duties."
That fact-dependent conclusion is of little consolation. At the end of the day, the judge still requires a whistleblower to be acting outside the scope of his or her job duties to qualify for protection. For internal auditors, that may mean focused, critical scrutiny of their job duties and the manner of their reports to determine whether they are protected under Sarbanes-Oxley Section 806.
For now, the opinion is just that: an opinion by a single administrative law judge. There does not appear to be a consensus among administrative law judges, and the U.S. Department of Labor's Administrative Review Board For the board of U.S. Labor Department, see .
The Administrative Review Board is a United States military body that conducts an annual review of the suspects held by the United States in Camp Delta in the United States Navy base at Guantanamo Bay, Cuba. has yet to address the issue. Room still exists for arguing the point.
That said, employers facing Section 806 complaints brought by internal auditors will likely rely on the Robinson case to suggest that there was no protected activity. Internal auditors, on the other hand, may respond by arguing both that the decision is wrong and that, based on the facts, they did not act strictly within the scope of their job duties in making the report at issue. One wonders whether it would be worthwhile for internal auditors to make such reports outside their normal chain of command to bolster an argument that the conduct was in the nature of whistleblowing rather than simply doing their job.
There is little doubt that the Robinson case gives rise to uncertainty as to the scope of corporate fraud whistleblower protection. This is an issue that may ultimately require definitive treatment by the administrative review board or the federal courts. In the meantime Adv. 1. in the meantime - during the intervening time; "meanwhile I will not think about the problem"; "meantime he was attentive to his other interests"; "in the meantime the police were notified"
meantime, meanwhile , internal auditors should be aware of the issue and proceed cautiously in reporting corporate fraud within or outside of the delineated de·lin·e·ate
tr.v. de·lin·e·at·ed, de·lin·e·at·ing, de·lin·e·ates
1. To draw or trace the outline of; sketch out.
2. To represent pictorially; depict.
3. chain of command.
EDITED BY NORMAN MARKS
FLOYD R. HARTLEY JR. is a partner with Kirkpatrick & Lockhart Preston Gates Ellis in Dallas. His practice includes the investigation and litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute.
When a person begins a civil lawsuit, the person enters into a process called litigation. of white-collar, whistleblower, employment, and civilrights matters.
To comment on this article, e-mail the author at firstname.lastname@example.org.