WHY HAVE A DISCLOSURE SERVICE

As has already been mentioned elsewhere on this website, the need for an entity to establish a disclosure service (whether internally or outsourced) has become a critical component of any really effective risk management strategy.

The simple fact is that disclosure services really do work! Most of the recent international fraud surveys put disclosure services among one of the most successful methods of defeating unlawful and inappropriate activities. This is linked to the interesting global trend where organisations are now allocating up to 80% of their resources to prevention and only 20% to detection and investigation when only a few years ago the reverse was true.

The private sector really took the lead in recommending disclosure services in the King II Report on Corporate Governance with the Chairman Mervyn King being quoted as saying that providing a disclosure service makes “good hard business sense”! Other initiatives have added impetus to the requirement for disclosure services. The sentiments contained in the Sarbanes-Oxley legislation, which was adopted in the USA after the Enron and Anderson debacles, have cascaded into the South African economy and many entities in the public sector (especially listed companies) have adopted these guidelines.

Government has also joined the party and has set very clear guidelines for the establishment of disclosure services in the public sector in the Public Finance Management Act.

The following are some universally accepted reasons for establishing a disclosure service

	It will demonstrate an organisation’s commitment to the universal business principles of transparency, integrity and honesty without which sound governance could not hope to be sustained. This statement of commitment (and the commitment to actively follow up and investigate every disclosure) is certain to add value to an organisation’s equity and create and encourage trust and confidence among all stakeholders.
	It will assist the directors and management to better manage and control their businesses – isn’t that what governance is all about? Not only would a disclosure service identify potential or existing internal control breakdowns but also highlight collusive activities, which traditional internal control systems are not designed to expose.
	It will provide management with a mechanism to focus on their organisation’s reputational risk (as well as their own) and is so doing protect their organisation’s profile, standing and reputation in the market place. A disclosure service will seek to highlight this critical risk internally first and provide senior management with the opportunity to manage the risk before it becomes public knowledge. One need look no further than the recent corporate failures in South Africa and elsewhere, to underline this point.
	It will enable an organisation to comply substantially with the provisions of the Protected Disclosure Act No 26 of 2000 referred to above. Subscription to an independent disclosure service would not only demonstrate compliance, but, more importantly, practically demonstrate management’s intentions to provide benefits and rights to employees, rather than simply paying lip service to it.
	There is a widely held belief that 10% of all people will always be honest, 10% will always take any opportunity that presents itself to be dishonest and the remaining 80% will drift and float from the one extreme to the other depending on the environment. If the environment is such that there are poor controls and a low level of general ethics one can expect some in the middle group to take chances. Should an effective risk management structure be in place as well as a high level of ethics, this group will be far less likely to get involved in undesirable activities. If an entity introduces an effective disclosure service this will support the latter scenario and the “good guys” will in all likelihood make use of the service provided to make themselves heard.
	Sadly a culture of non-compliance and cowboy-type behavior is still all too often encountered at all levels of many entities in all sectors of our economy. Introducing a disclosure service underlines the view that employees at all levels should comply to the same extent with the ethical policies and procedures of the entity. The senior executive who “fudges” his entertainment claims should expect to be treated in the same way as the tea lady who “pinches” the milk! (Note how the euphemisms roll of the tongue!)
	One of the greatest and often under-rated benefits of a disclosure service is that it acts as very important practical deterrent to workplace dishonesty, inappropriate behaviour and unethical business practices.
	The reports received from a disclosure service provide a very useful indication of loopholes and weaknesses in an organisations systems and also highlight specific areas (whether functional or geographical) within an organisation where problems are being or could be expected. This is very useful as it enables the organisation to apply the Pareto Principle and spend the greatest part of its limited time and resources focusing on the most important areas.
	An outsourced disclosure service will in all likelihood be the most cost-effective component of any risk management structure. When one considers that the monthly subscription for most OSPs is less than half the cost of one security guard on a 24 hour basis for a large organisation and slightly more than the cost of alarm monitoring and armed response for a small company, one doesn’t have to be a genius to understand which is going to provide the better return on investment.
	Provide a real motivation to streamline an organisation’s insurance portfolio and to reduce the cost of fidelity and other insurance premiums.

	I recall that we did a presentation to a very high profile and successful prospective subscriber some years ago. Once we had finished the presentation we asked the CEO if he wished to ask any questions or make any comments. After a short pause he said that he wouldn’t be subscribing to our service as he was concerned that the service would “expose dishonest management”! If the anecdote didn’t indicate a cancer that exists in many organisations it may be quite funny. The introduction of a disclosure service is clearly a risk in entities where management are behaving inappropriately.
	Another concern which is often raised by prospective subscribers is the question of malicious and “bad faith” disclosures. This could well prove to be a significant problem if not managed properly. The golden rule is that no one should be confronted until an initial investigation has confirmed that a disclosure report may have substance. I recall a case where a CEO was so incensed when he received a report concerning one of the ladies in the accounts department that he ran down the passage to her office and tried to strangle her! This could have been avoided had the disclosure report been sent to a senior person such as the security risk manager of the internal audit manager who could have dispassionately undertaken an initial investigation and only then brief the CEO.
	Another prospective subscriber (a large retailer) commented that he didn’t like the idea of introducing a disclosure service as it would indicate to his staff members that management didn’t trust them. When I asked him how a disclosure service differed from the undercover agents, covert CCTV cameras and ghost shoppers that I knew he used, he was at a loss for words! This attitude is actually quite common. “We’re an honest bunch” lamented one CEO but he was unable to explain the fact that his organisation was losing millions of Rand through theft and fraud every year.
	Finally, there is a real risk that the credibility of the directors and senior management could be seriously dented if the disclosure service, once introduced, is not fully embraced. What this means is that employees soon become cynical when they constantly make disclosures but see no action been taken by management. Sadly this is a common phenomenon!