Summer 09 - Whistleblower Policy: Three Reasons You Should Have One

It's the stuff of Hollywood gangster movies, but in the real world, whistleblowers serve a valuable purpose, especially for nonprofits.

Increasingly, nonprofits are adopting whistleblower policies, which provide a confidential means for staff and board members to bring questionable practices to light.  Is it time your organization considered such a policy?

Reason #1: It’s Just Good Practice
Charitable organizations suffer a disproportionate level of employee fraud when compared to other entities. In fact, the Association of Certified Fraud Examiners notes that 14 percent of all frauds occur at nonprofits. The median loss? $109,000 per incident.

The reasons are varied, but generally reflect the unique nature of nonprofits. Operating with a lean and low-paid staff, nonprofits can’t always segregate duties and create the checks and balances typically effective in deterring fraud. And all volunteer boards may not have the time or the will to provide adequate oversight.

Whistleblower policies rely on a simple truism: The people closest to the day-to-day workings of an organization are the ones most qualified to identify and report malfeasance. Experience has shown that these individuals will step forward if they are provided with a confidential means of reporting abuses and feel that they will be protected from retaliation, including loss of their job.

Establishing and following sound whistleblower policies also provides critical liability protection in the wake of Sarbanes-Oxley. The government has aggressively prosecuted cases of retaliation against whistleblowers by organizations and individuals.  Accordingly, whistleblower systems are now considered a best practice and are recommended for all public charities by organizations such as the Council on Foundations and Independent Sector.

Reason #2: The IRS Is Asking
Using the revised Form 990, the IRS will soon be asking specific questions about your organization’s governance and management practices, including whether you have a written whistleblower policy.

The new form includes 16 schedules that may have to be prepared depending on the activities conducted by your organization (e.g., enhanced compensation disclosures or board reviews of Form 990).

But, is a nonprofit required by the Internal Revenue Code to have a whistleblower policy on the books? No, however, the IRS has been very clear in its reasons for the disclosure requirement. In essence, the IRS believes that your answers will provide an indicator of whether your organization is operating in compliance with their opinion of best practices.

Reason #3: The Public Is Watching
In this digital age, your organization’s Form 990 can be viewed by donors and the public at large. In fact, Form 990 is now the most commonly used data source about nonprofits.

The bottom line: The revised Form 990 asks your organization to publicly share its management and governance practices. Savvy nonprofits are using Form 990 to demonstrate responsible stewardship and sound policy to an increasingly skeptical public.

What You Can Do
Encourage your board of directors to adopt an effective whistleblower protection policy (note that your board will need to have any policies approved and in place by the end of your fiscal year in order to answer “yes”).

It doesn't have to be complex, and you don't need to reinvent the wheel (see below for examples of sample policies). At its most basic, it simply needs to establish a process for reporting suspected breaches in ethics or illegal/inappropriate activity without fear of retaliation.

While the policy should be tailored to your organization's unique needs, these basics should be included:

Who is covered — Typically, a whistleblower policy covers an organization’s directors/trustees, officers and employees. Some also include volunteers, grantees, contractors and/or vendors.

How to report — Describe the process for reporting suspect activity (i.e., who to contact, how to submit a concern). Smaller organizations may simply designate one or two trusted members, such as the president/CEO, the board chair and/or the audit committee chair, to act as compliance officers. Larger nonprofits can opt for the director of human resources, the general counsel, etc. Organizations of any size can choose to designate someone outside of the organization (such as outside legal counsel). Some organizations contract with outside vendors to operate a confidential hotline.

Investigation — Identify the individual who will lead investigations, including a back-up in case a complaint involves that person. Describe how suspected violations will be investigated, including a maximum turnaround time and timelines for acknowledging receipt of the reported violation.

Confidentiality — While complete anonymity can hinder an investigation and is not generally advised, some degree of confidentiality should be promised to anyone making a report.

Consequences — Make it clear that your policy is based on the premise of people acting in good faith (i.e., reporting concerns that they have reason to believe are true). Your policy should contain consequences for bad-faith allegations that are later proven to be false.

Retaliation — A key component of your policy should be a firm assurance that good-faith reports of suspected abuse will not result in any adverse consequences. Also, spell out the consequences for anyone caught harassing, intimidating or otherwise retaliating against the person behind the complaint.

Put It To Work

It's not enough to simply type up a policy. Review it thoroughly at a board meeting.  Make it part of staff/board member/volunteer orientation and place it in all manuals. Consider posting it on your website.  Assign a staff member who will review the policy periodically.

For examples of whistleblower policies, visit and For details on federal laws relating to whistleblowers, visit



The Nonprofit Advisor is produced quarterly by Bober Markey Fedorovich’s Nonprofit Services Team.  If you would like additional information about the services that we can provide to nonprofit organizations, please contact Lori A. Sheets, CPA at 330.762.9785 or by email.


For more information:
Nonprofit Services

For the latest news and updates:

Print version (pdf)