[Foundation-l] Audit charter and whistleblower policy

[Florence Devouard]

Anthony wrote:
> On 6/15/07, Florence Devouard <Anthere9 at yahoo.com> wrote:
>> * and a whistleblower policy
>> (http://wikimediafoundation.org/w/index.php?title=Whistleblower_Policy&oldid=21384)
>>
>> Not much more to say :-)
>>
>> If you have any issue to raise, any criticism, or whatever, please do
>> not hesitate to comment.
>>
> My initial reaction to the whistleblower policy was that it was a very
> bad policy.  However, I thought maybe I was just overreacting, so I
> didn't comment on it.  Then I asked Danny, who is a former employee of
> the corporation, what he thought.  His response, which I'm not going
> to get into in detail on this list, expressed the exact same concern
> that I had.  The policy leaves the executive director and board chair
> in a position of ultimate authority.  And there isn't even an
> executive director right now.
> 
> The rest of my comments are my own, and not derived from Danny's.
> 
> "If any employee reasonably believes that some policy, practice, or
> activity of Wikimedia Foundation Inc is in violation of law, a written
> complaint must be filed by that employee with the Executive Director
> or the Board Chair."  The word "must" there is incredibly disturbing.
> 
> It also bothers me that employees are the ones expected to sign this
> policy.  Looking at this policy, it seems to me that it will only
> serve to stifle the spread of information.  Anything anyone believes
> to be illegal must be reported to the board chair.  The board chair is
> not required by the policy to do *anything at all* with that
> information.
> 
> I don't understand what the purpose was of the whistleblower policy,
> but it doesn't seem like it serves any positive purpose.

Please first read http://en.wikipedia.org/wiki/Whistleblower to fully 
understand the basics of the whistleblower issue.

The purpose of a whistleblower policy is largely to protect employees 
when they are reporting illegal activity, in particular illegal activity 
from one of their "superior" (hierarchically speaking, eg, a person who 
can fire them). In the absence of a policy, an employee could report one 
of his boss is acting illegally and as a consequence, be fired, or be 
mishandled (get no raise, have responsabilities removed etc...)

The whistleblower policy is a statement from the management and board, 
saying that it is okay to report illegal activity and that you can not 
be punished if you do that.

However, to avoid simple baseless bad-mouthing, the protection is only 
given if the employee comes with arguments, facts, figures, photos, any 
type of evidence or at a minimum information strongly supporting the 
suspicion of abuse. In the absence of significant documentation, an 
accusation from an employee will be perceived as personal attacks, and 
no protection will be offered. This is also a good way to prevent 
constant recrimination against another person. In short, if an employee 
has a base for complain, he is protected. If he is just bad-mouthing 
with no argument, then there is no protection.

The policy we agreed upon is a fairly common one. It really holds 
nothing special. It was reviewed by a lawyer.

Ultimately, an employee might refuse to sign it. I am fine with the 
concept. But then, if he reports something illegal, whether based or 
not, then is fired by his immediate boss as a retaliation act, then, I 
believe he can not easily connect the fact he is fired from the fact he 
reported abuse.

The main reason why this policy was adopted is that this issue was 
raised in the past; by Danny himself, who told me once he did not dare 
report something, because he feared he would be fired. Well, with this 
policy, and if he had signed it, he would be protected. The important 
point is that legally speaking, when there is an illegal activity going 
on around you, you are supposed to report it. If a kid is killed and you 
know the murderer, you are bound by law to report the name (unless it is 
someone family related etc...). However, an employee could argue he did 
not respect the law, because he feared being fired for reporting the 
abuse. With that policy, he can not claim that he would be fired. The 
important part in this is that if the employee is aware of illegal 
activity, and does not report it, then he is "sharing" the 
responsability and becoming himself part of the abuse. Consequently, 
this is a powerful tool to ensure that abuse is reported.

The second reason why the policy was adopted now is that we expect to 
have a new ED very soon. Which means that the board will be "further" 
from the staff and the staff mostly work with the ED. In case there is 
anything wrong going on with the ED, the staff can report to the chair, 
and they will be protected through the policy.
At the same time, it protects the ED, as employees can not do 
bad-mouthing without facts. In short, if an employee comes to us and say 
"the ED is securing money for himself", the answer we can give is "do 
you have proof of that accusation ? If you do, then please provide the 
documentation, and you are protected by the policy. If you don't, please 
keep your opinions to yourself; thanks".

Note that the dual reporting system makes it possible to report to the 
ED of an abuse by the chair. Note, for now, this policy has not been 
signed by any staff member. It must be signed voluntarily.

Last, the issue of the chair not being required by the policy to act if 
he is reported an illegal issue. It is not necessary to mention in the 
policy that the chair must act in case he is informed of abuse, because 
he is required to act in case of abuse. "All corporate powers shall be 
exercised by or under the authority of, and the business and affairs of 
the Foundation shall be managed under, the direction of the Board of 
Trustees." In case of non-action when abuse is reported, the chair is 
the first in line and usually gets consequences much heavier than simply 
being "fired".

ant