Anonymous Complaints Sound Similar; Now What?
Jay Dubow, a co-leader of Troutman Pepper's Securities Investigations and Enforcement Practice Group, was quoted in the August 11, 2021 CFO & Controller Alert's Ask the Auditor's section, " Anonymous Complaints Sound Similar; Now What?"
Q: After reviewing several anonymous whistleblower complaints, we noticed their similar language. We don't want to simply dismiss the complaints, but we're skeptical. How should we proceed?
A: If the language or content of anonymous whistleblower complaints is similar or identical, you could be dealing with a hoax, says Jay Dubow, who co-chairs Troutman Pepper's Security Investigations and Enforcement Practice Group.
Collaborate with your cybersecurity and internal audit teams to evaluate the complaints and ensure they aren't related to ransomware or a cybersecurity attack, says Dubow.
Generally when you receive a whistleblower claim, a prompt and thorough investigation should be done by counsel to determine whether the allegations are substantiated.
Dubow warns: If you suspect whistleblower complaints are actually attempts to circumvent your company's cybersecurity controls, discuss with counsel whether an investigation should be done on a limited basis, or not at all. Remember to thoroughly document all steps taken.