Action Audit

How To Implement The Internal Reporting Procedure Regarding The Whistleblower Protection Act

Alex Niemczyk

Alex Niemczyk

8/8/2024

Knowledge
How To Implement The Internal Reporting Procedure Regarding The Whistleblower Protection Act

The Whistleblower Protection Act, which is a subject of the EU directive 2019/1937, is going to be implemented by European Union member states. Read to learn about new law obligations and how to utilize the best methods in order to avoid financial penalties.

Who will be affected by the legislation?

The legislation's provisions apply to virtually every company and office, as it surrounds the protection of whistleblowers, i.e individuals who report or publicly disclose information about violations of the law obtained in a work-related context. Moreover, the new directive imposes new obligations for:

  • organizational units of a municipality or district with a population of at least 10000,
  • companies for which at least 50 people perform a paid job,
  • companies providing financial services regardless of size.The Whistleblower Protection Act, which is a subject of the EU directive 2019/1937, is going to be implemented by European Union member states. Read to learn about new law obligations and how to utilize the best methods in order to avoid financial penalties.

Who will be affected by the legislation?

The legislation's provisions apply to virtually every company and office, as it surrounds the protection of whistleblowers, i.e individuals who report or publicly disclose information about violations of the law obtained in a work-related context. Moreover, the new directive imposes new obligations for:

  • organizational units of a municipality or district with a population of at least 10000,
  • companies for which at least 50 people perform a paid job,
  • companies providing financial services regardless of size.

For the aforementioned entities, the new legislation imposes an obligation to establish an internal procedure for reporting and investigating violations of the law, referred to in the law as the internal notification procedure.

Who is a whistleblower for a company?

As previously written (following Article 4, paragraph 1 of the bill), a whistleblower is an individual, who reports or publicly discloses the infringement information obtained in a work-related context. Specifically, it can be:

  • an employee, including a temporary employee
  • a person providing work on the basis of a civil law contract ** which also includes subcontractors on B2B**,
  • other entrepreneur,
  • a trainee, a volunteer or an apprentice,
  • partner, shareholder or a proxy,
  • a person performing work under the supervision and direction of a contractor, a subcontractor or a supplier,
  • any other person of lesser relevance to this article

Every person highlighted above must be permitted to report the infringement of law according to the internal notification procedure.

The internal notification procedure

The company, after consultation with the company's trade union organisation or employee representatives, establishes an internal notification procedure that determines, among other things:

  • the internal organisational unit or person authorised to receive internal notifications,
  • method of transmission of internal notifications,
  • internal organisational unit or person authorised to undertake follow- up action,
  • the obligation to confirm to the whistleblower the admission of an internal report ** within 7 days of receipt**,
  • obligation to provide feedback to the whistleblower within 3 months from the date of admission of the internal report.

Management of internal notifications in Action Audit

Even though the law does not impose a specific solution as to how to transmit internal notifications and the indication of a telephone number, email address or letterbox is sufficient, the use of an IT system in this area seems to be a useful approach. Appropriate software will make it possible to control the deadlines imposed by the legislator, as well as to ensure the proper documentation of the notifications.

The main function of Action Audit is, of course, to handle the audit process. However, the system is also equipped with an employee reporting module, which is also fantastic for receiving internal reports of legal violations.

One of the most important features of the module is the ease with which reports can be entered, which in the context of the new legislation is especially important for whistleblowers. This is because Action Audit allows reports to be entered in at least four ways:

  • independently by the employee through the employee kiosk,
  • independently by the employee through the Action Plan Pulse app,
  • also through the Action Plan Pulse app, but by the leader on behalf of their employees,
  • out-of-system (on cards, email, verbally, etc.) to an authorised person who enters the request into the system for them.

At the next stages, Action Audit will monitor the statutory deadlines of 7 days for the acknowledgement of the notification and 3 months for the feedback, which may prevent companies from not meeting the deadlines and consequently risking financial penalties.

An important final note is that using our solution to handle this type of request does not have to be expensive. This is because the cost of the licence is related to the number of users, not employees. An employee using the kiosk does not need to have a user account to enter a request.

Summary

In summary, the new law imposes new obligations on medium and large companies, failure to comply with which can result in significant financial penalties. Companies are likely to take a variety of approaches, from 'manual' handling of notifications to the use of dedicated IT systems. Our solution is somewhere in between, as it provides all the necessary functions and, in addition, can be used for other, more typical purposes. These include, of course, the handling of audits, Kaizen innovation aids or the supervision of action plans.The Whistleblower Protection Act, which is a subject of the EU directive 2019/1937, is going to be implemented by European Union member states. Read to learn about new law obligations and how to utilize the best methods in order to avoid financial penalties.

Who will be affected by the legislation?

The legislation's provisions apply to virtually every company and office, as it surrounds the protection of whistleblowers, i.e individuals who report or publicly disclose information about violations of the law obtained in a work-related context. Moreover, the new directive imposes new obligations for:

  • organizational units of a municipality or district with a population of at least 10000,
  • companies for which at least 50 people perform a paid job,
  • companies providing financial services regardless of size.

For the aforementioned entities, the new legislation imposes an obligation to establish an internal procedure for reporting and investigating violations of the law, referred to in the law as the internal notification procedure.

Who is a whistleblower for a company?

As previously written (following Article 4, paragraph 1 of the bill), a whistleblower is an individual, who reports or publicly discloses the infringement information obtained in a work-related context. Specifically, it can be:

  • an employee, including a temporary employee
  • a person providing work on the basis of a civil law contract ** which also includes subcontractors on B2B**,
  • other entrepreneur,
  • a trainee, a volunteer or an apprentice,
  • partner, shareholder or a proxy,
  • a person performing work under the supervision and direction of a contractor, a subcontractor or a supplier,
  • any other person of lesser relevance to this article

Every person highlighted above must be permitted to report the infringement of law according to the internal notification procedure.

The internal notification procedure

The company, after consultation with the company's trade union organisation or employee representatives, establishes an internal notification procedure that determines, among other things:

  • the internal organisational unit or person authorised to receive internal notifications,
  • method of transmission of internal notifications,
  • internal organisational unit or person authorised to undertake follow- up action,
  • the obligation to confirm to the whistleblower the admission of an internal report ** within 7 days of receipt**,
  • obligation to provide feedback to the whistleblower within 3 months from the date of admission of the internal report.

Management of internal notifications in Action Audit

Even though the law does not impose a specific solution as to how to transmit internal notifications and the indication of a telephone number, email address or letterbox is sufficient, the use of an IT system in this area seems to be a useful approach. Appropriate software will make it possible to control the deadlines imposed by the legislator, as well as to ensure the proper documentation of the notifications.

The main function of Action Audit is, of course, to handle the audit process. However, the system is also equipped with an employee reporting module, which is also fantastic for receiving internal reports of legal violations.

One of the most important features of the module is the ease with which reports can be entered, which in the context of the new legislation is especially important for whistleblowers. This is because Action Audit allows reports to be entered in at least four ways:

  • independently by the employee through the employee kiosk,
  • independently by the employee through the Action Plan Pulse app,
  • also through the Action Plan Pulse app, but by the leader on behalf of their employees,
  • out-of-system (on cards, email, verbally, etc.) to an authorised person who enters the request into the system for them.

At the next stages, Action Audit will monitor the statutory deadlines of 7 days for the acknowledgement of the notification and 3 months for the feedback, which may prevent companies from not meeting the deadlines and consequently risking financial penalties.

An important final note is that using our solution to handle this type of request does not have to be expensive. This is because the cost of the licence is related to the number of users, not employees. An employee using the kiosk does not need to have a user account to enter a request.

Summary

In summary, the new law imposes new obligations on medium and large companies, failure to comply with which can result in significant financial penalties. Companies are likely to take a variety of approaches, from 'manual' handling of notifications to the use of dedicated IT systems. Our solution is somewhere in between, as it provides all the necessary functions and, in addition, can be used for other, more typical purposes. These include, of course, the handling of audits, Kaizen innovation aids or the supervision of action plans.

For the aforementioned entities, the new legislation imposes an obligation to establish an internal procedure for reporting and investigating violations of the law, referred to in the law as the internal notification procedure.

Who is a whistleblower for a company?

As previously written (following Article 4, paragraph 1 of the bill), a whistleblower is an individual, who reports or publicly discloses the infringement information obtained in a work-related context. Specifically, it can be:

  • an employee, including a temporary employee
  • a person providing work on the basis of a civil law contract ** which also includes subcontractors on B2B**,
  • other entrepreneur,
  • a trainee, a volunteer or an apprentice,
  • partner, shareholder or a proxy,
  • a person performing work under the supervision and direction of a contractor, a subcontractor or a supplier,
  • any other person of lesser relevance to this article

Every person highlighted above must be permitted to report the infringement of law according to the internal notification procedure.

The internal notification procedure

The company, after consultation with the company's trade union organisation or employee representatives, establishes an internal notification procedure that determines, among other things:

  • the internal organisational unit or person authorised to receive internal notifications,
  • method of transmission of internal notifications,
  • internal organisational unit or person authorised to undertake follow- up action,
  • the obligation to confirm to the whistleblower the admission of an internal report ** within 7 days of receipt**,
  • obligation to provide feedback to the whistleblower within 3 months from the date of admission of the internal report.

Management of internal notifications in Action Audit

Even though the law does not impose a specific solution as to how to transmit internal notifications and the indication of a telephone number, email address or letterbox is sufficient, the use of an IT system in this area seems to be a useful approach. Appropriate software will make it possible to control the deadlines imposed by the legislator, as well as to ensure the proper documentation of the notifications.

The main function of Action Audit is, of course, to handle the audit process. However, the system is also equipped with an employee reporting module, which is also fantastic for receiving internal reports of legal violations.

One of the most important features of the module is the ease with which reports can be entered, which in the context of the new legislation is especially important for whistleblowers. This is because Action Audit allows reports to be entered in at least four ways:

  • independently by the employee through the employee kiosk,
  • independently by the employee through the Action Plan Pulse app,
  • also through the Action Plan Pulse app, but by the leader on behalf of their employees,
  • out-of-system (on cards, email, verbally, etc.) to an authorised person who enters the request into the system for them.

At the next stages, Action Audit will monitor the statutory deadlines of 7 days for the acknowledgement of the notification and 3 months for the feedback, which may prevent companies from not meeting the deadlines and consequently risking financial penalties.

An important final note is that using our solution to handle this type of request does not have to be expensive. This is because the cost of the licence is related to the number of users, not employees. An employee using the kiosk does not need to have a user account to enter a request.

Summary

In summary, the new law imposes new obligations on medium and large companies, failure to comply with which can result in significant financial penalties. Companies are likely to take a variety of approaches, from 'manual' handling of notifications to the use of dedicated IT systems. Our solution is somewhere in between, as it provides all the necessary functions and, in addition, can be used for other, more typical purposes. These include, of course, the handling of audits, Kaizen innovation aids or the supervision of action plans.

You might also be interested in:

  • Health and safety in production - recognition of dangerous situations
    Knowledge

    Health and safety in production - recognition of dangerous situations

    To effectively prevent accidents in production, it is essential to have a clear understanding of safety terminology. Every workplace event that has the potential to lead to negative consequences requires appropriate classification. Three key concepts are ...

    Antonina Olszewska

    Antonina Olszewska

    8/21/2024

You’re one meeting away from saving 70% of your auditing time

Book a FREE, 30-Minute Consultation where you can learn how Action Audit can make your audits more effective and hassle-free.