Comparison of 8 Major Companies’ Code of Ethics and Conduct

Comparison of 8 Major Companies’ Code of Ethics and Conduct

Good corporate governance incorporates a set of rules that define the relationship between stakeholders, management and the board of directors of a company and influence how the company is operating. The importance of corporate governance cannot be understated as it enables organisations to achieve their goals, make formal decisions, prevent fraud, control risks and assure compliance. 

To determine the appropriate ethical guidelines for your company, you might consider studying some of the best examples of code of conduct examples for businesses. 

This blog will help you understand:

  • Definition of Code of Ethics
  • Definition of Code of Conduct
  • Difference between Code of Ethics and Code of Conduct
  • Comparison of 8 Major Companies’ Codes of Ethics and Conduct 

Code of Ethics

A code of ethics is a set of guiding principles intended to ensure a business and its employees act with honesty and integrity in all facets of its day-to-day operations and to only engage in acts that promote a benefit to society. Sometimes referred to as a value statement, it behaves like the “Company’s Constitution” with general principles to help guide employee behaviour.

The document outlines a set of principles that affect decision-making. For example if an organization is committed to protecting the environment and “being green”, the code of ethics will state that there is an expectation for any employee faced with a problem, to choose the most “green” solution. It does not cover specific behaviour like a code of conduct, rather it outlines the principles that should guide that behaviour.

Typically, focus areas include:

  • Social Responsibility
  • Discrimination
  • Environmental issues

3 Types of Codes of Ethics

A code of ethics can take a variety of forms, but the general goal is to ensure that a business and its employees are following state and federal laws, conducting themselves with an ideal that can be exemplary, and ensuring that the business being conducted is beneficial for all stakeholders. The following are three types of codes of ethics found in business.

Compliance-based Code of Ethics

For all businesses, laws regulate issues such as hiring and safety standards. Compliance-based codes of ethics not only set guidelines for conduct but also determine penalties for violations.

In some industries, including banking, specific laws govern business conduct. These industries formulate compliance-based codes of ethics to enforce laws and regulations. Employees usually undergo formal training to learn the rules of conduct. Because noncompliance can create legal issues for the company as a whole, individual workers within a firm may face penalties for failing to follow guidelines.

To ensure that the aims and principles of the code of ethics are followed, some companies appoint a compliance officer. This individual is tasked with keeping up to date on changes in regulation codes and monitoring employee conduct to encourage conformity.

This type of code of ethics is based on clear-cut rules and well-defined consequences rather than individual monitoring of personal behavior. Despite strict adherence to the law, some compliance-based codes of conduct do not thus promote a climate of moral responsibility within the company.

Value-Based Code of Ethics

A value-based code of ethics addresses a company’s core value system. It may outline standards of responsible conduct as they relate to the larger public good and the environment. Value-based ethical codes may require a greater degree of self-regulation than compliance-based codes.

Some codes of conduct contain language that addresses both compliance and values. For example, a grocery store chain might create a code of conduct that espouses the company’s commitment to health and safety regulations above financial gain. That grocery chain might also include a statement about refusing to contract with suppliers that feed hormones to livestock or raise animals in inhumane living conditions.

Code of Ethics Among Professionals

Financial advisers registered with the Securities and Exchange Commission (SEC) or a state regulator are bound by a code of ethics known as a fiduciary duty. This is a legal requirement and also a code of loyalty that requires them to act in the best interest of their clients.

Certified public accountants, who are not typically considered fiduciaries to their clients, still are expected to follow similar ethical standards, such as integrity, objectivity, truthfulness, and avoidance of conflicts of interest, according to the American Institute of Certified Public Accountants (AICPA).

Code of Conduct

A company’s code of conduct covers major legal, ethical, and compliance risk areas to help employees make the right choices, even when they’re not easy. Your  code of conduct sets the  ethical standards and establishes expectations for employee behavior in the workplace. Employee adherence to your company’s code of conduct is essential to maintaining a reputation of integrity and preventing risk for your organization. Codes of conduct cover specific behavioural expectations in specific situations.

Topics may include:

  • Conflicts of Interest
  • Protecting Company Information
  • Financial and legal integrity
  • Reporting wrongdoing

Difference between Code of Ethics and Code of Conduct

A Code of Ethics governs decision-making, and a Code of Conduct governs actions. They both represent two common ways that companies self-regulate. They are often associated with large companies, and provide direction to employees and establish a public image of good behavior. 

A code of ethics is broader in its nature, outlining what is acceptable for the company in terms of integrity and how it operates. A code of conduct is more focused in nature and instructs how a business’ employees should act daily and in specific situations.

8 Examples of Major Companies’ Code of Conduct and Ethics

To determine the appropriate ethical guidelines for your company, you might consider studying some of the best examples of codes of conduct for the following major businesses.

Technology Companies


Google’s Code of Conduct emphasizes its values such as customer care, integrity and transparency. The document clearly states who must adhere to the standards set forth and how misconduct will be addressed.

It highlights the importance of speaking up and taking action against wrongdoing. Overall, their Code of Conduct is concise and well organized.


Microsoft’s Standards of Business Conduct revolves around one central theme: trust. Microsoft emphasizes that trust is an important aspect of its operations, including with customers, governments, fellow employees, investors and representatives.

The code of conduct also offers a process to help employees make difficult decisions that reflect Microsoft’s values and standards. Offering a process can be a useful way to simplify complex ethical decisions and ensure consistent behaviour. However, avoid getting too specific as this may result in legalistic responses, e.g. ‘Well, the code of conduct didn’t specifically say NOT to do that…’.

Read more on their website


Facebook’s Code of Conduct covers important topics such as conflicts of interest, harassment, confidentiality and protection of user data. Despite not using photos and visuals, it is simple, concise and easy to comprehend.

The company also highlights that employees can report violations anonymously to sources that they feel comfortable speaking to, including managers, HR and/or the Legal Department. The code of conduct also includes links to the company’s whistleblower and complaint policy.

Learn more about Facebook’s Code of Conduct on their investor relations website


IBM’s Code of Conduct revolves around their core values which are:

  • Dedication to every client’s success
  • Innovation that matters, for our company and for the world
  • Trust and personal responsibility in all relationships

The company further highlights environmental affairs, human rights principles, and workforce diversity in their business conduct and expectations of their employees. These achievements are highlighted in their Corporate Responsibility report

Overall, their Code of Conduct appears to be well organized and easy to understand. 

Financial Institutions


The ANZ Code of Conduct and their supporting policies set the expected standards of behaviour linked to their values.

Their guiding principles include:

  • Integrity
  • Collaboration
  • Accountability
  • Respect
  • Excellence

The company has two Codes of Conduct, which provide employees and Directors with a practical set of guiding principles to help them make fair, balanced and ethical decisions in their day to day work:

  • ANZ Non-Executive Directors Code of Conduct
  • Code of Conduct

The ANZ Non-Executive Directors Code of Conduct outlines their code guiding principles followed by the actions to be undertaken. This includes:

Act Ethically and Professionally

  • Act in the best interests of ANZ and create trust, confidence and goodwill with ANZ’s shareholders, customers and other stakeholders
  • Undertake our duties with appropriate care and diligence and in accordance with our legal obligations
  • Behave in a way that takes into account ANZ’s impact on the community and the environment in both the short and long term
  • Understand our authorities and any relevant limits and exercise any such authorities responsibly and within limits
  • Use all of ANZ’s systems and equipment appropriately and for proper purposes. This includes email, messaging, internet access, and technology and banking systems
  • Not engage in conduct (either in our capacity as a Director or otherwise) that may cause damage to ANZ’s reputation or is incompatible with our position as Directors of ANZ

Act with integrity

  • Act honestly and transparently in all our dealings with and for ANZ
  • Not knowingly mislead directly or indirectly, make false statements or mislead by omission
  • Not make promises or commitments we know ANZ does not intend, or would be unable, to honour
  • Use goods, services and facilities provided to us by ANZ in accordance with the terms on which they are provided

Treat all people with dignity and respect

  • Treat all people we deal with through our work with respect and dignity
  • Never harass, bully or unlawfully discriminate
  • Make appointment decisions based on merit

Manage conflicts of interest

  • Not improperly use the name of ANZ, our position or information obtained by us as a Director of ANZ for personal financial gain or to obtain any benefit for any other person or business
  • Fully disclose all relationships we have with ANZ in accordance with policies on independence that the Board may adopt from time to time
  • Ensure any personal dealings with ANZ must be in accordance with policies that the Board may adopt from time to time
  • Fully disclose any material personal interest, as well as any other interest which is appropriate to disclose in order to avoid an actual or perceived conflict of interest, in accordance with such policies that the Board may adopt from time to time
  • Never accept or offer any improper payment of benefits in connection with their role as an ANZ Director
  • Never accept any gift, reward or entertainment, including disclounter products, free travel or accommodation, if there is an expectation that could conflict with our role as an ANZ Director.

Protect privacy and confidentiality

  • Respect the privacy of others
  • Not improperly disclose any information about ANZ that is not already in the public domain
  • Ensure that confidential information relating to ANZ customers, staff or operations is not disclosed, inadvertently or deliberate, to third parties without the consent of ANZ

Comply with the code, law, policies and procedures

  • Be aware of and comply with all relevant laws and regulations applicable to use
  • Not take any action, or fail to take action, that may breach the law or applicable ANZ policies and procedures
  • Complete all induction and education programs required of us to build and maintain our awareness and understanding of relevant laws, policies and procedures

Furthermore, it encourages employees to contact the Group General Counsel or Company Secretary if they are unsure of their obligation or ANZ’s expectations.

These documents can be found on ANZ’s official website.


CommBank’s Code of Conduct articulates the standards of behaviour expected of their clients and stakeholders. The Code connects their purpose and values with a ‘Should We?’ test, to help deliver the right outcomes. Their ‘Should We?’ calls into question transparency, consistency with values and policy, as well as fairness which helps employees exercise good judgement.

The document specifically articulates the standards of behavior the company expects of their employees when engaging with, and balancing the interests of, the Bank’s stakeholders. The following outcomes have been outlined:

  • Fair customer outcomes are at the heart of our strategy, plans, decisions, judgements and actions.
  • Our products and services are fair, transparent, and meet customer needs, and our distribution approach is appropriate for customers. We are compassionate to the circumstances of customers, including those who are most vulnerable.
  • The potential for unfair outcomes is proactively identified, and complaints and issues are managed in a timely manner.
  • Market manipulation, insider trading, failure to manage conflicts of interest, and inappropriate sharing and use of confidential information are not tolerated.
  • We recognise that environmental and social risks can impact our business and communities and we are committed to ensuring that these risks are identified and managed appropriately

Westpac Banking Corporation

The Westpac Banking Corporation’s Code of Conduct defines four outcomes, each stronger aligned with the company’s values. This includes 1. Helping our customers and communities, 2. Being ethical, 3. Strengthening our corporate compliance, and 4. Supporting our people. Underneath each outcome, it outlines what this means for Westpac and their employees.

Helping our customers and communities

  • We are always helpful and do the right thing by our customers, suppliers and community
  • We always look for ways we can be better and simpler
  • We help our customers to make informed choices and our communications are clear
  • We lend responsibly and provide vulnerable customers with extra support and care
  • When designing, distributing and fulfilling our products we always consider their fairness and suitability for our customers
  • We handle customer complaints confidentially, with consideration and respect and take responsibility for proactively resolving complaints or referring them to the right person
  • We proactively identify potentially unfair customer outcomes, identifying the cause of the issue and if we make a mistake, immediately own it and fix it
  • We consider the long-term environmental and social impacts of our decisions

Being Ethical

  • We are trusted to do the right thing and act with honesty, integrity and due care and skill in all our dealings with the bank including as customers
  • We ensure that our actions, personally and professionally, do not put Westpac Group’s reputation at risk
  • We always ask ‘Should We?’ rather than just ‘Can We?’
  • We put the customer and bank ahead of personal interests and identify, declare, record and appropriately manage conflicts of interest
  • We uphold market integrity and protect against market misconduct, market manipulation and insider trading
  • We compete fairly to provide our customers with great products, service and innovation
  • We understand and comply with our offshore obligations when dealing with international customers or markets

Strengthening our corporate compliance

  • We protect our community and the integrity of the financial system. This includes meeting our anti-bribery and corruption, anti-money laundering and counter-terrorism financing and tax transparency obligations to mitigate the risk of fraud
  • We take accountability for identifying, managing and reporting all forms of risk, including compliance and conduct
  • We are open and transparent with regulators and report in a constructive, accurate and timely way
  • We use technology in a safe, secure and productive way
  • We keep customer, supplier and other third party information and our own confidential and sensitive information private and secure; protecting it from unauthorised use and not using it inappropriately for personal gain or sending it inappropriately to a third party

Supporting our people

  • We create a safe, diverse and inclusive place to work where we welcome diversity of thought and experience, prioritise our people and our customers’ safety and wellbeing and do not tolerate discrimination, bullying or harassment, including sexual harassment
  • We employ, promote and reward employees who live our purpose, values and behaviours and act in accordance with the expectations of our Code of Conduct
  • We work together as a team, support each other and are professional in our interactions
  • We take unlawful and unethical behaviour seriously – if we think something is not right, we speak up as soon as possible, and we listen and respond
  • We communicate with the public responsibly and only speak to the media when authorised

The document also highlights policies for topics such as conflict of interest, sexual harassment and anti-bribbery and corruption which help achieve the above outcomes. Managing such issues are critical to meet standards of responsibility and ethical conduct. Learn more about potential breaches in corporate compliance in our 4 part-series in Workplace Fraud.

This can be found on their website.

National Australia Bank

NAB’s Code of Conduct outlines the standards of behaviors expected of employees in order to better serve clients. The structure is fairly similar to Westpac’s Code of Conduct, as it outlines four major values and how they achieve it. The 4  include 1. Excellence for Customers, 2. Grow Together, 3. Be Respectful and 4. Own it. The code further elaborates on ways to achieve these targets such as practicing open communication and always putting clients first.

Furthermore, their policies are divided into the following sections:

  • Customers and Communities
  • Colleagues
  • Governance and Risk

Each section outlines the standards they expect to deliver.

Customers and Communities

  • Fair and ethical customer outcomes are at the heart of our plans, decisions and actions.
  • We only provide products and services that are right for our customers and match their needs and circumstances.
  • Our products and services are transparent and easy to understand.
  • Customer interactions are consistently high-quality experiences. All colleagues complete learning and competency requirements, and only operate in roles where they hold the required accreditations.
  • We take extra care of customers who are at a greater risk of harm or loss because they are experiencing vulnerability.
  • Concerns about unfair customer outcomes are proactively identified and owned or escalated.
  • Customer complaints, pain points and harm – including financial losses, distress and inconvenience – are promptly and appropriately addressed and, where appropriate, remediated.
  • We do not tolerate anti-competitive conduct, market manipulation, predatory market practices, insider trading, failure to manage conflicts of interest, bribery and corruption or inappropriate control and use of confidential or personal information.
  • We recognise that environmental and social risks can impact our communities and we are committed to ensuring these risks are identified and managed appropriately. 


  • Everyone feels safe and included in the workplace and health, safety and wellbeing are promoted. We take a zero tolerance approach so that no one experiences unlawful discrimination, bullying or harassment — including sexual harassment or racism.
  • Customers have confidence in NAB’s integrity and quality of service. This is why we’re only hired, promoted and recognised when we demonstrate the highest levels of professionalism and character.
  • Customers know they are in safe hands. This is because we only act within our authority and carefully consider what’s best for our customers. We always use access to technology and assets responsibly.
  • Customer interactions are consistent and high-quality experiences. We achieve this by ensuring everyone at NAB meets learning and competency requirements, and works in roles where they hold the applicable accreditations.
  • Colleagues do not compromise the integrity of NAB or its stakeholders. Any conflicts or perceived personal conflicts of interest, criminal convictions or charges are declared.
  • Colleagues are rewarded for driving long term, sustainable outcomes.

Governance and Risk

  • We meet our legal and regulatory obligations, voluntary commitments and internal standards.
  • Our customers’ personal information is respected and kept safe.
  • Our policies explain how we handle this information to keep it secure, protected from misuse, interference and loss, and from unauthorised access, modification or disclosure or personal gain.
  • Our customers and community and the integrity of the financial system are protected.
  • Our policies and standards explain how to identify, manage and control the risks of financial crime, bribery or sanctions breaches as well as commercial and personal conflicts of interest.
  • Customer interests and outcomes are a critical component of decision making and align with NAB’s risk appetite.
  • We use clear delegation frameworks for decision making to support our governance and risk management frameworks.

How Polonious Can Help

By setting out standards for behavior, a code of conduct helps minimize risks associated with employee misconduct. A well-written code of conduct makes it easier for employees to behave well because they set clear expectations, creating a positive work environment.

However, compliance is more than just checking the box. A well-managed, compliant, internal whistleblowing mechanism, ethics hotline and case management solution can help you detect problems early, address them and maintain a safe and ethical workplace, while minimizing risk.

The Polonious Case Management Software provides a consistent process that is procedurally fair for all parties, while recording all actions and decisions to ensure all evidence of the process is documented and auditable alongside any evidence gathered regarding the incident or investigation. 

Strong and effective corporate governance helps to cultivate a company culture of integrity, leading to positive performance and a sustainable business overall. Essentially, it exists to increase the accountability of all individuals and teams within your company, working to avoid mistakes before they can even occur.

Strong and effective code of ethics and conduct helps to cultivate a company culture of integrity, leading to positive performance and a sustainable business overall.

Strong and effective code of ethics and conduct helps to cultivate a company culture of integrity, leading to positive performance and a sustainable business overall. 

Making your hotline confidential will ensure employees feel comfortable using it.

To determine the appropriate ethical guidelines for your company, you might consider studying some of the best examples of code of conduct examples for businesses.

Making your hotline confidential will ensure employees feel comfortable using it.

A Comparison of 8 Major Companies’ Codes of Ethics and Conduct can point you in the right direction.

Book a Demo Now

Learn more about how Polonious can help you practice stronger and more effective corporate governance

5 Helpful Internal Investigation Tips

5 Helpful Internal Investigation Tips

Being able to conduct an effective internal investigation is essential for the day-to-day operation of your organisation. A well-conducted internal investigation helps ensure that those who have engaged in improper conduct are identified as having done so, and are dealt with appropriately. It can also ensure that those who have been wrongly suspected or accused of having engaged in improper conduct have their circumstances claried and the suspicion removed.

An effective internal investigation helps reinforce better workplaces and protects the company from large fines, damages, negative publicity, etc.

Benefits of Internal Investigations include:

  • Prevents similar issues from occurring 
  • Sends a positive message to stakeholders
  • Establishes good corporate governance
  • Identifies problems in current policies

However, internal investigations must be conducted with special care. This must be done without compromising the relationship with employees or unnecessarily damaging anyone’s reputation. This requires good planning, consistent execution, analytical skill, and an understanding of the legalities involved.

We will provide Internal Investigation Tips by breaking the topic into several parts:

  • What are Internal Investigations
  • Key Components of an Effective Internal Investigation
  • Necessary considerations when conducting Internal Investigations
  • 5 Internal Investigation Tips


What are Internal Investigations?

An internal investigation helps determine whether laws, regulations, or internal policies have been violated. The goal of any internal investigation is to obtain a straightforward view of what happened, when it happened, who was responsible, who may have been harmed, and what further actions may be necessary to prevent the alleged wrongdoing from reoccurring. 

An internal investigation generally consists of:

  • agreeing on the scope of the workplace investigation
  • interviewing the complainant in detail initially
  • drafting allegations
  • informing the respondent about the allegations and subsequent investigation
  • interviewing any witnesses for a detailed account
  • considering the evidence
  • informing the respondent of any evidence you’ve identified, and provide them with the opportunity to respond, and finally officially informing the respondent of any final findings

Internal investigations are an integral part of an effective compliance program as they remove the cause of the reported problem.


Key Components of an Effective Internal Investigation

Here are key components of an effective Investigation process:


The allegation, and purpose and scope of the Investigation must be clearly defined.


An Investigator must be unassociated with parties who are associated with the case in order to maintain neutrality and impartiality. The Investigation must be allowed to proceed without pressure from other interests that would have an interest in affecting the outcome.


The Investigation should approach the matter from a neutral position; the purpose should not be to establish that a violation has occurred or has not occurred. It is particularly important that the investigation not be undertaken from the position of an advocate seeking to defend the company or particular individuals within the company.


Investigations must be completed as quickly as possible for a number of reasons such as:

  • A fast Investigation may stop wrongdoing from continuing and mitigate any damages caused
  • Over time memories fade and evidence may be difficult to find
  • Prompt Investigations tend to be far more efficient.
  • All parties with an interest in an Investigation deserve a timely resolution.


An Investigation must exhaust all reasonable sources of information. The extent of a thorough Investigation will depend upon a variety of factors, including the complexity of the matter, as well as whether wrongdoing or other “red flags” have been uncovered during the course of the Investigation.


It is imperative that the independence and objectivity of a particular investigator, as well as the particular findings and conclusions of the Investigation, be independently verifiable to the extent possible from the investigative report itself.


Necessary considerations to make when conducting Internal Investigations

There are important considerations to make when embarking on an Internal Investigation. This includes determining:

  • When should a matter be investigated?
  • What laws should an employer/investigator be aware of?
  • What are my duties as an employer/investigator?


When should a matter be investigated?

 In deciding whether an incident, or prolonged conduct, should be ‘investigated’ a manager should assess the following:

  • Whether the conduct creates a risk to the health and safety of other employees or other people who work or visit the workplace
  • Whether the conduct actually relates to the workplace: i.e. out of hours conduct may not be within the scope of employment
  • Whether an allegation is frivolous: An employer is not required to investigate all incidents
  • Whether an allegation is calculated to harm another without merit: This may not always be obvious until investigated.
  • Whether the conduct is continuing or a single act.
  • Whether there may be some requirement to report the conduct to authorities: i.e. criminal offences. 


What laws should an employer/investigator be aware of?

In the case of vicarious liability under the Equal Opportunity Act in Victoria, employers may face action where an employee has engaged in conduct that offends anti-discrimination law. This will often throw into question whether the employer had acted reasonable or had taken reasonable steps in preventing the occurrence of the offending conduct.

One way a ‘reasonable prevention’ defence can be established is via proof of adherence to an internal investigation procedure which incorporates appropriate company discrimination, harassment and bullying policies. Conversely, where a company policy does not expressly prohibit offending conduct, a court may be more ready to infer that no reasonable preventative measures had been in place.

Furthermore, an employer must respect employees’ privacy rights when conducting internal investigations in response to a claim or allegation. Although laws such as the Electronic Communications Privacy Act (ECPA) in the United States permit an employer to monitor activities on a computer that is company property, unwarranted or unreasonable invasions of privacy may be prohibited in states such as California.

In the U.K., if an employer uses monitoring software to collect information such as how long they have sat in front of their screen, or spent on the internet, they must comply with the GDPR. The same applies to companies who handle information from people from the EU, even if the company is not located in the EU.

In Australia, organizations are required to follow relevant state laws in respect to employee’s rights to privacy. NSW and ACT have specific surveillance laws that apply specifically to workplace surveillance. Victoria limits the use by employers of surveillance devices in certain parts of the workplace (e.g. washrooms).

To avoid invading an employee’s privacy or violating wiretapping laws, the company should let employees know, in writing, that their calls are going to be monitored. Additionally, if surveillance is going to be conducted, any surveillance must be conducted in a reasonable manner. Surveillance is usually permissible when the employer can prove that there is a business related reason for the investigation. 

If an employer is going to search work areas, files, or computers, It is best practice to specify this in the company policy.  All employees should understand and be aware of the company policy which allows the employer to conduct reasonable searches of desks, files, computers and other personal work areas when an employee is suspected of theft or other misconduct.


What are my duties as an employer/investigator?


Duty of Confidentiality

Keeping the identity of the source confidential

The identity of the person or people who provide information should be kept confidential. Do not release any information that might reveal, or tend to reveal, the identity of the source. Doing so can have detrimental effects on the source, and may reduce the trust that people have in you and your investigation. Discuss with the source any fears they may have if their identity was revealed.

Even if the source consents to his or her identity being revealed, only disclose their identity when it is necessary to do so. This will help protect the integrity of your investigation, protect the source, and contribute to a general understanding within the workplace that the identity of a source will be kept confidential.


Confidentiality of the subject and those involved

Wherever possible, the subject matter of the investigation and the identity of the subject of the investigation and that of any other people involved should be kept confidential. Your investigation is not complete until a report is prepared. The report is the appropriate place to discuss the details of your investigation and the conduct of particular individuals.

If anyone requests information from you about an investigation, ask yourself the question: “Does the person need to know the information?”. If the answer to this question is “no”, you may wish to deal with questions about the investigation by neither confirming nor denying that an investigation is planned or under way 


Confidentiality of information

As an investigator, probably the most important weapon you have in your armoury is confidentiality of the information you have gathered. As your body of investigation information builds, you are able to assess the reliability of fresh information by assessing how it contrasts with information you have already obtained and considering the implications of this. You may speak to a witness whose account contrasts with other highly reliable information.

In these circumstances, you may attach less credit to this new information, unless the divergence can be explained. You may speak to another witness whose account conforms with other information, even information that the witness could not have known or anticipated would be available to you. In such circumstances, you may attach greater credit to such information.

When questioning people, avoid statements that unnecessarily reveal the identity of the source such as “X says that she saw you at…” “X tells me that you spoke to…” “X alleges that you are…”, Rather, ask direct questions, such as: “Where were you…?” “Who did you speak to…?”.

Additionally, a person’s identity might be revealed in more ways than just releasing a name, address or contact number. Be careful not to release any information that might tend to identify the person, such as physical descriptions, locations or personal knowledge that is unique to that person.

Throughout the investigation, here are some things you should avoid in order to protect confidentiality:

  • putting information on an unsecured computer
  • leaving documents on a photocopier or a printer
  • leaving incoming or outgoing faxes on a fax machine
  • interviewing people in places where they can be seen or heard
  • giving confidential information to others to copy, type, address or send
  • not blacking out names, addresses or phone numbers on some documents
  • leaving messages on desks or phone services
  • sending sensitive material by mail

However, in some cases  you may not be able to keep the identity of a person a complete secret. Some information may need to be revealed in order to properly conduct the investigation. In this case, take into account the person’s concerns and make efforts to conceal the information whenever possible.



No matter how impartial they might feel, HR staff have relationships and experiences with others in the office which can play a role in an investigation – even on a subconscious level. And even if an employee doesn’t have a direct role in the allegations, they may feel anxious about being asked to make a statement and feel like they’re taking sides. Make sure an impartial individual leads the investigation to ensure fairness. This may involve hiring a third party to conduct the investigation.


Criminal or Regulatory Considerations

Some investigations may overlap with regulatory or criminal considerations. Organisations should consider whether they are under any obligations to alert police or report the matter to any other regulatory body. 


Internal Investigation Tips


1. Conduct interviews in a private place

Conduct the interview in the office of the witness or in a neutral conference room rather than the office of a supervisor or superior. Make sure there are no other distractions or possibility of someone overhearing the conversation. 


2. Ask open-ended questions

Asking questions that require a narrative response will encourage the witness to expound and thereby provide additional information.


3. Ask follow up questions

Be sure to ask questions such as who, what, when, where, why, and how.These simple questions frequently unearth additional information.


4. Maintain confidentiality whenever possible

​​In discussions of the investigation, do not disclose the name of the witness except to those few individuals who have a need to know. Be aware of inflated, vindictive, or false leads.


5. Document and File Preservation

An investigator should preserve any evidence, documents and electronic files (including email, databases, spreadsheets, and graphics) that may contain information relevant to the subject matter being investigated. Special care should be taken to record the source and file from which the documents were obtained and the date they are obtained.

Inaccurate information could change the outcome of the investigation and investigators could face serious consequences. To avoid additional legal costs and inconvenience for the company and parties involved, it is necessary to maintain accurate records and to practice good document preservation practices.

Read Documenting a Workplace Investigation: 3 Things to Know to learn more about documentation practices including:

  • Key Documents to Record
  • Relevant Laws for Investigation Documentation
  • Benefits of proper documentation and record keeping

This will bring understanding and clarity around the idea of documenting workplace investigations.


How Polonious can Help

Polonious Case Management Software provides a consistent process that is procedurally fair for all parties, while recording all actions and decisions to ensure all evidence of the process is documented and auditable alongside any evidence gathered regarding the incident or investigation. Everything recorded in Polonious is then available in detailed reporting for identifying trends and problem areas. 


Documents of internal investigations often contain sensitive materials. Investigators and HR teams have a duty to preserve documents and/or electronically stored information (ESI) while also protecting security and anonymity. The Polonious Case Management Software can help you handle sensitive information by ensuring your evidence and case files are secure and anonymous, depending on the level of anonymity requested.

5 helpful internal investigation tips

Internal investigations are hard and can be contentious, but they are important to protect your organisation from risk.

It is important to maintain confidentiality in internal investigations, not just for the privacy of involved parties, but because it will help you compare stories without them influencing each other.

It is important to maintain confidentiality in internal investigations, not just for the privacy of involved parties, but because it will help you compare stories without them influencing each other.

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

The Importance of Supply Chain Ethics and Compliance and Top 6 Best Practice Tips for Every Company

The Importance of Supply Chain Ethics and Compliance and Top 6 Best Practice Tips for Every Company

A Deloitte study shows that customers are increasingly expecting businesses to operate at the highest possible standards. With growing recognition of social, ethical and environmental issues, many governments have passed laws aimed to drive responsible business practices and greater supply chain transparency.

Human rights, child labour, environmental impacts and health and safety practices are just some of the ethical issues that organisations must consider when building their supply chains, especially when they extend beyond their own borders and into emerging markets. If they execute bad judgment in just one aspect, their reputation and financial future could be promptly shattered.

With the potential damage to reputation and finances, companies must act to ensure their supply chain processes are ethical at every touch point. 

Due to the rise in ethical compliance expectations, ever-increasing legislations and information being readily available online, it is important now more than ever to evaluate vendors, suppliers and any other points of contact when running risk assessments to ensure your supply chain processes are ethical at every point.

This blog will address:

  • Definition of Supply Chain Ethics
  • Relevant Laws in Australia, United Kingdom and the United States
  • 6 Ways to Build Ethical and Sustainable Supply Chains
  • 3 Strategies to Minimize supply chain risk

Definition of Supply Chain Ethics

As sourcing has become more global, instances of exploitation and malpractice have come to light, raising questions about how ethical corners may be cut to produce goods cheaply.

When talking about ethics in the supply chain, experts generally focus on:

  • Freedom of employment and association
  • The eradication of child labour
  • Safe and hygienic working conditions
  • Appropriate pay and working hours
  • Humane and non-discriminatory treatment
  • Anti-bribery and corruption
  • Environmental awareness

Bribery and corruption is of particular concern to every industry due to ever-increasing fraud schemes. Learn more about workplace fraud in Workplace Fraud: 7 Types of Corruption as well the Importance of Corporate Governance for Fraud Prevention.

Relevant Laws in Australia, United Kingdom and the United States

Modern Slavery

According to Australia’s Department of Home Affairs, Modern slavery describes situations where offenders use coercion, threats or deception to exploit victims and undermine their freedom.

Practices that constitute modern slavery can include:

  • human trafficking
  • slavery
  • servitude
  • forced labour
  • debt bondage
  • forced marriage, and
  • the worst forms of child labour

Modern slavery can occur in every industry and sector and has severe consequences for victims. Modern slavery also distorts global markets, undercuts responsible business and can pose significant legal and reputational risks to entities.

Entities have a responsibility to respect human rights in their operations and supply chains, as outlined in the United Nations Guiding Principles on Business and Human Rights. This includes taking steps to assess and address modern slavery risks.

Taking action to combat modern slavery also makes good business sense. Entities that take action to combat modern slavery in their operations and supply chains can protect against possible business harm and improve the integrity and quality of their supply chains.

They can also increase profitability, investor confidence and access to financing opportunities. Many countries have imposed regulations in order to combat modern slavery.


In Australia, the Modern Slavery Act 2018 requires businesses with over $100 million in revenue to report annually on the risks of modern slavery in their operations and supply chains, and actions to address those risks.

In addition, in August 2021, a proposed amendment to the Customs Act 1901 passed the first stage in the process of becoming law. This amendment aims to include an import ban on any goods produced or made using forced labour, during any stage of the production.

The Australian Senate passed the bill, and it will now go to the House of Representatives for a final stage of approval. Although there isn’t yet a confirmed date for the House of Representatives to discuss the bill, this demonstrates increased government involvement in ethical compliance in supply chains.

United Kingdom

In line with the Modern Slavery Act 2015, every organisation carrying on a business in the UK with a total annual turnover of £36m or more is required to produce a slavery and human trafficking statement for each financial year of the organisation.

The U.K. Government outlines many benefits tackling modern slavery can bring to companies including:

  • protecting and enhancing an organisation’s reputation and brand
  • protecting and growing the organisation’s customer base as more consumers seek out businesses with higher ethical standards
  • improved investor confidence
  • greater staff retention and loyalty based on values and respect
  • developing more responsive, stable and innovative supply chains.

According to the U.K. government, if a business fails to produce a statement for a particular financial year, the Secretary of State may seek an injunction through the High Court (or, in Scotland civil proceedings for specific performance of a statutory duty under section 45 of the Court of Session Act 1988) requiring the organisation to comply. If the organisation fails to comply with the injunction, they will be in contempt of a court order, which is punishable by an unlimited fine.

United States

In the U.S., some jurisdictions have enacted laws that require certain types of companies to investigate their supply chains and to take efforts to combat human trafficking and forced labor. For example, the California Transparency in Supply Chains Act, effective January 1, 2012, requires covered companies to disclose on their websites their efforts to combat human trafficking and forced labor in their supply chains. The law applies to retailers and manufacturers with annual worldwide gross sales over $100 million that do business in California.

Companies subject to the Transparency in Supply Chains Act must disclose the extent of their efforts in five areas: verification, audits, certification, internal accountability, and training. Specifically, in its supply chains disclosure, a company must disclose to what extent, if any, it:

  1. Engages in verification of product supply chains to evaluate and address risks of human trafficking and slavery. The disclosure shall specify if the verification was not conducted by a third party.
  2. Conducts audits of suppliers to evaluate supplier compliance with company standards for trafficking and slavery in supply chains. The disclosure shall specify if the verification was not an independent, unannounced audit.
  3. Requires direct suppliers to certify that materials incorporated into the product comply with the laws regarding slavery and human trafficking of the country or countries in which they are doing business.
  4. Maintains internal accountability standards and procedures for employees or contractors failing to meet company standards regarding slavery and trafficking.
  5. Provides company employees and management, who have direct responsibility for supply chain management, training on human trafficking and slavery, particularly with respect to mitigating risks within the supply chains of products.


In June 2021 the German parliament passed the new Supply Chain Due Diligence Act that will require large companies to conduct supply chain due diligence. They must take steps to identify, prevent and address human rights and environmental issues in their own activities and in their direct suppliers’ operations.

The new law will enter into force on 1 January 2023 and will take effect immediately for companies with 3,000 or more employees, and on 1 January 2024 for companies with 1,000 or more employees. The law will only apply to companies whose head office, principal establishment, center of administration or registered office is in Germany.

Companies affected by the Act should take action as soon as possible in order to ensure that they will comply with the Act as of 1 January 2023. In addition to liability risks in civil law, there may also be a risk of significant fines and penalties, as well as exclusion from tender procedures for public contracts. But smaller companies should also take heed: companies which are directly affected by the Act will (have to) try to obligate their suppliers to comply with their own requirements, so that due diligence requirements might get in “through the back door.”

Environmental Regulations

According to the United States Environmental Protection Agency (EPA), organizations’ supply chains often account for more than 90 percent of their greenhouse gas (GHG) emissions, when taking into account their overall climate impacts. Over the last decade, many legislations have been introduced across the globe in order to address this issue.


The Australian Government has a range of environmental policies to minimise the impact of government operations on the environment.

There are also agency measures and targets for carbon emissions, energy, waste and resource use, as well as set mandatory environmental standards for incorporating sustainability into government procurements.

According to the Australian Government, legislation and policies that are relevant for suppliers, products and materials selection include:

  • Environment Protection and Biodiversity Conservation Act 1999 (Cth)
  • Product Stewardship Act 2011 (Cth)
  • National Waste Policy: Less Waste, More Resources – Strategy 2 (sustainable procurement)
  • Energy Efficiency in Government Operations Policy (2006)
  • Australian Government ICT Sustainability Plan (ICTSP) 2010-2015
  • Australian Packaging Covenant – Action Plan 2010-2015
  • National Environment Protection Measures (NEPM)
  • Commonwealth Procurement Policy Framework and Guidelines
  • State Government Environment Protection Legislation and Regulations, such as the Protection of Environment Operations Act 1997 (NSW)

United Kingdom

The UK Government recently announced that it is developing legislation that would make it illegal for large businesses operating in the UK to use certain commodities that have not been produced in line with local laws, and require in-scope companies to conduct due diligence to ensure that their supply chains are free from illegal deforestation and ecosystem change. A failure to comply could result in significant fines (the precise levels of fines are yet to be determined).

The legislation has the potential to impose market restrictions and extensive supply chain due diligence obligations, but it appears that it will be limited to certain “forest risk” commodities —  including those embedded within products — whose rapid expansion is associated with deforestation. The UK Government is currently consulting on the potential law. The UK Government anticipates that the law will particularly impact supermarkets and fashion houses, meat and dairy producers and businesses using palm oil and other natural ingredients; and has suggested that legislating might offer legal certainty and clear obligations for businesses.

United States

In the U.S., there are a few major federal laws that companies must abide by. 

The Comprehensive Environmental Response, Compensation, and Liability Act – otherwise known as CERCLA or Superfund — was passed in 1980. This provides a Federal “Superfund” to clean up uncontrolled or abandoned hazardous-waste sites as well as accidents, spills, and other emergency releases of pollutants and contaminants into the environment. Through CERCLA, EPA was given power to seek out those parties responsible for any release and assure their cooperation in the cleanup.

The Pollution Prevention Act, passed in 1990, includes provisions aimed at reducing the amount of pollution in the environment by making changes in production, operation, and use of raw materials by both private industry and the government. In other words, the Act is proactively focused on source reduction of pollution, rather than reactively focusing upon how to deal with pollution once it has entered the environment. An area of the Pollution Prevention Act which has had a dramatic and recognizable impact on the general public is the push towards recycling and reuse of materials.

The Occupational Safety & Health Act (OSHA) was passed in 1970 due to concerns with the increasing lack of worker and workplace safety . The main thrust of OSHA is to require employers to provide their workers with a safe workplace. While some OSHA requirements do not directly affect the environment (such as the requirements concerning safety for workers on elevated sites), other provisions specifically address environmental issues (such as the use of toxic or hazardous substances in the workplace).

OSHA is one of the few federal laws that relate to the environment that is not controlled by the EPA. Instead, OSHA is enforced by the U.S. Department of Labor in concert with the National Institute for Occupational Safety and Health (NIOSH), which was specifically created to deal with OSHA issues. In addition, many states have their own workplace safety and health acts. The state acts must have provisions in place which meet, if not exceed, the federal OSHA requirements.

6 Ways to Build Ethical and Sustainable Supply Chains

Manage Supplier Communities

Ethical practices need to be managed in a continuous manner, and companies must think about how they can improve day-to-day collaboration within their supply chains to achieve this. Effective collaboration with trading partners helps to drive greater adoption and adherence to ethical sourcing practices.

Companies should ensure they have up-to-date contact details for each participant in the supply chain. Collaboration platforms can help to encourage this. After all, it’s difficult to collaborate with suppliers if key contact details such as e-mail addresses or phone numbers are missing. By regularly surveying supplier communities, companies can uncover interesting insights into how the supply chain is performing, and what level of ethical practices is being achieved.

Gather Ethical Insights

For many organizations, monitoring the performance of trading partners and truly understanding the ethical “pulse” of supply chains remains a key challenge. To this end, advanced analytics, artificial intelligence and machine learning tools offer a helpful solution, providing a wealth of insights into day-to-day processes. In fact, AI stands to transform future operations, providing a means of ensuring that supply chains meet ethical standards, and applying measurable outcomes that can be applied to every trading partner across the chain. 

Through the use of advanced AI dashboards, organizations will be able to consistently monitor the ethical performance of trading partners. They’ll use the information to make strategic business decisions such as renewing supply contracts with high-performing suppliers, or terminating those with underperformers

Secure Trading-Partner Relationships

Once a supplier has been selected, it’s important to secure the supplier’s interaction with your organization. This helps to increase trust and minimize risk across trading-partner relationships. It can be done using an identity and access management platform for assigning a digital identity to trading partners across the business ecosystem.

In the process, you can ensure that external suppliers, business partners and contractors have secure access to the internal systems they need based on their roles within the ecosystem, including logistics, warehouse management, inventory and enterprise systems, as well as data.

Digitize Your Supply Chain

Upon securing the desired trading partners, companies must then connect them electronically to business operations, in order to establish a digital supply chain.

Ideally, this would take place in a cloud-based, data-integration environment, which allows the supply chain platform to scale in line with changing consumer demands and fluctuating market conditions. Embracing a digital supply chain also helps to prevent the falsification of manual, paper-based supply-chain documents, and therefore indirectly reduces the amount of counterfeit parts entering the supply chain, especially in the aftermarket sector.

Monitor Shipment Provenance

The key to building trust and protecting the reputation of an organization is knowing the source of all the parts that make up a product. Leveraging the internet of things (IoT), organizations can improve supply-chain visibility by tracking both the movement and condition of shipments. IoT sensors measure the temperature of frozen or perishable goods, shock levels as fragile goods are moved, and the location of expensive items via the global positioning system (GPS). In doing so, shippers can help to ensure against spoilage, damage and theft.

While IoT on its own can bring a slew of benefits to organizations, combining it with other advanced technologies such as blockchain can take it a step further. With blockchain, organizations can ensure greater traceability by capturing the source and retaining the provenance of goods as they flow through the supply chain.

For example, if a fire breaks out in a vehicle and the source is found to be the wire harness, a potential government-mandated recall might require the identity of all suppliers who were involved with its manufacture. If poor-quality gold was used in the connectors fitted to the wire harness, evidence in the blockchain can immediately identify where the gold came from — even the mine from which it originated.

While blockchain stands to transform ethical sourcing practices, organizations are still at the early stages of learning about the technology and how it can impact the way they do business. It will be a few years before blockchain finds its way into every business process.

Identify Trustworthy Suppliers

Before embarking on an ethical-supply chain strategy, organizations must first locate trading partners who share the same ethical practices. They can search for potential partners based on specific criteria — for example, whether the business in question maintains sustainable working practices, uses conflict-free minerals in its products, or engages in fair labor practices. It’s imperative that companies be able to trust the partners they work with, to ensure ethical working practices across the end-to-end supply chain.

3 Strategies to Minimize Supply Chain Risk

Aim for end-to-end supply chain visibility

The supply chain involves many different operational stages, and each stage faces its own risks and challenges. If something were to go wrong in one of these stages, the last thing you want is to only find out about issues later down the production line, or even worse at the last minute before the final product or service is delivered to the buyer. 

The sooner you’re aware of any issues, the sooner you can deal with them and prevent them from disrupting or delaying the supply chain, or affecting the quality of final products or services. Therefore, supply chain visibility is extremely important in risk prevention.

Supply chain visibility is about knowing where inventory is on its journey through your supply chain, and if any issues are going to affect the delivery timeline. This information might be exclusively available for supply chain management to see, or customers may be able to see this information too. With this visibility, you can track the progress of orders and ensure quick responses to any changes.

Another form of visibility that can help you reduce supply chain risks is visibility into the financial stability of your suppliers. Acquiring financial reports during the procurement process can help you choose financially stable suppliers, reducing the risk of corruption, bribery, and financial issues affecting production processes. 

Share responsibility by including partners in Risk Planning 

When planning how to mitigate supply chain risks, it’s a good idea to include suppliers and partners in the process. They may have unique insights into the risks your supply chain faces and can help create effective solutions. You will also need to ensure your suppliers’ risk management and business continuity strategies align with yours. 

By including partners throughout the risk management process, you can make sure you’re all on the same page, aware of the risks that need to be managed, and the control measures that should be implemented.

Review Supply chain risks periodically

Your risk management strategies will only be effective if they’re up to date and relevant to your supply chain and business operations. So carrying out a risk assessment once simply won’t cut it. You need to regularly review supply chain risks and ensure control measures and planned responses to different scenarios are still relevant. 

You should review your supply chain risks at least once a year or whenever changes are made to your supply chain and production processes. For example, if you start working with a new supplier, or changes are made to the manufacturing or delivery processes, you’ll need to assess any new hazards. 

How Polonious can Help

Implementing the Polonious Case Management System can help you  improve communication throughout the supply chain. Reports can be filed to draw attention to defective shipments and other supplier issues requiring corrective and preventive action. With improved communication throughout the supply chain, all parties would be aware of the faulty product and be held accountable for taking corrective action.

Once an investigation is complete, suppliers submit a report requesting approval of the corrective action taken. This allows managers to review the actions taken and the measures established to prevent the action from happening again.


It is critical that an organisation implements relevant structures and processes to effectively manage and monitor the compliance processes.

It is critical that an organisation implements relevant structures and processes to effectively manage and monitor the compliance processes.

The risks that may stem from noncompliance with key legislative requirements can be very costly and damaging to an organisation.

The risks that may stem from noncompliance with key legislative requirements can be very costly and damaging to an organisation. 

The consequences of noncompliance range from penalties and fines, to imprisonment, withdrawal of licenses, litigation and reputational risk.

The consequences of noncompliance range from penalties and fines, to imprisonment, withdrawal of licenses, litigation and reputational risk.

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

Workplace Bullying Update: James Hardie Industries fires CEO Jack Truong for Intimidating, Threatening Behaviour

Workplace Bullying Update: James Hardie Industries fires CEO Jack Truong for Intimidating, Threatening Behaviour

In an official statement, $23 billion ASX-listed Australian building materials giant, James Hardie Industries shocked shareholders on Friday, by announcing that they have fired chief executive Jack Truong over his “intimidating, threatening” and disrespectful behaviour towards colleagues. 

In a brief statement, Jack Truong said: “I was blindsided by the termination and unequivocally reject the assertions made by Mr Hammes and the company,” he said, referring to executive chairman Mike Hammes.

However, James Hardie Industries supported their stance by claiming that despite being given chances to improve his behavior, he did not make efforts.

Workplace bullying occurs in all industries and at all levels. All employers have a legal obligation to protect employees, whether it is from bullying by other employees, direct managers, or even the CEO. It is increasingly important for companies to be proactive in order to minimize harm and disruptions to their employees, company and themselves.

According to the Australian Government, bullying at work happens when:

  • a person or group of people repeatedly behave unreasonably towards another worker or group of workers
  • the behaviour creates a risk to health and safety.

​​Examples of workplace bullying include:

  • behaving aggressively towards others
  • teasing or playing practical jokes
  • pressuring someone to behave inappropriately
  • excluding someone from work-related events
  • unreasonable work demands.

Individuals who intimidate and humiliate staff are increasingly being held accountable, as companies, employees, and society at large are losing tolerance for workplace bullies.

This blog will cover:

  • Details of James Hardy’s CEO Sacking
  • Shifts in Corporate Accountability
  • 4 ways your company can prevent workplace bullying

Details of James Hardie CEO Jack Truong’s Sacking

Mr Truong was fired from James Hardie Industries after the company’s board hired an independent investigator to look into complaints about his “threatening and intimidating behaviour”. Executive chairman Mike Hammes told a conference call that Mr Truong’s behaviour was “intimidating” and “threatening,” and many staff planned to resign because the work environment had become overtly hostile. Workplace bullying is a significant issue, not just because of legal issues, but because it causes turnover and wider cultural issues.

According to an official report, the company conducted extensive due diligence, which included hiring external lawyers and an external consultant, to provide the opportunity for “sincere change in Mr Truong’s behaviour”. Despite being offered executive coaching, Mr Truong is accused by James Hardie’s board of failing to improve his behaviour. As a result, he was sacked and lost incentives, including unvested long-term bonuses.

The Board ultimately concluded, based on independent third-party consultant surveys and analysis, direct input from various executives, and additional information, that Mr. Truong’s conduct, while not discriminatory, extensively and materially breached the James Hardie Code of Conduct.

The Board took this action to uphold the Company’s core values, including Operating with Respect, and to maintain continuity of the management team that has been instrumental in our transformation.

The company’s core values and mission statement can be found on their official website.

Shifts in Corporate Accountability

Workplace bullying can occur between anyone in the workplace. But perhaps the most difficult situation to deal with is bullying by a boss—the very person responsible for your advancement within the company.

In Australia, employers have a legal responsibility to provide a safe workplace under the Work Health and Safety Act 2011 and anti-discrimination laws. Similarly, in the United Kingdom, employees are protected from bullying and harassment under the Equality Act 2010.

Employers have a duty of care for their employees health and wellbeing whilst at work. An employer that allows bullying to occur in the workplace is not meeting this responsibility. We have compiled 8 tips to make workplace bullying investigations more effective.

However, Mr Truong’s public denial of these allegations and complaints about being ‘blindsided’ show that it is important to maintain procedural fairness in investigations, to ensure that any action taken is transparent and justifiable in the event of a dispute.

Generally, compliance with procedural fairness requires that: 

  • a thorough, confidential investigation is carried out and all relevant evidence (from any witnesses and documents) obtained
  • the subject of the complaint is given an opportunity to respond to the allegation and any evidence found
  • concrete evidence is used to substantiate any claim

Additionally, our article on Standards of Proof in Workplace Investigations can help you understand your requirements as an investigator.

James Hardie’s description of their investigation, taken at face value, shows that Jack Truong was provided with an opportunity to improve his behaviour (and, we can assume, to respond to the allegations as part of this). External parties were engaged to ensure impartiality, and they list numerous sources of evidence regarding his behaviour. Based on what has been reported it seems that, despite Mr Truong’s public statements, a fair and thorough investigation was conducted and the actions against him were justified.

4 ways your company can prevent workplace bullying 

Create anti workplace bullying policies

To ensure that employees are not discriminated against, harassed or bullied, workplaces should develop and implement workplace practices to address inappropriate workplace behaviour and respond to complaints effectively. 

The policy should describe what constitutes bullying and should communicate to your employees that this behavior will not be tolerated. Your policy should assure employees that allegations of bullying in the workplace will be promptly and thoroughly investigated with action taken as appropriate–up to and including termination of the perpetrator’s employment. Complaint procedures should be clear so that employees and managers understand expectations and the process that will result in case of an incident. Finally, make sure your policy is drafted in compliance with any applicable laws.

Conduct company-wide training

This training should teach them to recognize it in themselves as well as others. Some people may not realize that their behavior can actually be classified as bullying or harassment. In addition, many people are often witnesses to bullying but fail to report. Employees should be trained to recognize and report on these instances to foster a healthy and transparent workplace culture.

Take all reports seriously

Companies that respond professionally and immediately to allegations of workplace bullying are likely to find that their employees are more comfortable reporting bullying incidents. Of course, the more bullying is reported, investigated and, ideally, eliminated, the less bullying you’ll have to contend with in the future. Not only is investigating bullying good for company culture, morale and business success, it can help your company maintain compliance with anti-harassment laws and regulations. There are many things you can do to conduct effective internal investigations, which we have outlined here.

Promote accountability at all levels

Manager training about bullying is instrumental to eliminating bullying in the workplace for two reasons: the company communicates clearly that supervisory bullying will not be tolerated, and they typically have the greatest visibility into co-worker peer-to-peer bullying behaviors. They are often the first line when a victim or witness reports bullying. Teach managers to identify the signs of bullying and to respond appropriately to bullying concerns. Make managers accountable for enforcing a zero-tolerance policy for bullying, just as they are responsible for enforcing your anti-harassment policy. Setting up effective internal whistleblowing hotlines are a key asset in preventing internal fraud. 

How Polonious can Help

Workplace bullying doesn’t just hurt those involved. The wider workplace also feels the effects through lost productivity, increased absenteeism, poor morale, and time spent documenting, pursuing or defending claims. And while we often think about bullying as an individual or interpersonal issue, oftentimes, it is the broader environmental factors – such as poor organisational culture and a lack of leadership – which are the main drivers. 

The most effective way to stamp out bullying is to stop it before it starts. This means creating a strong, consistent approach to prevent inappropriate behaviour from escalating, and a positive, respectful work culture where bullying is not tolerated. James Hardie’s willingness to terminate a senior leader over workplace bullying issues shows a strong commitment to stamping out bullying and should be applauded.

Polonious can help in this kind of situation by ensuring that your investigation is fair and transparent, as these kinds of investigations are always contentious and especially so when involving high profile leaders. Polonious’ rigorous workflows ensure you remain procedurally fair, while detailed decision forms, reporting capabilities, and full audit trails ensure transparency and evidence to back up any disputed decisions.

James Hardie CEO Jack Truong has been terminated due to workplace bullying, with his actions described as 'intimidating' and 'threatening'.

James Hardie CEO Jack Truong has been terminated due to workplace bullying, with his actions described as ‘intimidating’ and ‘threatening’.

Workplace bullying creates significant problems with workplace culture and turnover. It should not be tolerated - whether from employees or leaders.

Workplace bullying creates significant problems with workplace culture and turnover. It should not be tolerated – whether from employees or leaders.

Book a Demo Now

Learn more about how Polonious can help you conduct fair workplace investigations today.

Importance of Corporate Governance for Fraud Prevention

Importance of Corporate Governance for Fraud Prevention

As the fraud environment becomes increasingly complex, especially with the COVID-19 pandemic, it is now more important than ever that businesses develop robust fraud prevention programs. One method of doing so is ensuring effective corporate governance. 

Corporate governance is the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations. The key players involved in corporate governance include the board of directors, audit committee, firm management, internal auditors, and fraud risk assessment. 

While it may be impossible to stop all cases of fraud within a business, fraud can be more easily identified, reported, and its outcomes minimised with strong internal systems and a management culture that encourages employees to speak out about their concerns.  

The Role of the Board

The board of directors of a company is an elected group of individuals that represent the company’s shareholders. They have many roles within the company, but overall the board will “oversee” rather than “do”. In contrast, management is the group responsible for the actual running of the business. 

Some responsibilities of the board of directors include:

    • Maintaining oversight of fraud risk assessment
    • Monitoring management fraud and control-related activities
    • Implementing an effective business ethics program
    • Hiring management, setting their compensation and evaluating their performance
    • Setting the appropriate tone at the top

In Australia, directors are subject to 2 different sources of law. The Corporations Act 2001 (Cth) is the primary piece of legislation that governs the board of directors. Some of the key duties this Act imposes are:

    • Act with care and diligence: There is an obligation to ensure a basic understanding of the company’s activities, size, distribution of functions and financial position.
    • Act in good faith in the interests of the company and for a proper purpose.
    • Not use their position to gain advantage for themself or another or to cause detriment to the company.
    • Not use information to gain advantage for themselves or another to cause detriment to the company

    Failure to comply with these regulations will result in significant financial penalties for the director involved.

    Besides the duties under legislation, the board of directors must also act as fiduciaries under general law. A fiduciary is a person that acts on behalf of another person or persons, putting their clients’ interests before their own. Their duties are similar to those under the Corporations Act, and include duties to:

      • Act in good faith and in the best interests of the company
      • Exercise their powers for a proper purpose
      • Not fetter their future discretion – i.e. not bind themselves to a particular future decision
      • Avoid conflicts of interest and duty

    Remedies exist in the event of a fiduciary breach, such as injunctions, claims for damages or compensation, and recissions of any contracts improperly entered into by the director. 

    The board of directors owe a duty towards the shareholders of their company, with serious penalties in place if they breach this duty. Not only does this prevent the board from engaging in fraudulent activities themselves, it also encourages them to look out for and prevent instances of fraud within their company.


    What Can the Board Do About Fraud?

    Whistleblower Hotline

    The board should engage in corporate governance via an effective whistleblower hotline in place so that employees can easily report any suspicious activity they see. This will lead to more positive outcomes for the company, since companies will be better off relying on their employees for internal information rather than facing the uncertainty associated with inquiries from government agencies like ASIC. 

    Some of the most important features for a whistleblower hotline include:

      • Have a variety of communication channels
      • Implement different metrics
      • Complaints should have a means of follow up by investigators 
      • Employees should remain anonymous unless otherwise stated
      • Its existence should be made known to all employees, vendors, and other stakeholders

    Aside from the fact that whistleblower hotlines will effectively collect valuable information from employees, it will also deter potential perpetrators from engaging in fraud, and promote a culture of compliance.

    Ethical Culture 

    Without a strong ethical culture within an organisation, fraud is almost an inevitability. The guiding principles of a company are what all employees will be led by.

    If employees see that the company has taken a strong stance against all forms of fraud, they will be less likely to engage in this kind of behaviour. A company’s core principles will be set by the board of directors and be a strong indicator of the company’s strategic direction. 

    The board should therefore implement a code of ethics or conduct as a form of corporate governance. This will deter any wrongdoing and promote honest and ethical conduct by their employees.

    Additionally, such a code will clearly outline the activities that the company deems as appropriate and inappropriate, and the consequences for violation. 

    Directors, trustees, and staff should all be familiar with the code, and regularly be educated as to the importance of compliance. Written acknowledgement of adherence to the code should also be obtained on an annual basis. 

    Risk Management

    As mentioned above, one of the roles of the board is to oversee the management of risk, which includes the risk of fraud. Fraudsters are constantly looking for new ways to exploit companies, so the board must be agile in their fraud risk management. 

    Corporate governance can take place through the implementation of a board committee, such as the audit committee, to focus on the oversight of risk management. This is particularly useful if the committee currently lacks capacity or does not consist of the optimal board members for risk oversight. The board will also have the opportunity to periodically review the committee’s effectiveness of fraud risk management processes and controls. 

    Next, the board can conduct a comprehensive fraud assessment. This involves creating an exhaustive list of potential risks that the company is exposed to. There are a number of methods of identifying such risks, which include:

      • Employee fraud awareness surveys
      • Hiring a cyber security firm to detect hacking vulnerabilities
      • Monitoring social media
      • Conducting exit interviews

    The board should also include any measures that are currently in place to manage each risk, such as metrics, reports, insurance and contingencies. 

    Once the risk areas have been recognised, they should each be reviewed to determine whether they involve a vulnerability to fraud. These may include the movement or retention of funds, company records or confidential information, or system interfaces with vendors and customers. Providing a risk rating for each area will be an effective way to periodically assess the strength of anti-fraud control measures. 

    Polonious’ risk management software may be the perfect solution for you. Not only is it ISO compliant, this software is easy to navigate, reduces administration time, and can easily export reports. You can find out more here


    What should the board do if a fraud has occurred? For lower level fraud in a large company, it may be sufficient to let it be handled by a manager or human resources.

    However, for a significant fraud or a small company, the board must investigate how the fraud occurred and if/how it might have been prevented, or at least oversee and review a report on the investigation. Key considerations when conducting an investigation include:

      • Categorising issues
      • Confirming the validity of the allegation
      • Defining the severity of the allegation
      • Escalating the issue or investigation when appropriate
      • Conducting the investigation and fact-finding
      • Resolving or closing the investigation
      • Managing and retaining documents and information

    Finally, the board should consider using outside resources, since internal resources may already be compromised. 

    Polonious’ investigation case management software can do all this work for you. The system is incredibly flexible and adaptable to your needs. It allows you to access everything you need in one convenient place, and can be easily implemented into your current IT resources. More information can be found here.


    Governance Systems

    Governance systems are an important preventative measure of corporate governance because they ensure oversight and minimise the ways fraud can occur.

    For example, effective policies and procedures around procurement and tender processes help to ensure that choice of suppliers are not influenced by bribery or corruption. These policies may include:

      • Introducing additional approval processes for orders over a certain amount
      • Assigning someone to identify and regulate vulnerabilities in your processes
      • Conducting background checks on potential employees including reviewing expenditure habits

    Additionally, while they may be implemented by the board, effective governance systems operate independently and can help to prevent fraud at the board level. These systems will provide the overall framework that the organisation is expected to operate within, so the board must appoint the right managers to oversee them.

    Additionally, independent, third party auditing, as part of the governance system, also helps to prevent fraud that may occur within the board itself.


    Corporate governance plays an invaluable role in identifying and putting a stop to all kinds of fraud within their organisation. Some activities that the board of directors should engage in include implementing a whistleblower program, developing a code of ethics, engaging in risk management, and investing in governance systems. By doing so, the board will send a clear message to potential perpetrators of fraud that they will not tolerate this sort of behavior in their company.

    Corporate Governance

    The board of directors are required to act in good faith.

    Corporate Governance

    The board must investigate how fraud has occurred and if/how it might have been prevented.

    Book a Demo Now

    Learn more about how Polonious can help you investigate and respond to fraud.

    5 ways to dig deeper than a Web search for better investigation

    5 ways to dig deeper than a Web search for better investigation

    Whenever an investigation begins it is only natural to jump on the Internet and do a Web search for any relevant material that is publicly available.

    The Web is an ideal starting point, but there are many more data sources available to intrepid investigators. In this blog we will look at five ways to garner more information for an investigation, and how the results will help you deliver a more comprehensive result.

    1. Specialist Web search engines

    When people search the Internet they think of Google, but there are many more specialist search engines which focus on certain niches, or verticals.

    These include alternative general search engines and forums and portals which focus on specific topics. Your investigation might relate to the aviation sector, so log onto aviation forums and look (and ask) for information which might be helpful.

    There are also many localised search engines which focus on particular geographies, which could help your investigation if there are elements relating to non-English speaking regions.

    2. Social networks

    Your investigative work is made easier if the people you are investigating are happy to share their private live with the world.

    A person’s profile can be reviewed and information can be gathered from it, and from there it will depend on how it fits into the wider case and whether it can be used to bolster the investigative process.

    Like search engines, the Web is awash with social networks of all shapes and sizes. Facebook won the war for the most popular social network, but again there are plenty of niche options to include in your investigative work.

    Take the time to look at any niche social networks which might give new light to the investigation.

    Some OSINT providers will perform detailed social media searches for you, and Polonious integrates with a number of leading providers.

    3. Government databases

    In addition to open data sources like search engines and social networks, there are more shielded information repositories, such as government-controlled databases which can be used during an investigation.

    These databases house public records, but often require some form of application or payment to be searched.

    Examples include company records; births, deaths and marriages; estates and wills; and other regulated industry data. If the case involves a criminal or civil court matter, then there will be records available for searching.

    Such data can give your investigation the boost it needs by revealing interests and relationships not contained in public repositories.

    4. Associates

    The person you are investigating might be very private, but their associates might not be.

    Today’s connected Web can reveal a lot about a person, even if they didn’t consent to having the information about them shared.

    By using a combination of search, social and other data sources your investigation can easily reveal a lot about a person, or organisation, by proxy.

    Including relations and associates is now an important factor in getting the most amount of information available.

    5. Work history

    Another source of information for your investigation is work history. Like government data, this might not be immediately available for free, but can be sourced specialist sources such as financial records.

    LinkedIn is the go-to social network for professionals and from there someone’s work history can be investigated.

    While looking into work history, don’t forget co-workers. People who have worked together know a lot about each other and this information can be readily shared online.

    The amount of open source information available to investigation teams extends well beyond a regular Google search. Look at the numerous free and paid-for data sources which might give your investigation the edge.

    There are also support services available which focus on the many different databases containing personal information.

    Web search is useful but basic search engines like Google do not cover all bases for investigations
    SIU Insights report 2021How do you compare to other SIUs?

    Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

    GICOP changes 2021Download the GICOP whitepaper and stay compliant.

    Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.