Connect Support Advance

White paper

Whistleblowing
Programs
Updated 2020

Level 7, 133 Castlereagh Street, Sydney NSW 2000 | PO Box A2311, Sydney South NSW 1235
T +61 2 9267 9155 F +61 2 9264 9240 E [email protected] www.iia.org.au
 Whistleblowing Programs

Contents Risk management includes effectively managing misconduct,

some of which may be reported if the person doing so can be
Background 2
offered safe and secure means of reporting misconduct.
- Purpose 2
Organisations wishing to maintain a trusted reputation in
- Background 2 accordance with good practice and comply with the law
- Changes to the Law 2 relating to whistleblowing should consider a whistleblowing
program as part of their overall governance and risk
Discussion 2
management environment.
- Issue 2
So, how does an organisation establish a whistleblowing
- Benefits 3 program?
- Public Sector Legislation 3
Changes to the Law
- Corporate Whistleblowing Legislation 4
Historically there have been numerous incidents of
- ASIC Regulatory Guide 270 4 whistleblowers being treated poorly and suffering
- Roles and Responsibilities 5 victimisation, harassment and detrimental conduct in Australia
Conclusion 7 and internationally. In the last decade an increasing number
of whistleblowers have gained national and international
- Summary 7 media publicity which has created a desire by the community,
- Conclusion 7 regulators and lawmakers for the system of protection
to change. Whistleblowers from the #metoo movement,
Bibliography and References 8 WikiLeaks and technology data, sexual abuse in schools and
- Purpose of White Papers 8 churches, the elder care industry and the financial planning
- Author’s Biography 8 industry and subsequent Royal Commissions, in addition
to many other examples have helped change community,
About the Institute of Internal Auditors–Australia 9 regulators and lawmakers attitudes in Australia.
Copyright 9 New and significantly tougher whistleblowing laws for
Disclaimer 9 corporations in Australia officially came into effect on 1
July 2019 under the Treasury Laws Amendment (Enhancing
Background Whistleblower Protections) Bill 2019 (Cth) (Whistleblower Bill).
This Bill dramatically increased protections for whistleblowers
Purpose and increased the individual and organisational penalties for
not doing so, in the Corporations Act (2011) (Corporations Act).
The purpose of this white paper is to provide information and
guidance on how to effectively implement a whistleblowing Discussion
program which complies with the significant new legal and
regulatory changes in this area. Issue
Many organisations have a whistleblowing program in The issue to be discussed is:
place. There are many more organisations considering a
How can an organisation implement an effective
whistleblowing program which are keen to understand the
whistleblowing program?
implications, resources required, and cost to implement and
maintain. A whistleblowing program is a practical and invaluable tool for
managing disclosures in the workplace and is something that
How can an organisation implement and resource a
can be utilised by all organisations.
cost-effective whistleblowing program that is compliant with
the new legislative changes? Effectiveness of a whistleblowing program depends on
capturing necessary components that will ensure the quality
Background of the program.
Every organisation is exposed to risk and it is important for However, one size does not fit all organisations. This white
organisations to consider how best to address risk to protect paper aims to explain how whistleblowing can be useful to an
employees, clients and the organisation itself from costly and
organisation.
damaging exposure.

© 2020 - The Institute of Internal Auditors - Australia 2

 Whistleblowing Programs
Benefits
Despite its growth internationally, whistleblowing has been
poorly understood and, at times, subjected to bad publicity
in Australia because people have suffered as a result of
whistleblowing. It is fast becoming an essential tool for
organisations to tackle misconduct.
Benefits for organisations include:
› Complying with legal obligations in the Corporations
Act and Australian Securities and Investments
Commission (ASIC) Regulatory Guide (RG) 270 relating to
whistleblowing which now carry very significant fines for
non-compliance including individual fines up to $1million,
jail sentences up to 2 years and organisational fines up to
$525 million.
› Enhancing the ability to identify systematic and recurring
problems.
› Significant costs savings by offering early detection of
potential or actual wrongdoing.
› Allowing effective management of disclosures, reducing
misconduct and avoiding employees going public or to
external regulators.
› Presenting a further, and perhaps a final opportunity
to intervene in wrongdoing which may otherwise go
undetected – whistleblowing can still work when
regulatory monitoring and good governance fails.
› Promoting confidence and trust in organisational
leadership when they are prepared to go on record for
encouraging disclosures.
› Fostering organisational stability and productivity and
reducing possibility of reputational damage, litigation,
prosecutions and financial impact by acting on
information provided by whistleblowers.
› Empowering employees by giving them a path to disclose
wrongdoing.
› Protecting and enhancing an organisation’s reputation
which can be irrevocably damaged by a whistleblowing
issue covered by the media.
› Positively impacting on organisation culture –
whistleblowing calls out poor culture and practices and
offers an improvement opportunity.
Whistleblowing can also help meet an organisation’s
workplace safety and legal obligations to employees. Left
unchecked, misconduct or wrongdoing may in some cases
compromise and endanger wellbeing of employees.
Most people want misconduct exposed and addressed, but
not everyone feels safe reporting it. Most people will only
do so if they can feel safe from reprisals. A well-constructed
© 2020 - The Institute of Internal Auditors - Australia 3
whistleblowing program can provide a secure and safe
method to report misconduct, and to the whistleblower the
option of making a disclosure via an independent channel
while remaining anonymous.
A whistleblowing program should be managed by a selected
group of ‘Officers’ holding executive leadership positions,
with the senior executives or board of directors responsible
for assuming ownership under the scrutiny and control of
reporting and audits
The program should be subject to periodic independent
reviews and audits.
There are many facets to consider in designing a good
practice whistleblowing program that assures the unique
needs of an organisation are met.
Public Sector Legislation
Historically whistleblowing legislation in Australia has focused
on the public sector with the Federal and State Governments
enacting their respective disclosure legislation which are set
out below.
› Whistleblowers Protection Act 1993, South Australia
› Public Interest Disclosures Act 1994, New South Wales
› Whistleblowers Protection Act 1994, Queensland
› Public Interest Disclosures Act 2002, Tasmania
› Public Interest Disclosure Act 2003, Western Australia
› Public Interest Disclosure Act 2008, Northern Territory
› Public Interest Disclosure Act 2012, Australian Capital
Territory
› Protected Disclosure Act 2012, Victoria
› Public Interest Disclosure Act 2013, Commonwealth
The various state and commonwealth acts make a serious
attempt to address integrity and accountability in the public
sector in their respective jurisdictions, with the primary
objective being the provision of safe means to make
disclosures and protect whistleblowers. However, they are not
without their shortcomings. Critics note that:
› Reportable wrongdoing is ill-defined and differs between
jurisdictions.
› Anonymous complaints are not always protected.
› It is not clear who will be protected and how.
› Obligations on organisations differs and is unclear.
› Absence of an oversight agency responsible for
whistleblower protection.
 Whistleblowing Programs
Corporate Whistleblowing Legislation
The ‘Treasury Laws Amendment (Enhancing Whistleblower
Protections) Bill 2017’ was passed in 2019. The Bill amended
the Corporations Act and came into effect on 1 July 2019.
The new protections set a standard for whistleblower
protection going forward for all corporations in Australia. The
Corporations Act now requires that all public companies, large
proprietary companies, and proprietary companies that are
trustees of registrable superannuation entities must have a
whistleblower policy available to their officers and employees
by 1 January 2020. Among other things, requirements in the
Corporations Act:
› Enlarge the range of whistleblowers going so far as to
include a spouse or relative of any individual defined as
an eligible whistleblower.
› Allows whistleblowers to remain anonymous.
› Makes breaching the confidentiality of a whistleblower’s
identity an offence.
› Offers improved remedies to those who suffer damage
due to victimisation.
› Sets out tough penalties for individuals and organisations
for non-compliance.
The protections are aimed at encouraging and making
whistleblowing an acceptable and effective tool in tackling
wrongdoing and creating a more uniform whistleblowing
protection framework.
The law defines disclosable conduct in broad terms.
Among other things it includes ‘misconduct, or improper state
of affairs or circumstances relating to the company’.
This definition was made deliberately broad so as to capture
conduct that doesn’t necessarily break any laws but may be
viewed as unethical. The CommInsure scandal, which found
the Commonwealth Bank had not engaged in illegal conduct
but had nonetheless engaged in unethical conduct that
harmed consumers, was given as an example as the type of
conduct intended to be caught.
Specific types of disclosable conduct which are of particular
concern to an organisation and which are based on their
business operations and practices, may be captured and
stated by an organisation in their whistleblower policy.
ASIC Regulatory Guide 270
ASIC released its detailed and prescriptive Regulatory Guide
270 Whistleblower Policies (RG 270) in November 2019 which
is used by ASIC when auditing compliance.
RG 270 sets out the components a whistleblower policy must
include to comply with the law. These include:
› Types of matters covered by a policy.
© 2020 - The Institute of Internal Auditors - Australia 4
› Who can make and receive a disclosure.
› How to make a disclosure.
› Legal and practical protections for disclosers.
› Investigating a disclosure.
› Ensuring fair treatment of individuals mentioned in a
disclosure.
‘Robust and transparent whistleblower policies are essential to
achieving sound risk management and corporate governance,’
said ASIC Commissioner John Price in November 2019.
‘Whistleblower policies will influence behaviour and corporate
culture in positive ways – for example, by encouraging greater
disclosures of wrongdoing and by deterring people from doing
the wrong thing. They play a crucial role in achieving a more
fair and accountable corporate environment.’
RG 270 also provides good practice guidance to assist
companies develop and implement policies that are tailored to
their operations. Some of the key recommendations outlined
in RG 270 include the following:
a. Requirement to foster a whistleblowing culture
Under RG270.140 to RG270.143, ASIC says: “It is important for
an entity to create a positive and open environment where
employees feel they can come forward to make a disclosure.
A positive and open environment may also help eliminate
the negative connotations associated with whistleblowing.
An entity’s senior leadership team plays an important role in
demonstrating the entity’s commitment to its whistleblower
policy. They can demonstrate their commitment in practice by
ensuring:
i. disclosures are taken seriously and acted on immediately;
ii. wrongdoing is addressed promptly;
iii. disclosers are provided with adequate protections and
support; and
iv. early interventions are made to protect disclosers from
detriment.
An effective whistleblowing program needs to be built
around an organisation’s culture, work environment, unique
characteristics and needs. Legal requirements and standards
governing whistleblowing must also be met. A commitment
from the senior executives or the board of directors is essential
to win trust and commitment for a whistleblowing program.
b. Roles and responsibilities under a policy
Under RG 270.144 ASIC says “It is good practice for an entity to
allocate key roles and responsibilities under its whistleblower
policy. An entity could create new roles. Alternatively, the
responsibilities could be integrated into existing roles. Staff
members may hold more than one role, provided that this does
not result in conflicts of interest. For example, it is important
 Whistleblowing Programs
for an entity to enable its whistleblower protection officer and
whistleblower investigation officer (or equivalent), to exercise
independent judgement and have a mechanism through which
they can escalate problems directly to the entity’s board.”
c. Upfront and ongoing education and training
ASIC Good practice tip 15 says “Demonstrate the entity’s
commitment to the policy by promoting it actively and
regularly. We encourage an entity’s management to actively
and regularly promote the entity’s whistleblower policy. This
may help demonstrate the entity’s commitment to protect and
support disclosers, and to identify and address wrongdoing
promptly.” Under RG 270.131 ASIC says “An entity should
conduct upfront and ongoing education and training regarding
its whistleblower policy, processes and procedures. The
training should be provided to every employee.”
ASIC also outlines specific topics that should be covered in
training for all staff, and those with specific roles under the
whistleblower policy.
d. Ensuring the privacy and security of personal information
Under RG 270.147 ASIC says “It is good practice for an entity
to have appropriate information technology resources and
organisational measures for securing the personal information
they receive, handle and record as part of their whistleblower
policy. Due to the sensitivity of the information, any leaks
or unauthorised disclosure (including from malicious cyber
activity) may have adverse consequences for the disclosers,
the individuals who are the subject of disclosures and the
entity. It is important for the entity to consult the Australian
Privacy Principles and other relevant industry, government and
technology-specific standards, guidance and frameworks on
data security to help safeguard their information.”
e. Monitoring and reporting effectiveness of the policy
Under RG 270.150 ASIC says “It is important for an entity to
have mechanisms in place for monitoring the effectiveness of
its whistleblower policy and ensuring compliance with its legal
obligations. It is good practice for an entity to provide periodic
reports to the entity’s board or the audit or risk committee.
An entity could also monitor and measure its employees’
understanding of the entity’s whistleblower policy, processes
and procedures on a periodic basis. This may help the entity
to determine where there are gaps in their employees’
understanding. It may also help the entity to enhance and
improve its ongoing education, training and communication
about the policy.”
f. Reviewing and updating the policy
Under RG 270.158 ASIC says “It is good practice for an entity
to review its whistleblower policy, processes and procedures
on a periodic basis (e.g. every two years). It is also good
practice to rectify any issues identified in the review in a timely
manner.”
© 2020 - The Institute of Internal Auditors - Australia 5
In addition to the release of RG 270, ASIC granted relief to
public companies that are not‑for‑profits or charities with
annual revenue of less than $1 million from the requirement
to have a whistleblower policy. All companies are however
bound by the whistleblower protections in the Corporations
Act from 1 July 2019, regardless of whether they are required
to have a whistleblower policy.
Roles and Responsibilities
Role of internal auditors
Internal auditors are now ‘eligible recipients’ under the
Corporations Act and whistleblowers may disclose a
whistleblower matter to an internal auditor or external auditor,
including a member of an audit team conducting an audit. As
a result, internal auditors need to understand their obligations
when receiving a whistleblowing disclosure to ensure they do
not breach personal or corporate obligations.
Internal auditors have two clear roles they can play. One is
optional and the other is not.
One imposes a legal obligation to receive disclosures made
to them under the law. This role is not optional. Auditors must,
in the first instance, receive a disclosure if it is made to them
while performing an audit for a client, whether it be made
openly or anonymously.
The reason is simple; the law appoints auditors as eligible
recipients or persons to whom a disclosure may be made. The
law does not require auditors to carry out a role beyond that
unless they wish or are required by the organisation to do
so. They merely have to ensure the disclosure made to and
received by them is forwarded to a person legally authorised
to deal with the disclosure in accordance with the legislation.
Auditors must however receive the whistlelbower’s consent
to forward on a report to the next appropriate person at the
organisation. If the auditor does not receive consent from the
whistleblower they may face criminal and civil penalties.
To comply with this and any other extended obligation
imposed on them, auditors need to receive a sufficient level of
training.
Another role which auditors are best placed to deliver is that
of ‘auditing’ the organisation’s whistleblowing framework to
check for and ensure compliance with the law.
This role is optional. Miss this opportunity and the organisation
misses the benefit of the sharp mind of auditors attuned to
compliance.
The law is more than substantially prescriptive. Hefty
penalties, including jail, may follow non-compliance with this
new and technical whistleblowing framework. An audit (the
new law calls it a review) of past disclosures offers assurance
of compliance, an opportunity to detect breaches, and for the
audit to make recommendations for improvement.
 Whistleblowing Programs
An audit should examine procedures concerning such as:
› Receipt of disclosures.
› Acknowledging and recording disclosures.
› Secure storage of information and communications.
› Confidential and private communications.
› Authorisation and accessibility of information.
› Legal processes carried out within required timeframe.
Who more capable than an auditor to monitor and assure
effectiveness of an organisation’s whistleblower policy and
framework for legal compliance.
Internal auditors also have a role in supporting a successful
whistleblowing program, including:
› Providing independent and objective monitoring and
testing.
› Providing assurance to the board of directors and
management the program meets good practice.
› Conducting risk assessments.
› Establishing internal controls to mitigate risks.
› Triaging significant issues with the benefit of their
thoughts and suggestions.
› In some cases, receiving disclosures.
› Liaising with the risk management team.
› Understanding and interpreting misconduct trends.
› Providing regular reports to the board of directors.
Role of whistleblower protection officer
Whistleblowers often need support and protection in what can
be a traumatic and confronting experience.
A whistleblower protection officer is appointed by an
organisation for that purpose; to support and protect a
whistleblower, if necessary, from detrimental action. A person
from within or external to the organisation may be appointed.
This role should enlighten the whistleblower of critical
information contained in the organisation whistleblower policy
about the protections available to them, including protections
under the Corporations Act.
They play a critical role in:
› Making the whistleblower aware of support and
protection available including identity protection
(anonymity and confidentiality) if they have asked to
remain anonymous.
› Fostering a supportive work environment.
© 2020 - The Institute of Internal Auditors - Australia 6
› Making an immediate assessment of the welfare and
protection needs of a whistleblower
› Remaining alert to any intimidation or detrimental acts of
omissions and taking appropriate action if need be
› Informing the whistleblower how the organisation will
deal with intimidation, victimisation or detrimental action.
Among other things a whistleblower protection officer needs
to be:
› Trustworthy.
› Impartial (independent from the allegations raised in the
whistleblower’s report).
› Capable of building rapport and confidence with others.
› Discreet.
› Capable of addressing concerns or reports of intimidation
or victimisation.
A whistleblower protection officer should be given direct
access to human resources and legal advisors. Where
necessary in serious matters, they should have direct access
to the audit committee, chief executive officer or other senior
executive.
Role of investigator
Disclosures that qualify for protection are usually investigated
to determine whether the disclosure is proven or not, and
accordingly decide an appropriate response.
An investigation should be carried out by an investigator
appointed under the whistleblower policy and in the manner
set out in the policy; by law the policy must outline key steps
of the investigation process.
To be sure, the investigator should, in the first instance, satisfy
themselves the ‘disclosure’ qualifies as a protected disclosure
as a pre-requisite to the investigation.
In accordance with good practice tips provided by ASIC, an
investigation should focus on the substance, rather than the
motive, of disclosures and ensure the investigation follows
good practice and good governance. The investigator must
ensure confidentiality requirements under the Corporations
Act are met during the investigation or they may face criminal
and civil penalties.
The organisation should provide an avenue for review of the
investigation should a party to the disclosure challenge the
findings.
Role of employees
Employees are key players in a whistleblowing program, with
a key role to:
› Keep on the alert for misconduct.
 Whistleblowing Programs

› Report known or suspected misconduct. Conclusion

› Be an active bystander and do not let bad behaviour go Summary
unreported. Providing a way for people to disclose misconduct is a positive
› Support whistleblowers. incentive to those who want to do the right thing. It can also be
a strong deterrent for potential wrongdoers.
› Avoid doing anything which could be seen as intimidation
or victimisation. Establishing a whistleblowing program can send a powerful
message demonstrating an organisation’s commitment
› Keep confidential the identity of anyone they know or to ethical behaviour and in compliance with relevant law.
suspect of having made a disclosure. Observing and maintaining the program is confirmation of
Role of external and anonymous reporting providers an organisation’s determination to conduct its business with
integrity and respect.
It is appropriate to encourage employees to use internal
whistleblower processes in the first instance because it:
Conclusion
› Promotes and strengthens efficient use of organisation There are many facets to a whistleblowing program which are
resources. of equal value and importance.
› Encourages ownership and early resolution of issues.
Ignoring or compromising components of a whistleblowing
› Can avoid adverse publicity. program may compromise the program. Periodic review
and audit is important to assure effectiveness, integrity and
› Builds confidence and trust in the organisation and the
reliability of a whistleblowing program is maintained.
whistleblowing process.
However, provision should also be made for anyone who does
not feel comfortable or safe in making a disclosure openly
and to do so using an optional process which allows the
whistleblower to remain anonymous and feel safe.
Providing an alternative channel sends a positive message to
potential whistleblowers their disclosure is valued and they
should not be deterred by barriers such as fear of retaliation.
The integrity and viability of a whistleblowing program will be
strengthened if an alternative avenue for making disclosures
is available.
Elements of a good practice external whistleblowing service
includes:
› True independence.
› Confidentiality.
› Impartiality.
› Security.
› Whistleblower-focused.
› Modern reporting tools.
› Expert team to manage whistleblower disclosures.

© 2020 - The Institute of Internal Auditors - Australia 7

 Whistleblowing Programs

Bibliography and References Author’s Biography

https://www.whistleblowing.com.au/#download-checklist Written by:

http://www.whistlingwhiletheywork.edu.au Dominic Lallo
https://www.aph.gov.au/Parliamentary_Business/Bills_ BJuris LLB
LEGislation/Bills_Search_Results/Result?bId=s1120 Dominic is Senior Legal Counsel at LS Partners Workplace
https://asic.gov.au/about-asic/asic-investigations-and- Behaviour Consulting Services which specialises in workplace
enforcement/whistleblowing/guidance-for-whistleblowers/ behaviour matters. He is a lawyer with over 30 years of
https://www.ombo.nsw.gov.au/complaints/Complaint-handling- experience. Dominic has practiced extensively in workplace
resources behaviour including bullying, harassment, sexual harassment,
https://www.iia.org.uk/resources/ethics-values-and- workplace violence, victimisation, discrimination and the
culture/whistleblowing/position-paper-internal-audit-and- impact of such behaviours on employers. He has worked
whistleblowing/ for major insurers, private and government organisations,
defendant and plaintiff legal firms. He is considered an expert
https://global.theiia.org/knowledge/Public%20Documents/TaT- in developing proactive approaches in the management and
Sept-Oct-2015.pdf prevention of inappropriate behaviour.
https://www.iia.nl/SiteFiles/Nieuws/Whistleblowing_Not_
Childs_Play_For_Internal_Auditors_2014-05-19.pdf Nathan Luker

http://www.whistlingwhiletheywork.edu.au/wp-content/ Nathan is General Manager of Your Call Whistleblowing

uploads/2020/01/Clean-as-a-whistle-Key-findings-and-actions-
WWTW2-December-2019.pdf
https://asic.gov.au/regulatory-resources/find-a-document/
regulatory-guides/rg-270-whistleblower-policies/
Purpose of White Papers
A White Paper is a report authored and peer reviewed by
experienced practitioners to provide guidance on a particular
subject related to governance, risk management or control. It
seeks to inform readers about an issue and present ideas and
options on how it might be managed. It does not necessarily
represent the position or philosophy of the Institute of Internal
Auditors–Global and the Institute of Internal Auditors–
Australia.
Solutions and has assisted numerous leaders to establish
modern external whistleblowing programs at their
organisations. Clients include federal and state government
agencies, not-for-profit organisations, education providers and
multinational corporations.
This White Paper was edited by:
Andrew Cox
MBA, MEC, GradDipSc, GradCertPA, DipBusAdmin,
DipPubAdmin, AssDipAcctg, CertSQM, PFIIA, CIA, CISA, CFE,
CGAP, CSQA, MACS Snr, MRMIA
Stephen Horne
BBus, GradCertMgtComm, GradCertFraudControl,
CertPublicAdmin, PFIIA, FGIA, CIA, GAICD, CGAP, CRMA,
MIPAA
Sally McDow
LLB, MBa, GAICD

© 2020 - The Institute of Internal Auditors - Australia 8

 Whistleblowing Programs
About the Institute of Internal Auditors–Australia
The Institute of Internal Auditors (IIA) is the global professional
association for Internal Auditors, with global headquarters in
the USA and affiliated Institutes and Chapters throughout the
world including Australia.
As the chief advocate of the Internal Audit profession, the IIA
serves as the profession’s international standard-setter, sole
provider of globally accepted internal auditing certifications,
and principal researcher and educator.
The IIA sets the bar for Internal Audit integrity and
professionalism around the world with its ‘International
Professional Practices Framework’ (IPPF), a collection of
guidance that includes the ‘International Standards for the
Professional Practice of Internal Auditing’ and the ‘Code of
Ethics’.
IIA–Australia ensures its members and the profession as
a whole are well-represented with decision-makers and
influencers, and is extensively represented on a number of
global committees and prominent working groups in Australia
and internationally.
The IIA was established in 1941 and now has more than
200,000 members from 190 countries with hundreds of local
area Chapters. Generally, members work in internal auditing,
risk management, governance, internal control, information
technology audit, education, and security.
© 2020 - The Institute of Internal Auditors - Australia 9
Copyright
This White Paper contains a variety of copyright material.
Some of this is the intellectual property of the author, some
is owned by the Institute of Internal Auditors–Global or the
Institute of Internal Auditors–Australia. Some material is
owned by others which is shown through attribution and
referencing. Some material is in the public domain. Except
for material which is unambiguously and unarguably in
the public domain, only material owned by the Institute of
Internal Auditors–Global and the Institute of Internal Auditors–
Australia, and so indicated, may be copied, provided that
textual and graphical content are not altered and the source
is acknowledged. The Institute of Internal Auditors–Australia
reserves the right to revoke that permission at any time.
Permission is not given for any commercial use or sale of the
material.
Disclaimer
Whilst the Institute of Internal Auditors–Australia has
attempted to ensure the information in this White Paper is
as accurate as possible, the information is for personal and
educational use only, and is provided in good faith without
any express or implied warranty. There is no guarantee given
to the accuracy or currency of information contained in this
White Paper. The Institute of Internal Auditors–Australia does
not accept responsibility for any loss or damage occasioned
by use of the information contained in this White Paper.