Independent Ethical Audit & Whistleblower Protection
This criterion assesses the organization's commitment to ethical conduct and integrity through independent ethical audits and whistleblower protection mechanisms. It evaluates the implementation of robust systems that enable the identification, reporting, and resolution of ethical breaches, conflicts of interest, and violations of professional standards. The audit must be conducted by an independent, qualified third party focusing on ethical conduct, conflict of interest management, and adherence to the organization's code of conduct and relevant Islamic principles. Whistleblower protection policies must encourage reporting without fear of reprisal, providing confidential channels for raising concerns. This includes the establishment of clear reporting procedures, thorough investigations, and appropriate corrective actions. The criterion examines the frequency and scope of ethical audits, the effectiveness of whistleblower protection mechanisms, and the demonstrable impact of these measures on fostering a culture of ethical behavior and accountability within the organization. The system operationalizes Hisbah through Nasiha (sincere counsel) and Muhasabah (accountability), ensuring verification and fairness (per Qur’an 49:6 and principles of la darar wa la dirar) while protecting whistleblowers from harm. This aligns with Qur’an 16:90, emphasizing the dual imperative of justice and excellence in conduct and oversight. It specifically integrates UK Public Interest Disclosure Act (PIDA) standards, Charity Commission Serious Incident Reporting (SIR) protocols, and UK GDPR controls to ensure regulatory compliance alongside spiritual excellence.
- Does the organization have formal, board-approved policies for both a code of ethical conduct and whistleblower protection, and do they distinguish between PIDA disclosures and grievances?
- Describe the channels available for whistleblowers to report concerns confidentially and the mechanisms in place to protect them from any form of reprisal.
- Has the organization conducted an independent ethical audit by a qualified third party? If so, what was the scope, frequency, and who oversees the process?
- How are the findings from ethical audits and whistleblower investigations documented, tracked in a CAPA register, and used to implement corrective actions?
- How does the organization measure the effectiveness of its ethical compliance (e.g., balanced scorecard, trust surveys) and demonstrate positive impact?
- How is retaliation prevented, monitored, and remedied? What SLAs exist for triage, investigation, and closure?
- Which regulators or authorities are notified for serious incidents (e.g., Charity Commission SIR, FCA/PRA), and is there a documented trigger matrix and timeline?
- How is the independence of the ethical auditor and investigators assured (conflict checks, rotation, mandatory recusal rules, external investigator triggers)?
- Are UK GDPR controls for whistleblowing (DPIA, lawful basis, DSAR redaction) fully documented and operational?
- Board-approved Code of Conduct/Ethics Policy.
- Board-approved Whistleblower Protection Policy with PIDA distinction and triage decision-tree.
- Communication records and role-based training materials related to ethics and whistleblowing.
- The full, unredacted report from the most recent independent ethical audit.
- Minutes of meetings (e.g., Board, Audit & Risk Committee) showing quarterly review of ethical scorecard and SIR filings.
- Documented investigation process, Islamic Ethics Checklist usage, and anonymized log of cases.
- CAPA register showing tracking of actions to closure.
- Whistleblowing DPIA and lawful-basis register.
- Reports or surveys measuring employee trust in the system.
| Level | Rating | Description |
|---|---|---|
| 5 | 5/5 | Comprehensive independent ethical audits and robust whistleblower protection mechanisms are fully implemented. Balanced scorecard metrics (timeliness, quality, protection, trust) are tracked. Islamic ethics checklist is used in investigations. Culture of Nasiha is evident. |
| 4 | 4/5 | Well-established ethical audit and whistleblower protection programs with minor areas for improvement. SIR triggers and GDPR controls are documented. Role-based training is in place. |
| 3 | 3/5 | Basic ethical audit and whistleblower protection programs are in place. Policy distinguishes PIDA vs Grievance. Independent audit occurs at least every 3 years. Basic non-retaliation policy exists. |
| 2 | 2/5 | Limited ethical audit and whistleblower protection mechanisms are present. Ad-hoc reporting channels exist but lack independence or formal triage. Significant areas for improvement in confidentiality and investigation rigor. |
| 1 | 1/5 | No independent ethical audits or whistleblower protection mechanisms are in place, indicating a significant lack of ethical oversight. |
Related Criteria
Discussion (1)
📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json
Sign in to post a comment.