Independent Ethical Audit & Whistleblower Protection
This criterion assesses the organization's commitment to ethical conduct and integrity through independent ethical audits and whistleblower protection mechanisms. It evaluates the implementation of robust systems that enable the identification, reporting, and resolution of ethical breaches, conflicts of interest, and violations of professional standards. The audit must be conducted by an independent, qualified third party focusing on ethical conduct, conflict of interest management, and adherence to the organization's code of conduct and relevant Islamic principles. Whistleblower protection policies must encourage reporting without fear of reprisal, providing confidential channels for raising concerns. This includes the establishment of clear reporting procedures, thorough investigations, and appropriate corrective actions. The criterion examines the frequency and scope of ethical audits, the effectiveness of whistleblower protection mechanisms, and the demonstrable impact of these measures on fostering a culture of ethical behavior and accountability within the organization. The system operationalizes Hisbah through Nasiha (sincere counsel) and Muhasabah (accountability), ensuring verification and fairness (per Qur’an 49:6 and principles of la darar wa la dirar) while protecting whistleblowers from harm. This aligns with Qur’an 16:90, emphasizing the dual imperative of justice and excellence in conduct and oversight. It specifically integrates UK Public Interest Disclosure Act (PIDA) standards, Charity Commission Serious Incident Reporting (SIR) protocols, and UK GDPR controls to ensure regulatory compliance alongside spiritual excellence.
| Metric | Balanced Ethical Scorecard |
|---|---|
| Target | See Description |
| Frequency | Quarterly |
| Method | Composite score of Timeliness, Quality, Protection, and Trust metrics |
| Unit | Scorecard |
Level 1: Initial/Ad-hoc
Foundational: Basic policies related to ethical conduct are being developed. An informal mechanism may exist for raising concerns, but there is no formal whistleblower protection policy or independent ethical audit process.
Level 2: Developing
Developing: Formal, board-approved policies for a code of conduct and whistleblower protection are documented. A defined internal process exists for handling ethical complaints, but it lacks independent oversight or clear PIDA distinction. Independent ethical audits are not yet conducted.
Level 3: Established
Established: A formal, confidential whistleblower protection system is fully implemented, distinguishing protected disclosures. An independent ethical audit is conducted periodically (e.g., every 2-3 years) by a qualified third party. Investigations are structured, and SIR triggers are defined. Basic KPIs tracked.
Level 4: Advanced
Managed & Integrated: Independent ethical audits are conducted regularly (e.g., annually or biennially) with a comprehensive scope. Findings are systematically analyzed. SIR triggers and GDPR controls (DPIA) are fully operational. Role-based training is effective. Balanced scorecard metrics are reported to the Board.
Level 5: Optimizing
Optimizing & Leading: The ethical audit and whistleblower systems are fully integrated into governance. Trend analysis and predictive insights are used. A culture of 'Nasiha' is evident, supported by an Islamic Ethics Checklist in investigations. ISO 37002-aligned system externally reviewed. Trust metrics are high.
Organisation Types
By Organisation Size
| Size | Applicability | Notes |
|---|---|---|
| Micro | partial | Independent audits are disproportionate; applies partially for basic code of conduct and internal whistleblower policy only. |
| Small | partial | Scaled down per proportionality clause: biennial independent reviews and annual self-assessments instead of annual independent audits. |
| Medium | partial | Scaled down per proportionality clause (<£1m income): biennial independent reviews and annual self-assessments. |
| Large | full | Exceeds £1m income threshold; requires full annual independent ethical audits. |
| Major | full | Exceeds £1m income threshold; requires full annual independent ethical audits. |
Applicable When
- The organization provides fiduciary or professional services.
- The organization manages client funds or assets.
- The organization is subject to regulatory oversight regarding ethical conduct.
Not Applicable When
- For small entities (<£1m income or <20 staff), allow proportionate measures: biennial independent review plus annual internal self-assessment, shared third-party hotline, and template policies, provided core protections and ARC reporting are maintained.
Related Criteria
Discussion (1)
📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json
Sign in to post a comment.