Since I posted my article on auditor’s conundrum a week ago on LinkedIn, I received many comments – from consultants, auditors and attorneys. Here is a summary of their comments:
Many consultants are concerned with breaching the confidentiality agreement with the client – even in the face of a continuing criminal act. They seem to think that very bad things will happen to them and the criminal client will sue them. Some are concerned that word will get out and no one will hire them again. Here is my take: First of all, the client is not likely to sue the auditor for breach of confidentiality. Why? Because the client will have to show damages in court as a result of the breach. And there is NO damage. Now, if the auditor had disclosed proprietary information about the the client’s manufacturing process to his competitors, there would be damages. But in the case of notifying authorities of an on-going criminal act, where is the damage to the client? A thief cannot sue his friend for turning him in even if he swears him to secrecy.
As to the concern about the auditor’s reputation for breaching the confidentiality agreement, my take is that the auditor will have a better reputation as a result of stopping an on-going criminal act and protecting the general public. If a company is hesitant about hiring such an auditor who would stop a criminal act, you would not want such company as a client anyway.
The downside of NOT reporting an on-going criminal act (dumping of toxic wastes) for the auditor is great. What do you think the injured parties (people who end up drinking the contaminated water) will do to the auditor? Here is an environmental professional under contract with a client who is dumping toxic wastes and he fails to take action to stop the client. They are going to think the criminal act was done with a wink and a nod from the auditor.
Here is what the auditor should do: As soon as he discovers the illegal activity, he must tell the client to stop immediately. And if the client refuses, he should notify the authority to protect the general public regardless of the confidentiality agreement. At the same time, he should sever his relationship with the client immediately in order to protect himself from possible future action by the injured parties. The underlying reason for the auditor’s action is IMMINENT HARM to the general public.
Some have suggested that the confidentiality clause should include language that reads “except as required by law”. I would expand it to read “except as required by law or in the event of imminent harm to the general public.”
For those who are Professional Engineers, the incident as described in my article would require them to report to the authorities immediately. The overriding duty of a PE is to protect the general public. That duty overrides the confidentiality clause in the face of imminent danger to the public.
A classic example: A PE is hired by a building owner to inspect a building for structural integrity. The owner swears the PE to secrecy. PE discovers that the building is structurally unsound and may collapse any time. The owner proceeds to sell the building even with that knowledge. The PE now has the ethical duty to stop the sale by notifying authorities. Failure to do so may cost him his license and subject him to countless lawsuits by people injured by the collapsed building.