The authors break their analysis down into two components, which I believe relate to the compliance context. The first is to understand what would drive an employee to go outside the internal reporting process? It is usually due to what the employee feels is a sense of betrayal. That is the employee has made a compliant in good faith but either nothing happens or nothing seems to happen. After the internal compliant has been initiated it must be triaged based on its severity. Just as a battlefield or hospital triage, the more serious a complaint, the quicker it should be investigated and resolved.
The Financial Services Authority recently published “CP11/12: Financial crime: a guide for firms“ seeking views on the FSA proposal for a new regulatory guide, Financial Crime: a guide for firms including bribery and corruption.