There are many situations with different areas of gray on this. I have had experience with two. One company I was a DBA in - they were running around 600 illegal copies of this very popular software. I knew if I reported it there would be an audit in no time. They also treated lot of people badly - many times over lunch or coffee we would discuss reporting the issue for audit. They would know that someone who worked there did it, for sure and many people were not sure what that would do to their jobs. Long story short, I quit and someone else reported the matter. But guess what, they hired a CIO who knew some top brass in the software company and the matter went completely unnoticed. The poor guy who was reported got a bad review for no reason and was forced to quit. In the second story the company had falsified books of account. One for Uncle Sam, one genuine. As DBA I had no access or knowledge of this but someone who worked in accounting did. He reported the matter anonymously (I dont know how) and they had an IRS audit which they..PASSED. Nobody knew what happened to the 'bad books' except that the guy lost his job soon after.

If I saw someoone in a bad situation like some of those described yes to me it would be something I had to report. But in corporate situations and those with gray areas I'd rather watch my back.