Internal investigations are a reality for all businesses, no matter the industry or size. And if your company has not been forced to conduct one yet, it is only a matter of time.
Even if you already have a comprehensive compliance program in place and regular, top-notch business ethics training, there is no way to absolutely prevent certain types of misconduct -- or the allegations of misconduct -- from occurring.
These claims can surface from a number of sources, including a direct complaint by an employee, observations of inappropriate behavior by a supervisor, or even direct charges made by a government agency. Some of the more common issues that lead to internal investigations, include:
When done properly, investigations can prove to be a critical part of your organization's security program, and depending on the nature of the alleged misconduct, can even be required by law.
Are you concerned that unethical employee behavior may be hurting your business and your budget? Read: 6 Ways to Prevent Misconduct in the Workplace.
According to a 2016 report produced by the Association of Certified Fraud Examiners (ACFE), reports of fraud are most frequently made via tips from employees, and companies with fraud hotlines in place were nearly 20 percent more likely to receive these tips.
Similarly, businesses with specific anti-fraud controls in place that participated in the survey could expect fraud losses that were up to 54 percent lower and detected up to 50 percent more quickly.
By establishing clear reporting mechanisms and being proactive in your detection efforts, you can respond to issues as they arise and potentially prevent smaller problems from becoming larger ones.
One of the wisest decisions you can make with regards to your internal investigations is to outline processes and procedures before you are in a crisis. Evaluate the unique risks that your business faces (e.g., embezzlement, unauthorized access of medical information) and draft plans for each category.
These plans should offer guidance on how to:
You should also put in place policies that establish clear rules regarding how, when, and with whom information should be shared throughout the investigation.
You should also define the size and makeup of your investigative teams, securing the appropriate skill sets for each type of inquiry. Draft clear guidelines for constructing an ad hoc investigative group, but you should also consider establishing set teams to handle most common issues.
At minimum, you want to have at least three pre-assembled teams:
Routinely, these investigators are pulled from the organization's human resources, accounting, compliance, ethics and security departments. You should also include any legal counsel and subject matter experts that your company may have access to -- whether in-house or under contract.
Reevaluate your current data management policies, particularly those focused on long-term record keeping and disposal. One of the key elements of any inquest is having access to the necessary documents, and if your business is not already capturing and storing these records, your investigations will prove to be more challenging.
Whether your investigation is focused on internal policy violations or federal law, it is crucial that you carefully balance efficiency with quality and thoroughness. During an inquiry, you will need to act quickly, but you also must carefully plan out each phase.
In our next post, we'll discuss a number of best practices focused on the actual investigation. However, if you would like to better prepare yourself and your business to more effectively carry out a corporate investigation, we recommend that you watch our Internal Investigations Best Practices Webinar.
We're sorry this resource is no longer available, we've redirected you to our Resource center.