Internal Investigations: The Basics

Internal investigations must uncover the truth about misconduct or fraud without damaging innocent employees. Here are the basics of how to plan and conduct a successful internal investigation.

. What's this?

By

January 25, 2010CSO

Internal investigations are a vital part of a security program. It's a serious matter when an employee is alleged to be violating company rules. So-called 'insider threats' can cause as much damage as thieves outside. These threats come in many different forms, including:

Internal Investigations Bookshelf

Principles of Fraud Examination
By Joseph Wells (Wiley, 2004)


Investigations in the Workplace
By Eugene Ferraro (Auerbach, 2005)


The Essential Guide to Workplace Investigations: How to Handle Employee Complaints & Problems
By Lisa Geurin J.D. (NOLO, 2007)

  • Accounting fraud
  • Outright theft of physical assets
  • Unauthorized access, to manipulate data or to sell it
  • Threats, sexual harrassment or other inappropriate forms of behavior or communication
  • and more.

Internal investigations aim to uncover the truth about alleged misconduct within the organization. But a good internal investigation must do so without compromising the relationship with innocent employees or unnecessarily damaging anyone's reputation. That calls for good planning, consistent execution, analytical skill, sensitivity, and a solid grasp of the legalities involved.

Typical elements of an investigation include collection and examination of written or recorded evidence, interviews with suspects and witnesses, and computer and network forensics. It may also require consultation with managers, human resources and legal personnel, and potentially also law enforcement. The exact players and actions will be ONLY those dictated as necessary by the particular case at hand.

Here is a primer covering the basics of internal investigations, compiled from expert advice in CSOonline articles. You will find links throughout pointing to more detailed information.


Q: What planning steps should be undertaken at the outset of an internal investigation?

A: Attorney John Thompson notes that investigations are often lead by personnel other than security. (In fact, Thompson has written a series of books to provide specific direction to various constituencies: audit, IT, facilities/building management, Human Resources, and so on.) He offers the following fundamental to-do list in planning and executing an internal investigation.

Have clear policies. A policy is helpful in several regards. It should dictate the appropriate personnel and procedures for internal investigations at your organization. A clearly written policy will help your arrive at a successful and correct outcome, avoid common blunders, ensure that proper documentation is kept (see next point), and keep your company out of legal hot water.

Document your work. This includes documenting your compliance with your own policies. In the event that, for example, the subject of the investigation files a lawsuit against your company, you will need to demonstrate to a judge's satisfaction that you behaved responsibly and legally throughout.

Another key document is a confirmatory memorandum. You may determine this is necessary, frequently the case when a verbal complaint or accusation is made. A confirmatory memorandum clarifies the scope of the investigation for all parties involved, including the complainant.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER