Internal Investigations: The Basics

Internal investigations must uncover the truth about misconduct or fraud without damaging innocent employees. Here are the basics of how to plan and conduct a successful internal investigation.

By

CSO

Internal investigations are a vital part of a security program. It's a serious matter when an employee is alleged to be violating company rules. So-called 'insider threats' can cause as much damage as thieves outside. These threats come in many different forms, including:

More on effective internal investigations!

  • Accounting fraud
  • Outright theft of physical assets
  • Unauthorized access, to manipulate data or to sell it
  • Threats, sexual harrassment or other inappropriate forms of behavior or communication
  • and more.

Internal investigations aim to uncover the truth about alleged misconduct within the organization. But a good internal investigation must do so without compromising the relationship with innocent employees or unnecessarily damaging anyone's reputation. That calls for good planning, consistent execution, analytical skill, sensitivity, and a solid grasp of the legalities involved.

Typical elements of an investigation include collection and examination of written or recorded evidence, interviews with suspects and witnesses, and computer and network forensics. It may also require consultation with managers, human resources and legal personnel, and potentially also law enforcement. The exact players and actions will be ONLY those dictated as necessary by the particular case at hand.

Here is a primer covering the basics of internal investigations, compiled from expert advice in CSOonline articles. You will find links throughout pointing to more detailed information.

[Last updated 7/6/2012]


Q: What planning steps should be undertaken at the outset of an internal investigation?

A: Attorney John Thompson notes that investigations are often lead by personnel other than security. (In fact, Thompson has written a series of books to provide specific direction to various constituencies: audit, IT, facilities/building management, Human Resources, and so on.) He offers the following fundamental to-do list in planning and executing an internal investigation.

Have clear policies. A policy is helpful in several regards. It should dictate the appropriate personnel and procedures for internal investigations at your organization. A clearly written policy will help your arrive at a successful and correct outcome, avoid common blunders, ensure that proper documentation is kept (see next point), and keep your company out of legal hot water.

Document your work. This includes documenting your compliance with your own policies. In the event that, for example, the subject of the investigation files a lawsuit against your company, you will need to demonstrate to a judge's satisfaction that you behaved responsibly and legally throughout.

Another key document is a confirmatory memorandum. You may determine this is necessary, frequently the case when a verbal complaint or accusation is made. A confirmatory memorandum clarifies the scope of the investigation for all parties involved, including the complainant.

Minimize witness intimidation. "Certain witnesses to the investigation might feel intimidated by the alleged wrongdoer, even by the simple fact that the alleged wrongdoer is in the workplace. Even worse, the alleged wrongdoer (and even the complainant) might intimidate, harass, or retaliate against witnesses in an attempt to influence the outcome of the investigation," Thompson writes. Keeping the investigation confidential is one step. Extreme circumstances might require removing the suspect from the workplace via paid suspension.

Form an interview team and divide duties. Interviewing suspects one-on-one, unless recorded, can create an opportunity for a plaintiff to challenge the interviewer's notes or recollection. In a team interview, one person may ask questions while the other takes notes and records observations.

Establish the time frame for the investigation. Quick and appropriate action can help head off future legal challenges and also minimize negative impact on morale.


[Learn how to build a holistic program for protecting your organization's intellectual property. Download CSO's exclusive Ultimate Guide to Intellectual Property Protection - an 11pp PDF with frontline advice from real security leaders (free CSO Insider registration required)]


Collect documents and evidence. Thompson's list of things to consider obtaining includes: personnel files, telephone records, expense account records, computerized personnel information, appointment calendars, time cards, building entrance/exit records, computer/word processing disks and hard drive, e-mail records and voice mail records.

Consider the need for special investigative techniques. These are almost always investigative techniques that have a high legal risk and never should be discussed or implemented without legal counsel. In fact, many of these techniques should require high-level approval before they may be utilized, including the following: internal audit, physical investigation (fingerprint, handwriting, voice analysis), physical surveillance, polygraphs, searches of organization or private property, and electronic monitoring or surveillance.

For each interview, you should prepare opening and closing remarks and a set of questions. This does not preclude asking followup questions during the interview. However, it will increase the precision of your communication to the interviewee and improve the quality of information you are able to obtain. These question lists should be retained with your case documentation after the interviews are completed, along with the notes or recordings of the interviews themselves.

Written statements. "Written statements minimize the opportunity for interviewees to dispute the investigators recollection of the interview or change their story. Statements also are a highly persuasive form of evidence," writes Thompson.


RESOURCE CENTER