How to Mitigate Risk and Liability
When allegations of misconduct are raised, leadership should quickly turn its attention to an internal investigation. Depending on the nature of the supposed wrongdoing, the matter may need to be investigated quickly. But a haphazard investigation won’t do. Jeffrey Klink offers seven steps to a successful investigation.
Businesses regularly confront allegations of internal misconduct. These allegations can involve breaches of the law or the business’s policies or procedures. Successfully navigating the potential pitfalls of internal investigations is essential to protect your brand and important assets, as well as to avoid the risk of having to deal with additional problems resulting from adverse media coverage. This article outlines seven steps that will assist corporate counsel, owners and others in managing and mitigating internal misconduct allegations.
Many professionals like to make internal investigations confusing. But the reality is that there are basic steps that can be taken to determine if a misconduct allegation has merit and if a comprehensive investigation is required. The first step is determining whether an allegation has merit; if it does, then some or all the next steps may be required. Step two is assigning a case supervisor and other professionals to conduct the investigation. Steps three to seven are: (3) obtain and review all pertinent data and documents; (4) conduct discreet background research on significant parties and subject(s); (5) interview knowledgeable persons; (6) interview subject(s); and (7) assess which internal controls and procedures can be improved to avoid future problems.
The investigative plan should be thoughtful and sequential. Thoughtful fact-finding during the early steps of the investigation may show that those suspected of misconduct are not culpable of any wrongdoing. This can save you time and valuable resources and at the same time protect an employee’s reputation.
Being discreet is critical; the general rule is this: people you tell not to talk about things will absolutely talk about things. Rumors fly fast, and they can disrupt an organization’s employee morale and productivity.
Limit the sharing of information, especially at the beginning of any investigation, and know that many internal investigations go wrong almost from the start when interviews take place before the facts are understood. Internal investigations sometimes require almost Job-like patience to succeed.
Confronting someone suspected of wrongdoing too early in the investigation can provide the suspect or suspects with critical knowledge and time sufficient for the suspect to destroy, alter or change evidence. It can also provide the suspect with enough knowledge to notify others involved who can then cover their tracks.
If an employee has been engaged in a fraudulent scheme lasting two years or longer, try to allow enough time to unravel what has taken so much time to perpetrate. Do not confront a suspect employee without doing your homework first.
There are common themes in misconduct, too: Monetary losses in fraud are typically larger than suspected, the fraud almost always has been going on for a much longer period than suspected and, often, more employees or other third parties are involved.
In fraud matters where material funds are at issue, determine whether your organization has fidelity insurance available to cover losses attributable to crime and misconduct. If so, make a timely notice of a possible claim.
Here are the seven steps to follow:
Step 1: Does the allegation have merit?
Carefully analyze the facts and the person or persons reporting the misconduct. If the allegations are specific and the reporter has no stake in the outcome, then there is a likelihood that the allegations have merit.
In many instances, determining the merit of a misconduct allegation can be very difficult, especially if the allegation is anonymous. Anonymous claims of misconduct seldom include (but may contain some) truth. In some instances, information may be fabricated or concealed if the reporter of the misconduct has a vendetta.
Step 2: Assign a supervising investigator and deploy appropriate resources.
First determine whether the allegation is a potential violation of the law or of a company policy. A violation of the law can pose significantly more risk and liability to the company and its employees and will often dictate the resources required for the investigation.
When an allegation involves a policy violation, the company’s internal resources may be sufficient to investigate and resolve the matter. Potential violations of laws require the resources of experienced investigators, and often necessitate accountants, computer forensics experts and legal input.
An allegation that involves the safety of any person requires that law enforcement be consulted and notified.
For allegations of sexual harassment or claims of bias, the government has put forth specific guidelines regarding how and when the investigation should be performed. Follow these guidelines to the letter. (EEOC.gov is a great place to start to understand these issues).
Step 3: Obtain and review available documents.
This is an important step. If seeking personnel files or other information, consider providing alternative reasons as to why documents are being requested so not to raise any flags.
In today’s digital world, evidentiary documents may reside in the company server, laptops, emails, text messages, social media, telephone records, the cloud, video recordings, photographs and in other media.
For cases with potential violations of the law, be sure to document a chain of custody and secure original data and documents. This is important if you should decide to refer the case to a prosecutor.
Step 4: Conduct appropriate background research.
Investigate both the reporter, if known, and those suspected of misconduct. This may include the review of personnel records, criminal and civil litigation histories, media research and analysis of social media. It is very common in financial fraud matters to find that a suspect subject and/or family members have multiple business affiliations, own high-end homes, drive expensive vehicles and travel to expensive resorts and exotic places.
Step 5: Interview knowledgeable persons (“KPs”).
Limit information provided to the KPs and do not allow the KPs to turn the tables and become the interviewer. A good investigator asks several questions where the answers are already in hand. This approach helps an investigator understand the motives and truthfulness of the person being interviewed. Important interviews should be conducted by two investigators and performed in a comfortable and nonconfrontational setting.
Step 6: Interview the subject(s).
Confront alleged wrongdoers only when all the evidence is in. Double- and triple-check your findings. Discuss the merits of the case and plan of action with the investigative team and executives overseeing the project. In some cases, sufficient evidence may have been obtained from your data review and/or KP interviews that warrant a referral to a prosecutor and possibly no interview of the suspect is needed.
Prepare an outline of key questions based on the evidence gathered. Know the answers to many questions before they are asked. The interview should be conducted with at least two and no more than three investigators. If a subject is a female, it may help if one of the interviewers is a female.
In some cases, it might be appropriate to interview the key suspects at the same time so they can’t coordinate their responses.
If prior to the interview you have enough evidence to terminate, then set your termination plan in motion several days before the interview. Be prepared to stop the suspect’s access to your IT network and building access, list all equipment that should be returned and coordinate with company security staff as needed.
Step 7: Case evaluation.
Fix the holes that allowed the misconduct to occur. Determine whether there are internal controls, policies, procedures and other guidelines that can be improved upon to prevent misconduct from reoccurring. Last, draw fair conclusions without hyperbole and issue a report showing the steps that were taken, the facts found and the conclusions reached.
Conclusion
A step-by-step internal investigation methodology will reduce risk and liability for your organization and improve controls.
Jeffrey M. Klink is President and CEO of 
