Internal Investigations That Actually Fit Your Budget

Companies of every size know internal investigations are costly in time, money and morale. Yet with enforcement on the rise in some industries, particularly in healthcare and procurement fraud, ignoring red flags that could lead to scrutiny by regulators is not an option. 

The good news: Disciplined planning and smart resource allocation can dramatically curb the price tag without compromising rigor. Below are practical steps, tested in the field, that compliance and legal teams can use to contain costs from the moment suspicions surface all the way through final remediation.

Pick the right team

Once an internal complaint comes in the door, the first decision is who will run the investigation. Contrary to what we, as lawyers, instinctually believe, not every investigation needs to be handled by the legal department in coordination with outside counsel. 

Start by mapping the allegations to your company’s internal structure and capabilities. For example, cultural or workplace misconduct complaints may sit squarely with HR, while data security lapses often belong to the privacy or IT group. Handing discrete issues to the functional owners keeps legal fees low and ensures the investigators are armed with the appropriate expertise. These cost concerns should be weighed against the potential exposure to the company associated with the alleged conduct or issue and the need for attorney-client and work product protections.

The potential for and scope of legal exposure should also be evaluated when deciding which team should investigate. This assessment should include a host of factors, including the pervasiveness of the alleged conduct (e.g., regional vs. nationwide), the nature of the allegations (e.g., criminal) and general trends in the relevant market and industry. 

It is typically prudent to retain outside counsel when criminal exposure is likely, but even then, strategic staffing matters. You can (and should) request that outside counsel be thoughtful about staffing. A senior associate can handle much of the day-to-day on a smaller matter with less exposure, a junior associate can be tasked with non-urgent research questions, and a legal assistant should be responsible for filings.

As you continue to staff your investigation, consider whether a vendor might be the right choice for certain phases of fact development. For example, when collecting relevant documents and materials, vendors are used frequently when internal IT departments are not equipped to handle collection in addition to their day-to-day responsibilities. Engaging a trusted e-discovery vendor early in the collection process often beats a patchwork of internal attempts followed by a late scramble when deadlines loom. An initial decision to use a vendor can prevent duplicative effort and wasted time.

Featured

Internal Investigations: Getting It Right From the Outset

by David Hamilton

September 11, 2024

Successful internal investigations can be extremely valuable corporate governance tools. The effective identification, investigation and remediation of risks that arise within a business are integral to mitigating the legal, commercial and reputational harm they threaten. David Hamilton, partner and business crime and regulatory specialist at

Read moreDetails

Stay disciplined with scope

At the outset, the investigator should consider the issues presented, what steps need to be taken to investigate the issues and any associated risks that should be analyzed. These considerations should then be documented in a work plan, which will serve as a guidepost for the investigation. It is critical to spend time upfront on this plan to gather background information, identify legal issues to be researched, and memorialize the goals of the investigation. 

With proper planning, the investigation can be sized and scoped to be cost-effective. Investigators should refer back to the work plan to remind themselves of the allegations and issues and to avoid scope creep; investigations can quickly bloat when teams pull on every thread that appears. As facts evolve, amend the plan deliberately. Do not drift into new areas without a conscious cost-benefit check and thoughtful assessment of risk and exposure.

Another step that can save time and cost is scoping interviews. These are quick initial conversations with individuals who are likely to have some background on the allegations, processes or business function at issue and can help the investigator develop a high-level understanding of such. 

Scoping interviews are typically low-stakes conversations and generally would not be appropriate for the alleged wrongdoer or someone you suspect might be the reporter. The scoping conversations focus on questions about where relevant documents may be stored, who else might have pertinent information and which offices or business lines are involved. You may be able to better narrow in on the allegations at issue, the relevant time period or the geographic area of interest.

Once your investigation has progressed to the substantive interview stage, you should have a sense of which interviewees are key players in the narrative. At this point, sequencing and preparation are vital. Start with low-level or background witnesses who can map processes and name players, especially if you did not get the chance to conduct scoping interviews. Then, you can move to decision-makers and potentially implicated individuals once the team understands the landscape. 

Arriving at priority interviews already armed with a working knowledge of the issues and key documents focuses the discussion and avoids repeat sessions. Close every interview by asking who else might have relevant knowledge; this simple question often shortens the witness list and prevents redundant inquiries.

Use document review tools

One of the most common methods of fact-finding in an internal investigation is document review. Available technology and strategic preparation can keep this phase of an investigation within scope and cost-effective.  

Generally, there are two options for reviewing documents: (1) linear review, where an attorney puts eyes on every single in-scope document; and (2) targeted review, where the goal is to find the most relevant information. For internal investigations, a targeted review — the less expensive review — is commonly used, and there are a number of ways to further reduce costs associated with the review. For example, there are highly effective tools and resources in the e-discovery space, some including AI, that allow reviewers to find key documents and find them quickly. Investigators may also consider using technology assisted review (TAR), which ranks documents in your review, putting the key documents at the front of the queue so they will be found more quickly. The model adjusts as the review continues and gives feedback on which documents are likely to be of most interest.

Focus remediation and reporting

The final step of an internal investigation is resolution, remediation and reporting. Considering what remediation should take place often turns on your findings. For example, in situations where an internal investigation does not substantiate allegations, you will want to consider whether any follow-up with the reporter is necessary. On the other hand, when allegations are validated, you, as counsel, should be cognizant that, in thinking through potential remedial steps, you may not have a full view of what is possible for the business to implement. As such, it may be prudent to loop in individuals from other business functions like compliance or risk to determine what recommendations are realistic and targeted to solve the issue. This collaboration can help you identify barriers and understand the business realities and also create cross-functional buy-in to better ensure that solutions take root and address the exposure associated with the underlying conduct.

As the investigation comes to a close, the method of reporting your findings, whether a full memorandum, a slide deck, a summary email or an oral discussion, should match the scope, audience and risk profile. Regardless of the format you choose, make sure to memorialize the allegations investigated, steps taken, sources reviewed, key facts, credibility assessments, legal analysis and risk exposure, as well as proposed remediation and responsible owners. Distribute the readout only to those with a genuine need to know, with the headers noting attorney-client privilege and work product as appropriate. Oversharing increases risk of compromising privilege and confidentiality protections and may unintentionally create discoverable records.

Simply put, running cost-effective internal investigations is less about penny-pinching and more about disciplined project management. Choosing the right team, scoping thoughtfully, leveraging technology and focusing remediation can curb costs, shorten timelines and deliver defensible results, all while allowing for an effective internal investigation.