“Routine” Internal Investigations: Initial Phase (Part II of IV)
Decisions by the Supreme Court provide compelling reasons for employers to perform investigations. A good investigation can protect your organization, while a bad one can become an employee relations fiasco. If companies follow the proper process, companies should end up making the “right” decision.
Typically, “routine” internal investigations focus on day-to-day matters:
- Accounting fraud
- Theft of physical assets
- Unauthorized access to data (manipulation or sale)
- Threats, sexual harassment or other inappropriate behavior or communication.
The company has to establish a procedure for investigating these types of allegations, and must conduct these investigations in a way that is fair. The investigation must not compromise the relationship with innocent employees or avoid damaging any employee’s reputation. That requires skill, sensitivity, awareness of risk and a clear understanding of the law.
The alleged “facts” will dictate the steps to be taken internally to preserve the company’s position. Most cases will involve collection of written or recorded evidence, interviews, and computer and network forensics. The investigation usually will require consultation with managers, human resource staff, legal personnel and potentially law enforcement.
For most employees, cooperation in an internal investigation is a required condition of their continued employment. However, if the suspected wrongdoing turns out to have been conducted by one or more employees, the investigation may lead to anything from disciplinary proceedings against employees to criminal charges.
Initially, the following questions need to be addressed:
- What planning needs to occur before launching the investigation?
- Who should be informed of the investigation (at every stage)?
- Should the complainant and/or the “suspect” be informed of the investigation?
- If there is a reason to begin the investigation before notifying any of the subjects of the investigation, what tactics would be effective and are there any legal restrictions on use of such tactics (e.g. one-party recordings)?
- What departments/divisions need to be involved in the investigation?
- What steps need to be taken to preserve evidence or prevent tampering with evidence?
- What items, if any, should be confiscated (e.g. computer), and will that have any adverse impact on the investigation?
The company should have an internal investigation protocol in place which was described in Part I of this series.
In response to an initial complaint or the discovery of alleged misconduct, an investigator should notify only a small number of people required to know about the investigation. Human resources usually should be notified. Depending on what type of assistance in the organization is needed (e.g. IT for documents and other evidence; internal audit for financial information), notifications should be kept to a minimum.
The answer depends on the nature of the suspected misconduct. Necessary skills may include forensic accounting, email discovery and review, computer forensics, video surveillance, access card logs or inventory audits. As a consequence, an internal investigation can require cooperation from physical security, IT, finance, human resources, management and possible outside forensic firms.
If you determine to notify the parties of the investigation, the investigator should send a confirming memorandum notifying the parties, including the complainant, of the existence and scope of the internal investigation. Victims and witnesses need to be assured that the wrongdoer will not intimidate or threaten anyone involved in the investigation. If there is a risk of intimidation, the investigator may keep the initial stages of the investigation confidential and make a disclosure at a later point in time when the risk of intimidation may decrease.
Before any interviews are conducted, documents should be collected, organized and reviewed. In most cases, these include personnel files, telephone records, expense account records, computerized personnel information, appointment calendars, time cards, building entrance/exit records, computer/word processing disks and hard drive, e-mail records and voice mail records.
Special investigative techniques have to be carefully reviewed and subject to legal approval. These include: an internal audit, physical investigation (fingerprint, handwriting), physical surveillance, polygraphs, searches of organization or private property, and electronic monitoring or surveillance.