Incident Management – The New Frontier
Compliance programs are required to create and manage case investigation systems to handle potential misconduct, investigate allegations of wrongdoing and then dispense discipline. Lessons learned from these investigations are valuable sources of information to improve compliance programs.
Chief compliance officers play a critical role – either supervising the internal investigation system or coordinating with other functions in the organization to monitor internal investigations. Along the way, companies have built effective hotlines, triage protocols, investigation policies and practices processes to evaluate and dispense discipline. CCOs regularly report to the board on the major investigations and the overall investigation system, including nature of complaints, time to resolve complaints and conduct investigations, and handling of whistleblower concerns.
I like to label all of the above as a company’s effort to promote organizational justice. Within the system itself, principles of a judicial system apply with equal force – fairness, transparency, and consistency. Like our country’s judicial system, the company’s judicial system can be judged on very similar criteria.
With increasing frequency, CCOs and other managers of investigation systems are embracing a new and trend building on a “case management” system. Recognizing the relatively low marginal cost, companies are now seeking to measure “incidents” within the company and collecting data about such incidents.
Keeping in mind that an “incident” is something less than an “investigation,” there is a difficult decision that needs to be made at the inception of such a program – what kind of incidents should be identified and measured?
This is not as easy as it seems. Many companies draw very fine distinctions in this area by suggesting that an incident may be an occurrence that does not rise to the level of a legal violation or a serious violation of the company’s code of conduct.
For example, if an employee sells baked goods for a charity in front of the cafeteria in violation of the company code and repeats these violations after being warned to discontinue, the information about these incidents would certainly be relevant in the event that the employee is accused later of a more serious violation or is a witness in a particular matter. The theoretical possibilities are endless.
The benefits of capturing incident information are clear. Such data gives you more insight into the actual activities of company employees and third parties. In addition, should the need arise, such information may be necessary when later investigating or interviewing a person who has been the subject of a reported incident.
All of these benefits are manifest and support expanding the case management program into more of an incident based management system. There are countervailing costs that have to be addressed.
First, and most importantly, who is going to collect the data, and how much staff time will the data take to enter into a case management system? The cost to an organization is already high when you have numerous individuals across the organization with responsibility for entering case management data into a data system
Second, can the company justify the collection of such information without crossing the line on employee privacy. We are all a little reluctant to expand the role of “big Brother” institutions in our government iand in our work, and the possibility of a negative impact on employee privacy and concerns about collecting even more data about individual employees and third parties may be viewed as unwarranted.
More companies are wrestling with these issues as they oversee and monitor company culture, employee behaviors and identify potential weaknesses in company morale and performance.