Companies that keep up with emerging challenges in the business environment such as data thefts, frauds, phishing attacks, etc. have started to realize that they need detailed guidelines for internal investigations. This is because only a few people in an organization are trained in workplace investigations. When misconduct like an accounting fraud, data theft or an action leading to non-compliance is reported in a company, then internal investigation helps in uncovering the truth and identifying the culprit. However, you have to ensure that the outcome is generated without disrupting business processes or hurting the relationship with the employees. For this, you need careful planning and execution of the entire investigation process.
Ideally, an internal investigation is supervised by an investigations manager who has a team of professionals from human resources, internal audit, security, etc. Some companies also use external resources like accountants, digital forensic experts, etc.
If you are going to initiate an internal investigation, then the following are a few questions you should ask first:
These questions can help you get a better idea of the situation.
Once you are ready, you can work on the following:
1. Establishing Clear and Well-Thought-Out Policies
Without a plan of action, proper investigation can be difficult. So, you should put a comprehensive policy in place that covers all investigation scenarios. There is a protocol that must be followed by employees and investigators. Some points that should be covered in the policy include:
2. Defining the Scope of Investigation
There are two sides to every workplace investigation. On one hand, the company wants to investigate credible allegations of wrongdoing to prevent financial or reputational damage. On the other hand, it doesn’t want to put its precious manpower on the investigation for long as this may affect productivity. So, a balance should be struck that defines the scope and extent of the investigation.
The scope can also be defined based on how fast the company needs information. If time is short, then the investigation may be limited to select interviews and analysis of a few handpicked documents. However, if time is available, then a comprehensive investigation can be undertaken to cover all witnesses and involved departments or entities.
3. Preserving Evidence and Records
In case of a misconduct, you need to identify and preserve all the relevant documents immediately so that the investigation can be conducted without hiccups. You can issue a notice to all the employees concerned, informing them about the investigation and directing them to preserve the documents that may be associated with the investigation. You also have to be extra careful while examining and extracting data from employees’ hard drives, laptops, computers, and even personal digital assistants (PDAs).
4. Documentation and Follow-Up
You must create a detailed report that documents all the activities during the investigation. You should document details such as the problem in question and how it came to the company’s attention, interviews that were conducted, and conclusions based on the evidence collected.
To prevent repeat occurrences, appropriate preventive measures should be taken. These can include more stringent data protection measures, device security policies, tighter hiring protocols, etc.
As you might be dealing with confidential information during the investigation, it is better to involve only the concerned employees and departments in the company. You would need to inform the HR department, top-level/middle-level management and other key decision makers, about the investigation and the plan of action.
To identify and collect digital evidence from computers and other electronic devices, you can take the help of enterprise-grade digital forensics tools. In case you need to examine the emails of employees to collect evidence, an email forensic tool alone can be helpful. You can use such a tool to scan mailboxes of all the appropriate employees quickly and accurately. Such tools can help you filter the mails to find relevant information easily, tag key emails, and export data in convenient formats like PDF, HTML, etc. These tools are also equipped with advanced case management features that allow you to document every single task.
|Download a free trial of Stellar Email Forensic software to start your email investigation now. The software is available for a free 60-day trial, offering all features unlocked in the demo version.|
Interviewing suspects and witnesses is a vital part of internal investigations. The following are some of the things that you need to remember:
Internal workplace investigation is far more complex and meticulous than the picture this article paints. Creating a comprehensive protocol for the same can take a lot of time. However, the information here will surely nudge you in the right direction. With the right methods, documentation tools, and data analysis tools, you can prepare your organization for all kinds of internal issues.
Abhinav Sethi is a Senior Writer at Stellar. He writes articles, blog posts, knowledge-bases, case studies, etc. for different technologies. He also has a keen interest in digital forensics and helps forward-thinking companies fight different threats with apt solutions.