After the internal report comes in and you have properly triaged the matter, you need to scope out and investigate it, promptly, thoroughly, and with competent personnel. In the 2020 Update, provided these series of questions about your internal investigations:
Properly Scoped Investigations by Qualified Personnel – How does the company determine which complaints or red flags merit further investigation? How does the company ensure that investigations are properly scoped? What steps does the company take to ensure investigations are independent, objective, appropriately conducted, and properly documented? How does the company determine who should conduct an investigation, and who makes that determination?
Investigation Response – Does the company apply timing metrics to ensure responsiveness? Does the company have a process for monitoring the outcome of investigations and ensuring accountability for the response to any findings or recommendations?
Resources and Tracking of Results – Are the reporting and investigating mechanisms sufficiently funded? How has the company collected, tracked, analyzed, and used information from its reporting mechanisms? Does the company periodically analyze the reports or investigation findings for patterns of misconduct or other red flags for compliance weaknesses? Does the company periodically test the effectiveness of the hotline, for example by tracking a report from start to finish?
In a presentation, Jay Martin, and Jacki Trevino discussed the specifics of an investigation protocol. It consisted of 1) opening and categorizing the case; 2) planning the investigation; 3) executing the investigation plan; 4) determining appropriate follow-up, and 5) closing the case. If you follow this basic protocol, you should be able to work through most investigations, in a clear, concise, and cost-effective manner. Furthermore, you should have a report at the end of the day which should stand up to later scrutiny if a regulator comes looking. Finally, you will be able to “Document, Document, and Document”, not only the steps you took but why and the outcome obtained.
Three key takeaways:
- A written protocol, created before an investigation, is a key starting point.
- Create specific steps to follow so there will be full transparency and documentation going forward.
- Consistency in approach is critical.