Internal investigations have long been a part of every ethics & compliance program and every E&C professional’s tool kit. However, the US Department of Justice has made clear that internal investigations are more important than ever.
In October 2021, Deputy Attorney General Lisa Monaco reinstituted the substance of the Yates Memo, requiring companies to turn over all information on any culpable individuals. Recent criminal enforcement actions by the DOJ have thrown new and increasing scrutiny on internal investigations. Now, CCOs and CECOs must certify compliance in any FCPA settlement.
In short, getting E&C internal investigations right has taken on a new importance.
How to Create a Risk Profile for Your Organization: 10 Essential Steps
Everything You Need to Get E&C Investigations Right (According to the DOJ)
1. ( A c c ord ing t o t h e D O J)
Everything You Need to Get
E&C Investigations Right
Tom Fox
The Compliance Evangelist
2.
3. Why new (re)focus on
internal investigations?
• Lisa Monaco speech October, 2021
• US v. Coburn
• Caremark
4. Sample Poll Question Slide
How confident are you in your ability to respond to
a harassment complaint effectively?
a. Very confident.
b. Somewhat confident
c. Not very confident.
d. Panicked.
5. It all begins with Triage-
Always Remember M*A*S*H
• Stage 1. These consist of allegations that have a low
threat level and do not suggest a breakdown of internal
• Stage 2. These allegations are more serious in nature,
and often indicate some deficiency in the design of
controls.
• Stage 3. These allegations are serious in nature,
generally involve an override of internal controls, and
a minimum a serious deficiency.
• Stage 4. These are serious allegations that could have
an impact on the completeness and accuracy of the
financial statements, and that could indicate a material
in internal controls.
• Stage 5. These are serious allegations that involve one
or more members of the senior management team or
enough to damage the company’s reputation.
6. What is your investigation
Protocol?
1. Opening and categorizing the case. This is the first step to
categorize a compliance violation.
2. Planning the investigation. Determine the required
investigation tasks.
3. Executing the investigation plan. Under this step, the
investigation should be completed.
4. Determining appropriate follow-up. Convene the
investigation team and the relevant business unit
representatives. This group would decide on the
appropriate disciplinary steps or other actions to take.
5. Closing the case. Under this final step, communicate the
investigation results to the stakeholders and complete the
case report.
7. Preparing for the Investigation
• D. Confidential Reporting
Structure and Investigation
Process, it stated in part, Properly
Scoped Investigation by Qualified
Personnel—What steps does the
company take to ensure
are independent, objective,
appropriately conducted, and
documented? How does the
determine who should conduct an
investigation, and who makes
determination?
8. Some Questions to Ask
• Does the in-house team have the needed skills
to perform the investigation?
• Do you understand the business environment
and the extended business enterprise?
• What are the underlying facts?
• What are the legal and financial implications?
• Do you need to alert your crisis management
team?
9. Sample Poll Question Slide
Who should be on your investigative team?
a. Legal.
b. HR
c. Finance.
d. Internal audit.
e. All of the above?
10. Your Investigative Team
Potential Roles
Legal
HR
Forensic Auditing
Internal Controls Specialist
When to bring in outside counsel
11. Who is the ultimate audience?
Senior Management
Internal Compliance Committee
Regulator/DOJ
Trier of fact
12. The Significance of Coburn
• All reports made to government will be
turned over to defense counsel
• Can you defend your investigation?
• Document Document Document
13. T h a n k Y o u f o r
P a r t i c i p a t i n g
Find more free webinars:
www.i-sight.com/resources/webinars
@isightsoftware
C o n t a c t
T o m F o x
C o n t a c t
i - S i g h t
webinars@i-sight.com
tfox @tfoxlaw.com
www.compliancepodcastnetwork.net
@tfoxlaw