Businesses and organisations can sometimes be faced with whistleblower allegations relating to discrimination, harassment, corruption or fraud. Our guide sets out below the steps your business or organisation can take to appropriately respond to such allegations.
Step 1- Whistleblower
The most important part of an investigation is to protect the identity of the person making the disclosure and carefully managing the relationship with them. This is to ensure that they do not face victimisation in the workplace and to ensure a fair and impartial investigation. To help support concerns raised and narrow the focus of the investigation, ensure that all interactions are recorded and dealt with confidentially and that when interacting with the whistleblower establish what reliable facts, evidence or information they can provide.
Step 2- Investigation scope
It is important to start establishing the parameters of the investigation at the very outset. An extremely limited investigation may not uncover all the facts and address the issue on hand. On the contrary, an extremely broad investigation may be lengthy, use a lot of resources and be disproportionate to the issue on hand. Initial scope of the investigation should be based on the information available in the context of the allegations being made. This can later be expanded or contracted as the investigation progresses.
Step 3- Legal issues
Establish all legal protocols (e.g. whether any legal privilege, data protection/GDPR, prohibitions to share data cross border and related issues apply) at the start of an investigation. This is to ensure that the investigation is conducted in a legally compliant manner.
Step 4- Key stakeholders
You need to determine who the key stakeholders are, e.g. consider who may be implicated in the investigation, who is leading and supporting the investigation and which subject matter experts (i.e. legal experts, forensic accountants, technology experts etc) are need to be consulted, and which people need to be kept informed of the progress (i.e. regulators, audit committee or counsel). Establish who will decide on the overall final outcome of the investigation.
Step 5- Evidence
Establish where the data required for the investigation is located. Data will usually fall into two categories: internal such as financial, web/server email, phone and computer data; and external such as bank account records, third party data and court documents. Data will be stored in electronic and physical format, some of which maybe archived. Once the location of data is identified, you need to take steps to ensure that the physical or electronic assets or evidence is secure from being irrecoverably lost. Following this, you need to develop a methodology involving a clear paper trail (e.g., chain of custody) for collecting, processing, analysing and presenting the data.
Step 6- Investigation team
When choosing your team you need to consider the specific skills required to complete the investigation. This could include, forensic accountants, legal experts, technology experts, translators etc. You will need to also think about how quickly the team needs to be put together and where the team will operate from.
Step 7- Work plan
The investigation is usually an iterative process and the outcome of each step usually shapes the approach of the next phase of work. Establishing a clear investigation work plan should give you a good idea as to whether the investigative activities are proportionate and effective.
Step 8- Reporting
You will need to ascertain the frequency, format and key milestones of the reporting. The reporting is usually in the form of a formal written report, setting out all the investigative activities and findings. Consider the audience of the report and use visual presentations and infographics for effecting reporting.
For more information please contact Asim Sheikh here.