Investigations: Rules of Engagement...

Sarah Scalet at CSO has asked the question: What are the 10 commandments of responsible investigations?

The topic is a result of the HP scandal. What are the prudent rules of engagement to answer the original question? Who is leaking information from this Board Room to the media?

Sarah says, "I did a lot of thinking and had a lot of conversations about how to run corporate investigations in a responsible way.

By responsible, I mean not only done in a legal and ethical way (although those things, too), but also done in an effective and appropriate way. There are a lot of gray areas in investigations, and there are complicated and expensive ends to which you can take things. If we've learned anything from the mainstream media coverage of the HP debacle, it's the importance of making sure that an investigation meets the suspected crime."

In any investigation of fact finding and to find the truth there will be data leaving a trail of answers, the key is to make sure you have the correct hypothesis. If you haven't first created a sound and cohesive test plan, the results will not answer the question, hunch or theory. And that is where investigations go down a path of emotional intent as opposed to a process of factual discovery. The data collection didn't answer the emotional question so go find some information that does. This is where the real flaw lies in most investigations.

Let's take a quick quiz to make a point:

Business crime losses are typically the result of:

a. Non-violent acts committed by insiders.
b. Non-violent acts committed by outsiders.
c. Violent acts committed by insiders.
d. Violent acts committed by outsiders.

If you answered "B" then you are incorrect. The answer is "A". Insiders are the first place you begin to look when accounts are missing money, the system has been hacked or vital corporate information has fallen into the wrong hands.

From the behavioral sciences perspective it is axiomatic
that a protection program will not succeed unless it:

a. Meets the personal needs of the vast majority of the workforce.
b. Cultivates the willing cooperation of those affected by it.
c. Incorporates sufficient disciplinary sanctions to convince the workforce to follow
prescribed procedures.
d. Provides for termination of employment in the case of repeated violations of mandatory procedures.

If you answered "C" then you are wrong. The answer is "B". The willing work force, employees and society in general follow and obey the laws that they can identify with the most. In the Board Room the normal procedure is to have people sign a non-disclosure agreement. By having people submit to the act of promising not to talk about what happens behind closed doors, you are creating a forum for trouble.

The Ten Commandments of Responsible Investigations would not be necessary if transparency and policy governance was imbedded in the culture. If this was in place, people would not have as much of a motivation to break the rules. At the root of the issue, you have to go back to one of our earlier blogs on Trust.

operational risk