希望访问中文页面? 请点此(简体中文版)  

Posted on: February 13, 2017

in Blog

4 Key Internal Roles Involved with Conducting Corporate Investigations

As forensic examiners, one of the most common types of cases we help our clients with is internal investigations. This can mean different things to different organizations, but the purpose of this discussion focuses on employee malfeasance. When faced with an internal investigation, companies, government entities, educational institutions and other types of organizations are often challenged by the different roles and responsibilities of key individuals within and outside of their organization. 

If the various stakeholders do not communicate properly or effectively, problems may arise that can jeopardize the investigation, damage the reputation of the organization and have a negative financial impact.  

Managers

Managers are generally on the front lines of an investigation, as they are often the first to learn about the alleged employee infraction. This information can come from other subordinates who work with the subject or another manager who is made aware of the potential wrong-doing. Since the manager is often the first person to know, it is critical for them to follow existing protocols for reporting the incident. A manager who fails to act, or acts incorrectly, can negatively impact the effectiveness and the efficacy of the inquiry. 

Managers are often the best fact witnesses as they have knowledge of the subject’s duties and responsibilities and can provided the details needed to establish timelines and other information.  Once apprised of an incident, the manager’s next stop is often the human resources department.

Human Resources (HR)

The HR department is often the point for internal investigations. In many organizations the human resources department is tasked with conducting internal investigations and must do so in a way that can withstand a legal challenge from the subject of the investigation. 

If the various stakeholders do not communicate properly or effectively, problems may arise that can jeopardize the investigation, damage the reputation of the organization and have a negative financial impact.  

In addition, HR is expected to keep investigations confidential and limit the number of people who know about the investigation. While there are many aspects of the investigation HR is comfortable with, there may be legal or technical barriers to consider which are beyond the scope of HR and require further internal communication and coordination.

Inside/Outside Counsel

In addition to HR, the organization’s legal representation, in-house or outside counsel, is often involved. In fact, much of our work product from a forensic investigation is funneled through counsel. In addition to maintaining privilege, this informs their decision-making on how to proceed in light of whatever forensic evidence that is located and interpreted; or whether to proceed at all. 

For any internal investigation, it’s imperative that your legal and IT departments collaborate effectively. Watch this On-Demand Webinar for best practices and steps that can be taken to improve communication between the teams.

For example, the decision to file a temporary restraining order is one of the first decisions to be made when an employee leaves to work for a competitor or start a competing business. Counsel needs to know if there is sufficient electronic evidence to suggest that trade secrets and / or intellectual property were misappropriated by the subject. 

Ideally, these decisions are made as quickly as possible to protect the organization and limit the potential damage. The absence of such evidence is also important for counsel as they decide on the strength or strategy of their case and make a recommendation to senior management or ownership.

Information Technology (IT)

Last but certainly not least among the critical functional areas of an organization is the Information Technology group. Nearly every digital forensic investigation should involve the IT group for a number of reasons. By its very nature, a digital forensic investigation is technical and IT personnel have the most thorough technical understanding of the organization’s various information systems such as email, network shares, mobile devices, cloud-based data, external media usage, and local laptop or desktop administration and usage habits. They also know about potential impediments to conducting a forensic investigation such as encryption usage and can mitigate those barriers. 

Unfortunately, IT is often asked to do more than they should; particularly when it comes to handling potential digital evidence. Care must be taken to ensure the data and, in many cases, the metadata is preserved. Standard tools used by IT often are not forensically sound, meaning they may alter data and metadata. We have been involved in numerous cases where IT was instructed to “look around” on a subject’s computer and in doing so they have compromised the digital evidence. Once digital evidence has been altered, it can be rendered unreliable. Some of the most challenging forensic investigations are those where the subject of the investigation is within the IT department, because we can potentially loose an impartial source of critical technical knowledge.

All of these groups play an important role in conducting an effective investigation. That is why it is paramount for these groups to understand their duties and responsibilities and work together seamlessly when these events occur. The final piece to the puzzle should be a forensic examiner who can interface with all these groups to obtain the necessary information to conduct a thorough, forensically sound and defensible investigation that protects the interests of the organization through an unbiased analysis of the digital evidence. 


Discover More:

Discover More Categories

D4 Weekly eDiscovery Outlook

Power your eDiscovery intellect with our weekly newsletter.