Skip to main content

Ethics and Standards Review

Internal Investigation Framework

Standard Committee

Purpose
This framework establishes a standardized approach for conducting internal investigations to ensure a fair, consistent, and thorough process. It safeguards the integrity of organizational procedures, accountability, and confidentiality.



0. Confidentiality

  • Confidentiality Guidelines:
    Confidentiality is critical for protecting all involved parties and ensuring the investigation’s integrity. Information regarding the investigation should only be accessible to the designated review team.
    • No information may be shared outside the review team unless expressly authorized.
    • If confidentiality is compromised, the audit team may remove the affected member's testimony or declare the review invalid.
  • Data Handling Protocols:
    All documentation and records should be securely stored with restricted access to authorized personnel only.

1. Initiation of Investigation

  • Trigger for Investigation:
    Investigations may be initiated in response to:
    • Reported incidents (e.g., policy violations, misconduct, safety concerns).
      • Identified risks or potential process failures.
      • Management observations or flagged audit results.
    • Authorization Requirements:
      Investigations require authorization from two or more board members who are not implicated in the incident to maintain objectivity.
      • If all board members are implicated, a vote may appoint an internal audit lead or approve a third-party audit for impartiality.

    2. Scope and Objectives

    • Define Scope:
      Clearly define the scope of the investigation, including specific allegations, individuals, processes, or policy areas to be addressed. Ensure alignment with organizational policies and standards.
    • Set Objectives:
      Identify what the investigation aims to achieve, such as:
      • Uncovering relevant facts and establishing timelines.
        • Determining the root cause of the incident or behavior.
        • Identifying gaps in policies or procedures.
    • Timeline:
      Set a realistic timeline for completing the investigation and communicate this to relevant stakeholders.
    • Scope Document:
      Develop a formal scope document detailing the objectives and limits of the investigation.
      • This document, prepared by the investigation team, must be finalized before the investigation begins.
        • If the investigation scope changes, an amendment to the document should be submitted.
        • The scope document should contain only essential information and be prepared for press-level scrutiny, without confidential data.

    3. Investigative Team Selection

    • Team Composition:
      Choose team members based on relevant expertise, impartiality, and authority. Representatives from essential departments may be included.
    • Conflict of Interest Check:
      All team members must declare any conflicts of interest to ensure objectivity.
    • Roles and Responsibilities:
      Assign specific roles, such as lead investigator, interviewer, and evidence manager, to maintain clarity and avoid duplication.
      • Team members may assume multiple roles, depending on team size and investigation complexity.

    4. Planning the Investigation

    • Background Research:
      Gather initial information relevant to the incident, such as prior incidents, records, or applicable policies.
    • Investigation Plan:
      Develop a detailed plan that includes:
      • Key activities like document reviews and interviews.
        • Sources of information and data to be examined.
    • Legal and Compliance Considerations:
      Ensure all steps comply with local laws, labor regulations, and internal policies. Organizational policies do not supersede anylocal legal requirements.

    5. Evidence Collection

    • Document and Data Review:
      Collect all pertinent records, including emails, reports, logs, and any process documentation.
    • Interviews and Statements:
      Interview involved individuals and relevant witnesses.
      • Use open-ended, unbiased questions and document all responses.
    • Preservation of Evidence:
      Securely back up physical and digital evidence to prevent tampering or data loss.
      • Cloud backups should be maintained securely.
        • Any loss of information may lead to a formal warning or removal from the review team, depending on the severity.

    6. Analysis and Evaluation

    • Review and Analyze Evidence:
      Carefully evaluate all evidence to confirm facts, timelines, and compliance with relevant policies.
    • Identify Gaps and Causes:
      Pinpoint procedural or operational gaps that may have contributed to the issue.
    • Accountability and Impact Assessment:
      Based on findings, assess the accountability of individuals and the organizational impact of the incident.

    7. Documentation and Reporting

    • Prepare a Detailed Report:
      Summarize findings, analyses, and recommendations, including:
      • Investigation overview.
        • Key evidence and factual conclusions.
        • Accountability determinations, if applicable.
    • Recommendations:
      Provide actionable recommendations, which may include:
      • Disciplinary actions.
        • Policy or procedural improvements.
        • Staff training or awareness initiatives.
    • Review and Approval:
      Submit the report to the board for review, approval, and further action.

    8. Communication of Findings

    • Internal Communication:
      Share findings with relevant parties while respecting confidentiality.
      • Major findings should be communicated via email with all team members cc’d.
        • Communication between team members should occur within a designated group chat involving the majority of the team.
        • Unauthorized communication outside the group chat is subject to disciplinary action.
    • Feedback Loop:
      Provide each individual interviewed with a transcript of their statements.
      • Individuals have 24 hours to request amendments or redact sensitive information before the document is finalized.

    9. Post-Investigation Actions and Follow-Up

    • Implement Recommendations:
      Collaborate with relevant departments to implement any recommended actions and monitor completion.
    • Track Progress and Effectiveness:
      Regularly review the effectiveness of implemented changes to address any new issues promptly.
    • Policy Review:
      Update investigation policies and procedures as necessary to reflect insights gained and best practices.

    10. Documentation and Record-Keeping

    • Record Retention:
      Securely retain all investigation documentation per organizational policy and relevant legal requirements.
    • Confidentiality and Access Control:
      Restrict access to investigation records to authorized personnel only, ensuring compliance with confidentiality protocols.


Back to top