In Part 4 of Investigation Week, I discuss who and what disciplines should be on your investigation team.
Beginning with the 2015 Yates Memo, 2016 FCPA Pilot Program, 2017 and 2019 Evaluations of Corporate Compliance Programs, together with 2020 Update through to the FCPA Corporate Enforcement Policy; the DOJ has put even more pressure on every CCO, compliance practitioner and indeed company, to get an investigation done quickly, efficiently and, most importantly, right. This is even more true after the U.S. Supreme Court’s decisions in Digital Realty Trust v. Somers, which limited whistleblower protection and benefits to only those whistleblowers who go to the SEC, rather than initially report internally. What do all these documents tell who should be on your investigation team?
As data collection, retention and preservation are critical elements of any significant internal investigation you will need to have the involvement of your IT function. IT can help put a litigation hold on documents that can help with the preservation of data in other areas of the organization. Further, they can assist with certain other aspects as more facts and circumstances are known.
HR is often an underutilized function for an internal investigator. HR can provide context about employees’ work history. There may be notes in HR areas as diverse as training and exit interviews. HR can also be useful to give the investigator some insight regarding the credibility of the individual that might be making the allegation. For example, are they a good and trusted employee? How long have they been there? What’s their general demeanor? What’s been the feedback on that particular individual?
Both the Board of Directors and senior management can provide different types of support for an investigation. Jonathan Marks noted the Board has oversight responsibility and senior management is responsible for the day-to-day, tactical operations of the organization, including the internal controls. This means from the Board’s perspective, “we would want to make sure that our governance processes were in place and operating effectively when it comes to an investigation. So, my concern, or concern from a board member’s perspective, from an investigation, early on, is what’s the financial impact; what’s the legal impact, for a publicly traded organization? Are there potential issues here which we as a Board need to be concerned with going forward?”
From the senior management’s perspective, Marks notes, “the key thing there is if there is an issue and there was the ability to either override controls or controls weren’t in place or there was something that basically caused this, what do we need to do to assess that? What do we need to do to fix that? What was the root cause for this potential bad behavior? Like I said, how do we fix that or how do we put a plan together in order to fix that or shore that up?” He emphasized this is not the Board’s responsibility but that of senior management. Marks also pointed out that while an investigator would probably assume that the Board has been notified at this point about the issues being investigated, the investigators may want to make certain the Board has been made aware of the incident and investigation.
Marks suggests outside consultants in the form of forensic accountants should be a part of your investigation team. Such a skilled set team member can bring an investigative mind that drives them to answer questions about what occurred, when and how it happened, and who was involved. However, most lawyers do not understand how forensic accounting is performed and how they can assist your compliance investigation going forward.
Forensic auditing works to collect and analyze accounting and internal-controls evidence. They use this information to produce a fact-based report that can inform the decision-making process in inquiries, investigations and dispute resolution. The by-products of internal audit’s work can include remediation strategies to help a company mitigate and remedy procedural or internal controls gaps that allowed the underlying issue to occur. Inquiries into accounting and internal controls raise a host of technical issues requiring specialized knowledge that forensic accountants are uniquely positioned to provide. This is a qualitative difference from internal audit, which more often looks at process to determine if it has been adhered to in a procedure.
The objective of a forensic audit investigation team is to collect, analyze and report on the evidence or facts surrounding an act that often has litigious, fraudulent or criminal implications. Auditors also collect and analyze evidence, but an independent auditor’s objective is to attest to the credibility of assertions that are under examination, such as the material accuracy of financial statements for which the audited company’s management is responsible. However, a key role of the forensic accountant is to identify a concern and to notify company management about the issue or issues discovered.
As with a decision on bringing in outside counsel to perform a compliance investigation, you will need to consider whether a forensic accountant should be retained as an outside consultant or hired as an employee. One critical reason to bring in an outside professional is so they will be not be governed by management or influenced by potential biases within a company. Lastly is the issue of privilege. If a forensic accountant is not assigned through your legal department or through outside counsel, you can kiss away even the chance of claiming privilege.
Obviously, the GC would be involved to help protect the attorney client privilege if for no other reason. Further, an investigation needs to have compliance involved, to understand what compliance program was in place at the time of the incident in question, what procedures compliance had and understand if this truly was a gap in the compliance function or maybe there was an area within the compliance function that was not operating as prescribed, or maybe it was a little bit weak.
For more information check out The Compliance Handbook, 2nd edition, published by LexisNexis and available here.
[View source.]
