When it comes to investigating and resolving compliance and ethics issues, efficiency is paramount. The longer you ignore an issue, the more time it has to escalate. This increases your risk of penalties, lawsuits, and negative press—not to mention stress and financial losses. Ensuring all investigations are as efficient and effective as possible can be difficult if you’re a small team, have a large caseload, or just don’t know where to start. To help you out, I’ve compiled a list of tools that will make every ethics and compliance professional’s job easier.
Assess your processes with an investigation maturity model
It’s easy to get stuck in a routine when conducting compliance investigations. But continuous improvement protects the employees involved and makes the investigative processes easier and more efficient for investigators.
How do you know where to start? Use an investigation maturity model. This tool helps investigative teams determine their program’s strengths and areas of risk or weakness.
According to Meric Bloch, principal at Winter Investigations, a compliance investigation program’s maturity is determined by eight main characteristics:
-
Defined procedural steps
-
Efficiency
-
Documentation
-
Automation
-
Effectiveness
-
Standardization
-
Consistent data metrics
-
Program analysis[1]
Based on these, your program could fall into one of five levels of maturity: initial, managed, standardized, predictable, or optimized. Each stage comes with its own risks and steps to improve. Maturity reflects a function’s expected performance. The more significant the maturity, the more you can turn events or mistakes into teachable moments that lead to improvements.
Once you’ve determined your program’s maturity level, your team should make an action plan for addressing your weaknesses so you can protect both employees and your organization through more effective investigations.
Uncover areas of risk with a risk assessment
Risk assessments cost time and money. So why should you bother? The benefits of a risk assessment far outweigh any inconvenience because they can help you avoid incidents, fines, lawsuits, and negative media attention.
Benefits of conducting a risk assessment include:
-
Money saved: Picking up the pieces after a cyberattack, break-in, fire, or act of workplace violence is stressful and can cost thousands of dollars; a risk assessment costs far less.
-
Fewer lawsuits: By preventing incidents, you won’t have to deal with injured or disgruntled employees seeking legal action.
-
Lower risk of noncompliance: Eliminate risks above and beyond compliance requirements to avoid penalties from regulatory bodies.
-
Positive organizational reputation: Customers and clients want to do business with companies that operate safely, ethically, and fairly.
-
Fewer incidents: Learning where to focus your training and internal controls can reduce the number of ethics and compliance issues in your organization.
To assess your company’s risks, follow these steps. First, define the scope of your risk assessment. Then, identify hazards and calculate their likelihood (unlikely, seldom, occasional, likely, definite) and consequence level (insignificant, marginal, moderate, critical, catastrophic). Next, assign a risk rating (low, medium, high, extreme) to each hazard based on the likelihood and consequences. Finally, create an action plan to address each hazard and plug the data into the risk matrix to visualize the risks.
