Bailey Naples (email@example.com) is Chief Compliance Officer for Berkshire Farm Center and Services for Youth in Canaan, New York, USA.
Employees acting on their own accord have multiple responsibilities owed to their employer. These responsibilities have a broad range, from showing up on time to not committing fraud. It’s the gray area of this range that deserves further discussion and analysis on what the employee’s responsibilities are compared to those of the organization.
When determining the appropriate accountability for the responsibility in question, a review and analysis must be completed. Depending on the situation, this could come from a comprehensive internal audit, an internal investigation, or a simple inquiry through a desk audit.
An internal audit is a review of a company’s accounts or adherence to regulatory guidelines. This may be required if the situation is suspected to have a wide impact, there is limited internal written guidance around the situation, or many individuals and/or departments are involved in the process. The outcome of the audit is presented in a report that evaluates the thoroughness and identified deficiencies and/or risks in the process.
An example of this could be the termination process. If the organization’s termination process is suspected to be failing at meeting regulatory standards, a comprehensive internal audit could assist in determining whether the process is failing, and if it is, if it falls within the responsibility of an individual employee, a department, a process, or of the organization’s culture.
An internal investigation is a process completed by the compliance department that involves gathering and reviewing extensive documentation, including organizational policies and protocols, and conducting comprehensive interviews. This may be required if the situation is suspected to be related to a specific individual or department. The investigation is documented in an investigatory report that provides a detailed review of the documents, a detailed outline of the interview, and a conclusion stating whether the allegation is substantiated or not and, if substantiated, where the responsibility falls.
An example of this could be repeated Health Insurance Portability and Accountability Act (HIPAA) breaches. If an individual or a specific department is suspected or confirmed of having multiple HIPAA breaches, an internal investigation could assist in determining where within the process the breaches are happening or whether an employee is performing their duties irresponsibly.