Good Practice Guidance

1. The mandate (remit/scope/jurisdiction) of the investigations function/roles should be documented in an organisation policy, procedure or protocol supported by the organisation’s senior management and/or Board.

Has the organisation defined in a mandate or policy a statement that investigations will be undertaken, setting out who undertakes them? Is this mandate supported by the senior management/the Board?

2. A corporate governance structure should be in place to protect the role of the investigator and the integrity of the investigation.

Is there a policy on retaliation? Is obstruction and interference with an investigation included as a form of misconduct? Does the governance structure ensure that all confirmed allegations are sanctioned? Are there procedures for investigators to escalate concerns? When investigators leave, are their exit interviews documented?

3. Investigators should demonstrate uncompromising adherence to Principles (or similar Code of Conduct/Ethics) in conducting all of their work.

Does the organisation have a Code of Ethics or Principles governing how investigations should be performed? Is adherence to these Principles part of the performance management process of those tasked with conducting investigations?

4. The investigations function or persons performing an investigations role should be sufficiently independent and free from conflicts of interest.

Whether centralised or decentralised, and whatever functions the investigations report to, is the role of the investigator sufficiently independent from the operations under investigation? This could be in a second or third ‘line of defence’ role. Are conflict of interest assessments performed when assigning the investigator?

5. Investigations should be conducted by persons who have the professional competence for the investigations they are undertaking, supervising and/or reporting on.

Do the persons tasked with conducting investigations have sufficient training and skills, and/or are they appropriately supervised to perform the investigations? Where skills and expertise are lacking are experts called to assist or is training
provided to obtain these skills? Is there recurrent training? Do those recruited to investigation roles hold qualifications relevant
to investigations?

6. Investigations should be appropriately resourced.

Is appropriate resourcing in place for conducting the
scope of investigations in terms of budget/people/training/technology? Red flags signalling resourcing concerns could include cases remaining open for an extended duration; or being dropped. Is there a trend increase in the number of cases year after year? Can the function handle a surge of cases? Are the impacts of a lack of timeliness
documented?

7. Investigations should follow appropriate documented methodology/procedures/framework/response plan.

Is there an investigation workflow, response plan, and/or
manual? Does it set out an investigation methodology? Some points it should cover: careful planning, risk assessment, proportionality and timeliness; procedural propriety; thoroughness- burden of proof; report-writing; quality assurance, sign-off; handling anonymous reporting.

8. Key steps and investigative actions from the
intake of matters to resolution should be documented (and kept securely with restricted access) for corporate memory.

Does the organization keep a record of the matters reported and how these were assessed, triaged, opened and closed? Does this include a decision to open/close an investigation? Are key steps documented in an investigation case file or management system? Is there a documented chain of custody where applicable?

9. Information pertaining to investigations should be treated as confidential, following a ‘need to know rule’, including in restricting access to casefiles.

Is there a protocol that restricts notifications of an investigation to limited persons who ‘need to know’? Are electronic and physical case files appropriately secured and restricted? Are documents protectively labelled (e.g., ‘confidential’)? Is a documented data retention policy observed? Is there a policy for litigation holds?

10. The ACi endorses ethical interviewing: a carefully planned, thoroughly executed approach to seeking an interviewee’s account that is free from misrepresentation, threat, coercion and improper influence.

Do those performing investigations have an established practice for interviewing (e.g. using the PEACE framework)? Are investigators evaluated on the delivery of their interviews by a supervisor? Is there a procedure for raising concerns about the conduct of an interview?

11. Investigation conclusions/findings should be based on facts and in line with the applicable evidentiary burden of proof.

As part of the investigation report quality assurance, are conclusions checked by a supervisor/reviewer? Previous cases won/lost on appeal based on the inferences and evidentiary burden of proof. Is review of jurisprudence of similar cases
performed?

12. Disciplinary decisions should not be taken by the persons who investigated the matter.

Is there adequate segregation of duties to prevent the investigator from directly taking disciplinary decisions? In line with the Principles of fairness and objectivity, while an investigator can recommend that formal action should be considered, the investigator should not take the decision on the disciplinary sanction to apply, or prejudge the outcome of a disciplinary process.

Download our Good Practice Guidance here.