Workplace Investigations Best Practices: 5 Answers to Common Questions About Case Triage
When you think about your investigative process for workplace incidents, you might go straight from receiving an employee hotline report to investigating it. However, not all incidents warrant investigations and those that do shouldn’t all be addressed in the same manner.
That’s where a middle step, case triaging, comes into play. Incident triage occurs when you evaluate an employee or other whistleblower complaint and decide how to address it. Triage usually starts when you receive a report but can happen immediately after an incident in cases such as a security breach or workplace violence. Tom Fox, podcast host, author, speaker, and compliance expert, suggests judging the incident on a scale of 1 to 5, where a 1 has no financial or reputational impact on the organization and a 5 “places the company into crisis management mode and could result in the restatement of audited financial statements or added regulatory scrutiny.”
In our recent webinar with Compliance Week, Fox explains that triaging is an essential step in incident response. Without it, your organization could experience noncompliance penalties, lawsuits, and bad press on top of the time, money, and stress that already go into correcting a workplace issue.
But how do you know you’re triaging effectively? How do you determine threat levels? What’s the best way to investigate incidents of different threat levels? Fox answers these questions and more below.
FREE WHITE PAPER
Want to learn more about incident triage?
Download Fox’s free white paper, which details effective triage techniques and tips.Get White Paper
Because these levels of threat indicate a total failing of an internal control, usually involve one or more members of upper management, and mean dire consequences for the organization, Fox suggests that you will rate approximately three percent of incidents this way.
“This is when, potentially, you’re looking at criminal liability, so hopefully [incidents of these threat levels] are going to be low” he says. Levels “1 to 3 will be the lion’s share.”
If you score a higher proportion of incidents as levels 4 or 5, you are either rating issues too high or you need to make organization-wide changes to policies and procedures immediately.
First, says Fox, get all the facts surrounding the incident from your compliance officer, lawyer, or other subject matter expert. This includes not only the who, what, when, and where, but how the issue could affect your organization in relation to various risks (e.g. financial, compliance, environmental, reputational, etc.). They should explain the potential outcomes of your action options, providing as much insight as possible.
After that, though, “the business people and/or the board should be the ultimate deciders” of how to address the incident, he says. “That’s what they’re paid to do.”
In other words, subject matter/departmental experts should share their opinions but ultimately, those in charge of the organization should have the final say about how to proceed.
Fox explains, “if it’s a level 1 or level 2, I hope you’re going to be able to respond quickly and expeditiously. Obviously, if it’s moving toward 4 and 5, it’s going to take a little bit longer.” This is because there is simply more to do when correcting a low-level incident, where high-level incidents need more time and thought to determine and carry out corrective and preventive actions. They might also take longer to address because you need to consult people across multiple departments (e.g. legal, HR, compliance, IT).
“But the key is to get the process started,” he stresses. If you have the bandwidth, it’s always better to respond faster than to wait around and let an issue escalate. Some types of investigations (e.g. data breaches, workplace injuries) have strict regulatory requirements for completing steps or all of an investigation, so keep that in mind as you make your plan.
“The key is [to have a] written protocol, follow that protocol, [and] document your decision-making process,” Fox explains. This not only speeds up the triage and investigation stages, but also ensures consistency if another person has to deal with a similar incident in the future, or if you’re questioned or audited by lawyers or regulatory bodies.
“Can you make an incorrect decision? Yes. Will you be criminally prosecuted for that? No. Could it be more costly for your organization? Potentially yes.” But as long as you are following a consistent incident-handling process and documenting what you did and why you did it, you should feel confident in your triaging skills. Doing these things greatly reduces your risk of noncompliance penalties or lawsuits (wrongful termination, for instance).
Become a triage expert.
Watch Fox’s full webinar on how to reduce your risk using effective case triage protocol now.Watch the Webinar
“If you’re a small company with a small team . . . you’re going to need to go to outside counsel. You just don’t have the resources,” Fox says. While small teams can handle a lighter caseload and smaller incidents, high-level issues can easily overwhelm them.
However, not just small organizations need external help. Issues that involve multiple departments, business units, offices, or even countries will likely require outside investigators, subject matter experts, and legal counsel to respond quickly. “You’re going to need bodies to literally go across the world at 24- or 48-hours’ notice,” and only the largest companies have the internal resources to do so.
Ultimately, Fox explains, “it depends on the size of your internal capability and how significant the incident is.”
How Case IQ Can Help
Case IQ’s modern case management software lets you receive reports and triage, investigate, and manage incidents all in one secure platform. Our automated workflow features keep your investigations on track, so your team never misses a step or deadline. You can even prevent future issues with Case IQ, thanks to our award-winning BI tool that analyzes historic case data, uncovering areas of risk and incident trends so you know where to focus your resources.