Assessing the C&E Investigations Process

by Rebecca Walker and Jeff Kaplan

Investigations are one of the more difficult and riskier activities of an C&E program. Poorly-conducted investigations can create serious legal risks for an organization. In addition, the mishandling of investigations can damage the way in which employees perceive C&E programs, in particular where the report was initially made to the C&E department, through a hotline or otherwise. The mishandling of C&E investigations can corrode the sense of organizational justice and the culture of ethics and compliance at an organization. In short, C&E-related investigations are a serious business, and assessing them is therefore an important component of assessing an C&E program.

Assessing an investigations process is often complicated by the fact that investigations at many organizations are conducted by a number of functions, and privilege concerns can further complicate any review. In addition, there are a large number of facets of the investigations process that must be reviewed in order comprehensively to assess that process, which further increases the level of complexity. When reviewing investigations procedures, some of the more helpful areas of inquiry include the following:

  • Are there written guidelines governing how investigations will be assigned? Are they logical and appropriate? Are they followed in practice?
  • Is there a written investigations protocol, and does it include those elements that are necessary to facilitate robust investigations? Some of the elements that are typically included in investigations manuals include…Keep reading this article on our website

The Value of Starting Simple: A Risk Assessment Spreadsheet

by Jeff Kaplan

For those just getting started with compliance risk assessments, the KISS approach can be invaluable.  And by KISS, I mean “Keep it Simple with Spreadsheets.”  Spreadsheets are not mandatory in conducting risk assessments, of course.  But for the beginners in this area, they can be exceedingly useful.   

Consider the simple model below – along with associated commentary. Something like the following can be a helpful tool in creating or improving your risk assessment program.

Risk areas

The risk areas to be assessed generally include:

  • substantive areas of criminal law risk, such as corruption, antitrust, export control/trade, insider trading/confidential information, and fraud,
  • ethical, as well as legal, areas of risk, e.g., conflicts of interest,
  • in some instances, civil law, e.g., employment law, defamation.

Additionally, some risk areas should be broken down into sub-risk areas, e.g., bribery of government officials as well as commercial bribery.

Risk areas can often be excluded from the compliance risk assessment process if they have been the subject of other risk assessments or do not appear to represent significant legal or ethical peril (de minimis risks). An example of the latter is copyright risks for most organizations (although copyright can be a significant risk area for some industries, such as publishing or entertainment)…

Keep reading this article on our website


Leave a comment


* Required , ** will not be published.

= 5 + 2