In case our internal investigation brought confirmation of alleged wrongdoing or identified gaps in our internal controls we need to act in order to avoid often costly consequences of corporate negligence. The cost for business may result from regulatory fines, loss of reputstion or best people leaving our organisation.
We may avoid all the trouble if we act on timely manner and learn from our own mistakes of the past. Turning blind eye to the wrongdoing or non-compliance does not eliminate the problem. Just the opposite, it provides an “incentive” to exploit the weakness.
My advice here is to follow the below model, and face the challenge. Only by facing the reality we may transform our weakness into strength and avoid the unpleasant in the future.
In case we identified a concerning issue we need to trsnslate it into actionable response actions and improve for the future, by learning from our past. Usually there are two aspects that require our timely response:
- Gaps in internal controls that has not been exploited yet
- Gaps in internal controls that led to misconduct of criminal nature, where we may have experienced losses or by the actions of the perpetrtor we experienced gain but through a criminal act
Both the above instances need to be addressed and acted upon. The below you may find some ideas on how to face each of the two scenarios.
Scenario 1: Gaps in internal controls that has not been exploited yet
In case of business processes lacking a control mechanism mitigating known instsnce of wrongdoing, we simply need to design a control mechanism filling the gap. Once the mechanism has been designed it has to be implemented by inclusion into internal procedures, training on the procedure to the relevsnt staff and constant monitoring of execution, initially more frequent.
Scenario 2: Gaps in internal controls that led to misconduct of criminal nature
In case we have confirmed internal fraud or bribery leading to a gain for our orgnisation there needs to be applied legal risk management. Often, we may need to consider self disclosure to the law enforcement agencies and disciplinary or criminal / civil action against the perpetrator of misconduct. In this case my strong recommendation is to engage a white-cillar crime lawyer who may guide you through the pros and cons of self-dsclosure and legal actions available in order to mitigate the cost of fraud or level of fines for the organisation. The sooner we stsrt our legsl risk management procedures the better.
All in all, nowadays fraud and misconduct bacame a cost of business for most of the organisations and the risk associated with them needs to be managed same as other business risks. The key to success in the are of fraud and miscondict is to constantly learn and improve, as these two elements are the key features of due diligence, required from business organsations under the regimes of corporte administrative and criminal liability.
Should you like to learn more or have specific doubts or questions associated with management of internal investigations and their outcomes please do not hesitate to reach out to me.
