Internal Investigations

Internal investigations, a cornerstone of robust organizational management, have become a standard practice in all well-managed companies. They are required in order to comply with avoid future wrongdoing and keep a good reputation.

Conducting an effective investigation can be challenging and companies who do not want to rely on external experts may need guidance. With the recently published Standard for Internal Investigations by the International Organization for Standardization (ISO TS 37008:2023), companies can now rely on the guidance of an internationally recognized standard setting organisation.

The Scope of the ISO Standard

The ISO Standard covers the principles, support, policy, procedures, processes, standards, results and remedial measures of an investigation.

It covers the entire internal investigation process step-by-step, from the establishment of the investigation policy and procedure to the collection of evidence, interviews, finalization process and investigation report.

The ISO Standard applies to various types of internal investigations, such as those related to government law enforcement actions (e.g., money laundering, antitrust, bribery, etc.), civil actions, and whistleblower incidents.

Key Features of the ISO Standard

  1. The ISO Standard covers the principles of investigation, such as independence, impartiality, objectivity, confidentiality, competence, timeliness, lawfulness, and proportionality.
  2. It guides organizations to set up an investigation policy and procedure that follow legal obligations, business context, organization size, investigation processes, reporting structure, whistleblower protection and potential liabilities. In this regard, while setting up an investigation policy, it is advised for German companies to make a clear link to their “whistleblower” or “speak up” procedures, which are to be established under the German Hinweisgeberschutzgesetz.
  3. The ISO Standard suggests how to collect evidence in a reliable and lawful way. For the collection of electronic data, the Standard recommends working together with the IT department or third-party service providers.
  4. The ISO Standard provides information on how to conduct interviews in a respectful and professional way. It offers advice on the preparation of the interviews, how to maintain confidentiality while conducting an interview, and proper documentation.
  5. ISO TS 37008:2023 also gives guidance on how to finalize the investigation process and prepare a written investigation report that has the key elements in its structure.
  6. Finally, the Standard suggests to organizations to have effective communication channels with stakeholders on investigation findings.

What is the Relevance of the New ISO Standard?

When it comes to the principles of internal investigations, the implementation of company policies or procedures as part of an organizational manual, the electronic collection and review of data, and the conduct of an interview, the ISO standard does not differ much from other standards, such as the reliable 2019 Standard S04 Internal Investigations from the German Institute for Compliance (DICO). However, in certain areas, the ISO standard provides additional guidance. For example, ISO Standard Art. 8.11 lists the information that should be included in the investigation report, such as a full explanation of the relevant facts, limitations and constraints encountered. However, the greatest benefit of the ISO standard may be its format and origin, the “ISO Standard” brand which may facilitate internal and external acceptance of internal investigations.

On a final note, it is noteworthy, that the ISO Standard includes a reference to sustainability when it states to contribute to the UN Sustainable Development Goals 3 (Good Health and Well-Being) and 8 (Decent Work and Economic Growth).