Skip to content


Compliance Investigation Checklist

By Miriam Konradsen Ayed (Updated )

When it comes to compliance issues or bribery concerns, every situation is different, and your organization’s response should be reasonable and proportional to those circumstances. Let’s say that someone has claimed that an employee is taking friends to dinners and being reimbursed as if these friends were potential customers. In this case, it would probably be overkill to bring in outside counsel. A more proportional response might be to have the company’s internal investigator meet informally with the employee and with the employee’s supervisor. If you had damning evidence of a $100,000 kickback scheme going on, however, you would likely bring in outside counsel and launch a larger investigation.

Responding to an ethics or compliance issue requires informed decisions about who should investigate, the scale of the investigation and how you gather the relevant information. Learn about critical do’s and don’ts when making these decisions.

Who should investigate?

Upon identification of any issue, either the top management or the compliance function (as appropriate) should assess the known facts and potential severity of the issue. If the available facts do not provide sufficient ground upon which a decision can be made, an investigation should be initiated.

An issue might be investigated by the compliance function, international audit, or another appropriate manager or third party, but it is critical that the investigator was not involved in the case. The person investigating should preferably be familiar with conducting internal investigations, either through training or prior experience. The investigator should be given appropriate authority, resources, and access by top management.

Establishing the facts

The investigation should promptly establish the facts and collect all the necessary evidence. Methods include:

  • Making inquiries with those involved or affected
  • Assembling all relevant documents and other evidence
  • Obtaining witness evidence
  • Where possible and reasonable, request to have written reports on the issue signed by the individuals making them. (For more detail on this stage, read our article, “7 Interviewing Tips For Compliance Investigations”).
  • Investigation do's and don'ts

In undertaking the investigation and any follow-up action, the organization needs to consider relevant factors. Here are four “do’s” for investigators:

  1. Do consider the applicable laws, and whether legal advice may be needed.
  2. Do be aware of the risk of defamation when making statements.
  3. Do protect people making reports and others involved or referenced in the report.
  4. Do carefully consider the potential criminal and civil liability, financial loss, and reputational damage for the organization and individuals.

Equally important are these four “don’ts”:

  1. Don’t take the safety of personnel for granted.
  2. Don’t assume that personnel will give full cooperation to the investigation.
  3. Don’t overlook any legal obligation, or benefit to the organization, to report to authorities.
  4. Don’t trust that those concerned will keep the issue and investigation confidential until the facts have been established.

Results and follow-up actions

The results of the investigation should be reported to top management and the compliance function. Once the investigation is complete and the organization has sufficient information to make a decision, it should implement appropriate follow-up actions. Depending on the circumstances and the severity of the issue, these actions could include one or more of the following:

  • Terminating, withdrawing from, or modifying involvement in a project, contract, or other.
  • Repaying or reclaiming any improper benefit obtained.
  • Disciplining responsible personnel. This could range from a warning for a minor offense to dismissal for a serious offense.
  • Reporting the matter to the authorities.
  • Taking action to avoid or deal with any possible consequent legal offenses.

The company should also review its compliance program and consider whether the issue arose because of some inadequacy in the program itself. if so, appropriate steps should be taken immediately to improve procedures.

compliance technology

Implement a tailored Incident management solution

View platform

Related reading

Join the E&C Community

Get the latest news from GAN Integrity in your inbox.

We respect your privacy. Your data will be kept confidential and will not be sold or shared with third parties. For more information, please see our Privacy Notice.