OCEG Online / A Holistic View: Tools for Enterprise Investigation Management

AboutMission & StructureFounders & Leadership CouncilAdvisory BoardSteering CommitteeMedia Partners/AffiliatesManagement TeamContact Us / FeedbackTechnology CouncilStandards & GuidelinesFrameworkProcess FoundationRisk Area DomainsExposure DraftsTechnology / XMLResourcesGRC illustrated seriesTopics & GroupsCase StudiesGRC360 MagazineExposure DraftsGRC SourceBlogsGRC 360° - Driving Principled Performance™GRC TechnologyOCEG Technology BlogBenchmarking SeriesAudit & EvaluationMeasurement & Metrics GuideUpcoming EventsWebinar SeriesMember to Member NetworkNews & AnnouncementsJob Postingswhy join?How Can OCEG Help Me?Benefits Overview:: Governance:: Risk Management:: Audit:: Compliance:: Ethics & culture:: Technologyjoin / upgrade now

Measurement + Benchmarking

Events + Networking

why join?

You are here :: home > knowledge network > GRC 360 online > GRC 360 - Spring 2008 Issue, Fighting Fraud and Corruption > A Holistic View: Tools for Enterprise Investigation Management

A HOLISTIC VIEW: TOOLS FOR ENTERPRISE INVESTIGATION MANAGEMENT

by Michael Rasmussen

A GENERAL OBSERVATION: Organizations are a complete mess when it comes to a consistent process for managing investigations and loss across the enterprise. The disarray of investigations management is a result of:

• Fragmentation. Organizations often lack a common platform for managing corporate investigations, incidents, issues, events, complaints and/or loss. Instead multiple roles in the organization go about managing corporate investigations in their own silos.

• Inconsistency. These fragmented investigation processes are typically poorly defined and do not provide an enterprise visibility into incidents and loss. As a result, the organization has a variety of methodologies ranging from the ad hoc to the mature.

• Technology ignorance. Organizations tend to have an abundance of home-grown spreadsheets, custom-built databases, and perhaps an occasional commercial product thrown into the mix. There is limited adoption of enterprise investigations management platforms.

This is cause for concern. In today’s complex and distributed business environment any business, from both a compliance and operational risk perspective, needs a complete 360-degree view of enterprise investigations and loss. Corporate governance, strategic decision-making, and the protection of stakeholder value require understanding where the greatest issues and losses have been.

Further, the over reliance on spreadsheets and home-grown databases to manage investigations should raise issues with legal and corporate compliance departments. These systems often lack the robust audit trail found in commercial applications. Spreadsheets in particular should be avoided for managing investigations as they fail to demonstrate the integrity of the information and who entered it (what is referred to as non-repudiation).

PROVIDE ENTERPRISE VISIBILITY

The first step in overhauling an organization’s investigation management approach is to think ‘enterprise.’ A common process for managing enterprise investigations provides for collaboration, consistency, efficiency and transparency.

Enterprise collaboration on investigations requires that the organization implement an enterprise platform for managing investigations. Enterprise investigations platforms provide a common and consistent approach to reporting incidents (e.g., hotlines), handling escalation, managing the investigation process, and analyzing loss. The platform enables an organization to evaluate the criticality of incidents; assign investigation/response team members; monitor business impact and regulatory requirements; manage the investigation process; and report on loss/impact. The reports encompass business areas of security, quality, human resources, compliance, environmental, health and safety, and so forth.

An enterprise approach provides incident data across business units, processes and relationships. It allows the organization to maintain detailed investigation history and audit trails, manage the lifecycle of investigations, link incidents to remediation procedures, and identify trends to monitor similarities and relationships in investigations. This in turn allows the organization to understand all of its mitigation and prevention requirements.

Organizations considering an enterprise investigation platform should consider the following in their selection process:

• Investigations process management. The solution should have a lifecycle approach with robust work flow/process management capabilities. Process management capabilities provide the ability to prioritize, assign and track incidents from identififi cation to resolution. Within each incident the organization should have the ability to assign a lead investigator and support staff, with the capability to notify personnel when incidents enter their case management queues. Look for visual work flow modeling, process flowcharts and task management features.

• Investigations project management. Project management capabilities to assign and manage the calendars and resources assigned to investigations are closely aligned with process management.

• Investigations content management. A strong solution also provides a breadth of content management functionality, including content repository, version control, access management and records and retention management for investigations.

• Enterprise loss analysis. The solution should have robust capabilities to categorize, measure, allocate, record, import (external loss data) and report on losses across the organization. This includes analytic capabilities to model and report on loss trends – such as root cause and trend analysis, ability to report on loss/event data to the control environment as well as functionality to provide for loss distributions and calculations (e.g., Monte Carlo simulations).

• Remediation management. Related to the process and project features, a solution should have ability to track and manage the remediation process. Specifically, organizations should look for the ability to track and monitor the status of remediation such as recognized control gaps, audit findings, safety violations and regulatory interactions / reporting.

• Hotline. Another important feature to look for is the ability to integrate with the organization’s anonymous hotline/whistleblower system for reporting incidents and events.

• Security architecture. Investigations management platforms are effective only if the organization can tightly control access to sensitive information. Security is a critical element to consider in an investigations platform – and an inherent weakness in spreadsheets and personal databases. Select a solution with a proven security architecture. Features should include elements such as: role-based administration of privileges, integration with directory services, secure access incident data down to the individual field level, protection of the identity of the individuals involved, and ensuring the integrity of your organization’s confifidential information.

• Reporting and dashboarding. A robust investigations management platform provides an easy-to-use interface for reporting and managing investigations. Specific features to consider include the ability to monitor investigation status, produce reports that measure and report on impact, and other reports to track incidents by type, date, person, location, fifi nancial impact and other attributes. Dashboards are also essential and should provide management with real-time access to current incidents, their resolution status, key metrics and the relationship of incidents/events. That will enable the organization to identify trends and relationships.

• Confifiguration flexibility. The strongest solutions support flexible configuration without customization of code. The entity can manage structures, rules, workflow and user-interface characteristics without customization.

• Usability. Investigation personnel should be able to use the system without being technically savvy. Select a solution that has an intuitive look and feel with navigation and an information presentation of information that minimizes the need for user training.

• Scalability. Closely evaluate the platforms ability to handle multiple people accessing the systems from across a distributed enterprise that may span the globe.

• Systems integration and openness. An investigation management platform is one component of a broader enterprise application environment. The solution should have capabilities to integrate into the broader application environment.

MICHAEL RASMUSSEN IS PRESIDENT OF CORPORATE INTEGRITY, LLC. A GRC ANALYST WITH 15 YEARS OF EXPERIENCE, MICHAEL ASSISTS ORGANIZATIONS IN THEIR SELECTION OF PRODUCT SOLUTIONS AND PROFESSIONAL SERVICES. CONTACT HIM AT MRASMUSSEN@CORP-INTEGRITY.COM