Investigations management processes are enabled through implementation of the right investigation technology platform. The technology solution is crucial, because it offers the adaptability needed for the dynamic nature and geographic dispersion of the modern enterprise.
Investigation management applications are intended to manage, in one common framework, all departments, divisions, related companies and types of investigations and incidents. This investigation management platform enables investigation team members to be shared across multiple entities (companies, divisions and departments) as needed, or restricted to just one entity or set of discrete participants when appropriate. Investigations platforms offer a common and consistent approach to report incidents (e.g., hotlines), handle escalation, manage investigation processes, and analyze loss. They enable an organization to evaluate the criticality of incidents, assign investigation team members, monitor business impact, manage the investigation process, and report on loss and impact across business areas. It maintains detailed investigation history and audit trails, manages the lifecycle of investigations, links incidents to remediation procedures, and identifies trends to monitor similarities and relationships across investigations.
Organizations considering an investigation management platform should evaluate the following during the selection process:
- Organization management:Whether it is a business process, a physical asset, an information asset, a business relationship, an individual, or the entire organization, investigations apply to some structure of the organization. An investigation management system needs the ability to model the organization and map investigations to organizational structure categories — whether geographic, process, business unit, or information.
- Accessibility:Investigations generally require the involvement of multiple individuals across an organization. An investigation management system must provide secure access and a complete system of record that an individual can log into to find required tasks, evidence management, and related policies and procedures to guide investigation activities.
- Workflow:Investigations require process management through a standardized workflow. This provides the ability to prioritize, assign and track incidents from identification to resolution. Within each incident the organization should have the ability to assign a lead investigator and support staff, and notify personnel when incidents enter their case-management queues.
- Task management:An investigation management system delivers the ability to track a variety of activities at different stages of execution. Tasks are assigned and communicated based upon roles, responsibilities and incident category, providing a collective overview of each individual’s task list of outstanding work items and due dates, and prompts individuals with reminders of upcoming activities.
- Content management:An investigations platform requires a breadth of content management functionality, including content repository, version control, access management, and records and retention management. This is typically the portion of the application that will provide collection and management of evidence, as well as details about how the investigation was conducted.
- Audit trails:Every assignment, person, piece of information collected, developed, changed, distributed, archived, surveyed, notified, and read should be accompanied by an audit trail to document every who, what, where, and when. The level of audit trail needed for investigation management cannot be maintained with manual processes and ad hoc systems spread across an organization.
- Interaction with other GRC applications:When incidents or investigations occur, it is important to identify not only what went wrong, but to make changes that can prevent similar occurrences. Policy, risk, control, and compliance applications must be cross-referenced to investigations and share information.
- Enterprise loss analysis: The solution should have capability to categorize, measure, allocate, record, and report on losses across the organization. This includes analytic capabilities to model and report on loss trends — such as root-cause and trend analysis, ability to report on loss and event data to the control environment, as well as the ability to provide for loss distributions and calculations.
- Remediation management: The solution should have ability to track and manage the remediation process. Specifically, organizations must look for the ability to track and monitor the status of remediation such as recognized control gaps, audit findings, safety violations, and regulatory interactions and reporting.
- Hotline integration and reporting: An important feature is the ability of the system to integrate with the organization’s anonymous hotline/whistleblower system used to report incidents and events. The system should be able to inquire reporters (whether known or unknown) to communicate investigation status as well as ask further questions needed for the investigation.
- Security architecture: Investigations management platforms are effective only if the organization can tightly control access to sensitive information. Security is a critical element of consideration in an investigations platform — an inherent weakness in spreadsheets and homegrown databases. Organizations must select a solution with proven security architecture with features such as role-based administration of privileges, integration with directory services, secure-access incident data down to the individual field level, protection of the identity of the individuals involved, and ensuring the integrity of the organization’s confidential information.
- Reporting and dashboarding: An investigations management platform provides an easy-to-use interface for reporting and managing investigations. Specific features to consider include the ability to monitor investigation status, measure and report on impact, production of reports to track incidents by type, date, person, location, financial impact and other attributes. Dashboards provide management with real-time access to current incidents, resolution status, key metrics, and the relationship of incidents or events, to identify trends and relationships.
- Configuration flexibility: The strongest solutions support flexible configuration without code customization — configurability refers to the ability to manage structures, rules, data elements, workflow, fields, interface layout, and user-interface characteristics without customization.
- Usability: Investigation personnel should be able to use the system without being technically savvy. Organizations should select a solution that has an intuitive look-and-feel with navigation, and presentation of information that minimizes the need for user training, particularly when some investigations and participants may use the system infrequently.
- Scalability: Platforms must be able to handle multiple people accessing the systems from across a distributed enterprise that may span the globe, with many investigations occurring simultaneously and at different stages of the process.
I would love to hear your experiences and thoughts on what to look for in investigation management platforms, please follow the link to comment on my blog.