Corporate Internal Investigations: Keys To An Effective Work Plan, Data And Document Management, And Budget - White Collar Crime, Anti-Corruption & Fraud

As described in the first White Paper in this series on internal investigations, "Conducting an Effective Internal Investigation-An Overview," corporations are under increased scrutiny by regulators across the globe, and as a result, it is more important than ever for companies to conduct an effective, defensible internal investigation when allegations of misconduct arise. An effective internal investigation allows companies to proactively examine the facts and assess any associated legal, financial, and reputational risks, whether or not a related government investigation or civil litigation is underway or anticipated.

But investigation costs can escalate quickly, especially with investigations that cover a significant period of time and/or territory, or that involve conduct that may potentially expose the entity or individuals to criminal penalties or significant civil liability. A work plan and budget are key to both ensuring a thorough investigation and managing investigation costs.

This White Paper summarizes considerations for creating an effective work plan for an internal investigation, successfully managing the collection and production of data and documents, and planning for the categories of expenses that typically arise in an internal investigation. We also offer guidance on how to budget for each line-item. Although each work plan and budget will necessarily vary in its components and costs, the categories described below should be considered when setting the work plan and budget in virtually every corporate internal investigation.¹ We conclude by offering a "checklist" of issues and tasks to consider in preparing an effective work plan, managing data and documents, and formulating an investigation budget.

INVESTIGATION WORK PLANS

A detailed investigation work plan is a key initial step for conducting a thorough and efficient internal investigation. At inception, an investigation work plan should cast a sufficiently wide net, identifying all known avenues for fact development. The work plan should identify the scope and objectives of the investigation, including the issues and types of conduct to be investigated and the persons understood to be involved in the conduct. The principal components of a comprehensive work plan include: (i) objectives of the investigation; (ii) anticipated scope (i.e., allegations and issues to be investigated); (iii) identification of team members; (iv) tasks to be completed, including the data and documents to be reviewed, witnesses to be interviewed, any financial analysis to be conducted, and any required legal research; and (v) responsibility among team members for such tasks.

The work plan should include whether the investigation will be structured to be protected by attorney-client privilege or work product protections. It should address any interim or final reporting that is expected, even if the form of any final report is not certain. Additionally, the work plan should identify any required engagement with third parties, such as company auditors, the board of directors or the audit committee, government regulators, employees' counsel or representatives, contractors or vendors, and the company's insurance carriers (to the extent that any portion of the investigation, or any loss resulting from the conduct being investigated, may be covered by the company's insurance policies). A checklist of suggested items to include in a work plan can be found at the end of this section.

After a work plan is developed, it should be reevaluated on a regular basis and modified as appropriate while the investigation progresses to incorporate new information and developments in the investigation strategy. Periodic communication about the work plan is vital since the urgency of an investigation often means the various components of the work plan occur simultaneously, and adjustments to one component may require corresponding adjustments to other areas of the work plan (e.g., the addition of a witness to the interview list may require changes to the document collection and review portion of the work plan). The work plan should track the budget.

DATA AND DOCUMENT MANAGEMENT

Document preservation, collection, review, and management are key components of conducting an internal investigation. Even if a government regulator or plaintiff's counsel has not sought documents by subpoena or via document requests, reviewing documentary evidence related to the alleged conduct is crucial to gathering relevant facts and analyzing potential outcomes. Managing data and documents as part of an investigation may involve a large number of tasks, including identifying custodians and other potential sources of material (e.g., company servers, shared drives, documents stored in the cloud); conducting custodial interviews; coordinating with inhouse IT teams to collect documents; arranging for document preservation; determining a method to store, host, and review data; processing data and running search terms; reviewing the documents themselves; and identifying key documents related to the conduct at issue. In addition, documents may need to be produced to regulators or summarized for internal client stakeholders. A checklist of items to keep in mind related to data and document management can be found at the end of this White Paper.

Document Preservation

The first step in managing documents in an investigation is identifying where relevant documents are located and preserving those documents. Particularly at the outset of an investigation, it is important to consider the confidentiality of the investigation. The investigation team should work with corporate IT to identify back-end mechanisms for preserving and collecting electronically stored information ("ESI"), including disabling automatic deletions and preserving all relevant information that can be accessed by IT personnel remotely (e.g., emails or other documents stored in the cloud). The investigation team might also review organizational charts for the time period at issue, corporate document storage and retention policies, and other corporate records, such as personnel files, in order to identify relevant custodians and categories of information.

Corporate employees with potentially relevant documents should receive a litigation hold notice as early in the investigation as advisable, typically in conjunction with, or soon after, back-end mechanisms for ESI preservation have been deployed. An effective litigation hold should be comprehensive and easily understood by employees and should instruct recipients not to delete any documents relevant to the investigation. A litigation hold notice should provide general background on the reason for document preservation and give broad, but clearly defined, categories of information to be preserved. If a subpoena, government request, or discovery request is involved, the hold notice should ensure that all categories of the subpoena or requests are fully covered by the hold notice. Companies should be mindful that issuing a hold notice may trigger insurance coverage notification obligations.

Before collecting documents, the attorneys leading the investigation should consider whether an external discovery vendor is needed to capture, host, and, if necessary, produce the collected data and documents. In deciding whether to engage an external vendor, in addition to the costs of the vendor, companies should consider in-house capacity for document hosting, review, and processing; whether vendors have the necessary expertise to handle all necessary tasks; the complexity of the investigation and the underlying collection; and whether production of documents to third parties is anticipated. In circumstances where the volume of documents is substantial, there are particular technology issues or needs, or the collection is especially complex, an external vendor can often streamline the collection, review, and production process and allow for scoping changes, if necessary, as the investigation develops. The vendor should work at the direction of outside counsel to preserve attorney-client privilege and work-product protections.

Document Collection and Custodian Interviews

Once data on company systems has been preserved, the next step is usually to preserve and collect devices and documents that cannot be collected remotely. Such collection should be done as early in the investigation as practicable but may not be executed until: (i) any related requirements under applicable labor and/or data privacy laws have been met; and (ii) the company is ready to disclose to witnesses that an investigation is ongoing.

Depending on the nature and complexity of the misconduct alleged, custodian interviews with individuals identified as potentially having relevant documents may be an important step in document collection. Many companies have a form used for custodian interviews, but it should be reviewed prior to use in particular instances to ensure it is tailored to the needs and objectives of the investigation. During the interview, custodians should be asked about their document and record-keeping practices, the types and locations of devices utilized, and where relevant data and documents are located. Consider asking the custodian about the following topics:

Use of work or personal computers or other devices (mobile phone, tablet, etc.);
Foldering, archiving, and deletion practices;
Location of relevant documents used or created by the custodian (My Documents, shared drive, cloud storage, hard copy);
Use of work or personal email addresses;
Use of work or personal calendars; and
Use of text messages, chats, or other instant messaging programs.

Click here to continue reading . . .

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.