Photo by iStockphoto.com / See Hear Media, Inc.

Photo by iStockphoto.com / See Hear Media, Inc.

Corporate malfeasance is a cancer that if left undiagnosed and untreated can cause extreme problems for an organization, or even its death. The best known treatment for cancer is early diagnosis, extraction of the cancerous cells and treatment via chemotherapy and/or radiation.

The approach is similar in the corporate sector. An early diagnosis, extraction and treatment of a problem can effectively heal the cancer that has the potential to cause anything from monetary loss via regulatory fines and new requirements, to soiling of market-place reputation or dissolution of a company, as in the case of Enron and Arthur Anderson.

This realization is perhaps why some observers, including Brian Babineau, a senior analyst of Enterprise Strategy Group, have seen a trend towards corporations hiring specialty attorneys who can help manage internal investigations. Organizations have now come to realize that they have two alternatives: either they proactively root out the cause of the problem or someone else will. The consequences of the latter are grim enough to justify a serious new emphasis on resources and tools needed for internal investigations.

Some of the events and factors that drive internal investigations are:

• Alleged employee malfeasance (theft of trade secrets and other criminal activity);
• Whistleblower actions;
• More board member attention paid to alleged corporate misconduct;
• Audit committee members and directors wary of personal liability; and
• Due diligence requirements during mergers and acquisitions.

Internal investigations and audits tend to be more expansive since often there is no "smoking gun," and instead involves the internal investigations team proactively monitoring and managing company policy to ensure adherence. Because the majority of a company's information is stored in an electronic format, this means corporate counsel and corporate security officers tasked with this job will potentially be forced to sift through terabytes of information on an on-going basis.

Most internal investigations are conducted in a clandestine fashion. As a result, there is a need to rely on technology that can facilitate covert and highly efficient methods of identifying, analyzing, extracting and preserving valuable information from repositories of custodians or persons of interest.

The most important steps to an internal investigation are:

1. Collection. This must be done in an expeditious manner especially when dealing with electronically stored information (ESI). This is to prevent situations where the employees and persons of interest become aware of the investigation.

Although most investigations necessitate a broad sweep, the actual collection of data will need to be very targeted. It is burdensome enough for corporate counsel to deal with large data collections for civil litigation. They do not want to add even more data to those collections due to various in-house investigations. Over-collection adds to operational costs and creates a large pool of data, outside of the normal records retention policy, that could then be the subject of future litigation.

Collection should be done before interviews of employees can commence. This is to prevent tampering of volatile data by employees in anticipation of corrective action.

2. Preservation. Now that the data has been collected, there is a need for the data to be preserved in such a way as to minimize its impact on the current records retention policy. In other words, a method that can extend the company's traditional legal hold policies and retention capabilities all the way down to the data collected for the individual.

Because there are so many disparate sources of data, it can be a vastly different process to collect data from an email server than from a file share. Having technology that can enforce legal hold policies into many different data sources can eliminate a lot of time and effort.

3. Security. Typically multiple parties are involved in an internal investigation: internal counsel, external counsel, internal auditor, security officer, executives, etc. Each of these parties will need access to the preserved data set at different times. The organization should have tools that allow flexibility of access and can change access authorization as needed.

4. Time to Assessment. Because internal investigations can be quite disruptive to the business of an organization, the goal is to reach a quick decision as to the next appropriate action: reprimand or termination of employee(s), self notification to regulatory body, hiring of specialty outside counsel, etc. Organizations have to put together the process and tools that can significantly decrease this time to resolution.

5. Defensibility. Although defensibility in an internal investigation is not as important as in a formal litigation hold situation, there is always the strong possibility that the same data will become pertinent to a lawsuit or outside investigation at a later date. To this end, internal investigations should be conducted with an eye towards that possibility. Therefore, having a forensically sound and reportable process that prevents alteration of metadata or spoliation throughout the investigation process is essential.

Investigations can be taxing on an organization, but technology can greatly aid in the process. Having the ability to conduct efficient and thorough inspection of ESI via advanced analytics tools can uncover hidden meaning and criminal acts that previously would have gone unnoticed for years.

A recent example of this is when a prominent mortgage company in California, through extensive internal investigation of their financial and email data, was able to discover that several employees were part of an intricate money-laundering scheme. It was a situation that, if left unchecked, could have shuttered the doors of the company. Instead, internal investigators were able to alert the appropriate authorities in time to maintain the company's credit rating, prevent further loss and calm customer concerns.

Analytic tools provide a wealth of information that can jump start an investigation and provide the ability to quickly hone in towards the correct people and issues that need to be investigated. Furthermore, for investigations involving electronic data, "analysis must be done every step of the way," according to Tom Gelbmann the managing director of consulting firm Gelbmann & Associates.

Analytics is indispensable in sifting through millions of pages of emails and documents in order and providing a greater understanding of the incident under investigation. Performing analysis before collection helps an investigator to do a targeted collection, which results in a quicker, more accurate process.

Analytics can also be used in internal company investigations to identify patterns of conduct. For instance, an investigator can use an analytics tool to search a set of emails sent within a nine month period involving a suspected employee. A good tool provides graphs and threads showing who the individual corresponded with during that nine month period, and what was discussed.

Should the resulting graph show that the employee began communicating with a third party at a competitor just prior to the incident at issue, the investigator could then direct the investigation accordingly. Visualization features of an analytics tool allow for quick identification of impending problems as well as potential stores of relevant data, thereby increasing the ability to mitigate damages.

A rich analytics engine is just one technological capability necessary for a good investigation tool. Other requirements include:

1. Scalability. The tool must not only be able to index large volumes across the enterprise but also have the ability to grow with the company's electronic discovery and investigation needs.

2. Performance. A tool that had a proactive index is necessary to have almost instantaneous results to queries. If a fileshare has to be re-crawled for each query, it will greatly slow down the investigation process. Because the entire goal of an investigation is to come to a resolution quickly, the tool has to be able to perform and complete each stage of the process very quickly.

3. Accuracy. For a successful investigation, accuracy is essential. An organization cannot afford to miss relevant content in its internal investigation. This could lead to a false sense of security or bad internal decisions. Rest assured that outside investigators will catch what was missed.

4. Targeted collection. Having a robust analytics engine helps in targeting the right people and evidence, but the ability to actually collect disparate types of data across multiple repositories should exist within the tool.

5. Comprehensive legal hold. The tool must be able to preserve the data and its metadata by making a forensically sound copy and placing that copy on immutable hold. This eliminates the "hold everything forever"philosophy that many companies have been forced to adopt due to the lack of an in-house electronic discovery solution.

6. Chain of Custody. A good investigation tool will need to provide a log and detailed report on every step of the process. The value and integrity of the data depends on this proof. Otherwise, there may be challenges to the data presented by your organizations, which will be difficult to refute.

With these core technological competencies, a company will have the right approach to rooting out the cancer that can eventually invade even the most prestigious organizations.

As White & Case partner George J. Terwilliger III wrote in a November 2007 article for the National Law Journal: "A well-run internal investigation can turn a potential corporate crisis into a valuable opportunity to enhance a company"s reputation. It can also position a company to achieve a far better result in regard to potential liabilities and penalties' the key is to aggressively employ good judgment and proven resources."

About the author: Heidi Maher is a solutions consultant in EMC's Global Compliance Solutions Practice where she leverages her legal experience along with EMC's unique technology to help organizations address challenges related to e-discovery, compliance, and records management. Ms. Maher received her J.D. from Baylor School of Law and her B.S. from the University of Texas at Austin. She is licensed to practice law in the Eastern and Western District Courts of Texas as well the Fifth Circuit Court of Appeals.