So you have a reporting process in place — whether that’s a third party tool like our Anonymous Reporting and Case Management expansion, or something more ad hoc like an open door policy. But what happens when you actually receive an actionable report?
In short: how do you conduct a workplace investigation?
It’s a question that’s relevant whether you’re freshly stepping into a People role, on a small team handling HR issues solo, recently onboarded a new reporting tool, or just want to reevaluate your process. And since Ethena recently took a deep dive into reporting processes as part of the launch of our own Anonymous Reporting and Case Management tool, we thought we’d take the opportunity to share some of the insights we’ve gathered.
Obviously, every workplace is different, and investigations can stem from a wide range of complaints, issues, and reports. But without getting too prescriptive, here are some helpful guidelines to keep in mind and set people off on the right foot. Just so we’re on the same page, it’s not intended to be a comprehensive template — rather, some thoughts we pulled together and were eager to share when it comes to workplace investigation roles and responsibilities.
What types of incidents require investigation?
Broadly, an investigation is a great first step for any report about which you need more information. It can be as simple as verifying that an event did in fact happen on the specified day, or as complex as conducting multiple interviews to try to nail down a series of events.
And more specifically, you should initiate an investigation any time you have reason to believe that a company policy may have been violated — including your code of conduct.
Where should I start when an employee raises a concern?
The place to start your investigation is from a place of curiosity; both literally and figuratively. Not only will you need to ask questions to make sure you have as clear a picture as possible from the employee submitting the report, which will inform whether you need to initiate a full-blown investigation and loop others in. But you also need to remember to come in with an open mind so you’re following a path instead of forging one.
When might Legal need to get involved in a workplace investigation?
We won’t spend a ton of time on this today, but know that Legal should take a more dominant role anytime the potential for litigation or an EEOC violation arises. And while documentation is always important, it’s especially crucial in these cases, as the entire process could come under external scrutiny.
Step 1 — assign workplace investigation roles and responsibilities
Whether you have a legal team in place or not, your first step will be determining who will play what role in the investigation process. Best practice is to keep the circle of information as small as possible, with ideally just one person (like your Head of People or Head of Legal, for example) having the whole picture, and everyone else given only the information they need in order to perform their function.
Step 2 — interview the incident reporter
Once roles are assigned and understood, you’ll need to communicate these details to the reporter prior to your interview. Make sure to explain your role and its inherent neutrality, their role and obligations as the reporter, and share anticipated timelines.
Once that’s clear, you can begin to collect information from the original incident reporter. (Whether in the initial interaction, or via a reporter-communication function like the one offered by Ethena’s tool, which allows you to communicate with the reporter while maintaining their anonymity.) Obviously, there’s quite a bit of nuance that goes into these types of interviews, but there are some key questions you’ll want to lean on. Think about details like:
- When did this happen?
- Who was involved?
- Did anyone witness the interaction? (Ask for full names and roles.)
- Was this a first- or one-time occurrence, or part of a pattern?
Document everything clearly, including a list of any other employees it might be useful to speak with, and what questions you’d like them to answer.
Step 3 — hold any additional interviews and speak to the accused perpetrator
Again, there’s a lot more that goes into this particular step, but to set yourself off on the right foot, use your interview (or anonymous communications) with the incident reporter to determine who else you need to speak to, and what you need to know from the accused.
Create a list of questions in advance so you know what you need to cover, take copious notes both during and afterward, when the memory is fresh, and remember to schedule these meetings as “private” instead of “public” if your organization uses calendar sharing.
Finally (and most importantly!), remember that this information is all highly confidential, so to ensure everyone’s privacy, make sure you’re tracking notes in a secure and confidential place. (i.e. don’t record these details in a notebook that gets left lying around the office for anyone to find, or in a Google Doc or folder that others might have access to.
Step 4 — review the information you’ve gathered
Once you’ve spoken to anyone involved and you have all the information you need, it’s time to review. Block off some time to go through your notes and any additional documents provided by the reporter to make sure there aren’t any gaps in your understanding. (No disrespect to Google Docs, but our case management system is a real help here even just as far as organizing information and keeping things confidential.)
If there are gaps, you can reach back out for info or schedule another interview — you just want to make sure you don’t move forward from this step until you have everything you need.
Step 5 — make a determination
For some larger companies, this might be the moment where you put together a summary proposal with all the information you’ve collected and hand it off to the Legal team. But if that isn’t the process at your org, you might be making a determination either on your own or maybe in collaboration with one other People team member.
Compare your findings with internal documentation like a Code of Conduct and other written policies to determine whether there’s been a violation and, if so, what response is merited.
Step 6 — inform involved parties of the investigation’s conclusion
If there are consequences for the accused, they’ll need to be informed of that and to work through any necessary documentation that needs signing. But everyone else involved in the investigation should be given as little information as possible. Why? Because all employees have a right to privacy, of course!
In many cases, that means informing the reporter that the review has been completed, that the investigation is closed, and whether or not the person reported was found to be in violation of company policy. What you can’t share is any specifics beyond that, such as details about any action that’s been taken in response; for example, here’s a suggestion for what you might share in either instance:
If the person is found to be in violation of company policy…
The investigation has been completed. We found this person to be in breach of company policy and we have taken appropriate action. Let us know if any future incidents occur.
If the person is not found to be in violation of company policy…
The investigation has been completed and we did not find this person to be in breach of company policy. Please let us know if any future incidents occur, as we take this very seriously.
Regardless, you want to leave the reporter with the awareness that you appreciate them coming forward. (And we really mean this part, since a reporting culture is a healthy culture!)
What should I bear in mind when launching an investigation?
The four things you want to keep top-of-mind with every report are consistency, organization, anonymity, and empathy.
- For consistency, make sure that every member of your team both thinks about and handles reports in the same way. If you have three HRBPs on the same team with different philosophies on how to run an investigation, the quality of a reporter’s experience is going to vary as well, so commit to getting on the same page.
- For organization, make sure all documentation on the report is in a centralized (and secure!) location. Nothing should be left to chance or memory; everything needs to be clearly recorded so it’s accessible later in the event of an audit, a repeat offense, or something similar.
- For anonymity, it’s crucial that only those who need the information have access to it. Keep a close eye on permissions and be extremely wary of a shared drive — your best bet is a closed, third-party system like Ethena’s, which offers top-tier case management services to a select group of admins. (With the option to remove or add permissions to allow certain folks access to some reports and not others.)
- And finally, for empathy, remember that there is typically an emotional component to both reports and investigations. This could be an uncomfortable or difficult situation for all parties involved, so it’s important to be empathetic without taking sides. That last part is extra important: Your job in an investigation is to get to the bottom of the situation so you can take appropriate action where (and if) necessary — not to go in with any preconceived notions or assumptions. That’s bias, not empathy.
Ethena’s reporting tool makes case management a breeze
At the end of the day, you need to find a way to check this box in a way that meets expectations beyond just regulatory requirements. In the event of litigation or external investigation, you need to be able to say you did all the right things, and Ethena’s Anonymous Reporting and Case Management tool is designed to help you do just that.