Internal investigations are a central part of the crisis management response, and whilst the form and structure of the investigation will depend on the type of crisis, investigations will generally focus on identifying root causes and those with responsibility for the crisis.  In addition internal investigations should uncover any poor practices and inadequate systems, and whilst internal investigations are primarily fact finding, robust investigations will allow the organisation to assess liability at an early stage.  This in turn allows the organisation to make internal and public statements with confidence, and allows it to take any necessary steps in addressing weak systems and procedures identified during the investigative process.

A key initial decision is who will lead the investigation.  As independence is important in ensuring any report is credible, the use of external solicitors should always be considered, and in all cases avoiding giving roles to those potentially implicated in the crisis will be important.  Ensuring independence in the investigation should avoid another potential crisis where the investigation itself is placed under scrutiny.

Investigative methods need some thought.  In witness interviews thought needs to be given to who carries out the questioning (line managers should be avoided) and putting in place one interview team helps with the assessment of credibility.  The recording of interviews also needs to be thought through; taping sessions will be highly accurate but may not strike the right tone.  Interviews should, of course not be conducted by anyone potentially implicated in the incident.

The gathering of documentation is an important investigative task and should generally be carried out in the least intrusive way.  The question of ownership of documentation is important as the organisation typically will only be able to retain material it owns.  So, planning in advance, using HR policies, for issues such as searching of employees' desks and clarifying who owns documents created on the organisation’s systems is prudent.

Privilege and confidentiality are central issues for organisations during these processes, and an initial distinction needs to be drawn between documents which are commercially sensitive and those which are protected by legal professional privilege.  Commercially sensitive documents are recoverable and disclosable.

Documents protected by legal professional privilege are different.  There are two broad types of privilege.  Firstly, documents produced for the “dominant purpose” of actual or contemplated litigation are privileged.  Secondly, privilege is attached to legal advice given by a lawyer to his client in a relevant legal context.  However, there are limits on the scope of when privilege arises, including who "the client" is, and what constitutes legal advice in a "relevant legal context".

There are ways to optimise claims of privilege:

  • Identifying the core team and legal advisor;
  • Properly labelling communications;
  • Controlling dissemination of legal advice, particularly not forwarding it on to other parties;
  • Ensuring legal advice is stored in a safe and not a shared location electronically;
  • Separate legal and commercial advice.