5 Helpful Internal Investigation Tips

5 Helpful Internal Investigation Tips

Being able to conduct an effective internal investigation is essential for the day-to-day operation of your organisation. A well-conducted internal investigation helps ensure that those who have engaged in improper conduct are identified as having done so, and are dealt with appropriately. It can also ensure that those who have been wrongly suspected or accused of having engaged in improper conduct have their circumstances claried and the suspicion removed.

An effective internal investigation helps reinforce better workplaces and protects the company from large fines, damages, negative publicity, etc.

Benefits of Internal Investigations include:

  • Prevents similar issues from occurring 
  • Sends a positive message to stakeholders
  • Establishes good corporate governance
  • Identifies problems in current policies

However, internal investigations must be conducted with special care. This must be done without compromising the relationship with employees or unnecessarily damaging anyone’s reputation. This requires good planning, consistent execution, analytical skill, and an understanding of the legalities involved.

We will provide Internal Investigation Tips by breaking the topic into several parts:

  • What are Internal Investigations
  • Key Components of an Effective Internal Investigation
  • Necessary considerations when conducting Internal Investigations
  • 5 Internal Investigation Tips


What are Internal Investigations?

An internal investigation helps determine whether laws, regulations, or internal policies have been violated. The goal of any internal investigation is to obtain a straightforward view of what happened, when it happened, who was responsible, who may have been harmed, and what further actions may be necessary to prevent the alleged wrongdoing from reoccurring. 

An internal investigation generally consists of:

  • agreeing on the scope of the workplace investigation
  • interviewing the complainant in detail initially
  • drafting allegations
  • informing the respondent about the allegations and subsequent investigation
  • interviewing any witnesses for a detailed account
  • considering the evidence
  • informing the respondent of any evidence you’ve identified, and provide them with the opportunity to respond, and finally officially informing the respondent of any final findings

Internal investigations are an integral part of an effective compliance program as they remove the cause of the reported problem.


Key Components of an Effective Internal Investigation

Here are key components of an effective Investigation process:


The allegation, and purpose and scope of the Investigation must be clearly defined.


An Investigator must be unassociated with parties who are associated with the case in order to maintain neutrality and impartiality. The Investigation must be allowed to proceed without pressure from other interests that would have an interest in affecting the outcome.


The Investigation should approach the matter from a neutral position; the purpose should not be to establish that a violation has occurred or has not occurred. It is particularly important that the investigation not be undertaken from the position of an advocate seeking to defend the company or particular individuals within the company.


Investigations must be completed as quickly as possible for a number of reasons such as:

  • A fast Investigation may stop wrongdoing from continuing and mitigate any damages caused
  • Over time memories fade and evidence may be difficult to find
  • Prompt Investigations tend to be far more efficient.
  • All parties with an interest in an Investigation deserve a timely resolution.


An Investigation must exhaust all reasonable sources of information. The extent of a thorough Investigation will depend upon a variety of factors, including the complexity of the matter, as well as whether wrongdoing or other “red flags” have been uncovered during the course of the Investigation.


It is imperative that the independence and objectivity of a particular investigator, as well as the particular findings and conclusions of the Investigation, be independently verifiable to the extent possible from the investigative report itself.


Necessary considerations to make when conducting Internal Investigations

There are important considerations to make when embarking on an Internal Investigation. This includes determining:

  • When should a matter be investigated?
  • What laws should an employer/investigator be aware of?
  • What are my duties as an employer/investigator?


When should a matter be investigated?

 In deciding whether an incident, or prolonged conduct, should be ‘investigated’ a manager should assess the following:

  • Whether the conduct creates a risk to the health and safety of other employees or other people who work or visit the workplace
  • Whether the conduct actually relates to the workplace: i.e. out of hours conduct may not be within the scope of employment
  • Whether an allegation is frivolous: An employer is not required to investigate all incidents
  • Whether an allegation is calculated to harm another without merit: This may not always be obvious until investigated.
  • Whether the conduct is continuing or a single act.
  • Whether there may be some requirement to report the conduct to authorities: i.e. criminal offences. 


What laws should an employer/investigator be aware of?

In the case of vicarious liability under the Equal Opportunity Act in Victoria, employers may face action where an employee has engaged in conduct that offends anti-discrimination law. This will often throw into question whether the employer had acted reasonable or had taken reasonable steps in preventing the occurrence of the offending conduct.

One way a ‘reasonable prevention’ defence can be established is via proof of adherence to an internal investigation procedure which incorporates appropriate company discrimination, harassment and bullying policies. Conversely, where a company policy does not expressly prohibit offending conduct, a court may be more ready to infer that no reasonable preventative measures had been in place.

Furthermore, an employer must respect employees’ privacy rights when conducting internal investigations in response to a claim or allegation. Although laws such as the Electronic Communications Privacy Act (ECPA) in the United States permit an employer to monitor activities on a computer that is company property, unwarranted or unreasonable invasions of privacy may be prohibited in states such as California.

In the U.K., if an employer uses monitoring software to collect information such as how long they have sat in front of their screen, or spent on the internet, they must comply with the GDPR. The same applies to companies who handle information from people from the EU, even if the company is not located in the EU.

In Australia, organizations are required to follow relevant state laws in respect to employee’s rights to privacy. NSW and ACT have specific surveillance laws that apply specifically to workplace surveillance. Victoria limits the use by employers of surveillance devices in certain parts of the workplace (e.g. washrooms).

To avoid invading an employee’s privacy or violating wiretapping laws, the company should let employees know, in writing, that their calls are going to be monitored. Additionally, if surveillance is going to be conducted, any surveillance must be conducted in a reasonable manner. Surveillance is usually permissible when the employer can prove that there is a business related reason for the investigation. 

If an employer is going to search work areas, files, or computers, It is best practice to specify this in the company policy.  All employees should understand and be aware of the company policy which allows the employer to conduct reasonable searches of desks, files, computers and other personal work areas when an employee is suspected of theft or other misconduct.


What are my duties as an employer/investigator?


Duty of Confidentiality

Keeping the identity of the source confidential

The identity of the person or people who provide information should be kept confidential. Do not release any information that might reveal, or tend to reveal, the identity of the source. Doing so can have detrimental effects on the source, and may reduce the trust that people have in you and your investigation. Discuss with the source any fears they may have if their identity was revealed.

Even if the source consents to his or her identity being revealed, only disclose their identity when it is necessary to do so. This will help protect the integrity of your investigation, protect the source, and contribute to a general understanding within the workplace that the identity of a source will be kept confidential.


Confidentiality of the subject and those involved

Wherever possible, the subject matter of the investigation and the identity of the subject of the investigation and that of any other people involved should be kept confidential. Your investigation is not complete until a report is prepared. The report is the appropriate place to discuss the details of your investigation and the conduct of particular individuals.

If anyone requests information from you about an investigation, ask yourself the question: “Does the person need to know the information?”. If the answer to this question is “no”, you may wish to deal with questions about the investigation by neither confirming nor denying that an investigation is planned or under way 


Confidentiality of information

As an investigator, probably the most important weapon you have in your armoury is confidentiality of the information you have gathered. As your body of investigation information builds, you are able to assess the reliability of fresh information by assessing how it contrasts with information you have already obtained and considering the implications of this. You may speak to a witness whose account contrasts with other highly reliable information.

In these circumstances, you may attach less credit to this new information, unless the divergence can be explained. You may speak to another witness whose account conforms with other information, even information that the witness could not have known or anticipated would be available to you. In such circumstances, you may attach greater credit to such information.

When questioning people, avoid statements that unnecessarily reveal the identity of the source such as “X says that she saw you at…” “X tells me that you spoke to…” “X alleges that you are…”, Rather, ask direct questions, such as: “Where were you…?” “Who did you speak to…?”.

Additionally, a person’s identity might be revealed in more ways than just releasing a name, address or contact number. Be careful not to release any information that might tend to identify the person, such as physical descriptions, locations or personal knowledge that is unique to that person.

Throughout the investigation, here are some things you should avoid in order to protect confidentiality:

  • putting information on an unsecured computer
  • leaving documents on a photocopier or a printer
  • leaving incoming or outgoing faxes on a fax machine
  • interviewing people in places where they can be seen or heard
  • giving confidential information to others to copy, type, address or send
  • not blacking out names, addresses or phone numbers on some documents
  • leaving messages on desks or phone services
  • sending sensitive material by mail

However, in some cases  you may not be able to keep the identity of a person a complete secret. Some information may need to be revealed in order to properly conduct the investigation. In this case, take into account the person’s concerns and make efforts to conceal the information whenever possible.



No matter how impartial they might feel, HR staff have relationships and experiences with others in the office which can play a role in an investigation – even on a subconscious level. And even if an employee doesn’t have a direct role in the allegations, they may feel anxious about being asked to make a statement and feel like they’re taking sides. Make sure an impartial individual leads the investigation to ensure fairness. This may involve hiring a third party to conduct the investigation.


Criminal or Regulatory Considerations

Some investigations may overlap with regulatory or criminal considerations. Organisations should consider whether they are under any obligations to alert police or report the matter to any other regulatory body. 


Internal Investigation Tips


1. Conduct interviews in a private place

Conduct the interview in the office of the witness or in a neutral conference room rather than the office of a supervisor or superior. Make sure there are no other distractions or possibility of someone overhearing the conversation. 


2. Ask open-ended questions

Asking questions that require a narrative response will encourage the witness to expound and thereby provide additional information.


3. Ask follow up questions

Be sure to ask questions such as who, what, when, where, why, and how.These simple questions frequently unearth additional information.


4. Maintain confidentiality whenever possible

​​In discussions of the investigation, do not disclose the name of the witness except to those few individuals who have a need to know. Be aware of inflated, vindictive, or false leads.


5. Document and File Preservation

An investigator should preserve any evidence, documents and electronic files (including email, databases, spreadsheets, and graphics) that may contain information relevant to the subject matter being investigated. Special care should be taken to record the source and file from which the documents were obtained and the date they are obtained.

Inaccurate information could change the outcome of the investigation and investigators could face serious consequences. To avoid additional legal costs and inconvenience for the company and parties involved, it is necessary to maintain accurate records and to practice good document preservation practices.

Read Documenting a Workplace Investigation: 3 Things to Know to learn more about documentation practices including:

  • Key Documents to Record
  • Relevant Laws for Investigation Documentation
  • Benefits of proper documentation and record keeping

This will bring understanding and clarity around the idea of documenting workplace investigations.


How Polonious can Help

Polonious Case Management Software provides a consistent process that is procedurally fair for all parties, while recording all actions and decisions to ensure all evidence of the process is documented and auditable alongside any evidence gathered regarding the incident or investigation. Everything recorded in Polonious is then available in detailed reporting for identifying trends and problem areas. 


Documents of internal investigations often contain sensitive materials. Investigators and HR teams have a duty to preserve documents and/or electronically stored information (ESI) while also protecting security and anonymity. The Polonious Case Management Software can help you handle sensitive information by ensuring your evidence and case files are secure and anonymous, depending on the level of anonymity requested.

5 helpful internal investigation tips

Internal investigations are hard and can be contentious, but they are important to protect your organisation from risk.

It is important to maintain confidentiality in internal investigations, not just for the privacy of involved parties, but because it will help you compare stories without them influencing each other.

It is important to maintain confidentiality in internal investigations, not just for the privacy of involved parties, but because it will help you compare stories without them influencing each other.

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

Workplace Bullying Update: James Hardie Industries fires CEO Jack Truong for Intimidating, Threatening Behaviour

Workplace Bullying Update: James Hardie Industries fires CEO Jack Truong for Intimidating, Threatening Behaviour

In an official statement, $23 billion ASX-listed Australian building materials giant, James Hardie Industries shocked shareholders on Friday, by announcing that they have fired chief executive Jack Truong over his “intimidating, threatening” and disrespectful behaviour towards colleagues. 

In a brief statement, Jack Truong said: “I was blindsided by the termination and unequivocally reject the assertions made by Mr Hammes and the company,” he said, referring to executive chairman Mike Hammes.

However, James Hardie Industries supported their stance by claiming that despite being given chances to improve his behavior, he did not make efforts.

Workplace bullying occurs in all industries and at all levels. All employers have a legal obligation to protect employees, whether it is from bullying by other employees, direct managers, or even the CEO. It is increasingly important for companies to be proactive in order to minimize harm and disruptions to their employees, company and themselves.

According to the Australian Government, bullying at work happens when:

  • a person or group of people repeatedly behave unreasonably towards another worker or group of workers
  • the behaviour creates a risk to health and safety.

​​Examples of workplace bullying include:

  • behaving aggressively towards others
  • teasing or playing practical jokes
  • pressuring someone to behave inappropriately
  • excluding someone from work-related events
  • unreasonable work demands.

Individuals who intimidate and humiliate staff are increasingly being held accountable, as companies, employees, and society at large are losing tolerance for workplace bullies.

This blog will cover:

  • Details of James Hardy’s CEO Sacking
  • Shifts in Corporate Accountability
  • 4 ways your company can prevent workplace bullying

Details of James Hardie CEO Jack Truong’s Sacking

Mr Truong was fired from James Hardie Industries after the company’s board hired an independent investigator to look into complaints about his “threatening and intimidating behaviour”. Executive chairman Mike Hammes told a conference call that Mr Truong’s behaviour was “intimidating” and “threatening,” and many staff planned to resign because the work environment had become overtly hostile. Workplace bullying is a significant issue, not just because of legal issues, but because it causes turnover and wider cultural issues.

According to an official report, the company conducted extensive due diligence, which included hiring external lawyers and an external consultant, to provide the opportunity for “sincere change in Mr Truong’s behaviour”. Despite being offered executive coaching, Mr Truong is accused by James Hardie’s board of failing to improve his behaviour. As a result, he was sacked and lost incentives, including unvested long-term bonuses.

The Board ultimately concluded, based on independent third-party consultant surveys and analysis, direct input from various executives, and additional information, that Mr. Truong’s conduct, while not discriminatory, extensively and materially breached the James Hardie Code of Conduct.

The Board took this action to uphold the Company’s core values, including Operating with Respect, and to maintain continuity of the management team that has been instrumental in our transformation.

The company’s core values and mission statement can be found on their official website.

Shifts in Corporate Accountability

Workplace bullying can occur between anyone in the workplace. But perhaps the most difficult situation to deal with is bullying by a boss—the very person responsible for your advancement within the company.

In Australia, employers have a legal responsibility to provide a safe workplace under the Work Health and Safety Act 2011 and anti-discrimination laws. Similarly, in the United Kingdom, employees are protected from bullying and harassment under the Equality Act 2010.

Employers have a duty of care for their employees health and wellbeing whilst at work. An employer that allows bullying to occur in the workplace is not meeting this responsibility. We have compiled 8 tips to make workplace bullying investigations more effective.

However, Mr Truong’s public denial of these allegations and complaints about being ‘blindsided’ show that it is important to maintain procedural fairness in investigations, to ensure that any action taken is transparent and justifiable in the event of a dispute.

Generally, compliance with procedural fairness requires that: 

  • a thorough, confidential investigation is carried out and all relevant evidence (from any witnesses and documents) obtained
  • the subject of the complaint is given an opportunity to respond to the allegation and any evidence found
  • concrete evidence is used to substantiate any claim

Additionally, our article on Standards of Proof in Workplace Investigations can help you understand your requirements as an investigator.

James Hardie’s description of their investigation, taken at face value, shows that Jack Truong was provided with an opportunity to improve his behaviour (and, we can assume, to respond to the allegations as part of this). External parties were engaged to ensure impartiality, and they list numerous sources of evidence regarding his behaviour. Based on what has been reported it seems that, despite Mr Truong’s public statements, a fair and thorough investigation was conducted and the actions against him were justified.

4 ways your company can prevent workplace bullying 

Create anti workplace bullying policies

To ensure that employees are not discriminated against, harassed or bullied, workplaces should develop and implement workplace practices to address inappropriate workplace behaviour and respond to complaints effectively. 

The policy should describe what constitutes bullying and should communicate to your employees that this behavior will not be tolerated. Your policy should assure employees that allegations of bullying in the workplace will be promptly and thoroughly investigated with action taken as appropriate–up to and including termination of the perpetrator’s employment. Complaint procedures should be clear so that employees and managers understand expectations and the process that will result in case of an incident. Finally, make sure your policy is drafted in compliance with any applicable laws.

Conduct company-wide training

This training should teach them to recognize it in themselves as well as others. Some people may not realize that their behavior can actually be classified as bullying or harassment. In addition, many people are often witnesses to bullying but fail to report. Employees should be trained to recognize and report on these instances to foster a healthy and transparent workplace culture.

Take all reports seriously

Companies that respond professionally and immediately to allegations of workplace bullying are likely to find that their employees are more comfortable reporting bullying incidents. Of course, the more bullying is reported, investigated and, ideally, eliminated, the less bullying you’ll have to contend with in the future. Not only is investigating bullying good for company culture, morale and business success, it can help your company maintain compliance with anti-harassment laws and regulations. There are many things you can do to conduct effective internal investigations, which we have outlined here.

Promote accountability at all levels

Manager training about bullying is instrumental to eliminating bullying in the workplace for two reasons: the company communicates clearly that supervisory bullying will not be tolerated, and they typically have the greatest visibility into co-worker peer-to-peer bullying behaviors. They are often the first line when a victim or witness reports bullying. Teach managers to identify the signs of bullying and to respond appropriately to bullying concerns. Make managers accountable for enforcing a zero-tolerance policy for bullying, just as they are responsible for enforcing your anti-harassment policy. Setting up effective internal whistleblowing hotlines are a key asset in preventing internal fraud. 

How Polonious can Help

Workplace bullying doesn’t just hurt those involved. The wider workplace also feels the effects through lost productivity, increased absenteeism, poor morale, and time spent documenting, pursuing or defending claims. And while we often think about bullying as an individual or interpersonal issue, oftentimes, it is the broader environmental factors – such as poor organisational culture and a lack of leadership – which are the main drivers. 

The most effective way to stamp out bullying is to stop it before it starts. This means creating a strong, consistent approach to prevent inappropriate behaviour from escalating, and a positive, respectful work culture where bullying is not tolerated. James Hardie’s willingness to terminate a senior leader over workplace bullying issues shows a strong commitment to stamping out bullying and should be applauded.

Polonious can help in this kind of situation by ensuring that your investigation is fair and transparent, as these kinds of investigations are always contentious and especially so when involving high profile leaders. Polonious’ rigorous workflows ensure you remain procedurally fair, while detailed decision forms, reporting capabilities, and full audit trails ensure transparency and evidence to back up any disputed decisions.

James Hardie CEO Jack Truong has been terminated due to workplace bullying, with his actions described as 'intimidating' and 'threatening'.

James Hardie CEO Jack Truong has been terminated due to workplace bullying, with his actions described as ‘intimidating’ and ‘threatening’.

Workplace bullying creates significant problems with workplace culture and turnover. It should not be tolerated - whether from employees or leaders.

Workplace bullying creates significant problems with workplace culture and turnover. It should not be tolerated – whether from employees or leaders.

Book a Demo Now

Learn more about how Polonious can help you conduct fair workplace investigations today.

Benefits of Moving to AWS

Benefits of Moving to AWS

Polonious offers a number of hosting options, primarily focused on AWS but including self-hosting by clients as well as hosting on Polonious’ own co-located servers. However, over the last few years most new clients have signed up for our AWS hosting option, and Polonious has successfully migrated many companies into the AWS cloud.

This is often requested in order to meet ever-increasing security and compliance requirements. Technical requirements such as stronger network security, encryption in transit and at rest, and secure log retention as well as operational requirements such Business Continuity and Disaster Recovery, where AWS offers multiple levels of redundancy versus co-located servers, and especially versus self/on-premises hosting. Polonious’ Knox Grade infrastructure is easy to implement on AWS and, together with AWS’ own security setup, provides ISO27001 certified levels of confidentiality, integrity and availability.

For these reasons, many organisations are moving computing services to the cloud, not just case management. With deep AWS product knowledge and close working relationships with clients, Polonious can help you implement a secure, robust cost-effective cloud solution.

This blog will help you understand the benefits AWS brings to our clients, to help you determine which solution works best for your organization.

This blog will address:

  • What is AWS (Amazon Web Services)
  • Benefits of AWS
  • How we can help

What is AWS

AWS stands for Amazon Web Services, the world’s “most comprehensive and broadly adopted cloud platform”. AWS helps millions to:

  • Lower their business costs, by only paying for cloud services and storage they need
  • Become more agile, offering systems you can access from anywhere in the world
  • Innovate faster, removing time spent worrying about in-house servers and software

Amazon Web Services (AWS) provides a reliable, scalable and low-cost infrastructure platform powering businesses in 190 countries around the world. It can help streamline fragmented processes, speed up project delivery, and reduce company costs. 

AWS encompasses many services, including everything from databases to machine learning. Popular services include AWS RDS (reliable database services), AWS S3 (simple, secure storage) and AWS EC2 (scalable compute capacity). Polonious uses all those services for our AWS hosting option.

According to Yahoo Finance, Amazon Web Services are trusted by some of the world’s largest companies, including Unilever, Intel and Dropbox. However, Amazon’s cloud service is a good choice for virtually every type of company, no matter how big or small. From a start up to a Fortune 500 company, every business has the option to customize a spot for themselves on the cloud.

Benefits of AWS

Data Protection and Encryption

All data on the AWS network is automatically encrypted including data in transit and at rest. With AWS, you can control where your data is stored, who can access it, and what resources your organization is consuming at any given moment. Fine-grain identity and access controls combined with continuous monitoring for near real-time security information ensures that the right resources have the right access at all times. 

Point-in-time recovery and continuous backup

Polonious on AWS offers detailed backup and recovery options, with daily snapshots of the database and backups of the transaction logs for 35 days (created in 5 minute intervals). This transaction log can be used to roll back data to any day and time within the last 35 days and allows a RPO of only 5 minutes. Additionally nightly snapshots of the database are created and stored for 10 days.

Governance, Risk and Compliance

Given the gravity, complexity, and growing number of risks that organizations face, the regulatory/compliance landscape is rapidly evolving. AWS supports more security standards and compliance certifications than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping satisfy compliance requirements for virtually every regulatory agency around the globe. Enhanced data security ensures compliance with relevant regulatory requirements. Take a look at the AWS compliance programs.


One of the key benefits of AWS migration is enhanced performance. Using the AWS cloud platform you could easily deploy, manage, and monitor your applications. Thus bringing better alignment between application utilization and business performance. 

Enhanced Security

Data theft and cybersecurity are an increasing risk to many companies; learn more about the nature of these crimes in: Workplace Fraud: 3 Common Data Theft Schemes. AWS offers way more security as compared to a company’s own hosted website or storage. AWS has redundant data centers in all major jurisdictions around the globe.  This allows for sophisticated failover solutions that are hard to implement on-premise or via co-located server centers.

How Polonious can Help

Polonious has led multiple migration projects which allows our clients to enjoy the benefits of enhanced security, compliance and performance. Using our technical and legal expertise, we help organizations through all the phases of migration projects from discovery to execution. Polonious offers a multi-stage approach to transformation: diagnosing the state of your current hosting solution, creating the best AWS migration strategy for you, then transitioning your instance. We take the time to ensure that your cloud migration goes smoothly and is in-line with your company goals.

Polonious’ Knox Grade infrastructure is ISO27001 compliant, meaning it meets internationally recognised security standards. This infrastructure comes with intrusion and threat detection, secure web application firewalls, and detailed backup and point-in-time recovery. Additionally, it is regularly penetration tested and drilled against various disaster recovery scenarios. The Polonious Case Management Software offers an opportunity to take advantage of better methodologies, technology and workflows to integrate compliance and customer service into everyday processes.

Our team is experienced in large-scale AWS migrations, having led many successful migration projects.

AWS is 'Amazon Web Services', one of the leading cloud hosting providers.

AWS is ‘Amazon Web Services’, one of the leading cloud hosting providers.

Benefits of migrating to AWS include improved backup, recovery, and availability options, as well as easier installation of our Knox Grade security options.

Benefits of migrating to AWS include improved backup, recovery, and availability options, as well as easier installation of our Knox Grade security options.

Migrate to AWS Now

Are you an existing co-located or on-premise hosted customer? Or a new customer who would like to explore secure case management hosted on AWS? Contact us today.

8 Tips for Preventing Internal Fraud

8 Tips for Preventing Internal Fraud

What is Internal Fraud?

Internal or corporate fraud is the deliberate misuse or misapplication of a company’s resources or assets by an employee for their own personal gain. Put simply, internal fraud occurs when an employee, manager, or executive commits fraud against their employer. This is as opposed to external fraud in which customers, vendors or other parties commit fraud against a company.


Some examples of internal fraud include:

    • Skimming: A form of theft where the offender steals money before it is registered in the accounting system. A common skimming method involves an employee collecting payment from a customer for the sale of a product and then retaining the money for themself without actually registering the sale.
    • Theft: Money or stock is stolen by the offender that is already registered in the accounting system, often by stealing money from the cash register immediately after processing sales transactions.
    • Invoice Fraud: The offender draws up fraudulent invoices and processes them in the supplier system, for example using company credit or debit cards for personal use.
  • Wage Fraud: Similar to invoice fraud, the offender forges invoices, this time to force the company to pay a salary to third parties that they may be an accomplice with. 
  • Expense Fraud: For this form of fraud, the offender manipulates expense claims to be reimbursed for non-commercial expenditure. 


According to the Australian Institute of Criminology, internal fraud resulted in a loss of $2.7 million to Australian businesses in 2018-19, which includes stolen stock, cash, and damaged business reputation. More concerning is the fact that much fraud still goes undetected and unreported each year. 


However, there are many ways that managers can prevent internal fraud from occurring within their businesses, and deter employees from engaging in this form of fraud in the future.


1) Develop Clear Policies

It is important to establish clear and easy to understand policies to keep rules from becoming arbitrary and ensure that all employees are conscious of what the company expects of them. These policies should cover areas such as:

  • Serving or processing transactions for friends or family
  • Personal purchases and transactions
  • Personal use of company equipment like telephones, computers and printers


The reason for having these policies is twofold. Firstly, those who intend to commit internal fraud will be deterred knowing that management is aware of this fraud and has enacted clear policies to prevent it. Secondly, honest employees who will not commit internal fraud will become familiar with the possible signs of fraud and will be more likely to report it. These employees will also gain more clarity on what constitutes fraud so they can avoid accidentally committing it.


2) Have Clear Transaction Procedures

For similar reasons as above, companies should have clear procedures for dealing with transactions as this is often where internal fraud occurs. These procedures can include petty cash limits, keeping registers closed unless they are in use and the provision of receipts to acknowledge transactions. 


Companies should also segregate the processes of purchasing, receipting and paying, and have two people conduct daily banking if possible. The segregation of duties is an essential element of preventing internal fraud as it ensures that no employee has the ability to perpetrate and conceal errors or fraud during their normal course of duties. Additionally, employees will also be able to provide checks and balances on one another. 


3) Implement Strong Supervision of Staff

Employees are less likely to commit fraud if they know that they are being watched by management. When an employee is able to perform duties without supervision or authorisation from a higher up, there is a risk that they will act in their own self-interests. Some points to consider when implementing supervision include:

  • Supervise employee compliance with procedures
  • Regularly review cash shortages and investigate instances where an explanation is unsatisfactory
  • Have supervisors consistently check receipts and documentation
  • Look into suspicious transactions
  • Review of personnel


4) Set up a Reporting System

Although supervisors may catch employees engaging in fraud by looking into suspicious activities, an important source of detecting fraud are the employees themselves. Although employees are often hesitant to report incidents to their employers, this can be overcome by setting up an anonymous reporting system. Other sources also include customers, vendors and competitors. 

The Association of Certified Fraud Examiners reports that 40% of occupational fraud is detected because of a tip, the most of any other source. Consequently, businesses must ensure that they have appropriate reporting systems in place. 


The most common formal reporting mechanisms used by whistleblowers that businesses should consider implementing are:

  • Telephone hotline
  • Email
  • Web-based/Online Form
  • Mailed Letter/Form


Reporting systems will act as an effective deterrent against employees who would engage in fraud but are afraid of being reported by their fellow employees.


5) Perform Accounting Reconciliations

Fraud is often successful when it is well concealed. A way of combating this issue is performing regular accounting reconciliations and catching irregularities that may point to a case of fraud. Again, potential perpetrators of fraud will be deterred from committing fraud if they know that the accounts are being frequently looked over. 


The accounting reconciliations that business should undertake at least on a monthly basis include:

  • Bank reconciliations (for all accounts)
  • Accounts receivable reconciliations (both month to month and general ledger to sub-ledger)
  • Accounts payable reconciliations (both month to month and general ledger to sub-ledger


Not only will performing accounting reconciliations give an indication of potential fraud, it will also have the added benefit of helping managers make decisions and ensure the accuracy of the accounting records.


6) Establish Strong Human Resource Procedures

One of the best ways to prevent a problem is to stop it from the source. For fraud, this means hiring the right people and training them. 


Businesses can implement procedures such as:

  • Check references and perform background checks. This includes employment, credit and criminal history. 
  • Have formal, specific job descriptions. A red flag for fraud is when employees perform duties outside their job description.
  • Appropriately train employees. Not only will employees learn what constitutes fraud, they will also be able to recognise and report any suspicious behavior.
  • Implement an equitable remuneration system. Some employees may engage in fraud if they feel their remuneration is inadequate.


7) Constantly Monitor Your Assets

Although quite a simple measure, constantly monitoring your physical assets is a crucial step to prevent employees from engaging in stealing. Businesses should also have stringent control over their intangible assets, such as their knowledge and information. 


Examples of measures that businesses can put in place include:

  • Conducting regular stocktakes
  • Restricting physical access to only those who require it to perform their job function
  • Locking doors, desks and filing cabinets
  • Implementing electronic surveillance systems
  • Using employee IDs and passwords


These measures are the most visible to potential offenders of fraud and are therefore the strongest deterrent. While these measures do not necessarily entirely eliminate the risk of fraud, reducing the potential offender’s access to these assets will reduce the likelihood of fraud occurring.


8) Get Expert Help

Sometimes the numbers still won’t add up, even after implementing all of the above fraud prevention recommendations. If that is the case, then it may be worthwhile hiring a professional auditor to have a look at the company’s books. 


A Certified Practising Accounting (CPA) or Certified Fraud Examiner (CFE) can perform an extensive review of the company’s accounts and control processes, without having any personal relationship with the company to cloud their judgement. They can help with fraud detection and prosecution if necessary. 


These auditors will also ensure the books comply with government regulation, add credibility to the financial statements after their review, and point out key processes that may need improvement. However, a key factor to consider is the steep cost of hiring these auditors.


Employee fraud can take on many forms, but all of them represent a detriment to the business. It should be the priority of all businesses to implement procedures that prevent and deter internal fraud to prevent further losses. Not only will this have a substantial financial benefit, it will also promote a healthy company culture, with new employees learning the correct way of doing their job, that minimises errors and promotes good communication throughout the organisation.

Internal fraud can come with consequences for your organisation beyond merely what the employee took.

Internal fraud can come with consequences for your organisation beyond merely what the employee took.

Internal fraud cost Australian businesses $2.7 million in 2018-2019, and that's just what was detected.

Internal fraud cost Australian businesses $2.7 million in 2018-2019, and that’s just what was detected.

The most important thing you can do when investigating internal fraud is 'follow the money'. People commit fraud to benefit themselves, and they won't accidentally send it to the wrong person. Wherever the money ends up, they are likely the perpetrator or a close contact.

The most important thing you can do when investigating internal fraud is ‘follow the money’. People commit fraud to benefit themselves, and they won’t accidentally send it to the wrong person. Wherever the money ends up, they are likely the perpetrator or a close contact.

Book a Demo Now

Would you like to see how Polonious can help you investigate internal fraud?

Better Workplace Investigations: 10 Steps to Ensure Procedural Fairness

Better Workplace Investigations: 10 Steps to Ensure Procedural Fairness

Navigating a workplace investigation is often a difficult task. Errors in investigations can result in tribunal hearings or court cases and may jeopardise subsequent decision-making. If you are conducting a workplace investigation that may adversely affect the rights and interests of an employee, it is particularly important that you ensure your decision-making is procedurally fair.

In this blog we will discuss the 10 things you can do, to ensure your investigation is fair and robust.

What is Procedural Fairness?

Procedural fairness in a workplace investigation relates to fairness of the procedure by which a decision is made, as distinct from the fairness of the decision or outcome itself.

To ensure a workplace investigation is procedurally fair, as well as any decisions based on that investigation, there are a few key considerations:

  • the employee must be informed of the case against them, including all of the relevant facts and evidence, policies and legislation to be relied upon
  • they must be provided with a fair opportunity to provide their version of events, or their response to the allegations
  • the decision maker or investigator must fairly consider the employee’s response when making their decision
  • the investigation, and subsequent decision, must be free from bias – both actual bias and apprehended bias.

If you follow these steps, you are ensuring you are complying with both the ‘hearing rule’ and the ‘bias rule’ of procedural fairness.

It may not always be clear if a duty to afford procedural fairness exists in general employment decision making, such as when declining a period of leave. However, an investigation is a much more serious matter and so comes with an obligation to follow a fair and transparent process.

When you are conducting a workplace investigation that may lead to an adverse outcome for the employee, such as disciplinary action or termination, you must ensure your decision-making is free from bias, and that the employee receives a fair hearing.

Many unfair dismissal applications are successful at the Fair Work Commission due to the absence of procedural fairness, so it is vital to understand the fundamental requirements of a fair workplace investigation.

This guide is designed to provide you with an understanding of the essential components of procedural fairness and how this applies to both the investigator and employee.

It’s important to remember that what procedural fairness requires will change on a case-by-case basis. For example, there is no hard and fast rule about what a fair length of time may be to enable an employee to respond to allegations of misconduct.

Allowing seven days for a response will not be sufficient in every situation. For instance, if your investigation has produced 2TB of evidence, and you intend to rely on this to make an adverse decision, its highly likely the employee will need more than seven days to fairly consider the adverse evidence, and make a statement in reply.

So, what steps can you take make sure your workplace investigation is fair?

1. Inform the employee of the case against them.

The first step is to make sure the employee is aware of the case as soon as practical, so they feel they have been involved in the whole process. Of course, this must be balanced with other considerations in certain cases – such as the safety of any possible complainants while you make alternative work arrangements.

2. Let them know the likely timeframe for conducting the investigation, and keep them informed if there are any delays.

This sets reasonable expectations for all parties in the investigation.

3. Let the employee know of any supports available, such as an Employee Assistance Program or that they can bring a support person with them to an interview.

An employee is likely to be affected emotionally by an investigation, and they may need support. Additionally, this may cause them to have problems presenting their version of events during an interview, for reasons more to do with their emotional state than the strength of their case, which may leave them feeling that the interview was unfair. Allowing them a support person will prevent this.

4. Make sure you follow the investigation steps as outlined in your Workplace Investigation Policy/Procedure.

A key part of procedural fairness is a transparent, repeatable process which will be the same regardless of the circumstances. An employee should feel comfortable that they are receiving the same treatment regardless of their role, internal relationships, demographic factors, or otherwise.

To this end, you should have or develop a workplace investigation policy which you follow as much as possible. In the event that you cannot follow the policy exactly, the employee should be informed about any deviation.

5. Ensure the employee has a fair chance to respond to the allegations, and make their case in reply.

Perceptions of fairness rely heavily on an employee feeling heard, and you cannot make a fair decision without evaluating their version of events. The employee who is being investigated must always be given a chance to respond to the allegations. 

6. If you vary any allegations, or obtain any new evidence, along the way, ensure the employee is aware, and has an additional opportunity to respond.

Additionally, you cannot change allegations or obtain further evidence after an employee has responded, without giving them an additional chance to respond to the new allegations or evidence. By the time the investigation concludes, the employee must have had an opportunity to respond to the entire case against them, not a partial case at some earlier stage.

7. Keep an open mind.

Investigators are people, and people are prone to bias, however an investigator must keep an open and impartial mind as much as possible. Certain workplace investigations may be emotionally laden, and may drive you to lean towards one conclusion or another, because of how you feel about the alleged behaviour (whether proven or not) or the circumstances or persona of the subject or any complainants.

However you must keep an open mind until the end of the investigation, and let the evidence guide you. Someone may have done the wrong thing even if they’re a ‘nice’ person, and someone may be innocent of the allegations even if they come across as a ‘bad’ person. 

8. When drawing any conclusions, ensure they are supported by a fair weighting of the available evidence, and are not arbitrary or irrational.

To that end, you must consider all evidence with a fair weighting. For example, if independent witnesses, computer records, or CCTV footage fail to corroborate an allegation, this must be given more weight than if the employee seemed suspicious or hostile in an interview. They could be hiding something, but that thing may have nothing to do with the investigation. Or, they may simply, understandably, be annoyed at being investigated if they feel they did nothing wrong.

9. Communicate your decision, and the reasons for your decision, to the employee.

Obviously, you must communicate your decision to the employee. If the allegations are not proven, then they should not have the stress of the unknown hanging over their head. If the allegations are proven, then they should have some warning or personal contact before any further action is taken against them – it should not come as a surprise.

Additionally, providing the reasons for you decision will help increase perceptions of procedural fairness, as they may not agree with the outcome but they can understand how it was reached. That is, they may not feel the decision was fair – it is natural for people to feel an adverse decision was somehow unfair – but they can accept that the process itself was fair.

10. Keep good records of your investigation process, to rebut any procedural fairness arguments that may be raised once your decision has been made.

This last step is less about the employee’s perception of fairness and more about ensuring that you can prove the process was fair should an employee feel aggrieved after the investigation and appeal, internally or especially externally. You should maintain a complete record of the process and all of the evidence to ensure that you can present this to a reviewer, a tribunal, or a court.

We know that employees are more likely to accept an unfavourable decision if they feel they have had a fair decision-making process. That’s why communication is so important throughout the above steps.

How can Polonious help?

Polonious Case Management System (PCMS) is designed to provide a rigorous, repeatable process that is compliant with any regulatory requirements. PCMS can turn your workplace investigation policy into a workflow, with gated decision points, reminders, and tight security, to ensure you always follow step 4 above.

Additionally, as the system is process centric, you can focus on following the evidence to the conclusion, instead of focusing on making case notes on a personnel file (step 7).

Our secure portal and email integration make investigations easy for investigators, as well as ensuring the employee has a chance to respond to allegations (step 4) and will stay informed throughout the investigation (steps 1-6 and step 9).

Lastly, Polonious keeps a full record of the process and any evidence obtained, including reasons for decisions and timeframes (steps 8 and 10).

Further, our system automates much of the paperwork and communication, meaning you can focus on conducting a thorough and fair investigation, instead of completing paperwork and updating other systems.

Interviews are not only a chance to establish facts - giving an employee a chance to be heard is a crucial part of ensuring perceptions of procedural fairness in a workplace investigation.

Interviews are not only a chance to establish facts – giving an employee a chance to be heard is a crucial part of ensuring perceptions of procedural fairness in a workplace investigation.

Ensuring your workplace investigation process is as consistent as possible across all investigations will also maintain perceptions of procedural fairness

Ensuring your workplace investigation process is as consistent as possible across all investigations will also maintain perceptions of procedural fairness.

Book a Demo Now

Would you like to see how Polonious’ can help you centralise all your detection and intelligence data in one secure, rigorous investigation solution?

SIU Insights report 2021How do you compare to other SIUs?

Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.