By: Michael March
All it takes is one misplaced email, one offensive statement, one holiday party, or one odd transaction—and the clock starts. Money, reputation, and trust are suddenly at risk. Internal investigations, especially those touching employee misconduct or suspected misuse of organizational funds, are make-or-break opportunities for leadership and the entity.
Completed effectively, an internal investigation can protect the organization’s reputation, employee morale, financial dealings, reinforce a culture of respect and accountability, and fix root cause control gaps. Effectuated poorly, an internal investigation can amplify damages, invite legal and reputational scrutiny, and erode organizational trust and morale.
This article discusses how to move fast but fairly—from first signal to resolution—with a focus on smart process design, rock-solid evidence handling, and maintaining privilege and effective communication with the organization and its stakeholders to effectively resolve employee misconduct.
Investigation triggers vary—whistleblower complaints, internal audits, hotline tips, anomalous financial patterns, vendor alerts, regulator inquiries, or the good old fashion scenario of lost and misappropriated funds.
Specific examples of employee misconduct that may warrant an internal investigation span financial, behavioral, and communications risks. These include embezzlement and other asset misappropriation (fictitious vendors, diverted receivables, payroll padding), financial statement and procurement fraud (inflated invoices, kickbacks, bid-rigging), unacceptable social behavior (harassment, discrimination, bullying, threats, retaliation, alcohol and drug abuse, or workplace violence), misuse of company resources (time theft, expense abuse, or theft of confidential information), and improper communications both inside and outside the organization—such as hostile or discriminatory emails or chats, off-channel messaging that evades recordkeeping, unauthorized disclosures to customers, vendors, media, donors, or regulators, and misleading statements to stakeholders.
Many of these behaviors violate policy and law, and several can implicate data privacy, securities, nonprofit fiduciary, or labor obligations, elevating the need for a formal, well-governed inquiry.
When engaged to lead an internal investigation, outside or in-house counsel typically structures the matter to preserve privilege, defines scope with the client, and issues tailored preservation notices.
Counsel coordinates defensible data collection with IT and forensic experts; builds an interview plan that moves from documents to witnesses and then to subjects; provides Upjohn warnings; and documents each step through contemporaneous notes and memoranda. Working iteratively, counsel tests assumptions against evidence, assesses legal exposure (employment, fiduciary, regulatory, criminal), and advises on immediate risk controls to stop ongoing harm and to mitigate and harm that was already created.
Depending on the facts and circumstances, as well as the client’s needs, findings are often synthesized into an executive-level report or briefing provided through counsel, with clear quantification of losses, root-cause control failures, and prioritized remediation recommendations.
Witness interviews are central to resolving employee issues fairly. Plan interviews sequentially, beginning with fact witnesses and concluding with subjects.
Provide appropriate Upjohn-style warnings where counsel conducts interviews on behalf of the organization, clarifying that counsel represents the company, not the individual, and that the company controls privilege is important to maintain an informed and privileged relationship.
Maintaining a professional, non-accusatory tone, asking open-ended questions, and corroborating statements with documents is essential. Respect applicable employment laws, collective bargaining agreements, and anti-retaliation protections. To preserve procedural fairness, offer implicated employees an opportunity to respond to key evidence before conclusions are finalized. Document interviews contemporaneously, note demeanor and credibility assessments cautiously, and avoid editorializing. Consistency and fairness in process are vital both for internal trust and for external scrutiny and to maintain an honest and unbiased process.
Document review should be targeted yet comprehensive and realistic. Core financial sources include bank statements, canceled checks, cash payments, ACH and wire logs, corporate credit card statements, general ledger and journal entry listings, and subledgers for accounts payable, accounts receivable.
Examine vendor and payee files (vendor master data, onboarding packages, W-9s, contracts/SOWs, purchase orders, invoices, approvals, and amendments), expense reports with receipts, reimbursement requests, time sheets, and badge/access logs corroborating presence for work performed. Moreover, reconciliation of the data is paramount to understand and identify inconsistencies and further interview individuals based on those identified items.
Internal investigations in nonprofit entities carry unique stakes and obligations. In addition to standard employment and financial controls, nonprofits must safeguard restricted funds, donor intent, and grant compliance, while honoring board fiduciary duties of care and loyalty. Investigations should assess whether expenditures aligned with restrictions, whether Form 990 disclosures and audited financials remain accurate, and whether conflicts of interest or related-party documentation were properly vetted under the organization’s policies.
Working with a nonprofit entity can also guide the internal investigations process regarding who actually receives the information derived from the internal investigation and whether that individual can maintain privilege.
Privilege is a pivotal consideration from inception and should be one of the first items discussed. When feasible, structure the investigation under the direction of counsel to support attorney–client privilege and, where applicable, work-product protection.
Engagement letters with forensic accountants and other experts should route their work through counsel and state that services are for the purpose of facilitating legal advice most often through a Kovel agreement. Communications and drafts should be labeled appropriately and distributed on a need-to-know basis. Interview memoranda prepared by counsel for the purpose of rendering legal advice may be privileged; however, privilege is not absolute and can be waived intentionally or inadvertently, including through broad dissemination or disclosure to third parties.
When the board of directors or owner of the organization was unaware that financial or behavioral malfeasance was unfolding, communication should be candid, empathetic, and solutions-oriented.
Start by acknowledging the surprise and outlining the verified facts and timeline in plain language, avoiding hindsight bias or accusatory framing. Explain how the conduct evaded existing controls and oversightand distinguish between individual misconduct and systemic control gaps. Determining whether a written report of the malfeasance is needed and what privilege concerns may be facilitated by the creation of such a document.
Present a clear action plan with immediate risk-containment steps, interim controls, and a prioritized remediation roadmap, including who owns each action and target dates. Identify discrete decision points for the board or owner (discipline, disclosures, insurance notices, law-enforcement referral) and propose a cadence for updates and implementation of new procedures or controls.
Hold the briefing in executive session, special or annual meetings, or reporting to a specific committee should be discussed to preserve confidentiality and ensure the organization’s reputation and morale are not hurt during the process. Maintaining trust and confidence in the organization’s employees, owners, board, as well as internal and external stakeholders, is critical.
Internal investigations are not just damage control—they are a proving ground for leadership. When red flags surface, organizations that move with speed, structure, and integrity don’t simply plug holes; they rebuild trust and confidence. Call our firm to learn more.