ISO 37008: The Advanced Strategies Your Organization Needs in Internal Investigations Management


The ISO 37008 Standard: Internal Investigations Management, establishes the guidelines and directives to follow when conducting internal investigations related to unethical behavior. Its main objective is to act as a framework for action in each stage of the investigation, from its initiation to the final resolution in a structured, efficient, impartial, and confidential manner. The Standard also includes key elements that ensure the respect of all parties' rights, as well as the proper documentation and definition of findings. Here is a brief overview of the different elements that make up the 37008 Standard:

  1. Scope and Application
    • Establishes the scope of the standard and how it can be applied to any organization, regardless of characteristics such as size, type, or sector.
  2. Normative References
    • Lists other standards and documents that may provide additional guidance if necessary.
  3. 3. Terms and Definitions
    • Includes a detailed list of key terms and definitions to ensure a common understanding of the concepts used in the standard, making it clear and easy to understand for all involved.
  4. General Principles
    • Establishes the fundamental principles that should guide internal investigations, such as impartiality, confidentiality, and legality.
  5. Investigation Management
    • Outlines the general framework for managing internal investigations, including the planning, execution, and conclusion of investigations.
    • Clearly describes the roles and responsibilities of the investigative team and its collaborators.
  6. Investigation Planning
    • Details the planning of an internal investigation, including the definition of objectives, scope, and necessary resources.
    • Encompasses the development of an investigation plan that includes all the steps to be followed.
  7. Investigation Execution
    • Provides guidelines on how to carry out investigation activities, including the collection and analysis of information and evidence.
    • Emphasizes the need to ensure the validity and reliability of the collected evidence.
  8. Communication during the Investigation
    • Highlights the importance of effective and appropriate communication throughout the investigation process among the involved parties.
    • Describes how and when to communicate with stakeholders, including relevant details such as the protection of confidentiality.
  9. Investigation Conclusion and Reporting
    • Outlines the process for concluding an investigation and preparing the final report that documents the findings and case recommendations.
    • Includes guidelines on how to draft clear, complete, and objective investigation reports.
  10. Post-Investigation Follow-up
    • Details the steps to be taken after the investigation is concluded, including the implementation of recommendations and corrective measures.
    • Covers the evaluation of the investigation's effectiveness and the continuous improvement of the investigation process.
  11. Documentation and Record-Keeping
    • Emphasizes the importance of maintaining proper documentation and records of all investigation activities to ensure traceability and transparency. Depending on the proper documentation of the process, the final evidence may be deemed valid or dismissed.
  12. Competence and Training
    • Includes guidelines on the necessary competence and training for personnel involved in internal investigations.
    • Highlights the need for continuous training and skill development.

This standard is a fundamental tool for organizations seeking to conduct internal investigations in a systematic, professional, and ethical manner, ensuring that all situations requiring formal investigation are handled appropriately.

By implementing this Standard, organizations ensure that any potential unethical behavior is addressed fairly and efficiently, which reinforces the trust of employees, customers, suppliers, and partners.

Author: Guillermo Casal
International consultant and trainer in fraud prevention and investigation and anti-money laundering. He is a Certified Public Accountant, holds a Master's degree in Economics and Administration, and has six international certifications, including the CFE (Certified Fraud Examiner), CIA (Certified Internal Auditor), and CISA (Certified Information Systems Auditor).

Guillermo Casal
LinkedIn

Guillermo Casal   argentina

A professional with 40 years of experience in the fields of forensic and internal auditing. He graduated as a Certified Public Accountant (UBA - Argentina) and holds a Master's in Economics and Administration (ESEADE - Argentina). He possesses certifications including CFE (Certified Fraud Examiner), Certified Internal Auditor (CIA), and Certified Information Systems Auditor (CISA).

He established the forensic auditing practices at IFPC - IGI, a firm founded and chaired by Stephen P. Walker, a former special agent of the FBI, and at the Law Firm of Dr. Luis Moreno Ocampo, former prosecutor of the International Criminal Court in The Hague.

He has led three Internal Audit units in large companies in Argentina and served as the Executive Director of FLAI, the Latin American Federation of Internal Auditors.

He presided over the Institute of Internal Auditors of Argentina. He has acted as a consultant, fraud investigator, and speaker in various countries in Latin America, the United States, Spain, and Mozambique.

Regulatory compliance with SHOGUN ethical line

European Whistleblower Protection Directive

ISO 37301: Compliance Management System

ISO 37001: Anti-bribery management system

ISO 37002: Whistleblower Channel System

EU General Data Protection Regulation

Corporate Anti-Fraud program

COSO: Committee of Sponsoring Organizations of the Tradeway Commission

 

Request a demo

Learn how SHOGUN can positively impact your organization