Corporate Security

Defining Investigation Management

April 2, 2015

At Resolver, we provide those involved in investigation management, security, and risk with the best incident management software to enhance their business processes. Part of our ethos is also sharing knowledge relating to the business with those involved in it. With this ongoing commitment in mind, we have invited John Buckley to share his ideas on how professionals can effectively manage investigations. 

Defining Investigation Management  

On being asked to write about investigation management, my first thought was—that is not a problem.  My second thought was—what do you mean by investigation management?  And my third thought was—Google will have an answer! Except it doesn’t have an answer, five pages in and no sign of a definition of any practical use. I began to wonder where to go next and how many others must find themselves in the same position? How can we discuss something if we do not have a shared understanding of what we are discussing?

Investigation management is a term that has emerged over the past number of years as both the public and private sectors realize that if they are to make their businesses run more effectively, and in the case of the private sector, more profitably, then things that had gone wrong, were going wrong, or might go wrong in the future, need to be investigated. Even in law enforcement where investigations have been taking place for centuries, the term ‘investigation management’ is arguably not in regular use. Taking the terms investigate and management as a starting point and using the Oxford Dictionary website to provide a meaning we get:

  • Investigate, a verb, means to “…carry out a systematic or formal inquiry to discover and examine the facts of an incident, allegation, etc. so as to establish the truth.
  • Management, a noun, means “The process of dealing with or controlling things or people.”

From this, we can build ourselves a working definition:

Investigation management is the process of controlling things and people in order to carry out a systematic or formal inquiry, to discover and examine the facts of an incident, allegation, etc., so as to discover the truth.

A definition is important for a number of reasons. First, it is only in naming that we can begin to understand it. Second, if we are going to discuss something, and ultimately invest money in it, then we need to have a shared understanding of what we are talking about. Third, we need the definition to encompass the key aspects of what is being discussed.

From this definition we can pick out some key aspects of Investigation Management:

Investigation management is a process.

Having a process reduces the chances of important aspects of an investigation being overlooked. It ensures legal and/or regulatory compliance. It means that those involved in the investigation should know what to do, when to do it, and that there is a corporate approach to all investigations.

Investigation management involves controlling things and people.

The person managing the investigation must take control of what is being done. There may be significant amounts of evidential material that has to be obtained and examined. Most investigations are likely to involve many different people including investigators, witnesses, and persons suspected of wrong doing, all of which have to be managed.

An investigation involves the discovery of both the facts and the examination of those facts.

While an important part of an investigation is about gaining facts it is equally important to draw objective conclusions from those facts. Furthermore, it must be recognized that it is very rare in any investigation to have all the facts.  It is part of the investigator’s role to draw together the facts they have, carry out analysis of them, and draw conclusions.

An investigation can be carried out into different types of events.

Investigations come in many different forms and the investigation management process must be able to cope with different types of investigations. Typical investigations will include those related to loss prevention theft, fraud, brand protection, and counterfeit goods. Other investigations will involve human resource aspects including allegations of bullying or sexual harassment, absenteeism, and health and safety aspects. Other investigations will have to deal with serious threats to the organization, including cyber-attacks, security incidents, and potential terrorist activity. The investigation management process must be sufficiently robust and flexible to be able to cope with a wide variety of incidents.

The objective of an investigation is to discover the truth.

While we could discuss ad nauseam the meaning of truth, there is little point in a philosophical debate. For those involved investigation, the key piece to focus on is the truth as it is, not as an investigator may want it to be, nor as an investigator may initially perceive it to be. The good investigator is vigorous in seeking as many facts as they can get both to prove and disprove any hypothesis they may have about what has occurred. Objectivity and open-mindedness are the guiding principles built upon an in-depth knowledge of both the organization’s business and investigation methodology. And a good understanding of human behaviour will take the investigator a long way!

It is worthy of note that the purpose of any investigation is to discover the truth about what has happened. This does not include what to do with the truth once it has been uncovered. The investigation of an event, of whatever nature, concludes when the facts are presented to a decision maker for them to decide what should happen next. Investigation is about seeking the truth, not pursuing an outcome. If a particular outcome is pursued, the objectivity of any investigation will be compromised. Investigators should not be pressurized by managers to pursue a manager’s agenda.

Now that we have clarified what we are going to discuss, we are ready to start drilling down into effective investigation management. In the next blogs of this series, we will cover brand protection and loss protection while exploring the whys and hows of these types of investigations and addressing key elements that need to be covered to ensure effectiveness.

About the author: John Buckley is an independent consultant, speaker, and author with many years of practical know-how in assisting organizations with forming their business priorities and investigation management. He specializes in investigation, intelligence, risk management, and counter terrorism protective security. He is the author of three books relating to intelligence and risk management, and provides training and consultancy on an international basis. John currently resides in the United Kingdom. If you would like more information on how Resolver’s investigation and case management software can work for your organization, request a demo. We’d love to hear from you!

About the Author


Discover Resolver's Software

Incident Management Software

Protect your organization and prove your security team’s value with Resolver’s Incident Management application. Improve data capture, increase operational efficiency, and generate actionable insights, so you can stop chasing incidents and start getting ahead of them.

Enterprise Risk Management Software

Provide your organization’s board and senior leaders a top-down, strategic perspective of risks on the horizon. Manage risk holistically and proactively to increase the likelihood your business will achieve its core objectives.

Regulatory Compliance Software

Save time by monitoring all regulatory compliance activities, providing insights into key risk areas, and then focusing resources on addressing regulatory concerns.