Welcome to the roundup of this weeks Sunday debate which I host on LinkedIn.
This week we discussed the comment:
"Investigation skills are not security investigations nor risk management"
It brought some interesting insights from a number of industry professionals from various backgrounds.
While the general consensus was that it is a skill required by all security professionals it was a different skill set dependent on where you work.
A couple of the contributors looked back on their roles so they had experience from a disciplinary perspective, some drew on their police backgrounds. What I gleaned from it personally was you need to know the following:
Know what you are investigating, this is very important as it will guide you to the outcome
Keep personal views and biases out of the investigation, go to where it leads you, not where you want it too
Rules, know the company rules you are investigating against with the problem against the individual.
The difference of approach is clearly within the realms of the investigation, take physical security for example. The technical approach is that something has happened, and the investigation is in the how it happened and what approach, policy or design feature do we need to improve to make it right? This goes hand in hand with cross stakeholder working and collaboration between departments, cost centers and time.
Knowing who to go to for the information you require while the investigation is another skill set which means you will have to have a good understanding of your business and the people within it.
Another point mentioned was, as an investigator a true investigator is a natural enquirer and as such, they should believe nothing until they have checked everything and drawn a conclusion of the facts. This may mean that your boss might not like the outcome as they want the problem gone, but as far as tribunal payouts go for negligence in the process, thoroughness is next to no fine-li-ness (yes I made that up).
The general feeling is that investigations are a live part of the security industry but they must be done by a trained and competent individual. This individual needs to be skilled in analyzing complex information and at times many pieces of information, then able to draw a logical and transparent conclusion to a fair outcome. The majority of the time where investigations are done they affect peoples livelihoods and as such need to be fair and robust, and all avenues have been investigated.
There are times where an insufficient investigation has been carried out and the person has been disciplined and sacked. Once appealed and given the time lapsed you will have to re-employee the individual, and pay any money they would have earned up to that point, then reinstated in their position. This is how an ineffective investigations could cost you thousands in litigation or back pedaling on decisions made on a whim.
If you would like to join us on LinkedIn for the Sunday debates please follow the hashtag above or #sundaydebate on the LinkedIn platform.