Can you manage an investigation?

Several organisations are finding themselves embroiled in controversy because of complaints not being dealt with correctly.  Some of these are internal complaints from their own workforce.

Southern Medical Trust have recently been heavily criticised and sanctioned for a series of malpractice incidents. Irrespective of circumstances of the actual incident they were additionally criticised for not investigating these incidents correctly.  Some of this criticism was avoidable, the fact that they attracted significant reputational damage just because they failed to investigate properly would appear to be a serious own goal.

No organisation is immune to exposure of this kind of criticism.

The number of complaints recorded in Universities and High Education establishments, for instance, has grown significantly in recent years.  Complaints regarding the actions and conduct of both students and staff encompass a range of subjects: From cheating and plagiarism, allegations of inadequate teaching and support, as well as a range of serious criminal allegations.

Surrounding opinion of the younger generation and entitled millennia’s aside, it is clear that people are more ready to engage with litigation.  Coupled with this, they also have an improved awareness of the complaints process and improved support from trade organisations and representative bodies and a highly competitive legal system hungry for work.

The Office of the Independent Adjudicator has a statutory role to investigate a number of student complaints. Their 2015 report shows that the trend continues to rise (See Fig 1). An increasing number of which are seen as justified or partly justified (See Fig 2).


Figure 1
Figure 2

In the meantime, support and resources for senior managers tasked with investigating these complaints has failed to keep pace with the changes.

So, the question should be: Does my organisation know how to investigate? Have we got systems and policies in place? Do they have people within their organisation who can run or manage an investigation effectively?

Dependent on the organisation, the responsibility to carry out at least the initial investigation, lies with senior managers.  HR departments may take the legwork away from managers but ultimately the buck will stop with them.

Senior managers now find themselves increasingly burdened with this arduous responsibility, often without any formal training or guidance of the investigative processes.

Managers, or their nominees responsible for conducting an investigation, will benefit greatly from having some basic investigative training.  Now more than ever, there is increased scrutiny into the conduct of an enquiry/investigation. Adherence to the legislation, policies and procedure of your organisation is paramount in the process.

Developing knowledge and understanding of the investigation process enables the individual manager, as well as the organisation, to evidence their accountability, proportionality and reasonableness in their dealings with complainants irrespective of whether the initial complaint is upheld or not.

Demonstrating a thorough and ethical approach to your investigation may potentially help you avoid costly civil litigations and mitigate the risk of reputational harm.

Managers need to develop knowledge, understanding of the process of investigations and its key elements.  They also need a detailed understanding of the legislation, policies and procedures that governs an investigation and the significance and impact of non-compliance.

As a minimum, when an investigation is commenced the responsible manager will need to understand his or her role in the process along with all the ethics, principles, legislation, policies and procedures.

Investigators will need to develop the investigation strategy and demonstrate all decisions made as a result.

Anyone involved with the enquiry will need to understand the principles of

  • Securing and preserving evidence
  • Management of written material and associated evidence
  • Skills and techniques in investigative interviewing
  • Recording evidence in statement form
  • Case file preparation
  • Skills to present evidence in formal proceedings

Help is available. The legal experts will be able to supply you with hand books and text books which will tell you what you should and should not do, as well as the penalties for getting it wrong.

What the books will not tell you is how to do them, or not do them. The only people who can assist you in this regard are experienced investigators who have been through the fire of court and tribunal hearings, people who have had their every decision scrutinised and questioned in minute detail.

These people will be able to guide you through investigation strategies by helping organisations to put robust working practices and policies in place, which will protect the individuals and the organisation.  Systems, which can ensure the continuity of evidence so as to avoid the embarrassing questions in the middle of a hearing. Experts who can work with individuals who are managing investigations and give them skills to carry out robust, transparent, and impartial investigations which will stand up to the most rigorous scrutiny.  It’s not enough these days to be fair and impartial, it’s sometimes more important to be seen to be so.  You may inevitably need to prove and justify that you and your investigation have been thorough, impartial, fair, and professional, by producing incontestable facts or evidence to support decisions made and actions taken.  Ask yourself, can you manage an investigation correctly?

The Importance of Managing Risk

Cyber crime is making all the headlines at the moment and it was recently reported[i] that cyber crime and fraud are now the UK’s most common offences. Any company that operates online is exposed to the risk of cyber crime and the bigger and more dependent the organization is on the internet, the greater the damage that may be done. Note the use of the word ‘may’ because that is what a risk is: something that might happen. If and when it does happen it is no longer a risk but an issue…… that needs resolving.

So we can see that risk is the possibility of something (normally bad) happening with consequences that will damage the business. Damage or impact could be financial, reputational or on the people connected with the business. This concept of risk being two dimensional is important to recognise because people will sometimes focus too much on the impact forgetting or ignoring the probability. The fear of flying, for example, is irrational because the likelihood of an incident happening when you are flying is extremely small but the impact/consequences may, of course, be catastrophic.

Human beings have always managed risk: our ancestors use to live in caves to protect themselves from animal attacks; the Romans maintained a well-trained army in case of insurgency: the plimsoll line was created to help prevent ships from sinking when cargo was being loaded. Nothing has changed to this day save for the fact that most organisations nowadays have to actively demonstrate that they are managing risk. In other words, there has been a move has been from implicit/informal to explicit/formal risk management. This move from implicit/informal to explicit/formal risk management has manifested itself in businesses setting up risk registers, appointing Chief Risk Officers and supporting staff and even developing methods to quantify risk exposures as a basis for providing reserves should such risks manifest themselves.

So where do you start if you want to be more explicit with your risk management? The first thing to do is to understand the process of risk management which typically has four phases:

Identification – a subjective exercise in identifying all the risks that might affect the business. These are often grouped into areas such as financial, operations, IT, legal and so on. The aim is to develop a list of risks without ignoring any that are identified.

  1. Assessment – a subjective evaluation of the likelihood of a the risk occurring and the impact that it would have if it were to manifest itself. There are various scales that can be sued for this process and the starting point is to consider these risks as if there were no controls in place (see next step) to mitigate the risk.
  2. Selection – selecting a suitable way in which the likelihood or impact may be reduced. Mitigation techniques are often referred to as the four Ts:
    1. Treat – techniques which implement or improve controls to prevent the risk from occurring;
    2. Transfer – techniques which move the risk out of the business (insurance is the best example of transferring a risk);
    3. Tolerate – accept the risk and choose to do take no further action, may be because the probability is too remote;
    4. Terminate – avoid the risk completely by, for example, deciding not to move into a new business line.
  3. Implementation – the final stage in the process involves re-assessing the likelihood/impact with the mitigation actions in place, implementing the agreed actions and then providing a follow-up/monitoring plan to ensure the risk remains ‘under control’

Risk identification is, by definition, an ongoing process as new risks emerge (such as cyber crime) but that doesn’t mean that the process needs to be done on a daily basis. In fact, once the process has been documented in a suitable risk register[ii] then it is just a question of reviewing the results every 3/6 months to make sure that nothing has changed. Of course, if there is an unexpected external event (such as a terror attack) which may affect your business then a review can take place immediately. In fact, scanning the external environment for new and emerging risks is part and parcel of the risk identification process.

An assessment of the risks facing a business should be broadly based and look at both internal and external risks. Typically the former are easier to control whilst the latter are harder. First aid is one area that should be included in your risk assessment as, not only is it a statutory requirement, it is also good business practice to prepare your business for the types of eventualities where well trained employees are able to react to an emergency in the workplace. More information on first aid risk assessments can be found on the Health and Safety Executive website[iii].

At this point, it is worth pointing out that the negative connotations of risk management thus far described need to be balanced against an organisations requirement to take risks. Any new business is taking risks when it first sets out. Any new venture for an existing business is risk-taking. The very simple message that comes from this is that an organization has to manage risks to protect the business and take risks to grow the business. As always in business, there is a balance to be struck between the two and achieving that balance is down to the directors.

The litany of failures caused by poor management of risks is endless. The consequences of poor risk management can lead to huge financial losses (witness the global financial crisis) or even loss of life (witness the Mid Staff NHS enquiry). Many of these failures hit the Press with headlines that “this should never be allowed to happen again”…….but sadly they do. Such catastrophic events may be confined to larger organisations but smaller businesses are not immune and can protect themselves without creating too much bureaucracy and recognising that good risk management is a necessary part of doing business in today’s complex working environment.

Keith Blacker is director of RPI. He holds a doctorate in Operational Risk Management and co-authored the People Risk Management published by Kogan page in 2015.


[ii] If you would like a copy of a simple risk register template with instructions on how to use it please contact


The Chicken or the Egg? The frustration of tendering.

The Chicken or the Egg?

One of the most demoralising ‘tender’ phrases to read, for any Small to Medium Enterprise (SME), must be ‘experience of delivering in similar contracts is required’. This raises the question of how SMEs are ever going to get the experience required when it becomes a pre-requisite of tendering?

We have been there several times ourselves, and have spent many days and weeks writing comprehensive tender bid documents, demonstrating our capabilities, our technical expertise and the quality of our people, only to be told that we scored highly in technical ability, but were let down by previous contract experience. This has been particularly true of the FCO/DFiD tenders.

The big ‘Primes’ continue to hoover up the contracts, brushing aside anyone who dares to try and compete, at times immediately sub-contracting the work straight out to the very SMEs who were not able to win the tender themselves.

So, would SMEs provide a better service? They would have a greater vested interest in providing an excellent service for a start, their livelihoods depend on it. They are more likely to remain in the office until midnight to solve the minor issues that crop up, or personally manage the delivery. Their customer service is likely to be personal, rather than corporate and the personnel will be known quantities, as opposed to ‘someone to fill a post’.

SMEs will be able to provide project specific expertise, knowledge based on experience in the respective field, and the ability to deliver across Strategic Aims, Operational Plans and Tactical Delivery.

Our experience of the big Primes is that they get so consumed in their own importance that they cannot accept that an SME can deliver any significant contribution. There is almost an ‘Emperor’s New Clothes’ syndrome that things are rosy on the programme, because they have to be, and anybody who suggests otherwise is just being negative. More credence apparently being given to which University their degree came from, rather than the problem solving that 30 years of operational experience can bring to the table.

Is the answer to work as part of a consortium with a Prime? Maybe, but what about those Primes who take everything they need for the bid, then cast the SME aside, and then contacting the people whose CVs they have included in the bid to work for them direct. It has happened to us, and others we know, with little or no redress.

Has the ASI ‘incident’ been a turning point for SMEs? Will the contracting authorities start to use SMEs more often? Let’s hope so.

Until then, unfortunately, the ‘Chicken and Egg’ situation around tendering and experience seems likely to continue.

What would you do in an attack? The case for “Stay Alive” First Aid training.

The Government advice in the event of a terrorist attack is to “Run, Hide, Tell”.  Advice is all well and good, but no one truly knows what they would do until the unthinkable happens.

Human beings are mammals and we act the same as other mammals when faced by danger, we either “Fight or Flight”.  The course of action one takes is based on a lot of external influences, such as: The threat, our personality, who we are with, other dangers and previous experience and training.

Previous experience and training are perhaps the most effective influences.  Study after study confirms that individuals who have had military or police training react differently in a crisis than people who have not.  When all else fails, they will fall back on the drills that they learned, even if, in some cases, those drills were a lifetime ago.

There is also the initial reaction, which comes before the “Fight or Flight” phase, a reaction that is often not known about or understood.  This recognized phase is called “Freeze”. This is a period when the brain makes a critical decision to either fight or flee.  In trained individuals, this decision period occurs in a very short time window, again, dependent on experience and training.  Individuals who have been in Special Forces or exposed to a high volume of operations often make decisions faster than those who have not, which is to be expected.

But what happens if you can’t flee or fight?  There have been a number of high-profile attacks in recent times, where the vast majority could do neither, because of barriers such as: Collapsed buildings, the presence of armed individuals blocking potential escape routes, or injuries sustained by yourself or someone you know. The horrific attack on the Orlando nightclub, Pulse, in 2016, and the attack on the Nairobi Westgate shopping mall, in 2013, are prime examples.

People died in both these situations, from what we now know were treatable blood loss injuries.  In other words, death was a result of bleeding that could have been stopped by someone with the correct training and experience. This includes the victim.

Soldiers on a modern battlefield are trained and expected to administer self-help as soon as they can, this action has saved lives numerous times.  Casualties are able, in horrific circumstances, to receive lifesaving first aid treatment, which is enough to stabilize them before any medic, or doctor is able to see them.

The casualty survival rates for the Afghanistan and the Gulf Wars are mind blowing when compared to earlier conflicts.   The difference between the two Gulf Wars is significant, to say the least.   Survivability is just as dependent on what happens in the first 2 to 3 minutes following the injury, as it is the 3 to 4 hours of surgery back in an operating theater.  In fact, without that initial intervention, the surgery will not happen or even be necessary because the patient will be lost.

The battlefield has now moved, to an arena populated by people who, for the most part, have very little training and wouldn’t know what to do if someone was bleeding in front of them.  Paris, Nice, Brussels, Nairobi, Orlando, Boston, Madrid, Mumbai, and London.  Injured people caught up in these incidents had little or no idea as to what they needed to do to self-help. Some of the casualties in the Pulse nightclub attack were alive up until two hours after their injury.  The emergency services could not get to them because they were under fire themselves and attempting to prevent further casualties.  People could have easily been saved if they, or the people close to them, had even rudimentary knowledge of how to control catastrophic bleeding.

The real shame of this, is that it is not hard to obtain these skills.  It does not require years, months, or even weeks of training!  These skills can be taught, and more importantly, learned, in a few short hours with the right level of experienced trainers, combined with the correct equipment and knowledge.

Learning to manage the trauma of major blood loss can become second nature so that you can react instinctively when and if the situation arises, and it will keep, you, your friends and your family alive.

It’s not just attacks like shootings and bombings that apply, correct training will also save lives in any other situation which results in catastrophic blood loss, such as:  Accidents in the home, on the roads, in work, or just an incident that occurs in day to day life.

Catastrophic bleeding occurs when an artery or major blood vessel is cut.  This can easily happen at home or at work, but for some reason, many of your standard home or work first aid kits are ill-equipped to deal with such a trauma.

Again, a surprisingly little amount of specialist equipment is required.  Simple pressure techniques, proper bandages, and some clotting agents are all that is needed.

Why then, do so little people have this knowledge, what stops more people from obtaining it? Is it time? Is it cost? Is it lack of opportunity? Or is it attitude? “Not my problem”.

The cost of such items, including the training and skill to use them, can be obtained for less than £150, and take as little as two hours to learn. The equipment needed can fit into a jacket pocket or one of the compartments on a computer bag.  There are training providers who have the requisite knowledge and experience to train high numbers of people in the workplace very cheaply, so the opportunity is there if you look for it.

2 hours of training and the practice of carrying a small, effective First Aid kit can prevent a loved one, or someone you work with, from becoming a victim of violence or a serious accident.  Ultimately, the right knowledge could even save you.

Another terrorist attack will happen.  People will be caught up in it, and the major cause of loss of life will be catastrophic blood loss.  The general public can do nothing to stop the attack, but they can do something to minimize the loss of life, simply by being ready and having the right attitude.  So why not start preparing now?