All News

Fraud Investigation

Internal Investigations: strategic tools of corporate governance

10 March 2025

Internal investigations represent a fundamental safeguard in the field of corporate governance, constituting an operational tool for the assessment of potentially illegal, dysfunctional or conduct that does not comply with the ethical and regulatory principles that govern business activity. When properly set up and conducted, these activities turn out to be determinants for the timely detection of risks, the protection of reputation corporate and the strengthening internal transparency.

Regulatory framework and evolution of the model

The introduction of administrative liability of entities pursuant to Legislative Decree 231/2001 and the increase in illegal phenomena related to so-called White Collar Crimes have involved a progressive affirmation of internal control models based on dynamic and flexible tools. Internal investigations are part of this context as tools of ascertaining and prevention, progressively evolved from a mere tool for verifying company policies to real mechanisms for detecting and managing violations.

These activities are now configured as a structural component of compliance programs (compliance programs) and are fully integrated into the logic of corporate Risk Management. The practice of internal investigations has also spread nationally, following the example of US and Anglo-Saxon models, as an operating method to deal with behavior contrary to internal regulations and with the regulatory framework of reference.

Purposes and areas of application

Internal investigations, with a view to responsible and compliant governance, are aimed at:

  • detect and prevent illegal conduct (e.g. fraud, corruption, office abuse, violations of company policies);
  • ensure compliance with national and supranational regulations (Legislative Decree 231/2001, ISO 37008, FCPA[1], GDPR[2]);
  • manage reputational critical situations or potential litigation;
  • provide objective feedback to whistleblowing reports and to the institution's supervisory obligations.

The activities may take on the following character:

  • internal, where carried out by resources already embedded in the organization (e.g. Internal Audit, Legal, HR, Compliance, Security);
  • independent, if entrusted to third parties with specific skills and guarantees of impartiality and confidentiality (e.g. investigative agencies).

UNI ISO 37008: guiding principles for proper conduct

The UNI ISO 37008 standard is today the main technical reference for the regulation of internal investigations. It defines investigations as a structured, competently conducted process aimed at ascertaining facts in relation to hypotheses of Alleged or suspected wrongdoing (CD. Wrongdoing), incorrect behavior (CD. Misconduct) or not compliant (CD. non-compliance).

Among the key principles established by the standard are:

  • Independence: the investigative activity must be carried out by subjects with no ties to the persons or facts subject to verification;
  • Impartiality: the investigation must be based on objective facts, collected without internal conditioning and influence;
  • Confidentiality: maximum protection of the information and data collected is required, in order to avoid harmful disclosures;
  • Competence: the team in charge must have professional requirements appropriate to the context and complexity of the investigation;
  • Regulatory compliance: every activity must be based on compliance with current legislation, in order to avoid legal and reputational consequences for the institution.

The strategic function of investigations in governance

Modern corporate governance requires a proactive approach in preventing and managing non-compliant conduct. In this perspective, internal investigations play a decisive role in:

  • strengthening the culture ofintegrity And of the legality;
  • Ensure the transparency in decision-making and management processes;
  • support the periodic evaluation ofeffectiveness of organizational models;
  • provide useful evidence to empowerment of Top Management and of the supervisory bodies.

The investigative activity, therefore, must be set up according to criteria of methodological rigor, guarantee of discretion and technical appropriateness, in order to ensure that the Institution is effectively protected against legal and reputational risks.

The added value of an independent approach

Sometimes and in certain circumstances, entrusting investigations only to internal resources may expose the company to critical issues of a different nature, including: conflicts of interest, organizational interference, lack of know-how and risks of undue disclosure.

The assignment to a qualified external entity on the other hand, it allows you to ensure impartiality, confidentiality and competence, in addition to providing a third and professional evaluation.

An investigation carried out by a independent team promotes the identification of vulnerabilities in the internal control system, reinforces compliance and allows the adoption of corrective measures promptly and effectively. In compliance with the provisions of UNI ISO 37008, Argo adopts a structured approach to internal investigative activity, based on:

  • risk mapping and preliminary analysis of the business environment;
  • verification of anti-corruption procedures and safeguards;
  • Operational and documentary audits;
  • using OSINT sources[3] and SOCMINT[4] for the assessment of reputational exposure;
  • technical interviews with key personnel, in a controlled environment.

In a regulatory world that is increasingly attentive to liability profiles, the choice of a qualified partner to conduct internal investigations represents not only a guarantee of legality, but a competitive advantage in terms of trust, reputation and reactive capacity.

[1] Foreign Corrupt Practices Act

[2] General Data Protection Regulation

[3] The Open Source Intelligence, is that intelligence discipline that deals with the research, collection and analysis of data and news of public interest taken from open and public sources.

[4] The Social Media Intelligence which focuses on the collection and analysis of information that is produced and exchanged through social media.

Author:

Katia Trevisan

Share article
Download PDF

More articles

Find out more
Forensic investigation
Digital investigations

Intelligence

Brand Protection and Anti-Counterfeiting

Ignoring the risk of counterfeiting is equivalent to leaving a critical front in your business exposed. On the contrary, implementing law enforcement measures allows you to protect your reputation and your products.

May 21, 2025
20 March 2025
Read More
Cyber security
Cyber risks

Cyber

Cybersecurity in healthcare: vulnerability assessment and testing

The digital transformation of healthcare has improved care thanks to advanced technologies, but it has also increased the IT risks associated with connected devices.

May 19, 2025
8 April 2025
Read More
Digital investigations
Forensic investigation
Cyber security

Digital Forensics

Digital Forensics: the key to discovering breaches and malware

The role of digital forensics is central not only in the analysis of computer incidents, but also in identifying malicious software on devices.

May 16, 2025
16 May 2025
Read More

Contact us

For information on our services, or to book an appointment, please contact us. We operate nationwide and internationally.

Contact
Argo S.p.A.
Via dei Gracchi 32,
00192 Roma (RM)
P.I. 15137521009
©0000
Services
Intelligence
Fraud Investigation
Digital Forensics
Cyber
Security
Compliance
Solutions
Company
Who we are
Contacts
LinkedIn
News & Insights
Argo S.p.a.
Via dei Gracchi 32, 00192 Rome (RM)
P.I. 15137521009
©0000
Privacy PolicyCookie PolicyCode of EthicsCodice DeontologicoPolitica per la qualità
Site by OFF+BRAND.