Issues Management for Compliance

44% of fraudsters were detected as a result of a tip, complaint, or formal whistle-blowing hotline.

 – KPMG, 2016

Consulting firm KPMG surveyed chief compliance officers (CCOs) at 62 major U.S. firms across seven industries about their compliance activities. The survey examined the specific approaches to compliance that CCOs are taking in each of nine core compliance components, including “issues management and investigations” (Stryker, 2017).

The survey results show that firms are especially strong in three “preventive” components: governance and culture; policies and procedures; and communication and training. They tend to be weak in three other components: technology and data analytics; monitoring and testing; and people, skills, and due diligence. Results are mixed for the remaining three components: compliance risk assessment; reporting; and issues management and investigations.

The use of hotlines and complementary methods for detecting fraud fall into this latter category. KPMG cites its 2016 report on fraudsters to remind us that 44% of fraudsters were detected because of a tip, complaint, or formal whistleblower hotline, with another 22% detected because of a management review.

As regards issues management and investigations overall, the surveyed CCOs report the following.

  • Investigation results and metrics inform program enhancements. (77%)
  • Annual reporting of investigation metrics to the Board occurs, addressing root cause analysis and quantitative data. (76%)
  • Processes are in place to assess the impact of issues, root causes, and cross-organizational impacts and to create enterprise-wide solutions. (65%)
  • Centralized issues management and investigative processes are also in place, as is structured coordination with other groups such as enterprise risk management, internal audit, general counsel, human resources, and corporate security. (71%)

KPMG offers the following advice for enhancing the effectiveness of issues management and investigations:

  • Strong investigation culture – Compliance leaders view confidentiality as a crucial aspect of a successful investigation culture. Handling investigations in a respectful way is also growing in importance as CCOs recognize the need to maintain an effective and positive environment while uncovering the facts.
  • Protocols – Protocols, including investigative methodologies, that contain direction and guidance are essential foundational elements for internal investigations and help to create a consistent and sustainable approach.
  • Training – Leading practices in training programs for investigators include utilizing investigative fact patterns that are carefully scripted—and role playing to practice interviewing techniques as well as to address common errors based upon quality assurance reviews and/or audit feedback. Training programs should also include updates to investigation protocols, structure, or communications approaches to encourage prompt application and integration.
  • Technology – Fundamental to an investigations program is an organization’s ability to know the fraud and misconduct allegations and to hone in on key risk indicators. To yield valuable intelligence on the state of investigations, escalated issues, and risk factors, organizations should have a dashboard feeding in from all relevant systems, and use data analytics—a key antifraud technology utilized to sift through millions of transactions looking for suspicious items.
  • Root cause analysis – Root cause analysis, or post-investigation analysis, assists organizations in identifying qualitative measurements and create a feedback loop on what is learned during investigations. This analysis helps the organization to understand what could be driving certain behaviors, enable implementation of appropriate corrective actions to address the root cause(s), enhance stakeholders’ understanding of the trends identified, and improve organizational performance.

In its section on issues management and investigations, KPMG reminds us that regardless of the approach an organization selects, it is important that information flows upward and that risk trends be aggregated and understood.

Ethical Advocate assists companies of all sizes in creating a culture of ethics and accountability by providing ethics and compliance training, confidential and anonymous hotlines, and assistance in meeting regulatory and reporting needs. Contact us for more information.


KPMG. Global Profiles of the Fraudster: Technology Enables and Weak Controls Fuel the Fraud, May 2016, (cited in Stryker, 2017).

Stryker, Nicole. The Compliance Journey: Boosting the Value of Compliance in a Changing Regulatory Climate, KPMG survey results, March 2017.