Many companies have an investigation protocol in place when a potential compliance violation or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic, because if a Board does handle an investigation right, the consequences to the company, its reputation and value can be quite severe. The SEC considers a variety of factors around corporate investigations including: Did management, the board or committees consisting solely of outside directors oversee the review? Did company employees or outside persons perform the review? If outside persons, have they done other work for the company?

There is also a SOX role in internal investigations, most particularly for audit. Section 301 establishes certain requirements for Audit Committees, including: (1) Procedures for receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters; (2) Procedures regarding the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters; (3) Authority to engage independent counsel and other advisers, as it determines necessary to carry out its duties; and (4) Funding to engage advisors as it deems appropriate.

Three key takeaways:

  1. The Board should have a written protocol for investigations prepared in advance.
  2. Any Board led investigation must be both credible and objective.
  3. The investigation must be thorough but the Board can be cost effective.