Security professionals conducting internal investigations are faced with the challenge of gathering credible evidence to determine if, when, where, why and how an incident occurred.

Cynthia Merchant, Associate Director, Global Security at pharmaceutical company Novartis, has worked in and built security functions for more than a decade, having held senior investigative roles at Phillip Morris International and Eli Lilly prior to her current position.

“I see the security function as the hub of a bicycle wheel, and different company departments as the spokes,” says Merchant. “Security can’t be an island. It needs to be proactive, focused, and looked at as critical to the business. As the hub, security needs to work with all company stakeholders, including supply chain, quality, manufacturing, corporate affairs, ethics, risk and compliance, and others.”

When Merchant joined Novartis in 2020, she was brought on to build out their product investigations program in North America, investigating instances of counterfeit, diverted, stolen and adulterated product. After nearly two years, Merchant was promoted to Associate Director, Global Security, leading investigations across Canada and Latin America, among other responsibilities.

Steps of an internal investigation

 From the moment an allegation is brought to the investigations team, security has a responsibility to determine the facts of an alleged incident. According to Merchant, siphoning through assumptions and opinions helps security investigators lead unbiased investigations.

“As an investigator, I have a duty to go through the investigation without bias. It’s part of my duty of care to the reporter and the person being investigated,” Merchant says.

The following are the three C’s Merchant has honed throughout her career in security when conducting investigations: compile evidence, conduct interviews and conclude the investigation.

Compile evidence

 Security has a duty to investigate every allegation reported, according to Merchant. When an allegation is reported, Merchant recommends beginning the investigation by checking company policy to see if the alleged action constitutes a breach in policy.

“We investigate allegations of misconduct that are potentially illegal against Novartis’ Code of Ethics,” she says. “When an allegation is made, I look at the investigative subject’s professional practices, company policy violations or any other potential irregularity outside of what is considered proper for a person in our industry. An allegation can be anything from an expense fraud to a conflict of interest.”

After investigating the subject’s background and company policy, security investigators should start to compile evidence relevant to the allegation and consult with subject matter experts (SMEs) as needed regarding the allegation type — Human Resources, Ethics, Risk and Compliance (ERC), Finance, Legal, just as a few examples.

“I review company data and may also speak with subject matter experts (SMEs) to get more background on the policy breach,” Merchant says.

❝

As an investigator, I have a duty to go through the investigation without bias. It’s part of my duty of care to the person being investigated.”
— Cynthia Merchant, Associate Director, Global Security at Novartis

Conduct interviews

 Once the investigator has compiled relevant evidence regarding an allegation, the investigation moves to the interview stage.

“At this point, I will speak to all the people that I feel are necessary. That may include the reporter, witnesses, bystanders or others. Finally, I’ll speak with the subject of the investigation,” Merchant says.

During her interviews with subjects, Merchant employs an investigative strategy that foregrounds respect. She says her focus in subject interviews is to determine the subject’s credibility and prioritize facts over opinions of what happened.

“To determine credibility, you need to consider the plausibility of the incident, past record of the person, their possible motive, timing, demeanor and consistency. When you ask questions of the subject or other people, is there consistency and corroboration?” Merchant asks.

An investigator’s attitude during interviews can impact the investigation as well. Merchant emphasizes the importance of a respectful demeanor during interviews — from conversations with subject matter experts to witnesses, the reporter and the subject.

“As the investigator, you need to remain humble. You need to always speak with respect. The subject of your investigation may or may not have committed the misconduct. If they did, they either tell you they did, or they lie to you throughout the entire interview. I will still treat them with respect — never try to embarrass or humiliate them. Just treat them with respect.”

Conclude the investigation

 Once interviews are complete, the investigator then writes up a report focused only on the factual evidence and testimony acquired during the investigative process. Merchant says following up with each individual involved in the investigation can help reduce confusion and increase transparency in the investigation.

“Let’s say that during an investigation, I spoke with the reporter, then witnesses, and then the subject. When I’ve concluded the investigation, I send them an email restating when I spoke with them, thanking them for their time, and letting them know that that investigation is now closed. For reasons of confidentiality, I can’t disclose more to them, but closing the investigation with them is important because otherwise that person doesn’t know what happened. Then, if there are remedial actions to be implemented, HR or their manager will speak with them.”

Once the investigation is concluded on the security side, Merchant emphasizes the importance of self-reflection and improvement.

“I always try to evaluate myself and think about what went well, and what could have gone better or differently? Perhaps I should have asked the questions differently. Perhaps I should have interviewed someone in a different order.”

By continuously evaluating her own investigative practices, Merchant is able to hone her interview and evidence-gathering skills and improve each time she conducts an investigation.