Call me a skeptic.  Call me cynical.

I understand that the International Organization for Standardization (ISO) provides valuable standardization services and guidance.  The ISO is comprised of 169 member countries.

The ISO recently issued a new standard governing internal investigations.  From my vantage point, I was a critic of ISO 37001, anti-corruption compliance,  because of its over-generalization and failure to provide more specific guidance on important issues.  So, I am coming to this new one with a disclosed bias.

My concerns are three-fold. 

First, I am not convinced that when it comes to compliance and internal investigation, the issuance of an ISO standard provides little meaningful guidance except to assemble an outline of topics that are well known and a collection of obvious legal terms that are too amorphous — like “reasonableness” and other terms that sound good but provide ambiguous or ill-defined concepts.

Second, ISO standards on compliance and internal investigation topics provide organizations that “meet” such standards with a false sense of comfort.  Walking into the Department of Justice with a stack of certifications in the context of a government investigation will not deter prosecutors from looking under the hood, reviewing an internal investigation and verifying that all avenues were examined.  Meeting an international standard and presenting a certification is unlikely to have any appreciable impact on DOJ’s investigation.

Third, from my cynical perspective, which is limited to ISO 37001, on anti-corruption, and the ISO’s new internal investigation standard, the ISO certification has created its own industry of private “certifiers” who charge companies money to review their program and decide whether to not to certify the company as satisfying the specific standard.  This seems more focused on promoting the private certification industry.

Let me offer companies another option. 

Rather than spending money on gaining access to the ISO standard, reviewing your company’s operations against the standard and investing money to meet the standard, and then paying a so-called certifier to tell you where you stand, take the money and time, assemble an internal team consisting of legal, compliance, finance, human resource, and audit professionals to review all available government guidance, best practices guides, and then apply the group’s common sense and experience to assess you own internal investigation program, propose improvements, and then set a schedule to make some changes, all tailored to meet your company’s culture, investigative needs, and commitment to a culture of ethics and compliance.

In the end, you will have accomplished something that will improve your internal investigation program, and at the same time, save a bundle of money and time.