Hotline tips stuck in email; NAVEX case management with Workday routing delivered consistent, anonymous investigations

Overview

Whistleblower hotline tips were landing in multiple inboxes with uneven routing and little visibility into status. Allegations about HR, fraud, or safety sometimes went to the wrong team, anonymity was hard to preserve across email, and leaders lacked a single view of open items and deadlines. Intelligex implemented NAVEX case management with structured intake, AI?assisted categorization under guardrails, role?based access, and Legal oversight. The system integrated with HR and Security so allegations reached the right reviewers, two?way anonymous communication stayed in one place, and closure required documented sign?off. Triage became consistent and stakeholders saw the same facts—while the hotline, HRIS, and security tools remained in place.

Client Profile

• Industry: Global services and technology
• Company size (range): Multi?region workforce with centralized Legal & Compliance and distributed HR and Security teams
• Stage: Web and phone hotline in place; tips routed by email and spreadsheets; inconsistent ownership and status tracking; limited anonymity protections across channels
• Department owner: Legal & Compliance (Ethics & Compliance and Legal Operations)
• Other stakeholders: HR/Employee Relations, Corporate Security, Internal Audit, Privacy, IT/Integrations, Works Council/Employee Representatives where applicable, Executive Sponsors

The Challenge

Hotline submissions arrived from web forms, phone transcriptions, and email. Some reports went directly to HR, others to Security, and sensitive allegations about senior leaders occasionally landed with the very teams implicated. Intake lacked required fields, so investigators spent time re?contacting reporters for basics such as location, department, or date ranges. Anonymous reporters did not have a reliable way to exchange follow?up information without exposing identity, and updates to reporters were inconsistent.

Case tracking varied by team. HR used a spreadsheet, Security used tickets in a separate tool, and Legal kept a shared folder for high?risk items. People asked for status in chat channels, and escalations depended on who was available. Substantiation decisions and rationale were captured in comments or emails, not in a single record. When a case implicated more than one function, handoffs were slow and not always documented.

Compliance expectations were clear but hard to prove. Leadership had committed to in?country handling, protections against retaliation, and adherence to frameworks such as the EU Whistleblower Protection Directive, but the tools did not enforce role?based access, regional routing, or evidence standards. Audits required reconstructing timelines from inboxes and spreadsheets rather than exporting a report from a system of record.

Why It Was Happening

Hotline intake was not a governed workflow. The web and phone lines worked, but they fed email channels and spreadsheets rather than a case system with structured fields, routing rules, and approvals. Without role?based access, cases were shared more broadly than necessary, and anonymity was difficult to preserve during follow?ups.

Ownership and categorization were ad hoc. Teams applied their own labels and priorities, so the same allegation type could be triaged differently across regions. There was no standard path for conflicts or for allegations involving senior leaders, and closure criteria varied by handler. Reporting rolled up incomplete or inconsistent data, which made it hard to see where cases stalled.

The Solution

Intelligex deployed NAVEX case management as the intake and investigation system of record, integrated with HR and Security. Structured forms captured allegation type, location, business unit, and attachments; two?way anonymous messaging allowed follow?up without exposing identity. AI?assisted categorization suggested tags and risk levels under guardrails aligned to the NIST AI Risk Management Framework, while Legal owned routing and conflict rules. Role?based access limited visibility to need?to?know teams, and case closure required approvals and rationale. Regional handling aligned to requirements such as the EU Whistleblower Protection Directive. NAVEX served as the case platform (NAVEX Case Management), with HRIS and security tools providing context rather than replacement.

• Integrations: NAVEX for intake and case handling; HRIS for org, manager, location, and employment status (for example, via Workday Integration Cloud patterns); Security incident platform for cross?references; identity/SSO for roles and access; translation services for in?country language handling.
• AI?assisted triage: NLP suggestions for allegation type (harassment, fraud, data misuse, safety), severity indicators, and routing prompts; confidence and rationale visible to reviewers; human?in?the?loop acceptance or correction.
• Role?based access: Case visibility scoped by function, geography, and conflict rules; escalations to Legal and Internal Audit for senior?leader or sensitive matters; alignment to NIST RBAC principles.
• Anonymous reporter channel: Two?way messaging and file exchange within NAVEX; standard response templates; privacy notices and consent flows where required.
• Workflows and approvals: Routing by category and location; mandatory Legal oversight on specific allegation types; closure gates with substantiation and rationale; retaliation monitoring tasks to HR for follow?up.
• Data protection: Masking of personal data in broader views; regional data residency options; retention policies and legal hold support aligned to Privacy and Records Management standards.
• Reporting and dashboards: Intake volume and aging by category and region; handoff status between HR and Security; closure reasons and themes; exportable evidence packets with timeline, decisions, and communications.

Implementation

• Discovery: Mapped current hotline channels, categories, and regional differences; inventoried HR and Security systems; reviewed conflict and escalation practices; sampled prior cases for routing errors and evidence gaps; gathered Privacy, Internal Audit, and Works Council requirements.
• Design: Authored intake forms and required fields; defined routing matrices by category, geography, and conflict conditions; configured role?based access and Legal oversight; selected AI categories and thresholds; planned retaliation follow?up tasks; outlined dashboards and exportable evidence; set change control for categories and rules.
• Build: Configured NAVEX case types, forms, queues, and two?way anonymous messaging; integrated HRIS org and location data; connected Security’s incident tool for cross?links; enabled SSO and access tiers; implemented AI?assisted categorization with reviewer controls; instrumented logs, masking, and dashboards.
• Testing/QA: Ran in shadow mode while email/spreadsheet intake continued; validated routing and access by region; exercised conflict scenarios and senior?leader escalations; piloted with HR and Security investigators; tuned categories, prompts, and templates from feedback.
• Rollout: Launched NAVEX for new cases while monitoring legacy channels; redirected hotline and web links to the new forms; enabled AI suggestions as advisory at first, then as default with human review; expanded region by region; retired spreadsheet trackers after stable cycles.
• Training/hand?off: Delivered investigator guides on intake, routing, and anonymous communications; briefed Legal on oversight queues, approvals, and evidence standards; trained HR and Security on role?based views and retaliation tasks; updated SOPs and escalation playbooks; transferred ownership of categories, routing, and dashboards to Legal Ops under change control.
• Human?in?the?loop review: Established a weekly triage council with Legal, HR, and Security to review misroutes, false classifications, and access exceptions; recorded decisions with rationale and effective dates; updated rules, categories, and templates accordingly.

Results

Triage became consistent. Allegations entered the same case system with required context, AI suggestions accelerated categorization without replacing judgment, and routing respected geography, conflicts, and sensitivity. Investigators communicated with anonymous reporters in one place, and all actions—assignments, notes, approvals—were logged.

Visibility improved across functions. Legal saw sensitive matters early, HR and Security worked from aligned case data, and leaders used dashboards for status without asking for ad hoc updates. Evidence packets contained the timeline, decisions, and communications, which simplified audits and regulator inquiries. The hotline, HRIS, and security tools stayed; NAVEX stitched them together with workflow, access, and governance.

What Changed for the Team

• Before: Tips were emailed and sorted by hand. After: Structured intake in NAVEX routed cases automatically with required fields.
• Before: Anonymous follow?up was difficult. After: Two?way messaging with privacy notices kept identities protected.
• Before: Categories and priorities varied by handler. After: AI?assisted tags and Legal rules made triage consistent.
• Before: Conflicts and senior?leader cases were risky. After: Escalation and access controls routed sensitive matters to Legal/Internal Audit.
• Before: Status lived in spreadsheets. After: Dashboards showed intake, aging, and closure with evidence in one place.
• Before: Retaliation monitoring was informal. After: HR received follow?up tasks with documented outcomes.

Key Takeaways

• Put hotline intake in a case system; email and spreadsheets cannot enforce routing, access, or evidence standards.
• Use AI with guardrails; suggestions can speed triage when humans retain control and outcomes are logged.
• Enforce role?based access; scope visibility by function, geography, and conflict to protect reporters and investigations.
• Standardize closure; require substantiation decisions, rationale, and Legal sign?off before closing cases.
• Integrate, don’t replace; keep hotline channels, HRIS, and Security—add NAVEX workflows, approvals, and dashboards between them.

FAQ

What tools did this integrate with? NAVEX handled intake, case routing, and investigator communications (NAVEX Case Management). The HRIS supplied org, manager, and location data using established patterns such as Workday Integration Cloud. The Security incident platform was linked for cross?referencing, and identity/SSO enforced role?based access. Translation services supported in?country language handling where required.

How did you handle quality control and governance? Categories, routing rules, and access tiers lived under Legal Ops change control with owners and effective dates. AI categorization operated with human?in?the?loop review aligned to the NIST AI RMF. Every assignment, note, approval, and closure wrote to immutable logs, and dashboards surfaced misroutes and aging for review.

How did you roll this out without disruption? The system ran in shadow mode first, mirroring cases created by email to validate routing and access. Hotline links were then redirected to NAVEX forms while legacy inboxes remained monitored. AI suggestions started as advisory and shifted to default with human review after calibration. Spreadsheet trackers were retired once dashboards proved reliable.

How was anonymity and privacy protected? Two?way anonymous messaging kept identities confidential, and personal data was masked in broader views. Role?based access restricted who could see case details, and regional data handling aligned to privacy policies and requirements under frameworks such as the EU Whistleblower Protection Directive. All access and exports were logged.

How were conflicts and senior?leader allegations handled? Routing rules detected conflicts and automatically escalated to Legal and Internal Audit with restricted access. Approvals and closure required Legal sign?off and rationale, and case visibility excluded implicated functions. Where required, board?level reviewers were added as approvers under separate access.

How did you support regional differences and language? Intake forms captured location and adjusted fields based on local requirements. Translation services supported reporter communications, and data residency options were configured for regions with heightened constraints. Routing respected in?country handling expectations and local privacy rules.

Can the system track retaliation follow?ups? Yes. Closure templates created HR follow?up tasks to monitor for retaliation, with outcomes recorded in the case. Reminders and escalations ensured follow?ups occurred and were documented.