Investigations are the structured workflow that runs after an incident is substantiated. Each investigation has its own code, an investigator (internal or external), a workflow with statements and findings, and a defined start and end.
Open Investigations at sidebar → Detection → Incidents → Investigations
Each investigation has a code (for example, INV-2026-0001) and links to its parent incident
Investigators can be internal users or external firms (tagged "External")
Investigation tabs: Overview, Findings, People & Statements, Tasks, Comments, Activity Log
Investigations can be marked complete with a final outcome
Opening Investigations
Admin sidebar → Detection → Incidents → Investigations. The page shows:
A status bar with counts: In Progress, Complete
A filter and sort bar
A list of investigations, each with code, parent incident, date opened, investigator, and status
Click any row to open the investigation.
Top-level cards
Five cards run across the top of an investigation:
Status: In Progress, Complete, or Closed
Outcome: Substantiated, Not Substantiated, Not Determined (and other values)
Investigator: who is conducting the investigation, with an External tag if it is a third-party firm
Started: the date the investigation was opened
Statements: progress on collecting witness statements (for example, 3/3)
Investigation tabs
Tab | What it covers |
Overview | Investigation Details (status, investigator, dates) and Incident Details (the parent incident's information) |
Findings | Root cause analysis, contributing factors, and corrective actions |
People & Statements | Witnesses, parties involved, statement collection progress |
Tasks | Tasks linked to this investigation |
Comments | Discussion thread |
Activity Log | Time-stamped history of changes |
External investigators
Some investigations are conducted by external firms (for example, Wise Workplace Pty Ltd, Occupational Health firms). When an external investigator is assigned, the External tag appears next to their name.
External investigators can record their work directly in ReFresh or have an internal admin record on their behalf, depending on your organisation's setup.
Linking back to risks and controls
Investigation findings link back to:
The risks on the Risk Register (so post-incident learnings update risk ratings)
The controls that were intended to mitigate the hazard (so effectiveness ratings can be updated)
This linkage is what produces the audit trail regulators look for.
Completing an investigation
Once findings are documented and corrective actions are assigned, click Complete Investigation in the top right of the investigation page. This:
Sets the investigation status to Complete
Records the completion date
Sets the Outcome
Triggers any follow-up tasks for control updates and consultation
Related articles
Reporting an incident (admin view) (4.6)
Using the Hierarchy of Controls assessment (4.8)
Recording worker consultation (4.9)
Conducting a control effectiveness review (4.5)