A conversation with Travis Foster, Chief Legal Officer at Work Shield
Introduction
Many organizations still treat misconduct as something HR manages in the background until it escalates. In practice, the risk does not come from the incident alone. It comes from how consistently concerns are handled, how neutral the process is, and whether leadership has reliable visibility when it matters.
Federal enforcement data supports this reality. Retaliation has remained the most frequently filed allegation with the EEOC for years, often tied to how employers respond after concerns are raised rather than the initial report itself. How an organization handles misconduct once it has notice is what determines exposure.
We sat down with Travis Foster, Chief Legal Officer at Work Shield, to discuss when misconduct stops being an HR issue and starts creating business risk, and why neutrality, consistency, and timing matter more than most leaders realize.
Why Misconduct Becomes a Business Risk After Notice
Once an employer has notice of misconduct, the risk is no longer limited to the incident itself. Exposure is shaped by how consistently the organization responds, how neutral the process remains, and how quickly leadership can see what is happening. At that point, misconduct stops being an HR responsibility and becomes a business control issue.
Q1: Why do so many organizations still treat misconduct as an HR issue rather than a business risk?
Travis Foster:
Historically, misconduct lived inside HR because that is where policies, training, and employee relations sat. The problem is that liability does not follow org charts.
Risk shows up when handling breaks down. Inconsistent investigations, delayed responses, and documentation gaps do not stay contained within HR. They affect leadership time, legal spend, regulatory exposure, and operational stability.
Once a concern is raised, the organization has notice. From that point forward, how the issue is handled becomes a business decision, whether leaders frame it that way or not.
“Liability does not follow org charts.”
Where Employers Lose Control Most Often
Q2: Where do you see business risk actually enter the picture?
Travis Foster:
It usually enters through inconsistency.
Across organizations, the most common exposure points are not extreme incidents. They are everyday breakdowns. Different managers handling similar complaints differently. Investigations starting late or stalling. Documentation that varies by location or investigator.
Those inconsistencies weaken credibility. If an issue escalates externally, regulators and legal counsel are not asking whether a policy existed. They are asking whether the response was timely, neutral, and consistent.
That is not an HR preference. That is a business control problem.
Q3: How does neutrality factor into this from a legal standpoint?
Travis Foster:
Neutrality is foundational. When investigations are led by individuals who have relationships, authority, or operational pressure tied to the outcome, risk increases quickly.
This is especially common in multi-location environments. Managers investigate their own teams. Outcomes vary. Records look different from site to site.
From a legal standpoint, that makes decisions harder to defend and discourages reporting. When employees believe outcomes depend on who is involved or where they work, leadership loses reliable visibility. Once that happens, organizations are reacting instead of directing.
Q4: What role does timing play in business exposure?
Travis Foster:
Timing is one of the most underestimated risk factors.
The EEOC has made clear that employers are expected to take prompt and appropriate corrective action once they know or should know about misconduct. Delayed responses allow behavior to continue, weaken evidence, and increase the likelihood of retaliation claims tied to perceived inaction.
In high-turnover environments, delay is even more damaging. Each resignation removes context that investigations rely on. By the time leadership is involved, the organization is already operating with less control.
Speed does not mean rushing conclusions. It means starting promptly and moving consistently.
Q5: What is the biggest misconception leaders have about managing misconduct risk?
Travis Foster:
The biggest misconception is believing the risk ends when an investigation closes.
From a legal standpoint, post-investigation behavior matters just as much as the investigation itself. Schedule changes, isolation, reduced responsibilities, or stalled advancement after closure are common retaliation indicators. EEOC guidance makes clear that employer obligations do not end with a finding. How an employee is treated afterward is often central to retaliation claims.
If organizations are not watching what happens after a decision is delivered, they are missing where exposure often develops next.
Misconduct risk is not eliminated by process alone. It is managed through sustained visibility and consistency.
Closing Perspective
Misconduct becomes a business risk when leadership loses consistent processes, neutral oversight, and reliable information. HR often carries the work, but the exposure belongs to the organization as a whole.
When leadership lacks consistent visibility into how misconduct is handled, risk compounds quietly until control is lost. As organizations scale across locations, teams, and shifts, treating misconduct management as an operational safeguard rather than an administrative task becomes essential to maintaining control.
