Category Archives: Examination Follow-Up

Confidential Sources & Informants

There has been much in the news recently concerning the confidential sources and informants involved in current Federal on-going criminal and non-criminal investigations.  During the more complex of our examinations, we, as practicing fraud examiners and forensic accountants, can also expect to encounter the same types of sources and informants. Both sources and informants serve the same purpose, to provide information helpful in the development of a case. However, there are notable differences between confidential sources and confidential informants; the two terms should not be used interchangeably.

A confidential source furnishes information simply consequent on being a member of an occupation or profession and has no culpability in the alleged offense. For example, confidential sources might include barbers, attorneys, accountants, and law enforcement personnel. A confidential informant on the other hand has a direct or indirect involvement in the matter under investigation, and s/he might (incidentally) also be culpable. The distinction between the two sources is their involvement or noninvolvement in the offense. As every CFE knows, informants can pose treacherous legal issues for the fraud examiner.

There is no question that information provided by a well-placed informant can be invaluable to any case; secretly photographed or recorded conversations provided by an informant are the most convincing type of evidence. This information is generally viewed as something the use of which is sure to be successful for a criminal prosecutor, because there is little that a white-collar criminal can dispute when caught red-handed in the fraudulent act.

The ACFE identifies several types of informants with which a CFE might expect to become directly or indirectly involved: the basic lead, the participant, the covert, and the accomplice/witness.

—Basic Lead Informants. This type of informant supplies information to the investigator about illicit activities that they have encountered. The reasons that the informant decides to supply information are varied; some informants simply want to “do their part” to stop an unscrupulous activity, while others are interested in harming the criminals against whom they are informing. For instance, many informants in drug, prostitution, or illegal gambling endeavors are involved in those activities as well and intend to eliminate some of their competition. Whatever the reason, these informants’ only role in an investigation is to supply useful information.

—Participant informants.  The participant informant is directly involved in gathering preliminary evidence in the investigation. The informant in this instance not only supplies an investigation with information, but the informant is also involved in setting up a “sting” operation, initiating contact with the criminal for arrest purposes. A participant informant is just what the name suggests, a participant in the investigation of criminal activity.

—Covert informants. A covert informant also supplies information on criminal behavior to an investigator or to authorities. The difference between covert informants and other types of informants is that a covert informant is one who has been embedded in a situation or scenario for a period, sometimes for years, and is called upon only sporadically for newly uncovered information (i.e., tip-offs) and leads. These types of informants are often referred to as moles because of the nature of their insulated situation as inside sources. There are two instances in which covert informants are commonly used: in organized crime and in hate-extremist group investigations. Covert informants are often culled to get information about upcoming criminal activities by such groups.

—Accomplice/witness informants. The accomplice/witness informant is often called upon to provide information concerning criminal activity. Unlike other types of informants, the accomplice/witness informant seeks to avoid prosecution for an offense by providing investigators with helpful information. For example, the government might promise leniency if the accomplice/witness informant offers details about a co-conspirator.

There are three essential procedures for the investigator to keep in mind and follow when using sources and informants. First, strive to keep the informant’s identity as confidential as possible. Second, independently verify the information provided by the source or informant. Third, develop witness and documentary evidence from independently verified information. For example, an informant might indicate that an investigative target committed fraud. If the fraud examiner subsequently conducts an interview and gets a confession out of the target, the information is no longer dependent on the informant’s claim.

If the confidential source or informant has provided documents, names of potential witnesses, or other evidence, all reasonable steps must be taken to protect the identity of that source. Care should be taken to ensure that the questioning of other witnesses is done in a manner that does not reveal its origin. This can usually be accomplished by phrasing questions in a certain way. For example, Smith furnished confidential information about Jones, the co-owner of Jones Brothers Construction Company. When the fraud examiner confronts Jones, she does not want him to know that she has talked to Smith.

If necessary, in this example, the fraud examiner would display the evidence from witnesses and documents that would not reveal the source or informant’s identity. The information from the source or informant is basically useless unless the fraud examiner can verify its authenticity and independently corroborate it. Suppose a source furnishes the fraud examiner with copies of documents showing that Jones Brothers Construction Company’s building code violations dropped by 80 percent since a bribery arrangement allegedly began. This kind of evidence would corroborate the source’s story. If a source told the fraud examiner that Jones frequently had drinks with Walters, the city’s chief building inspector, the fraud examiner would want to find out some way to verify this information. Recall that the third objective when using sources is to develop the witness’s information and other evidence so that it makes a cohesive case.

Fraud examiners should make every effort to develop and cultivate a wide range of sources. Business and financial institution executives, law enforcement and other governmental personnel, medical and educational professionals, and internal and external auditors are always good contacts for practicing fraud examiners.

The fraud examiner should strive to make contacts in her community, well in advance of needing the information they can provide; my contacts on LinkedIn and in the Central Virginia ACFE Chapter have proven their investigative value again and again!  If the fraud examiner receives an allegation and needs confidential information, s/he might obtain assistance from a source cultivated earlier.  Additionally, we need sources to feel confident that they can share information with us without being compromised. In theory, the source will never have to testify; s/he has no firsthand knowledge. Firsthand information comes either from a witness or from a document.

The fraud examiner might also encounter new sources when tracking leads during a specific investigation. S/he might interview a stockbroker from whom the target purchased stock but who does not want his identity revealed. The fraud examiner shou1d not encourage a person to provide confidential information, but rather try to get verifying reports on the record. But if the fraud examiner promises confidentiality for a source’s information, she must abide by that promise.

The ACFE advises that active recruitment of informants is generally not desirable because doing so might appear unseemly to a jury. It is better to encourage an informant to come forward. It is also desirable to develop an informant relationship, but such relationships must be handled carefully. The fraud examiner must be careful to clearly document the adequate predication for an informant’s involvement. Generally, the most fundamental questions concerning informants will focus on the degree of their culpability or the lack of it. There have been cases where the informant is guiltier than the target; in such cases the court might rule that the informant’s information cannot be introduced.

Finally, it’s recommended that all contact with informants and-sources be reported on a memorandum, although the confidential source or informant’s identity should not be included in the report. Instead of including the source or informant’s identity, the fraud examiner should use symbols to denote the source’s identity. It is further recommended that sources be preceded with an “S,” followed by a unique identifier (i.e., source #1 would be “S-l”; source #2 would be “S-2”). The symbols for informants would then be “I-1” and “I-2.”

Generally, disclosure of the identities of sources and informants should be on a strict need to-know basis. For that reason, the person’s identity should be maintained in a secure file with limited access, and it should be cross-indexed by the source’s symbol number. The reliability of the source, if known, and whether the person can furnish relevant information should always be documented in writing.

RVACFES May 2017 Event Sold-Out!

On May 17th and 18th the Central Virginia ACFE Chapter and our partners, the Virginia State Police and the Association of Certified Fraud Examiners (ACFE) were joined by an over-flow crowd of audit and assurance professionals for the ACFE’s training course ‘Conducting Internal Investigations’. The sold-out May 2017 seminar was the ninth that our Chapter has hosted over the years with the Virginia State Police utilizing a distinguished list of certified ACFE instructor-practitioners.

Our internationally acclaimed instructor for the May seminar was Gerard Zack, CFE, CPA, CIA, CCEP. Gerry has provided fraud prevention and investigation, forensic accounting, and internal and external audit services for more than 30 years. He has worked with commercial businesses, not-for-profit organizations, and government agencies throughout North America and Europe. Prior to starting his own practice in 1990, Gerry was an audit manager with a large international public accounting firm. As founder and president of Zack, P.C., he has led numerous fraud investigations and designed customized fraud risk management programs for a diverse client base. Through Zack, P.C., he also provides outsourced internal audit services, compliance and ethics programs, enterprise risk management, fraud risk assessments, and internal control consulting services.

Gerry is a Certified Fraud Examiner (CFE) and Certified Public Accountant (CPA) and has focused most of his career on audit and fraud-related services. Gerry serves on the faculty of the Association of Certified Fraud Examiners (ACFE) and is the 2009 recipient of the ACFE’s James Baker Speaker of the Year Award. He is also a Certified Internal Auditor (CIA) and a Certified Compliance and Ethics Professional (CCEP).

Gerry is the author of Financial Statement Fraud: Strategies for Detection and Investigation (published 2013 by John Wiley & Sons), Fair Value Accounting Fraud: New Global Risks and Detection Techniques (2009 by John Wiley & Sons), and Fraud and Abuse in Nonprofit Organizations: A Guide to Prevention and Detection (2003 by John Wiley & Sons). He is also the author of numerous articles on fraud and teaches seminars on fraud prevention and detection for businesses, government agencies, and nonprofit organizations. He has provided customized internal staff training on specialized auditing issues, including fraud detection in audits, for more than 50 CPA firms.

Gerry is also the founder of the Nonprofit Resource Center, through which he provides antifraud training and consulting and online financial management tools specifically geared toward the unique internal control and financial management needs of nonprofit organizations. Gerry earned his M.B.A at Loyola University in Maryland and his B.S.B.A at Shippensburg University of Pennsylvania.

To some degree, organizations of every size, in every industry, and in every city, experience internal fraud. No entity is immune. Furthermore, any member of an organization can carry out fraud, whether it is committed by the newest customer service employee or by an experienced and highly respected member of upper management. The fundamental reason for this is that fraud is a human problem, not an accounting problem. As long as organizations are employing individuals to perform business functions, the risk of fraud exists.

While some organizations aggressively adopt strong zero tolerance anti-fraud policies, others simply view fraud as a cost of doing business. Despite varying views on the prevalence of, or susceptibility to, fraud within a given organization, all must be prepared to conduct a thorough internal investigation once fraud is suspected. Our ‘Conducting Internal Investigations’ event was structured around the process of investigating any suspected fraud from inception to final disposition and beyond.

What constitutes an act that warrants an examination can vary from one organization to another and from jurisdiction to jurisdiction. It is often resolved based on a definition of fraud adopted by an employer or by a government agency. There are numerous definitions of fraud, but a popular example comes from the joint ACFE-COSO publication, Fraud Risk Management Guide:

Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain.

However, many law enforcement agencies have developed their own definitions, which might be more appropriate for organizations operating in their jurisdictions. Consequently, fraud examiners should determine the appropriate legal definition in the jurisdiction in which the suspected offense was committed.

Fraud examination is a methodology for resolving fraud allegations from inception to disposition. More specifically, fraud examination involves:

–Assisting in the detection and prevention of fraud;
–Initiating the internal investigation;
–Obtaining evidence and taking statements;
–Writing reports;
–Testifying to findings.

A well run internal investigation can enhance a company’s overall well-being and can help detect the source of lost funds, identify responsible parties and recover losses. It can also provide a defense to legal charges by terminated or disgruntled employees. But perhaps, most importantly, an internal investigation can signal to every company employee that the company will not tolerate fraud.

Our two-day seminar agenda included Gerry’s in depth look at the following topics:

–Assessment of the risk of fraud within an organization and responding when it is identified;
–Detection and investigation of internal frauds with the use of data analytics;
–The collection of documents and electronic evidence needed during an investigation;
–The performance of effective information gathering and admission seeking interviews;
–The wide variety of legal and regulatory concerns related to internal investigations.

Gerry did his usual tremendous job in preparing the professionals in attendance to deal with every step in an internal fraud investigation, from receiving the initial allegation to testifying as a witness. The participants learned to lead an internal investigation with accuracy and confidence by gaining knowledge about topics such as the relevant legal aspects impacting internal investigations, the use of computers and analytics during the investigation, collecting and analyzing internal and external information, and interviewing witnesses and the writing of effective reports.

Value Added

value-addedI was reading an article in one of the business magazine to which I subscribe the other day in which a well-known business pundit was reporting that the Fortune 500 companies he interviewed for his article were becoming more and more concerned with getting increased levels of value at every level from their investments in their co-partners.  This search for higher levels of value means more pressure for performance at those same management levels and with more pressure, as every CFE knows, comes more potential for management frauds.  Fraud prevention programs cannot be immune to this phenomenon.

CFE’s have traditionally not had to consider the importance of adding value when performing their investigations since, in the case of a suspected or identified fraud, the ‘value’ of the investigation was all too apparent, i.e., to describe and, possibly, prosecute the fraudster and to lay the ground work to prevent a similar instance of the same scenario from recurring. Beyond the written report of the investigation itself, follow on (if there was any) typically consisted of verifying compliance with policies and procedures, without providing recommendations for improvement of the fraud prevention program itself or performing other consultative activities. The fraud examiner’s role was often more akin to that of a police officer than to that of a business partner.

In today’s environment, however, the evidence from practice increasingly indicates that CFE’s, like all other co-parties, are under increasing pressure to provide services that enhance the value of their client’s investment in the valuable fraud prevention services CFE’s can provide, as adding value is becoming widely considered an integral part of even the investigative process.  But what does adding value entail, and how do CFE’s provide it? While the answer may vary depending on individual circumstances, CFE’s make potentially value-adding contributions throughout the entire investigative process and in almost every aspect of our work.

When management engages the services of the CFE, it’s applying a governance control.  CFE investigations provide management, the board of directors, external auditors, and, most importantly, the audit committee with vital information about the fraud and about the key controls whose failure allowed it.  This information is the groundwork for the prosecution of the fraudster, for corrective action, for the repair of the control structure, and vital for future fraud prevention.  This type of information may or may not be possible for CFE’s to quantify monetarily in all cases, but it definitely constitutes a value-added service to management.

Most large organizations employ some sort of risk-based fraud prevention plan or program. Management, needs to address the highest fraud risks within its organization, and the fraud prevention program must reflect and address those risks. It’s here that CFE consultation can prove invaluable.  A plan developed by incorporating the organization’s highest risk departments, business units, processes, and their respective fraud prevention controls makes effective use of limited organizational resources and thereby also adds value through efficiency.

During an engagement, the CFE may observe numerous opportunities for anti-fraud related process improvement or other enhancements that might ultimately either increase the organization’s security or help fulfill its over-all duty to protection its assets. But a word of caution. While this activity constitutes adding value, investigators need to be wary of overstepping. If they come to believe every engagement should routinely include a recommendation to improve the organization’s fraud prevention effort, practitioners risk directing organizational resources ineffectively. An investigator who spends too much time looking for improvements or added controls may be harming the organization by misdirecting resources that could be applied to more critical areas.  In evaluating risk versus reward, investigators must determine if the effort and resources expended to find an improvement are worth the potential benefits.  Key to prevention of this misstep is to communicate closely with your client and use that communication to never lose sight of how your investigation fits into the bigger picture of overall management objectives for its organization. It’s within that overall context that the fraud prevention effort should always be embedded.

Management, boards of directors, audit committees, and corporate counsel will all rely eventually on the fraud examiner’s report on the facts of an investigation and on the related fraud prevention controls over the processes and risks within the organization, and they will likely view this information as value-added.  So, to add value effectively through reporting, CFE’s need to consider where they want their audience to focus. Accordingly, they should consider the needs, wants, and resources of the various stakeholders who have engaged them. The final investigative report should be easy for readers to navigate, and if appropriate, it should stratify findings into categories of importance to effectively support the dual objectives of possible prosecution and immediate remediation.  With that said, every well written fraud report will add future value through its impact on the organization’s fraud prevention effort and the investigator should write it with an eye to that important follow-on objective.

Fraud examiners are recognized by the courts and by the public as fraud specialists. Their expertise in this and related areas enables them to help management analyze fraud related risks to the organization and to assist in the design of controls to mitigate those risks. By having the expertise to perform investigations, research issues, and benchmark with peers on best practices, CFE’s can become a truly valuable resource to any client management for fraud prevention program design. These activities also constitute adding value.

Developing a complete understanding of all the aspects of how the fraud examination process fits into the client organization should be an ongoing undertaking that also adds value, though it may be difficult to quantify in terms of dollars saved, or earnings, or reduced risks. To a degree, CFE’s, as I said above, add value simply by performing their functions effectively and efficiently. But careful attention to the organization’s risk profiles and to the information requirements of various players in the organizational governance framework represent an ongoing challenge to fraud examination and forensic accounting practitioners alike, and are the key to ensuring that the value they add is maximized.

Should We Fire Jane?

getting-firedAs a CFE your client’s employees are fifteen times more likely to steal from them than their customers. A classic rule of thumb for employers to use when considering employee dishonesty is: 10% of employees will steal no matter what is done; 10% of employees will never steal, no matter what the circumstances; and the remaining 80% may steal if you let them. The goal of loss prevention programs is, thus, to keep this 80% group from stealing. A strong deterrent for dishonest employees is knowing exactly what the ramifications of their actions will be. Employees must know that if any employee, at any level, steals or violates company policy, they will receive a fair hearing, swift, consistent, and serious sanctions will be imposed; and termination from employment, criminal prosecution and civil action may result.

So, it appears from your examination that Jane has embezzled what appears to be a lot of money over the past two years and she hasn’t cooperated with the investigation. Now your fraud report comprehensively lays out all the facts of the case and your client asks you flat out, “Should we fire Jane?”

Regardless of whether or not your client decides to seek criminal or civil recovery of fraud losses against an employee, your client needs to consider the future of the employee at their company. When confronted with a possible wrongdoer or with an employee like Jane who refuses to cooperate in the investigation of a suspected fraud, most employers immediately want to fire the employee. Whether the employee can or should be discharged depends on the facts of the case and the law in the employer’s state. There is usually a way to discharge the employee, but such cases need to be handled carefully so that the client doesn’t inadvertently open themselves to liability.

In some U.S. states, absent an employment contract, employment is considered “at will.” This means that the employer or the employee can sever their relationship at any time for virtually any reason. The only exception is that the employee cannot be discharged for a discriminatory reason based on such things as race, sex, disability, or national origin. In other states, the employer may be prohibited from terminating the employee unless the termination is for “just cause.” Before discharging any employee, it’s best to document in the employee’s file that the employer has ”just cause” to terminate employment, whether or not the client operates in an “at will” state.

Although there is no exact definition of “just cause,” there are several questions that the client company should ask before terminating Jane:

— Did Jane know that the conduct would be subject to discipline?

— Was the rule the employee violated reasonably relate to the safe, efficient, or orderly, operation of the business?

— Did the company investigate, formally or otherwise, to discover whether the employee violated the rule?

— Did the company conduct a fair and objective investigation?

— Did the company obtain significant evidence of a violation?

— Was the decision nondiscriminatory?

— Was the discipline related to the seriousness of the offense and the prior record of the employee?

As a CFE, your final report provides invaluable insight in formulating and obtaining documented answers to a majority of these questions.  If, based on the facts, the client company feels that discharge of the employee is likely, it should make sure that the employee’s actions and the company’s actions are well-documented and placed in the employee’s personnel file.

Make your client aware that issues of employee termination are complex and that in many cases it’s prudent to consult corporate counsel before acting. At least one state has recognized the right of an employee to sue for the employer’s failure to properly investigate charges against the employee before discharging him or her. Most of the courts that have addressed this issue have refused to recognize the claim however. Many states now recognize an implied contract between employers and employees arising out of employee handbooks. Handbook provisions might limit the right to discharge for ”just cause,” and the issue might be whether the employer has enough evidence of wrongdoing to constitute “just cause.” A few states recognize a duty on the part of the employer to deal with its employees fairly and in good faith. Documentation from the CFE’s report that the employer had good cause to terminate the employee should defeat this claim.

Other states recognize a public policy exception to “at will” employment. The employee must prove that her conduct is favored by a relevant public policy and that the employer retaliated against her for engaging in this “protected” activity. Again, the company will need to show that it had good cause to fire the employee and that it was not retaliating against the employee because of the protected conduct. For example, if an employee is fired because she supported a particular political candidate in the last election, a court or jury might find that his termination is in violation of the general public policy allowing people to vote for whomever they please. However, if the employee was conducting fund-raising activities on company time, the company would likely have good cause to terminate the employee and such termination would not be in retaliation of the employee’s support of a particular candidate.

The CFE can be of great assistance in marshaling the facts related to all the aspects of an employee discharge for cause.  Just bear in mind that these issues are often more complex than they seem and so always recommend that clients proceed with caution.

Making It Right

restitutionRegister Today for Investigating on the Internet May 18-19 2016 RVACFES Seminar!

Congratulations!  You and your investigative team did all the hard work over many months and your client company has obtained a conviction of the bad guy.  What happens next?  The restitution phase of your examination, of course!  Client’s counsel has probably already told you (if you didn’t know it before) that the primary goal of a criminal statute is punishment of the convicted defendant, and for the most part criminal procedure does not concern itself with compensation or reparation of your client, the defendant’s victim. However, there are some opportunities to pursue recovery of losses caused by criminal conduct after the defendant’s conviction of which you should be aware.  So, according to the ACFE, what are some of the main issues involved with restitution?

Where the court suspends part or all of the defendant’s jail time and substitutes instead a term of probation, the court has the authority – either by statute or by its inherent powers – to specify the conditions of that probation, including an order to make restitution to the victim or otherwise to cooperate in the victim’s efforts to recover money or property. Restitution as a condition of probation can be ordered against both individual and corporate defendants, and may include a provision for installment payments over time to the victim. Usually the court will take the defendant’s ability to pay into account in ordering restitution, so that the defendant has a reasonable chance of meeting the restitution condition.  These and all terms of probation are supervised by the defendant’s probation officer who reports any failure of the defendant to obey or comply with probation conditions to the court. Restitution and other probationary terms are enforced by the threat of withdrawing probation and returning the defendant to jail to serve out his sentence if he fails to comply with one or more conditions of probation.

The court-designated probation officer usually makes sentencing recommendations – including any special probationary terms – to the court, so you should present any request to include a term of restitution to the probation officer as early in the pre-sentence investigation/evaluation process as possible. A request from the prosecuting attorney to include restitution as a term of probation also carries weight with the probation officer and with the court, so try to cultivate the prosecutor and familiarize her with your claim and supporting evidence. Cooperation with the prosecutor and police during the criminal prosecution can pay dividends in their willingness after conviction to persuade the court to impose a term of probation with an order of restitution.

Federal law (18 USC §§3663A and 3664) and an increasing number of state statutes direct or permit judges to order convicted defendants to make restitution to victims of their crimes as part of their punishment after conviction. These restitution orders are in addition to any other penalties provided by law for the defendant’s crimes. Unlike Victim’s Compensation Funds, these statutes apply to all crimes, including purely economic crimes. They also apply to defendants who do not receive probation as part of their sentence. Typically, statutory criminal restitution orders direct the return of the victim’s property, or its monetary equivalent if the property cannot be returned. Value may be calculated as of the date of loss or the date of sentencing, whichever is greater, according to some statutes. They also may direct the return of the fruits of the crime or the victim’s actual out-of-pocket expense caused by the crime.

A criminal restitution order may not apply, or be available, for a loss for which the victim has received, or will receive, compensation from another source, e.g. insurance (although the insurer may become subrogated to the victim’s rights and a court may enter the restitution order in favor of the insurer or other representative of the victim). Some statutes set a limit to the amount of restitution that can be ordered against a defendant who did not receive probation (although the limit usually does not apply to an order to return the victim’s property or its equivalent value) and/or direct the judge to take the defendant’s ability to pay into account. The federal statute and other state statutes direct that full restitution be ordered, although the court may take the defendant’s ability to pay into consideration in creating a payment schedule.

Unlike restitution that is ordered as a condition of conditional release (probation), a criminal restitution order can be enforced against the defendant even after his discharge from probation or his release from prison. The federal statute (and some state statutes) provide that a criminal restitution order may be enforced as a civil judgment by the victim against the defendant. Restitution orders also typically survive the death of the victim and may be enforced by his heirs or representatives. Criminal restitution orders are cumulative remedies and do not preclude the victim’s separate civil lawsuit against the defendant for the same conduct for which he was criminally convicted. However, any property or money received by the victim under a criminal restitution order will be credited against any civil judgment or restitution order.

The federal courts, and an increasing number of state courts, use legislatively mandated sentencing guidelines for convicted defendants. Besides the crime itself, and attendant facts and circumstances, these guidelines consider other factors that would allow a court to depart from the guidelines to enhance or reduce a sentence. One such factor is the defendant’s voluntary restitution before trial of the fruits of the crime or other compensation of the victim(s). This is not so much a remedy for the victim as encouragement for the wrongdoer to voluntarily make restitution before trial. Keep this fact in mind when negotiating with a criminal defendant for his cooperation during your fraud recovery effort.

Finally, be aware that many states maintain funds for the compensation of crime victims. These usually are funded, in part, by surcharges or fines assessed against the criminally convicted defendants. However, by the statutory terms and definitions, these funds typically are available only for crime victims who suffer physical injury or death from the defendant’s crime. However, it never hurts to look up the law in the relevant jurisdiction to see if reimbursement in whole or part for financial loss from fraudulent criminal conduct is available.

Investigating on the Internet

online-investigationThis May our Chapter, along with our partners the Virginia State Police and national ACFE will be hosting a two day seminar – ‘Investigating on the Internet – Research Tools for Fraud Examiners’.  This in-depth session will be taught by Liseli Pennings, Deputy Training Director for the ACFE.  We’ll begin enrolling students in mid-March, so pencil in the dates, May 18th and 19th!

Fraud examiners now have the ability to gain insights from, and test correlations with, a vast array of investigative relevant information on the Internet, which can be as diverse as suspect competitor information, regulatory filings, and conversations on social media.  Such analytics can provide CFE investigators with a variety of capabilities from investigative planning and risk assessment to fieldwork. They also enable fraud examination practitioners to provide clients with more compelling information about every experienced fraud.

Internet based investigation tools can be classified into three broad categories:

–Retrospective statistical analysis, used to gain deeper insight into important sub-processes in financial and operational areas related to the investigation subject.

–Forward-looking models, built to predict which areas of the business are riskier or simply require a greater level of fraud prevention focus.

–Advanced visualization analytics, used to help transform the investigation by providing deep analytical insights and actionable information through visual tools like interactive charts and dynamic graphics. In short, investigation on the internet has rapidly evolved from simply allowing CFE’s the ability to provide perspective in hindsight to helping them assemble rich digital views of the present investigative situation. Investigative, internet based analytics provide investigators with the potential to dramatically increase the value of the insights they can provide clients at every level of the examination from evaluation of business risks, to suspect analysis, and on to prosecutorial issues and challenges.

The first step in deploying internet based investigative tools effectively is determining the exact fraud scenario that needs to be addressed – what are the features constituting the scenario under review? Once specific fraud features have been identified, on-line analytical capabilities can be used to source facts, drive understanding, and generate knowledge by addressing three general questions:

–What data can be leveraged to enhance understanding of the exact fraud scenario and improve the performance of its investigation? It’s important to understand the source of the on-line data available and the systems and processes that produce it. Effective data evaluation by the examiner supports the accuracy, completeness, and reliability of the data used in her investigation.

–What is known about the general type of business processes related to the fraud?

–Exactly what fraud scenario is suspected to have transpired and why? What steps should be taken by the client immediately?

Canny use of the internet by the trained investigator can play an important role in answering these questions with a view to optimizing immediate investigative performance. The knowledgeable examiner can frequently look at on-line data from within the organization and outside it, with a focus on patterns, data mining and optimization, data visualization, advanced algorithms, neural analysis, and social networks.

These data can provide powerful insight into every aspect of our cases under investigation. In addition to examination field-work one of the most important uses of internet based investigative tools is to enhance fraud risk management. Analytics available on-line from the ACFE and others help provide a clearer understanding of risks and furnish insights as to how they can be mitigated. Ultimately, the objective is to develop and implement an analytical capability that provides the individual CFE with greater insight into the control failures associated with each major category of fraud. A second important use for internet analytics is to develop a deeper understanding of common fraud related issues. Once a potential issue has been identified, analytics can source the facts (e.g., what does the data tell us about the issue?), drive understanding of the facts (e.g., what has happened?), and generate knowledge (e.g., why did it happen?) to ultimately build a more complete presentation of fraud report findings. A third area for CFE’s to consider is how to leverage the use of the analytics performed for the fraud examination for use by the client throughout their organization. In this regard, the CFE’s report can become an important change agent, driving fraud prevention insights throughout the organization. Business managers and leaders of other organizational risk functions have a need to understand fraud risks and the correlations between data. In many cases, fraud investigative tools developed for use during a fraud examination can evolve into valuable fraud prevention tools and ownership can be transferred to business or functional leaders for ongoing use.

Consider keeping the following in mind when using internet based investigative tools in your investigation:

–Establish a clear understanding of what you’re trying to achieve in your investigation and ensure a linkage to examination planning. This should translate into defined objectives that drive the strategy and long-term vision for the use of the tools as well as surface near-term opportunities.

–Know the data.  It’s important for examiners to understand both the data they have and the data they don’t have when determining how and where to begin using the internet as an investigative tool. This knowledge also prioritizes efforts to collect what’s missing for future analyses and for enhancements to the data driven investigative program.

–Start with a targeted, ad hoc program which will likely yield greater benefits in terms of speeding insights, learning, and long term value. Take the time to learn first and then deploy necessary capabilities across your tool kit.

–Lever existing cumulative insights. These ever building insights may provide clues related to the risks and related fraud scenarios to start with, jump-starting the investigative program and build consistency with prior initiatives.

–Take steps to develop a written plan early on in every examination to take action and measure results accurately. Don’t forget that the client organization, systems, and processes that support fraud response and control remediation must be able to take action working with the insights that your final report provides.

Fraud examiners stand at the beginning of a new era in the use of internet based data to enhance the entire fraud examination life cycle. Taking the steps outlined above can help individual practitioners realize gains in effectiveness and efficiency while providing enhanced investigative services.

Please make plans to join your fellow RVACFE Chapter members and guests for an outstanding learning experience on May 18th and 19th.  You won’t be disappointed!

Follow the Leader

ManAtChart2One of our members was recently requested by her client to follow up on the fraud remediation efforts it had undertaken as a result of her fraud report (which resulted in the successful prosecution of a corporate manager).  The client in this case had no internal audit department or other staff to assist in fraud control remediation follow up and so engaged our Chapter member to assist their preparation for a year-end review by their external auditors.  Although fraud examiners have no formal requirement to perform follow ups at the close of our examinations, more and more CFE’s, given the complexity of some of today’s frauds, are being engage, as a follow on assignment, to assist our clients in doing so.

In a perfect world, our clients would be able to implement fraud control remediation steps after every engagement, leaving no doubt as to the status of re-mediated controls. But in the real world, of course, sometimes the precise remediation steps aren’t clear to the client and competing priorities, budget limitations, and other factors often prevent clients from putting the best prevention controls in place.  Significant on-going fraud risks may remain unaddressed, exposing the particular business process directly affected by the fraud, or even the whole organization, to potential harm.

Our member was happy for an additional opportunity to assist her client and, as a Certified Internal Auditor (CIA) as well as a CFE, her approach to the problem was interesting and, to me, well worth sharing.  Internal audit departments are required by their standards to establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action. This guidance was useful to our member in performing her follow up assignment.  But how formal should the follow up process be? What documentation should be created, and to whom should the results be communicated? How often should follow-up occur? These are all questions the chief internal auditor usually answers, but they can also be quite useful to CFE’s in shaping an approach in the event they are enlisted to conduct or participate in follow-up engagements of the examinations they’ve performed.

It goes without saying that a CFE’s follow-up procedures should best be tailored to the circumstances and culture of the client organization. To ensure fraud prevention policies and procedures are appropriately tailored to the organization, the CFE needs to evaluate organizational culture. There are two main types of organizational culture: formal and informal. In a formal culture, the board actively questions upper management about operational issues and risks facing the organization. The board relies on some internal entity like a budget or internal auditing division to identify issues and associated risks and to work with management to develop action plans that mitigate those risks. It requests that the assigned division provide some type of reasonable assurance that the issues and associated risks identified during any reviews are mitigated. Moreover, upper management actively participates in any follow-up engagements and seeks assurance that its managers are implementing action plans appropriately. In an informal culture, the board focuses more on operations and less on the issues, risks, and action plans identified in review reports. The board does not require reasonable assurance that risks identified in fraud reports are being mitigated. Upper management only requires an update on the progress being made on implementing any action plan.  Our chapter member’s client culture was of the latter, informal kind.

In an informal culture, follow-up procedures might entail simply asking appropriate departmental staff and management about the progress of action plans. During these discussions, the CFE may review only limited documentation. Based on the information obtained, the CFE can then make a final judgment regarding action plan status (i.e., complete, still in process, or unaddressed). The significance of the issues identified, associated fraud risks, and required action plans will also affect follow-up procedures. If any of the risks, issues, or plans are significant or affect future fraud prevention, the CFE may want to set up a schedule to periodically spot check the client’s progress on set dates during the remediation.

Regardless of the specific procedures used, documentation always constitutes the most important part of any follow-up process. With regard to documentation, our member followed IIA guidance according to which internal auditors should record relevant information to support the conclusions and engagement results. Follow-up procedures and results are no exception – CFE’s should ensure that follow-ups are documented just like any other review engagement.

The documentation should note who was interviewed, the date of the interview, the documentation reviewed, and the CFE’s assessment of whether recommended action plans are complete, still in progress, or unaddressed. In the case where members of the client’s management fail to implement management’s remediation action plan, the documentation should explain why. Moreover, it should indicate how affected management is mitigating the associated risk or whether management has simply chosen to accept it.

In my opinion, the CFE should considering periodically updating the client’s senior management on the progress of the remediation effort; such reporting should include significant risk and control, governance, and other issues as may be relevant to the effort. Because follow-up procedures are an integral part of management’s fraud prevention activities, the update report’s format will depend on the client’s expectations as defined to the CFE at the beginning of the follow up assignment.  These expectations will typically be a reflection of the organization’s culture.

In a formal culture, a CFE might conclude the follow up engagement by sending written reports to upper management (and the board) on any open issues. One of these reports would be detailed, listing issues, impact, action plans, employees responsible for implementation, status, and progress notes. The second report would be a summary heat map.  The heat map would quantify findings from the current follow-up engagement, including:

–Original issues from the fraud report;
–Action plans implemented to re-mediate the identified fraud scenario;
–Open action plans to revise the fraud prevention program (if warranted);
–Open action plans not due yet;
–Open action plans past due, as well as their impact;
–Aspects of the plan that will not be implemented (because of cost, redundancy, etc.).

In an informal culture, by contrast, the reporting procedures typically might consist of an oral presentation to upper management and the board. This is what our member chose to do.  The presentation included a discussion of the action plan implemented, the number of open actions, and the impact of open actions on the fraud prevention program. Even though the information was delivered verbally, the presentation’s content was still documented. If the number of open action items had grown substantially since the last follow-up engagement, our member tells us she would have discussed this finding with the client as well.

Thanks to our member for bringing forward a creative approach to following up on examination results!