Tag Archives: client relations

The Man in the Mirror

I readily confess I would not have won any awards for effective delegation during my early years as a fraud examiner/information systems audit professional. To my mind the buck stopped with the guy in the mirror I saw shaving every morning. I prided myself on being personally capable of performing every routine task of every assignment involved in whatever function I was managing at the time. What finally weaned me from the practice of doing it all myself was the threat of burn-out and the seemingly ever-increasing demands of a typical work week of seventy hours.

The demands of managing in an assurance environment featuring risk assessments, regulatory compliance, fraud investigations, corporate governance, and engagement quality control can be crushing for any new (or not so new) manager but especially so for those unwilling or who simply lack the skills to adequately delegate; those skills usually only come with experience.

While some new to assurance or investigative management may think delegating simply means passing off work to subordinates, the lines of delegation also can occur laterally to peers and upward to superiors. The distinction is important, because in delegating to subordinates, one of the goals is to achieve long term investigative team development. This goal comes with a shift in emphasis from managing to leading. Managing is about getting the work done, whereas leading fosters learning, growth, and a greater sense of responsibility among individual members of the your team.

According to the ACFE, the first step to successful delegation within examination work is recognizing when to let go rather than trying to do too much. For CFEs new to leadership responsibilities, a willingness to delegate can be challenging. CFEs typically advance to management positions as a result of their individual achievements and performance. This advancement fosters a sense that the person best suited to accomplish a given task is the one whose already done it satisfactorily, but that is not the way leaders should think. Even though an assurance professional has advanced to a management position based on past accomplishments, he or she needs to take a broader view of what is in the long term interest of her function group and/or organization. A conscious commitment to delegation can enable the individual manager to not only increase their personal productivity but also (and here I speak from personal experience) gain better control of their lives and, hence, prevent burnout.

An honest self-examination is a precursor to delegation. CFEs and other assurance professionals in a management position need to understand their capabilities and role(s) within the organization. One way to do this is by considering their vision for and the needs of the organization. Then, what are the assurance function’s immediate and long-term goals, including capabilities and developmental needs? Realizing that trusting others, not just one self, to do a high quality job is a personal decision and there can be many barriers to it. What is the nature of your own personal career goals and your priorities for work-life balance? A periodic, wholly candid assessment of these and similar issues can give any manager a better perspective on his or her motives in relation to delegating.

Delegating is more than just shoving work on someone who possesses the skill set to fit the task. Rather, delegating is an opportunity to cultivate members of the investigative team by increasing the number of people who are capable of taking on a bigger role, which can help strengthen the team and create a succession plan in the event of unexpected personnel turnover. How often have we all been witness to the chaos which can ensure when a key staff member leaves and no-one has been groomed to fill her place?

To the extent possible, an new staff CFE should be matched strategically with an assignment that is a bit above his or her head as a way of providing a positive learning experience. Delegating with career development in mind means managers will need to resist playing the role of lifeguard. Subordinates will struggle at times, but managers shouldn’t be too quick to act as helicopter parents and come to the rescue. Instead, managers should remain confident in the basic capabilities of their staff and allow reasonable time for learning and growth, which enables the team to gain experience and add more value to the organization.

Knowing whether a particular assignment is within an examiner’s potential capabilities and can enable him or her to grow professionally, however, is often not an easy task. As managers delegate assignments, they should consider not limiting assignments only to those areas in which an investigator has had prior experience. Also, managers need to avoid the tendency toward primarily delegating interesting or important assignments to the most favored team members; managers should groom everyone on the team not just the superstars; it’s the superstars who are, let’s face it, the most desirable targets for external recruiters. The same is true for undesirable assignments; managers also should spread those among the whole team, which can demonstrate that everyone is treated fairly. A thoughtful delegating process helps keep the assurance team challenged and motivated, thereby reducing the likelihood of losing promising but insufficiently challenged staff members.

Initial parameters need to be established to prevent misunderstandings, deficient productivity, or delays in the timely completion of examinations. All parties involved should have a clear understanding of the delegated assignment and of expectations. However, managers should refrain from giving excessively detailed instructions. Successful delegating does not mean micromanaging anyone. Instead, managers should consider focusing on discussing the objectives, scope, and outcomes of the assignment. When examiners are allowed the flexibility and freedom to perform their work, they not only learn more but also may show considerable ingenuity. Managing CFEs can foster an environment of participative management by encouraging input from subordinates toward refining the plans, expectations, and deadlines, as well as emphasize how the present investigation fits into the larger scheme. When a team member sees the whole process rather than only a part, he or she is less likely to miss a critical matter and may become more motivated to deliver a quality product.

The ACFE recommends that the CFE engagement manager should give his or her subordinates authority to operationally pursue their assignment and to make decisions as they see fit. Delegating the authority is no less important than assigning the responsibility for a task. In the absence of conferring an appropriate level of authority, the team member’s performance could be undercut. Also, examination managers should keep an open mind by welcoming new ideas, innovative suggestions, and alternative proposals from others. Nothing is more motivating for a subordinate than to realize that he or she has a significant ownership stake in the results. This is another reason why managers should delegate as much of an entire assignment, rather than a small portion, as possible. Doing so can help instill a sense of importance and self-esteem for the staff investigator no matter what the number of years of their experience.

Communication is an essential element of successful delegating, and regular updates about progress, results, and deadlines should occur weekly, or sometimes daily, depending on the staff member’s level of experience and the type of assignment. Meetings can be conducted face-to-face, by phone, or through videoconferencing and do not always have to be long to be effective.

As managers check on progress, they should be supportive rather than intrusive and avoid putting a subordinate on the defensive by being too critical. Managers also should allow for communication flexibility by encouraging more immediate contact between progress meetings in the event a matter requiring urgent attention unexpectedly develops.

Any significant delegated assignment should culminate with a constructive evaluation of the subordinate’s performance. Often, there is a tendency to view the simple act of delegation itself as work done. As an old colleague of mine used to say, “A task delegated is a task completed.” Even in a case where the smaller scope of a subordinate’s assignment does not merit an exit session, it is still a boost for team morale to give recognition and show gratitude for the work done.

I have never met an experienced (and successful) CFE investigation team leader who did not embrace the role and significance of delegating. However, the ability to delegate depends on trust, communication, and encouragement. When delegating, assurance managers need to accept the risk that mistakes can and will occur and remember that professionals can learn from their mistakes. Not only is valuable experience gained by the investigative team, but the manager’s time also is freed up for more critical tasks and projects. In the long run, a commitment to delegation serves to strengthen any team of investigators as well as benefit our client organization, whatever and wherever that might be.

The CFE, Management & Cybersecurity

Strategic decisions affect the ultimate success or failure of any organization. Thus, they are usually evaluated and made by the top executives. Risk management contributes meaningfully and consistently to the organization’s success as defined at the highest levels. To achieve this objective, top executives first must believe there is substantial value to be gained by embracing risk management. The best way for CFEs and other risk management professionals to engage these executives is to align fraud risk management with achievement (or non-achievement) of the organization’s vital performance targets, and use it to drive better decisions and outcomes with a higher degree of certainty.

Next, top management must trust its internal risk management professional as a peer who provides valuable perspective. Every risk assurance professional must earn trust and respect by consistently exhibiting insightful risk and performance management competence, and by evincing a deep understanding of the business and its strategic vision, objectives, and initiatives. He or she must simplify fraud risk discussions by focusing on uncertainty relative to strategic objectives and by categorizing these risks in a meaningful way. Moreover, the risk professional must always be willing to take a contrarian position, relying on objective evidence where readily available, rather than simply deferring to the subjective. Because CFEs share many of these same traits, the CFE can help internal risk executives gain that trust and respect within their client organizations.

In the past, many organizations integrated fraud risk into the evaluation of other controls. Today, per COSO guidance, the adequacy of anti-fraud controls is specifically assessed as part of the evaluation of the control activities related to identified fraud risks. Managements that identify a gap related to the fraud risk assessments performed by CFEs and work to implement a robust assessment take away an increased focus on potential fraud scenarios specific to their organizations. Many such managements have implemented new processes, including CFE facilitated sessions with operating management, that allow executives to consider fraud in new ways. The fraud risk assessment can also raise management’s awareness of opportunities for fraud outside its areas of responsibility.

The blurred line of responsibility between an entity’s internal control system and those of outsourced providers creates a need for more rigorous controls over communication between parties. Previously, many companies looked to contracts, service-level agreements, and service organization reports as their approach to managing service organizations. Today, there is a need to go further. Specifically, there is a need for focus on the service providers’ internal processes and tone at the top. Implementing these additional areas of fraud risk assessment focus can increase visibility into the vendor’s performance, fraud prevention and general internal control structure.

Most people view risk as something that should be avoided or reduced. However, CFEs and other risk professionals realize that risk is valued when it can help achieve a competitive advantage. ACFE studies show that investors and other stakeholders place a premium on management’s ability to limit the uncertainty surrounding their performance projections, especially regarding fraud risk. With Information Technology budgets shrinking and more being asked from IT, outsourcing key components of IT or critical business processes to third-party cloud based providers is now common. Management should obtain a report on all the enterprise’s critical business applications and the related data that is managed by such providers. Top management should make sure that the organization has appropriate agreements in place with all service providers and that an appropriate audit of the provider’s operations, such as Service Organization Controls (SOC) 1 and SOC 2 assurance reports, is performed regularly by an independent party.

It’s also imperative that client management understand the safe harbor clauses in data breach laws for the countries and U.S. states where the organization does business.  In the United States, almost every state has enacted laws requiring organizations to notify the state in case of a data breach. The criteria defining what constitutes a data breach are similar in each state, with slight variations.

CFE vulnerability assessments should strive to impress on IT management that it should strive to make upper management aware of all major breach attempts, not just actual incidents, made against the organization. To see the importance of this it’s necessary only to open a newspaper and read about the serious data breaches occurring around the world on almost a daily basis. The definition of major may, of course, differ, depending on the organization’s industry and whether the organization is global, national, or local.  Additionally, top management and the board should plan to meet with the organization’s chief information security officer (CISO) at least once a year. This meeting should supplement the CFE’s annual update of the fraud risk assessment by helping management understand the state of cybersecurity within the organization and enabling top managers and directors to discuss key cybersecurity topics. It’s also important that the CISO is reporting to the appropriate levels within the organization. Keep in mind that although many CISOs continue to report within the IT organization, sometimes the chief information officer’s agenda conflicts with the CISO’s agenda. As such, the ACFE reports that a better reporting arrangement to promote independence is to migrate reporting lines to other officers such as the general counsel, chief operating officer, chief risk officer (CRO), or even the CEO, depending on the industry and the organization’s degree of dependence on technology.

As a matter of routine, every organization should establish relationships with the appropriate national and local authorities who have responsibility for cybersecurity or cybercrime response. For example, boards of U.S. companies should verify that management has protocols in place to guide contact with the Federal Bureau of Investigation (FBI) in case of a breech; the FBI has established its Key Partnership Engagement Unit, a targeted outreach program to senior executives of major private-sector corporations.

If there is a Chief Risk Officer (CRO) or equivalent, upper management and the board should, as with the CISO, meet with him or her quarterly or, at the least, annually and review all the fraud related risks that were either avoided or accepted. There are times when a business unit will identify a technology need that its executive is convinced is the right solution for the organization, even though the technology solution may have potential security risks. The CRO should report to the board about those decisions by business-unit executives that have the potential to expose the organization to additional security risks.

And don’t forget that management should be made to verify that the organization’s cyber insurance coverage is sufficient to address potential cyber risks. To understand the total potential impact of a major data breach, the board should always ask management to provide the cost per record of a data breach.

No business can totally mitigate every fraud related cyber risk it faces, but every business must focus on the vulnerabilities that present the greatest exposure. Cyber risk management is a multifaceted function that manages acceptance and avoidance of risk against the necessary actions to operate the business for success and growth, and to meet strategic objectives. Every business needs to regard risk management as an ongoing conversation between its management and supporting professionals, a conversation whose importance requires participation by an organization’s audit committee and other board members, with the CFE and the CISO serving increasingly important roles.

Team Work is Hard Work

From reading posts and comments posted to LinkedIn, it seems that a number of our Chapter members and guests from time to time find themselves involved in internal fraud investigations either as members of internal or external audit units or as sole practitioners.  As CFE’s we know that we can make significant contributions to a financial crime investigation, if we can work effectively, as team members, with the victim company’s internal and external auditors, as well as with other constituents involved in resolving allegations or suspicions of internal fraud. In addition to a thorough knowledge of accounting and auditing, CFE’s bring to bear a variety of skills, including interviewing, data mining and analysis.  We also know that some auditors assume that simply auditing more transactions, with the use of standard procedures, increases the likelihood that fraud will be found. While this can prove to be true in some cases, when there is suspicion of actual fraud, the introduction of competent forensic accounting investigators may be more likely to resolve the issue and bring it to a successful conclusion.

Within the boundaries of an investigation, we CFE’s typically deal with numerous constituencies, each with a different interest and each viewing the situation from a different perspective. These parties to the investigation may well attempt to influence the investigative process, favor their individual concerns, and react to events and findings in terms of personal biases. CFE’s thus often have the task of conveying to all constituencies that the results of the investigation will be more reliable if all participants and interested parties work together as a team and contribute their specific expertise or insight with objectivity. In the highly-charged environment created by a financial crime investigation, the forensic accounting investigator can make a huge contribution just by displaying and encouraging the balance and level headedness which comes from his or her detailed familiarity with the mechanics of the standard types of financial fraud.

The ACFE recommends that all parties with a stake in the process, management, audit committee, auditors, and legal counsel, should always consider including forensic accounting investigators in the front-end process of decision making about an investigation. One of the key initial decisions is, usually, the degree to which the forensic accounting investigators can work with and rely on the work of others, specifically, the internal and external auditors. Another common front-end decision is whether CFE’s—with their knowledge of accounting systems, controls, and typical fraud schemes, may be added to the team that eventually evaluates the organization’s business processes to strengthen the controls that allowed the fraud to occur. Management may at first be inclined to push for a quick result because it feels the company will be further damaged if it continues to operate under a shadow.

Senior executives may be unable or in some cases unwilling to see the full scope of issues and may attempt to limit the investigation, sometimes as a matter of self-protection, or they may seek to persuade the CFE that the issues at hand are immaterial. Whatever happened, it happened on their watch, and they may understandably be very sensitive to the CFE’s intrusion into their domain. Any defensiveness on the part of management should be defused as quickly and as thoroughly as possible, usually through empathy and consideration on the part of the forensic accounting investigator. The party or entity engaging the forensic accounting investigator, for example, the audit committee, management, or counsel, should be committed to a thorough investigation of all issues and is ultimately responsible for the investigation. The committee may engage CFE’s and forensic accounting investigators directly and look to them for guidance, or it may ask outside counsel to engage the CFE, who usually will work at counsel’s direction in fulfilling counsel’s responsibilities to the audit committee.

Every CFE should strive to bring independence and objectivity to the investigation and strive to assist each of the interested parties to achieve their unique but related objectives. As to the CFE’s  objectives, those are determined by the scope of work and the desire to meet the goals of whoever retained their services. Regardless of the differing interests of the various constituencies, forensic accounting investigators must typically answer the following questions:

  • Who is involved?
  • Could there be coconspirators?
  • Was the perpetrator instructed by a higher supervisor not currently a target of the investigation?
  • How much is at issue or what is the total impact on the financial statements?
  • Over what period did this occur?
  • Have we identified all material schemes?
  • How did this happen?
  • How was it identified, and could it have been detected earlier?
  • What can be done to deter a recurrence?

CFE’s should always keep in mind that they are primarily fact finders and not typically engaged to reach or provide conclusions, or, more formally, opinions. This differs from the financial auditor’s role. The financial auditor is presented with the books and records to be audited and determines the nature, extent, and timing of audit procedures. On one hand, the financial statements are management’s responsibility, and an auditor confirms they have been prepared in accordance with generally accepted accounting principles after completing these procedures and assessing the results. The CFE or forensic accounting investigator, on the other hand, commands a different set of skills and works at the direction of an employer that may be management, the audit committee, counsel, or an auditing firm itself.

Teaming with all concerned parties together with the internal and external auditors, the forensic accounting investigator should strive to bring independence and objectivity to the investigation and strive to assist each of the interested parties to achieve each team member’s unique but related objectives; management understandably may be eager to bring the investigation to a quick conclusion. The chief financial officer may be defensive over the fact that his or her organization allowed this to happen;   the board of directors, through the independent members of its audit committee, is likely to focus on conducting a thorough and complete investigation, but its members may lack the experience needed to assess the effort. In addition, they may be concerned about their personal reputations and liability. The board is likely to look to legal counsel and in some cases, to forensic accounting investigators to define the parameters of the project;  as to counsel, in most investigations in which counsel is involved, they are responsible for the overall conduct of the investigation and will assign and allocate resources accordingly; the internal auditor may have a variety of objectives, including not alienating management, staying on schedule to complete the annual audit plan, and not opening the internal audit team to criticism. The internal audit team may also feel embarrassed, angry, and defensive that it did not detect the wrongdoing; the external auditor may have several concerns, including whether the investigative team will conduct an investigation of adequate scope, whether the situation suggests retaining forensic accountants from the auditors’ firm, whether forensic accountants should be added to the audit team, and even whether the investigation will implicate the quality of past audits.

In summary, team work is complex, hard work.  While fraud is not an everyday occurrence at most companies, boards and auditing firms should anticipate the need to conduct a financial fraud investigation at some time in the future.  CFE’s can be an integral part of the planning for such investigations and can be of great help in designing the pre-planned team work protocols that ensure that, if a fraud exists, there is a high probability that it will be identified completely and dealt with in a timely and appropriate manner.

Value Added

value-addedI was reading an article in one of the business magazine to which I subscribe the other day in which a well-known business pundit was reporting that the Fortune 500 companies he interviewed for his article were becoming more and more concerned with getting increased levels of value at every level from their investments in their co-partners.  This search for higher levels of value means more pressure for performance at those same management levels and with more pressure, as every CFE knows, comes more potential for management frauds.  Fraud prevention programs cannot be immune to this phenomenon.

CFE’s have traditionally not had to consider the importance of adding value when performing their investigations since, in the case of a suspected or identified fraud, the ‘value’ of the investigation was all too apparent, i.e., to describe and, possibly, prosecute the fraudster and to lay the ground work to prevent a similar instance of the same scenario from recurring. Beyond the written report of the investigation itself, follow on (if there was any) typically consisted of verifying compliance with policies and procedures, without providing recommendations for improvement of the fraud prevention program itself or performing other consultative activities. The fraud examiner’s role was often more akin to that of a police officer than to that of a business partner.

In today’s environment, however, the evidence from practice increasingly indicates that CFE’s, like all other co-parties, are under increasing pressure to provide services that enhance the value of their client’s investment in the valuable fraud prevention services CFE’s can provide, as adding value is becoming widely considered an integral part of even the investigative process.  But what does adding value entail, and how do CFE’s provide it? While the answer may vary depending on individual circumstances, CFE’s make potentially value-adding contributions throughout the entire investigative process and in almost every aspect of our work.

When management engages the services of the CFE, it’s applying a governance control.  CFE investigations provide management, the board of directors, external auditors, and, most importantly, the audit committee with vital information about the fraud and about the key controls whose failure allowed it.  This information is the groundwork for the prosecution of the fraudster, for corrective action, for the repair of the control structure, and vital for future fraud prevention.  This type of information may or may not be possible for CFE’s to quantify monetarily in all cases, but it definitely constitutes a value-added service to management.

Most large organizations employ some sort of risk-based fraud prevention plan or program. Management, needs to address the highest fraud risks within its organization, and the fraud prevention program must reflect and address those risks. It’s here that CFE consultation can prove invaluable.  A plan developed by incorporating the organization’s highest risk departments, business units, processes, and their respective fraud prevention controls makes effective use of limited organizational resources and thereby also adds value through efficiency.

During an engagement, the CFE may observe numerous opportunities for anti-fraud related process improvement or other enhancements that might ultimately either increase the organization’s security or help fulfill its over-all duty to protection its assets. But a word of caution. While this activity constitutes adding value, investigators need to be wary of overstepping. If they come to believe every engagement should routinely include a recommendation to improve the organization’s fraud prevention effort, practitioners risk directing organizational resources ineffectively. An investigator who spends too much time looking for improvements or added controls may be harming the organization by misdirecting resources that could be applied to more critical areas.  In evaluating risk versus reward, investigators must determine if the effort and resources expended to find an improvement are worth the potential benefits.  Key to prevention of this misstep is to communicate closely with your client and use that communication to never lose sight of how your investigation fits into the bigger picture of overall management objectives for its organization. It’s within that overall context that the fraud prevention effort should always be embedded.

Management, boards of directors, audit committees, and corporate counsel will all rely eventually on the fraud examiner’s report on the facts of an investigation and on the related fraud prevention controls over the processes and risks within the organization, and they will likely view this information as value-added.  So, to add value effectively through reporting, CFE’s need to consider where they want their audience to focus. Accordingly, they should consider the needs, wants, and resources of the various stakeholders who have engaged them. The final investigative report should be easy for readers to navigate, and if appropriate, it should stratify findings into categories of importance to effectively support the dual objectives of possible prosecution and immediate remediation.  With that said, every well written fraud report will add future value through its impact on the organization’s fraud prevention effort and the investigator should write it with an eye to that important follow-on objective.

Fraud examiners are recognized by the courts and by the public as fraud specialists. Their expertise in this and related areas enables them to help management analyze fraud related risks to the organization and to assist in the design of controls to mitigate those risks. By having the expertise to perform investigations, research issues, and benchmark with peers on best practices, CFE’s can become a truly valuable resource to any client management for fraud prevention program design. These activities also constitute adding value.

Developing a complete understanding of all the aspects of how the fraud examination process fits into the client organization should be an ongoing undertaking that also adds value, though it may be difficult to quantify in terms of dollars saved, or earnings, or reduced risks. To a degree, CFE’s, as I said above, add value simply by performing their functions effectively and efficiently. But careful attention to the organization’s risk profiles and to the information requirements of various players in the organizational governance framework represent an ongoing challenge to fraud examination and forensic accounting practitioners alike, and are the key to ensuring that the value they add is maximized.

Not for Sale

expert-witness_2by Rumbi Petrozzello
2016 Vice President – Central Virginia ACFE Chapter

As soon as John Turturro flashed onto the screen, in an ad for the HBO limited series “The Night Of”, I knew that we would be watching the show, even if it turned out to be an eight hour ad for dish detergent. My husband is a huge John Turturro fan, and misses nothing in which the actor appears. Fortunately, “The Night Of” turned out to be a very engaging crime procedural that had us hooked from the first episode.  The show was great in that it got us thinking about the criminal justice system. They even had a CPA who was not a stereotype – where you start feeling sleepy just at the sight of him – and he even came with a few surprises too. What really caught my attention on “The Night Of”, however, was not the portrayal of the CPA but of the expert witnesses.

During the investigation, the prosecutor deals with two forensic experts she expects to put on the stand during the trial. In both cases, she speaks with them to find out if the evidence that they have analyzed will help her convict the accused, Nazir Khan, of murder. In one case, she speaks with the medical examiner about how the suspect injured his hand. She then not only suggests a scenario (that works in her favor) which is different from his analysis but also coaches him until he sounds convincing. She also consults an expert about the possible effects of certain drugs and, again, pushes for an opinion that will help her case. In both instances, the experts seem to have no problem changing their narratives to suit the prosecutor, their client.

I was both horrified and disappointed by the ease with which this happened. When I scoured various recaps of the episodes, the critics either skipped over those moments on the show or wrote about them as though they were just par for the course when dealing with expert witnesses. Even when I read articles about the show that consulted and interviewed legal experts, the conversation was centered mainly around the lawyers’ behavior in the court room and on life in prison. Not a single legal expert (all lawyers in the pieces that I read) discussed what actually happens in their reality with expert witnesses.

It’s sad that the defense didn’t appear to make any great attempt at challenging the prosecution experts. They did put forth their own witness who, when testifying, did spend time putting forth information that seemed based on science, and not feelings. I was actually surprised that the defense, with its very limited budget, was able to hire their own expert, who came with a very impressive resume that was highlighted when he took the stand. The casual attitude that critics and reviewers have taken, when writing about these experts, hints at how many view the expert witness as a hired gun or shill, out to say whatever their client wants, not as an objective professional, advocating for the truth and, as such, a potentially critical component of the trail process.

When attending continuing education session on being an expert witness, the question invariably comes up – how do I make sure that I am taken seriously as a neutral witness and not simply as someone giving an opinion for pay? There are several steps that you, and the lawyer that you are working with, can take to clarify your position as a credible expert.

  • Money, money, money! It’ss very important to make it clear that you are being paid for your time and not your testimony. Your fee should be based on the time that you spend on the case and should never be a fee contingent on the outcome of the case. Let the judge and jury know that you will be paid, regardless on how the case turns out.
  • In order to maintain credibility and also avoid a possible Daubert motion (raised before or during trial, to exclude the presentation of unqualified evidence to the jury), your work should be based solely on the “reliable application” of “reliable principles and methods”.
  • Of course, you should be able to take the judge and jury through the steps of your investigation, from start to finish. They should be able to see and understand clearly how you came to the conclusions that you have reached.
  • Are you qualified to give the opinions you are giving? Share your qualifications and experience, so that people know that you have received all the relevant training required to support your investigation as well as the conclusions and the facts on which you are opining. Professional credentials, such as the CFE, CFF and CPA, are all viewed with respect, the possession of any of which goes a long way to support your being viewed as a qualified expert.
  • Know your work. When you’re on the stand, be sure that you know the relevant subject matter and all the issues you are testifying about backwards and forwards so that you won’t ever be caught slack-jawed, unable to answer some important question about your work.

It’s a lamentable fact that the current general view of the expert witness, as portrayed on television and in the movies, is that of someone who will say whatever the client pays them to say and that the experts who base their work on facts are viewed as the rare heroes. Taking the steps to establish ourselves as credible and objective will go a long way to building a positive view of all expert witnesses. That and, perhaps, getting a few friends in the film business!

Who’s the Client?

lawyer_1While I was away on vacation last week our Chapter received an on-line comment-request from a CFE practitioner currently working on a fraud investigation for an attorney on the legal staff of a major international corporation.   The commenter was seeking some overview information relating to the protection of the content of her soon to be completed investigative report under U.S. law.  As I’m sure most of you remember, the attorney-client privilege applies where there is a (1) confidential (2) communication (3) between attorneys and their clients (4) made for the purpose of rendering or receiving legal advice.

To protect the report of an internal investigation, the report should be communicated to the lawyer (preferably the lawyer should initiate the investigation), it should not be distributed to anyone else, and it should be for the purpose of providing the lawyer information he or she needs to render a legal opinion or provide legal advice. The key element is that the attorney (whether in-house counsel-or outside counsel) is having the investigation conducted for the purpose of providing legal advice to the company.  The privilege generally extends to information gathered by investigators like our CFE enquirer if the investigator is acting at the direction of the attorney.

The ACFE tells us that the existence of the following will help ensure that communications gathered during the investigation will be protected under the attorney-client privilege:

–The communications were made by corporate employees to counsel;
–The communications were made at the direction of corporate superiors in order for the company to obtain legal advice from counsel;
–The employees were aware that the communications were being made in order for the company to obtain legal advice;
–The information needed was not available from upper management;
–The communications concerned matters within the scope of the employees’ corporate duties;
–The communications were confidential when made and were kept confidential by the company.

CFE’s and forensic accountants should not make the mistake of believing that just because an attorney is involved all reports and communications are protected by the attorney-client privilege. The privilege protects only those communications related to the attorney providing legal advice. Often courts will seek to determine whether the attorney was actually rendering legal advice or merely performing investigative services. Some courts have taken a narrow view of the privilege and have held that if the investigation could have been conducted just as easily by a private investigator, then the lawyer was acting as just that, an investigator, not as a lawyer; therefore, the privilege would not apply.

The ACFE cautions that the most often overlooked requirement is that the CFE’s report remain confidential. Even if a report meets all of the other requirements (prepared by a CFE for the attorney for the purpose of providing legal advice), the privilege will be lost if it is disclosed to anyone other than “the client.” In the corporate setting, it’s often hard to determine just who “the client” is. However, it’s generally clear that senior officials within the company are authorized to seek advice from an attorney on behalf of the company and to act on such advice. Accordingly, most courts have held that communications between an attorney and senior-level management are protected, while communications between an attorney and lower-level employees may not be.  Therefore, special care should be taken to ensure that the attorney-client privilege is not waived inadvertently by giving documents or communicating information to anyone outside the investigation team, including members of law enforcement. If information gathered during an investigation is shared with law enforcement, then the privilege may be waived not only as to the information given, but also to any other information relating to the same subject matter. This is known as “horizontal” waiver. Some courts have held that waiver of the privilege as to one document implies waiver as to all documents concerning the same subject matter.

If a fraud examiner or forensic accountant feels that a case should be recommended for criminal prosecution, the examiner should consult with the attorney before providing any information to government or law enforcement authorities. For example, if an investigator submits a copy of his report to the prosecutor who initiates criminal proceedings based on the findings in the report, the criminal defendant may be able to require the investigator to provide all the documents he or she used in writing the report. In such an instance, the investigator may be considered to have waived the privilege. Likewise, if law enforcement requests the results of an investigation or information gathered during an investigation, the attorney should be consulted before turning over the information. Some courts have held that the privilege is not waived if a company is subpoenaed to produce the information.

The work product doctrine protects materials that are prepared in anticipation of litigation.  the Supreme Court has set forth some protection for materials prepared with an eye toward litigation. The Court has stated that the doctrine promoted the “orderly prosecution and defense of legal claims” by providing attorneys with a zone of privacy that was essential to their role as an adversary.  People often mistakenly believe that the work product doctrine is connected to, or is part of, the attorney-client privilege. It is not. One of the main differences between the work product doctrine and the attorney-client privilege is that the work product doctrine is not a privilege. The work product doctrine is a provision of the discovery rules which provides that in certain instances, items will be protected from discovery. As such, the work product doctrine is really a “qualified immunity” from discovery. It differs from an evidentiary privilege (such as attorney-client privilege) in that even if the document falls within the definition of “work product,” the judge still can order that the document be produced if the opposing party can show “substantial need” for the protected information and that the information cannot be obtained from another source. However, even if “substantial need” is shown, the mental impressions and opinions of an attorney concerning the litigation are not subject to disclosure under any circumstances.

In virtually every lawsuit, there will be disputes about what must be produced and what is protected from discovery. The rules are not always clear, and they are not applied consistently in either the federal or state courts. One good, but not foolproof protection, is to put the phrase “PRIVILEGED AND CONFIDENTIAL” at the top of every document produced regarding the case. Of course, this statement is not evidence the document is legally privileged or protected, but it does show an intention to keep the communication confidential, and will alert others that the document contains sensitive information.

Some general exceptions to the privilege rule are:

–Only the holder of a privilege, or the holder’s designated representative, can assert the privilege.
–If the holder, after having notice and opportunity, fails to assert it, the privilege is waived.
–If the holder discloses significant information to someone outside the protected relationship, the privilege does not hold.
–The communication must be pertinent to the protected relationship (a physician and a patient must be discussing health issues), or there is no privilege. Ordinary discussion not deemed confidential is not protected.

The Straight Scoop on Risk

risk-assessmentAny practicing auditor will tell you that information requests, getting the information needed to perform an audit or review, can be one of the most frustrating aspects of any audit work and the information requests involved with fraud risk assessments are no exception.  To successfully complete his or her assessment the CFE must develop a thorough understanding of the client’s overall system of internal control, with special emphasis on those controls over financial transactions that reduce or mitigate fraud risk.  Information requests usually signal the transition from planning to fieldwork for the CFE. How the request for that information is made sets the tone for the assessment, and can help or hurt the CFE-to-client relationship. It can also positively or negatively impact the overall achievement of review objectives, so it’s important to spend the time to get this step right.

It’s been my experience that reviewers new to CFE practice tend to compile their requests for information hastily under the assumption that the sooner they request the information; the sooner they’ll get the reply. However, as we’ve all experienced, information requests can get lost, forgotten, or ignored, and weeks can go by with no response.  Since CFE’s aren’t generally easily deterred, the problem is typically addressed by sending follow-up emails, leaving voice mails, and, as a last resort, knocking on the CFO’s office door in an attempt to get all the requested information prior to the start of serious fieldwork. And the initial request is only the beginning. During some reviews, information requests seem to never end. If the first request was for a list of key customers, a second request for invoicing procedures soon follows and the whole request process starts all over again moving like an arrow straight on through to the end of the assessment.

An alternative way around all this requires a little more work on the front-end but organizes requests so that they are received by the target data source quicker, questions are answered faster, and the CFE builds a stronger relationship with the client.  This is done by scheduling a formal, face to face meeting with the provider of the target information in his or her office immediately following the entrance conference with the CEO, corporate counsel or audit committee who engaged the CFE. The CFE should ask for and receive permission from the CEO before any information is requested from subordinate staff.  The upper management sanctioned meeting with targeted business process expert staff (say the CFO or Chief Information Systems Officer-CIFO) takes place prior to any formal information request being submitted in writing.

Meeting with the targeted business process staff in this way has many benefits and, in my experience, is well worth the time. In addition to supporting a general discussion about what information is available, it’s often possible to obtain some of the requested items themselves during the face-to-face.  I’ve often been directed to the information I want on the company databases simply by directly asking the CIFO for it.  Such meetings are invaluable to the CFE since they provide an opportunity to improve her knowledge of the business and strengthen her relationship with business process owners.  This approach doesn’t excuse CFE’s from doing all he or she can beforehand to develop as much understanding as possible of what items of information they would like to request during the meeting; this is because it’s common to learn something new about the control system of a business process in a meeting with a process expert that makes some aspect of the original request irrelevant. The best way to avoid this is to have developed a solid overview of the fraud risk assessment process, its steps and objectives, so the CFE can quickly regroup and make a new request that better satisfies the complete, overall assessment objective.

During the meeting(s) with individual process owners the CFE should provide a brief overview of the assessment and its objective(s); this will help communicate the reason for the specific information requests. Through an easy give and take the CFE can explore with the process expert where the requested information is housed and how it might best be accessed. A benefit of this approach is that all clients appreciate having the assessment objectives and requests explained to them in person. They are more willing to provide the documentation and answer the inevitable follow-up questions that arise later because they have a clear understanding of what is needed and why.  If, during the discussion with the process expert, the reviewer realizes a change needs to be made to a request, it can be addressed in real time. This also saves the CFE from having to send an embarrassing email apologizing because he or she inadvertently requested the wrong information.

Following discussion of all the requests, the CFE should consider wrapping up the meeting by asking a few questions about how the business is doing, if any new initiatives are being undertaken, if that new financial system software is meeting expectations, etc. Anything learned about the business will improve the CFE’s ability to make fraud prevention recommendations and may identify other areas of fraud vulnerability to look into at a later time.  Working to obtain this useful control related information is much easier face-to-face than over the phone or via email.

After the meetings with the client’s business process expects are finished, the CFE and his or her team (if any) will be able to start testing immediately because most of the requested documentation has been obtained or its location identified. Another benefit to this approach is efficiency, because it can significantly reduce the time spent waiting and following up with the business process owner. It also allows the CFE to use his or her time effectively.

It is much better to spend one hour with the client up front than to spend an hour each of the following three weeks sending follow-up emails.  The best-case scenario is that the CFE walks out of the meeting with all the information requested in hand or its location identified and ready to start reviewing and testing. The worst-case scenario is that the CFE leaves the meeting without the requested information, but now knows where the supporting documentation is located and can pull the information him or herself. Regardless of the outcome, the auditor has spent time building a stronger relationship with the client’s business process owners and may have received some valuable information related to that department or business process that could never have been obtained through a seemingly endless email drive.

Making It Right

restitutionRegister Today for Investigating on the Internet May 18-19 2016 RVACFES Seminar!

Congratulations!  You and your investigative team did all the hard work over many months and your client company has obtained a conviction of the bad guy.  What happens next?  The restitution phase of your examination, of course!  Client’s counsel has probably already told you (if you didn’t know it before) that the primary goal of a criminal statute is punishment of the convicted defendant, and for the most part criminal procedure does not concern itself with compensation or reparation of your client, the defendant’s victim. However, there are some opportunities to pursue recovery of losses caused by criminal conduct after the defendant’s conviction of which you should be aware.  So, according to the ACFE, what are some of the main issues involved with restitution?

Where the court suspends part or all of the defendant’s jail time and substitutes instead a term of probation, the court has the authority – either by statute or by its inherent powers – to specify the conditions of that probation, including an order to make restitution to the victim or otherwise to cooperate in the victim’s efforts to recover money or property. Restitution as a condition of probation can be ordered against both individual and corporate defendants, and may include a provision for installment payments over time to the victim. Usually the court will take the defendant’s ability to pay into account in ordering restitution, so that the defendant has a reasonable chance of meeting the restitution condition.  These and all terms of probation are supervised by the defendant’s probation officer who reports any failure of the defendant to obey or comply with probation conditions to the court. Restitution and other probationary terms are enforced by the threat of withdrawing probation and returning the defendant to jail to serve out his sentence if he fails to comply with one or more conditions of probation.

The court-designated probation officer usually makes sentencing recommendations – including any special probationary terms – to the court, so you should present any request to include a term of restitution to the probation officer as early in the pre-sentence investigation/evaluation process as possible. A request from the prosecuting attorney to include restitution as a term of probation also carries weight with the probation officer and with the court, so try to cultivate the prosecutor and familiarize her with your claim and supporting evidence. Cooperation with the prosecutor and police during the criminal prosecution can pay dividends in their willingness after conviction to persuade the court to impose a term of probation with an order of restitution.

Federal law (18 USC §§3663A and 3664) and an increasing number of state statutes direct or permit judges to order convicted defendants to make restitution to victims of their crimes as part of their punishment after conviction. These restitution orders are in addition to any other penalties provided by law for the defendant’s crimes. Unlike Victim’s Compensation Funds, these statutes apply to all crimes, including purely economic crimes. They also apply to defendants who do not receive probation as part of their sentence. Typically, statutory criminal restitution orders direct the return of the victim’s property, or its monetary equivalent if the property cannot be returned. Value may be calculated as of the date of loss or the date of sentencing, whichever is greater, according to some statutes. They also may direct the return of the fruits of the crime or the victim’s actual out-of-pocket expense caused by the crime.

A criminal restitution order may not apply, or be available, for a loss for which the victim has received, or will receive, compensation from another source, e.g. insurance (although the insurer may become subrogated to the victim’s rights and a court may enter the restitution order in favor of the insurer or other representative of the victim). Some statutes set a limit to the amount of restitution that can be ordered against a defendant who did not receive probation (although the limit usually does not apply to an order to return the victim’s property or its equivalent value) and/or direct the judge to take the defendant’s ability to pay into account. The federal statute and other state statutes direct that full restitution be ordered, although the court may take the defendant’s ability to pay into consideration in creating a payment schedule.

Unlike restitution that is ordered as a condition of conditional release (probation), a criminal restitution order can be enforced against the defendant even after his discharge from probation or his release from prison. The federal statute (and some state statutes) provide that a criminal restitution order may be enforced as a civil judgment by the victim against the defendant. Restitution orders also typically survive the death of the victim and may be enforced by his heirs or representatives. Criminal restitution orders are cumulative remedies and do not preclude the victim’s separate civil lawsuit against the defendant for the same conduct for which he was criminally convicted. However, any property or money received by the victim under a criminal restitution order will be credited against any civil judgment or restitution order.

The federal courts, and an increasing number of state courts, use legislatively mandated sentencing guidelines for convicted defendants. Besides the crime itself, and attendant facts and circumstances, these guidelines consider other factors that would allow a court to depart from the guidelines to enhance or reduce a sentence. One such factor is the defendant’s voluntary restitution before trial of the fruits of the crime or other compensation of the victim(s). This is not so much a remedy for the victim as encouragement for the wrongdoer to voluntarily make restitution before trial. Keep this fact in mind when negotiating with a criminal defendant for his cooperation during your fraud recovery effort.

Finally, be aware that many states maintain funds for the compensation of crime victims. These usually are funded, in part, by surcharges or fines assessed against the criminally convicted defendants. However, by the statutory terms and definitions, these funds typically are available only for crime victims who suffer physical injury or death from the defendant’s crime. However, it never hurts to look up the law in the relevant jurisdiction to see if reimbursement in whole or part for financial loss from fraudulent criminal conduct is available.

Lunch & a Common Interest

lunchRegister Today for Investigating on the InternetMay 18-19 2016 RVACFES Seminar!

My wife and I were just finishing up lunch at Maggiano’s here in Richmond last week when an old consulting colleague of mine came up to our table.  Chatting as he accompanied us out of the restaurant and into the parking lot, he told me that he’s currently working as an investigative team member for a local forensic accounting firm on a case of suspected embezzlement.   The client’s management and audit committee are hyper sensitive to employee privacy rights, having experienced a prior grievance lawsuit over alleged wrongful termination and defamation, and my friend had some questions about the common interest privilege and how best to proceed with the investigation in such an environment.

The ACFE tells us that there are a number of important precautions any investigator can take to avoid liability when conducting sensitive investigations.  The right to investigate for fraud is implicit in U.S accounting and legal systems. No special authority is required, although some states regulate the activities of private investigators and others. Generally, an employer, fraud examiner, forensic accountant or other investigator may lawfully interview witnesses, collect evidence where lawfully available, collect and review documents, and examine public records, without fear of liability, if the investigator acts prudently and in good faith. It’s also important that any investigation be based on sufficient “predication.” Predication means that the individual has a sufficient basis and legitimate reason to take each step in the investigation. Anyone who acts irresponsibly, without predication, or in violation of the rights of the subject, can be liable for a number of different civil actions.

Defamation is an unprivileged publication of a falsehood about a person that tends to harm the reputation of that person. The law of defamation actually consists of two torts: libel and slander. Libel is basically defamation that appears in written form, while slander involves defamatory remarks that are only spoken. Aside from the method of publication the elements of these two causes of action are essentially the same. In general, the elements of a defamation claim are:

— A false and defamatory statement is made about the plaintiff;
— This statement is communicated (“published”) to a third party; and
— The plaintiff suffers harm to her reputation or good name as a result.

In any internal fraud-related review, it’s likely that there will be unflattering allegations made against certain persons at some point in the investigation. It’s therefore important that investigative team members understand exactly what constitutes defamation so that they can avoid this potential liability. Statements of pure opinion are not defamatory because, according to the first element of the cause of action, a statement must be false in order to support a defamation suit. An opinion cannot really be proved true or false. Therefore, only statements of fact can give rise to a defamation claim. This does not mean that an investigator can shield herself from liability by phrasing all accusations as statements of opinion – “in my opinion, Allen cooked the books. ” Although the preceding statement purports to be an opinion, it implies a fact, that Allen manipulated the books. Therefore, this statement could be found to be defamatory. On the other hand, a statement that a particular employee is “difficult” or that she “seemed uncomfortable” are more likely to be found to be statements of opinion, and thus not actionable.

The second element of the cause of action requires that the statement be published, i.e., communicated to a third person or persons. The crux of defamation law is that the plaintiff’s reputation is harmed by a false statement. If no one else hears the statement, the plaintiff’s reputation cannot be harmed. This is why publication is a required element of the cause of action. Although the term “publication” is used, this does not mean that the statement has to be published in the traditional sense; it’s enough that the statement is communicated to a third person, either in writing (libel) or through spoken word (slander). In some cases, even hand signals have been found to amount to a publication. If a statement is never communicated to a third person, it cannot be defamatory. Thus, if during an interview an investigator accuses the subject of having stolen money, this will not amount to defamation as long as no one else hears the comment. On the other hand, if during an interview of Smith, the interviewer says, “It appears Jones took the money,” this could amount to defamation, since the accusation against Jones has now been published to Smith.

Aside from truth, the most important defense to a defamation action for my investigating friend is the common interest privilege. If a person makes a statement: (1) in good faith; (2) regarding a subject in which the person making the statement has a legitimate interest or duty; (3) to another person with a corresponding interest or duty, then that statement is exempt from a defamation claim. The statement will be privileged even if it is false, even if it injures the reputation of the employee, and even if it is published to a third person.

The common interest privilege extends to communications about internal investigations among persons with a legitimate interest in the investigation. Interested persons include the investigative team, members of the company’s management who requested the investigation, those who have an interest in the results of the investigation, and those who have authority to implement the recommendations or otherwise make decisions based on the results of the investigation. Some courts also have concluded that a government agency that receives a required or mandated report from the company has a common interest in that report. The law recognizes that these persons have a legitimate need to communicate about the investigation, and that the nature of such an investigation necessarily involves the discussion of the actual or suspected wrongdoing of employees. If every allegation were subject to a defamation suit, this would have a chilling effect on the ability of companies to investigate internal misconduct. Therefore, statements made in good faith among these interested persons are privileged from defamation suits.

But please bear in mind that the common interest privilege is qualified, which means that it can be lost. In order to be privileged, the communication must have been made in good faith. If the person who made the communication knew that it was false or had a reckless disregard for whether it was true or not, then this statement is not privileged, and the speaker can be successfully sued for defamation. Furthermore, the communication is only privileged among those with a “need to know.” If a statement is disseminated outside the group of interested persons, it loses its privilege. Therefore, it’s extremely important to limit the distribution of any internal report to those discussed in the preceding paragraph.

In summary, the common interest privilege is a qualified privilege, meaning that it can be lost if the defendant acts with malice in publicizing falsehoods about the plaintiff. Contrast the common interest privilege with statements made in connection with judicial proceedings; judicial proceeding statements are absolutely privileged. This means that they cannot be the subject of a defamation suit, regardless of the speaker’s motives. The judicial privilege attaches to all statements made by judges, jurors, attorneys, witnesses and other parties to a judicial proceeding. It applies to all aspects of the proceedings, including pretrial depositions and hearings, as well as to all papers or pleadings filed in the case. The idea is that we do not want to hinder the courts’ ability to get at the truth, so all those who testify in a judicial proceeding are absolutely privileged from defamation claims. But keep in mind that intentional falsehoods can still be punished in these settings under perjury laws.

The Client Waltz

waltzNot too long ago I attended a dinner meeting out of town and had a short discussion about field work with a fellow fraud examiner working her first fraud examination as part of an investigative team.  The corporate counsel of the client organization had directly engaged her small firm and my new friend and dinner partner was experiencing difficulty in gaining access to the client staff with whom she needed to work to perform her part of the investigation.  The root problem seemed to be that the engaging counsel had failed to adequately brief either the lead fraud examiner or his client on just how the examination was be conducted and, consequently the examiners were experiencing frustration because they didn’t think they were initially working with the right people to get their job done.

All too often, fraud examiners are asked to rely on a small number of primary contacts – such as the controller, chief financial officer, or business process manager – to supply all the information for an engagement. In some instances, these individuals may, as a result of confusion or worse, prevent the examiner from speaking with other members of the area under review – a practice referred to as shuttling. But regardless of whether this occurs, talking only with supervisors and managers may not elicit the detail and precision necessary for an effective review.  It’s critical that CFE’s know how to break down any barriers that keep them from those with actual knowledge of the fraud, while at the same time avoiding any damage to their rapport with the primary review contact (in this case, the corporate counsel).  This can be an intricate dance indeed! By enhancing their interpersonal soft skills, CFE’s can walk this delicate line more effectively and increase the likelihood of an outcome satisfactory to all parties. Several key skills, in particular, help fraud examiners gain access to all relevant client staff and elicit the kind of information that will result in a better investigative product.

As a general rule the CFE team leader should try to set up a detailed engagement planning and ground rule meeting with the primary examination contact(s) before starting the examination and then follow up with a formal engagement letter. Meeting the corporate counsel for lunch, for example, would have helped break the ice and provide a more relaxed environment for initial discussion then the hurried phone call from the client counsel that apparently took place in this case.  During the meeting, the lead CFE should try to identify some common ground that can be used throughout the engagement to shore up the relationship and help build rapport. S/he should also take note of the clients’ mannerisms and reactions and keep them in mind later when performing the review. When posing a tough fraud related question to the client, for example, the auditor can then observe whether the client’s mannerisms change compared to those observed while simply establishing rapport. Subsequent further probing on the part of the review team may be warranted if discrepancies are noted.

It’s always a challenge for a team of fraud examiners to quickly learn as much as possible about the business processes affected by a fraud before speaking directly with process owners. Otherwise, those involved with the fraud may perceive the CFE’s as ill prepared or uninformed and be prompt to try to take advantage of that ignorance. When any team member lacks familiarity with the client’s business, her credibility and professionalism may be called into question, and the relationship with the client can quickly become impaired.

Understanding the basic mechanics of client financial business processes up front enables the team to devote more of their engagement efforts to direct examination work. In other words, it helps ensure team member practitioners don’t spend an inordinate amount of time learning while on the job, focusing instead on staying alert for unusual transactions involving the fraud, changes in suspect behavior, and other potential issues. Moreover, examination subjects are more likely to point out more complex issues and solicit input if they feel comfortable with the examiner’s abilities. These insights, in turn, may lead to opportunities for documenting a wide range of situations useful later in court and subsequent recovery efforts.

And it goes without saying that team members should avoid excessively confident or arrogant behavior. In most instances client employees will know more about their operation than the investigative team, and they deserve respect for their expertise. Client staff should be lead to perceive the team as working collaboratively with them in a didactic manner to help resolve a difficult situation — this approach typically achieves the best results. By contrast, even a perception of an adversarial or gotcha approach can quickly sour the situation and compromise the entire process of the examination.

When asking the tough questions, the ACFE tells us that team members should avoid phrasing that may seem confrontational, and they should refrain from steering the response. For example, instead of saying, “You review the XYZ report weekly, correct?” the examiner could say something like, “Could you help me understand how often you review the XYZ report?” Essentially, CFE’s should ask open ended, nonthreatening questions, followed by requests for clarification. Also, be sure to express interest.  Team members should always try to show genuine interest in the subject’s work. In most instances, client employees are proud of what they do, and are pleased to share the details of their work with those they perceive as experts. Expressing interest can elicit valuable information and enhance the examination quality.  Interest is demonstrated by not appearing rushed and by asking relevant, informed questions.  Although this approach takes time (and CFE’s are always pressed for time), it can lead to insight and knowledge that always proves invaluable during the court room and prosecution phases that so often follow from our work product. For example, the unusual or infrequent irregular transactions/events that may not surface during standard interviews or via sample-based testing but are so vital to our work can often be highlighted in this manner.

Client employees contacted in the course of the investigation should be assured that the team is only interested in the facts and that no one is looking to judge them or their work product. Examiners need to listen carefully and objectively to subjects and avoid approaching discussions with apparent preconceived notions or biases. Maintaining impartiality will not only enhance our results, it should result in a stronger relationship with the main client, even when engagements lead to the confirmation of the suspected fraud.

Clarifying the significance of examination findings and discussing workable approaches for moving forward with the main client, help maintain the CFE to client relationship and establishes the CFE as a trusted fraud expert and advisor. For example, suppose the CFE, during her examination discovers that someone in the organization (not connected with the suspected fraud) has the ability to receive goods into inventory, perform physical inventory procedures (cycle counts), make inventory adjustments based on inventory counts, and directly write off damaged inventory to scrap. When reporting this collateral fact, the CFE might want to do more than simply document the apparent access and segregation of duties issues. S/he might want to elaborate on the finding’s significance for potential future fraud by mentioning the risk of loss of inventory (assets), as the employee’s level of system access provides an opportunity to inappropriately write off usable product as damaged, lost, or never received and then use it for personal gain. Descriptive interactions of this type add value to the examination by enabling our main client to fully appreciate the larger risks (even beyond the present fraud) associated with findings and take appropriate action to address them.

When identifying and framing any fraud related issue, CFE’s should keep its true level criticality in context. Managers and business leaders do not appreciate drama, and overreacting can hurt the examiner’s credibility and rapport with valuable future business contacts. Sticking to the facts can help keep almost any sensitive situation from spinning out of control.

Mindful management of the mechanics of client relations can change a stunted two-step into a graceful waltz.  All it takes is practice.