Tag Archives: Engagement Planning

The Who, the What, the When

CFEs and forensic accountants are seekers. We spend our days searching for the most relevant information about our client requested investigations from an ever-growing and increasingly tangled data sphere and trying to make sense of it. Somewhere hidden in our client’s computers, networks, databases, and spreadsheets are signs of the alleged fraud, accompanying control weaknesses and unforeseen risks, as well as possible opportunities for improvement. And the more data the client organization has, the harder all this is to find.  Although most computer-assisted forensic audit tests focus on the numeric data contained within structured sources, such as financial and transactional databases, unstructured or text based data, such as e-mail, documents, and Web-based content, represents an estimated 8o percent of enterprise data within the typical medium to large-sized organization. When assessing written communications or correspondence about fraud related events, CFEs often find themselves limited to reading large volumes of data, with few automated tools to help synthesize, summarize, and cluster key information points to aid the investigation.

Text analytics is a relatively new investigative tool for CFEs in actual practice although some report having used it extensively for at least the last five or more years. According to the ACFE, the software itself stems from a combination of developments in our sister fields of litigation support and electronic discovery, and from counterterrorism and surveillance technology, as well as from customer relationship management, and research into the life sciences, specifically artificial intelligence. So, the application of text analytics in data review and criminal investigations dates to the mid-1990s.

Generally, CFEs increasingly use text analytics to examine three main elements of investigative data: the who, the what, and the when.

The Who: According to many recent studies, substantially more than a half of business people prefer using e-mail to use of the telephone. Most fraud related business transactions or events, then, will likely have at least some e-mail communication associated with them. Unlike telephone messages, e-mail contains rich metadata, information stored about the data, such as its author, origin, version, and date accessed, and can be documented easily. For example, to monitor who is communicating with whom in a targeted sales department, and conceivably to identify whether any alleged relationships therein might signal anomalous activity, a forensic accountant might wish to analyze metadata in the “to,” “from,” “cc,” or “bcc” fields in departmental e-mails. Many technologies for parsing e-mail with text analytics capabilities are available on the market today, some stemming from civil investigations and related electronic discovery software. These technologies are like the social network diagrams used in law enforcement or in counterterrorism efforts.

The What: The ever-present ambiguity inherent in human language presents significant challenges to the forensic investigator trying to understand the circumstances and actions surrounding the text based aspects of a fraud allegation. This difficulty is compounded by the tendency of people within organizations to invent their own words or to communicate in code. Language ambiguity can be illustrated by examining the word “shred”. A simple keyword search on the word might return not only documents that contain text about shredding a document, but also those where two sports fans are having a conversation about “shredding the defense,” or even e-mails between spouses about eating Chinese “shredded pork” for dinner. Hence, e-mail research analytics seeks to group similar documents according to their semantic context so that documents about shredding as concealment or related to covering up an action would be grouped separately from casual e-mails about sports or dinner, thus markedly reducing the volume of e-mail requiring more thorough ocular review. Concept-based analysis goes beyond traditional search technology by enabling users to group documents according to a statistical inference about the co-occurrence of similar words. In effect, text analytics software allows documents to describe themselves and group themselves by context, as in the shred example. Because text analytics examines document sets and identifies relationships between documents according to their context, it can produce far more relevant results than traditional simple keyword searches.

Using text analytics before filtering with keywords can be a powerful strategy for quickly understanding the content of a large corpus of unstructured, text-based data, and for determining what is relevant to the search. After viewing concepts at an elevated level, subsequent keyword selection becomes more effective by enabling users to better understand the possible code words or company-specific jargon. They can develop the keywords based on actual content, instead of guessing relevant terms, words, or phrases up front.

The When: In striving to understand the time frames in which key events took place, CFEs often need to not only identify the chronological order of documents (e.g., sorted by or limited to dates), but also link related communication threads, such as e-mails, so that similar threads and communications can be identified and plotted over time. A thread comprises a set of messages connected by various relationships; each message consists of either a first message or a reply to or forwarding of some other message in the set. Messages within a thread are connected by relationships that identify notable events, such as a reply vs. a forward, or changes in correspondents. Quite often, e-mails accumulate long threads with similar subject headings, authors, and message content over time. These threads ultimately may lead to a decision, such as approval to proceed with a project or to take some other action. The approval may be critical to understanding business events that led up to a particular journal entry. Seeing those threads mapped over time can be a powerful tool when trying to understand the business logic of a complex financial transaction.

In the context of fraud risk, text analytics can be particularly effective when threads and keyword hits are examined with a view to considering the familiar fraud triangle; the premise that all three components (incentive/pressure, opportunity, and rationalization) are present when fraud exists. This fraud triangle based analysis can be applied in a variety of business contexts where increases in the frequency of certain keywords related to incentive/pressure, opportunity, and rationalization, can indicate an increased level of fraud risk.

Some caveats are in order.  Considering the overwhelming amount of text-based data within any modern enterprise, assurance professionals could never hope to analyze all of it; nor should they. The exercise would prove expensive and provide little value. Just as an external auditor would not reprocess or validate every sales transaction in a sales journal, he or she would not need to look at every related e-mail from every employee. Instead, any professional auditor would take a risk-based approach, identifying areas to test based on a sample of data or on an enterprise risk assessment. For text analytics work, the reviewer may choose data from five or ten individuals to sample from a high-risk department or from a newly acquired business unit. And no matter how sophisticated the search and information retrieval tools used, there is no guarantee that all relevant or high-risk documents will be identified in large data collections. Moreover, different search methods may produce differing results, subject to a measure of statistical variation inherent in probability searches of any type. Just as a statistical sample of accounts receivable or accounts payable in the general ledger may not identify fraud, analytics reviews are similarly limited.

Text analytics can be a powerful fraud examination tool when integrated with traditional forensic data-gathering and analysis techniques such as interviews, independent research, and existing investigative tests involving structured, transactional data. For example, an anomaly identified in the general ledger related to the purchase of certain capital assets may prompt the examiner to review e-mail communication traffic among the key individuals involved, providing context around the circumstances and timing, of events before the entry date. Furthermore, the forensic accountant may conduct interviews or perform additional independent research that may support or conflict with his or her investigative hypothesis. Integrating all three of these components to gain a complete picture of the fraud event can yield valuable information. While text analytics should never replace the traditional rules-based analysis techniques that focus on the client’s financial accounting systems, it’s always equally important to consider the communications surrounding key events typically found in unstructured data, as opposed to that found in the financial systems.

Asked and Answered

Some months ago, I was involved as a member of an out-of-town fraud examination team during which the question of note taking during an investigative interview arose. A younger member of the team (a junior internal auditor) wanted to know about approaches to the documentation of not just one, but possibly of the several prospective interview sessions it initially appeared might be necessary regarding the examination.

As the ACFE tells us, notes, whether handwritten or recorded, always send an unambiguous signal to the subject that the interviewer is memorializing his or her comments. Interviews without notes are significantly limited in their value and may even signal to the interview subject that it may later be just a question of her word against the interviewer’s. If the interviewer takes only cryptic or shorthand notes and later reviews those notes with the subject to confirm what was said, the interviewer should recognize that the notes, while confirmed and edited to a certain extent, will still be less than complete.

On the other hand, tape recording an interview is a significant obstacle to full cooperation. People are reluctant to be recorded. For the most part, the use of tape recorders to take notes is not recommended in situations involving a potential fraud. Most subjects will resist the use of recorders and, even in circumstances where the subject may have agreed to their use, their responses will be more guarded than if a recorder was not used. If a recorder is used, be sure to begin the taping by recording the date, time, names of the individuals present, and an acknowledgment by the subject that they know the interview is being recorded and they have agreed to be recorded.

Once the interviewer has determined how s/he will document the interview, s/he should ask the subject if it is okay to take notes or record the session. It is the polite and professional thing to do and it serves two purposes:

–It is part of the process by which the subject is encouraged to be a participant;
–If the subject balks or tells the interviewer she does mind that the interviewer takes notes, it can open a line of questioning by the interviewer to determine the exact cause of the subject’s objections;

The subject should always be advised that note taking is critical to the integrity of the process and that notes ensure that what the subject says is documented properly. Failure to take notes limits the information to the memory and interpretation of the interviewer.  In a professional setting, most subjects will understand the critical nature of notes. Very few people will say it is not all right to take notes, regardless of how they feel about it. If they are absolutely opposed to the taking of notes, find out why and concentrate on what the subject says and reduce the interview to notes as quickly as possible after the interview. With a hostile subject who opposes note taking, the interviewer can ask if it is okay for her to make selected notes regarding dates or things the interviewer might not remember later. The interviewer can explain that it is important that s/he understand the subject’s position or communication correctly. If the subject is still adamant about the interviewer not taking notes, it should be documented in the interviewer’s report.

As the fraud interviewer develops his or her interviewing skill set, s/he should concentrate on taking verbatim notes which, among other things, include, at a minimum, nouns, pronouns, and verbs. Some practitioners recommend that the interviewer not attempt to write everything down. The argument is that, in doing so, the interviewer will not have an opportunity to observe the subject’s nonverbal communications.

The generally accepted recommendation is, therefore, where feasible, that the interviewer take down verbatim as much of what the subject says as is possible. This includes repeated words and parenthetical comments. This practice allows the interviewer to later review what the subject said as opposed to what the interviewer thought the subject said. Note taking also provides additional documentation of what the subject is communicating and (when reviewed after the fact in the light of additional knowledge) of what the subject has excluded.

During the act of taking notes, the interviewer should exercise caution. Taking notes intermittently can signal to the subject that the interviewer takes notes only when the information is important. Conversely, if, during the interview, a very sensitive area is broached, or if the subject indicates that s/he is uncomfortable with an area or issue, the interviewer can put her pencil down, lean forward, establish good eye contact, and listen to the subject. The simple suspension of note taking may place the subject at ease. As soon as the interview moves to a less sensitive area, the interviewer should try to reduce the previously mentioned sensitive area to notes. If the subject associates note taking with core interview information, the subject may interpret continued note taking as encouragement to continue talking.

The interviewer should not write down interpretive comments while taking notes. The interviewer should however make notes, where appropriate, in cases where verbal and
nonverbal indications of both resistance or cooperation are found.

The interviewer should always take notes with the possibility in mind that the notes may be subjected to third party scrutiny. This scrutiny may extend to opposing counsel in the event of litigation. The interviewer’s notes may or may not be privileged materials. With this in
mind, the interviewer should consider the following:

–Begin each separate set of interview notes on a clean page;
–Identify the date, time, and place of the interview and all the individuals present at the interview;
–Obtain as much background data on the subject as possible, including telephone numbers, and identify means of contacting him or her, including alternate numbers for family and friends;
–Initial and date the notes;
–Document the interviewer’s questions;
–Take verbatim notes if possible. Concentrate, but do not limit notes of the subject’s responses to:
• Nouns
• Pronouns
• Verb tense
• Qualifiers
• Indicators of responsibility, innocence, or guilt
–Do not document conclusions or interpretations;
–Report any unusual change in body language in an objective manner. Document the changes in body language and tone, if applicable, in conjunction with notes of what the subject or interviewer said at the time the body language or tone changed;
–At the conclusion of the interview, review the notes with the subject to confirm what the subject has said.

Finally, following the interview, your notes should be reproduced in printed form as quickly as possible.  Enough cannot be said for the value of a well-documented set of interview notes for every aspect of a subsequent investigation; their presence or absence can make or break your entire case.

RVACFES May 2017 Event Sold-Out!

On May 17th and 18th the Central Virginia ACFE Chapter and our partners, the Virginia State Police and the Association of Certified Fraud Examiners (ACFE) were joined by an over-flow crowd of audit and assurance professionals for the ACFE’s training course ‘Conducting Internal Investigations’. The sold-out May 2017 seminar was the ninth that our Chapter has hosted over the years with the Virginia State Police utilizing a distinguished list of certified ACFE instructor-practitioners.

Our internationally acclaimed instructor for the May seminar was Gerard Zack, CFE, CPA, CIA, CCEP. Gerry has provided fraud prevention and investigation, forensic accounting, and internal and external audit services for more than 30 years. He has worked with commercial businesses, not-for-profit organizations, and government agencies throughout North America and Europe. Prior to starting his own practice in 1990, Gerry was an audit manager with a large international public accounting firm. As founder and president of Zack, P.C., he has led numerous fraud investigations and designed customized fraud risk management programs for a diverse client base. Through Zack, P.C., he also provides outsourced internal audit services, compliance and ethics programs, enterprise risk management, fraud risk assessments, and internal control consulting services.

Gerry is a Certified Fraud Examiner (CFE) and Certified Public Accountant (CPA) and has focused most of his career on audit and fraud-related services. Gerry serves on the faculty of the Association of Certified Fraud Examiners (ACFE) and is the 2009 recipient of the ACFE’s James Baker Speaker of the Year Award. He is also a Certified Internal Auditor (CIA) and a Certified Compliance and Ethics Professional (CCEP).

Gerry is the author of Financial Statement Fraud: Strategies for Detection and Investigation (published 2013 by John Wiley & Sons), Fair Value Accounting Fraud: New Global Risks and Detection Techniques (2009 by John Wiley & Sons), and Fraud and Abuse in Nonprofit Organizations: A Guide to Prevention and Detection (2003 by John Wiley & Sons). He is also the author of numerous articles on fraud and teaches seminars on fraud prevention and detection for businesses, government agencies, and nonprofit organizations. He has provided customized internal staff training on specialized auditing issues, including fraud detection in audits, for more than 50 CPA firms.

Gerry is also the founder of the Nonprofit Resource Center, through which he provides antifraud training and consulting and online financial management tools specifically geared toward the unique internal control and financial management needs of nonprofit organizations. Gerry earned his M.B.A at Loyola University in Maryland and his B.S.B.A at Shippensburg University of Pennsylvania.

To some degree, organizations of every size, in every industry, and in every city, experience internal fraud. No entity is immune. Furthermore, any member of an organization can carry out fraud, whether it is committed by the newest customer service employee or by an experienced and highly respected member of upper management. The fundamental reason for this is that fraud is a human problem, not an accounting problem. As long as organizations are employing individuals to perform business functions, the risk of fraud exists.

While some organizations aggressively adopt strong zero tolerance anti-fraud policies, others simply view fraud as a cost of doing business. Despite varying views on the prevalence of, or susceptibility to, fraud within a given organization, all must be prepared to conduct a thorough internal investigation once fraud is suspected. Our ‘Conducting Internal Investigations’ event was structured around the process of investigating any suspected fraud from inception to final disposition and beyond.

What constitutes an act that warrants an examination can vary from one organization to another and from jurisdiction to jurisdiction. It is often resolved based on a definition of fraud adopted by an employer or by a government agency. There are numerous definitions of fraud, but a popular example comes from the joint ACFE-COSO publication, Fraud Risk Management Guide:

Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain.

However, many law enforcement agencies have developed their own definitions, which might be more appropriate for organizations operating in their jurisdictions. Consequently, fraud examiners should determine the appropriate legal definition in the jurisdiction in which the suspected offense was committed.

Fraud examination is a methodology for resolving fraud allegations from inception to disposition. More specifically, fraud examination involves:

–Assisting in the detection and prevention of fraud;
–Initiating the internal investigation;
–Obtaining evidence and taking statements;
–Writing reports;
–Testifying to findings.

A well run internal investigation can enhance a company’s overall well-being and can help detect the source of lost funds, identify responsible parties and recover losses. It can also provide a defense to legal charges by terminated or disgruntled employees. But perhaps, most importantly, an internal investigation can signal to every company employee that the company will not tolerate fraud.

Our two-day seminar agenda included Gerry’s in depth look at the following topics:

–Assessment of the risk of fraud within an organization and responding when it is identified;
–Detection and investigation of internal frauds with the use of data analytics;
–The collection of documents and electronic evidence needed during an investigation;
–The performance of effective information gathering and admission seeking interviews;
–The wide variety of legal and regulatory concerns related to internal investigations.

Gerry did his usual tremendous job in preparing the professionals in attendance to deal with every step in an internal fraud investigation, from receiving the initial allegation to testifying as a witness. The participants learned to lead an internal investigation with accuracy and confidence by gaining knowledge about topics such as the relevant legal aspects impacting internal investigations, the use of computers and analytics during the investigation, collecting and analyzing internal and external information, and interviewing witnesses and the writing of effective reports.

Team Work is Hard Work

From reading posts and comments posted to LinkedIn, it seems that a number of our Chapter members and guests from time to time find themselves involved in internal fraud investigations either as members of internal or external audit units or as sole practitioners.  As CFE’s we know that we can make significant contributions to a financial crime investigation, if we can work effectively, as team members, with the victim company’s internal and external auditors, as well as with other constituents involved in resolving allegations or suspicions of internal fraud. In addition to a thorough knowledge of accounting and auditing, CFE’s bring to bear a variety of skills, including interviewing, data mining and analysis.  We also know that some auditors assume that simply auditing more transactions, with the use of standard procedures, increases the likelihood that fraud will be found. While this can prove to be true in some cases, when there is suspicion of actual fraud, the introduction of competent forensic accounting investigators may be more likely to resolve the issue and bring it to a successful conclusion.

Within the boundaries of an investigation, we CFE’s typically deal with numerous constituencies, each with a different interest and each viewing the situation from a different perspective. These parties to the investigation may well attempt to influence the investigative process, favor their individual concerns, and react to events and findings in terms of personal biases. CFE’s thus often have the task of conveying to all constituencies that the results of the investigation will be more reliable if all participants and interested parties work together as a team and contribute their specific expertise or insight with objectivity. In the highly-charged environment created by a financial crime investigation, the forensic accounting investigator can make a huge contribution just by displaying and encouraging the balance and level headedness which comes from his or her detailed familiarity with the mechanics of the standard types of financial fraud.

The ACFE recommends that all parties with a stake in the process, management, audit committee, auditors, and legal counsel, should always consider including forensic accounting investigators in the front-end process of decision making about an investigation. One of the key initial decisions is, usually, the degree to which the forensic accounting investigators can work with and rely on the work of others, specifically, the internal and external auditors. Another common front-end decision is whether CFE’s—with their knowledge of accounting systems, controls, and typical fraud schemes, may be added to the team that eventually evaluates the organization’s business processes to strengthen the controls that allowed the fraud to occur. Management may at first be inclined to push for a quick result because it feels the company will be further damaged if it continues to operate under a shadow.

Senior executives may be unable or in some cases unwilling to see the full scope of issues and may attempt to limit the investigation, sometimes as a matter of self-protection, or they may seek to persuade the CFE that the issues at hand are immaterial. Whatever happened, it happened on their watch, and they may understandably be very sensitive to the CFE’s intrusion into their domain. Any defensiveness on the part of management should be defused as quickly and as thoroughly as possible, usually through empathy and consideration on the part of the forensic accounting investigator. The party or entity engaging the forensic accounting investigator, for example, the audit committee, management, or counsel, should be committed to a thorough investigation of all issues and is ultimately responsible for the investigation. The committee may engage CFE’s and forensic accounting investigators directly and look to them for guidance, or it may ask outside counsel to engage the CFE, who usually will work at counsel’s direction in fulfilling counsel’s responsibilities to the audit committee.

Every CFE should strive to bring independence and objectivity to the investigation and strive to assist each of the interested parties to achieve their unique but related objectives. As to the CFE’s  objectives, those are determined by the scope of work and the desire to meet the goals of whoever retained their services. Regardless of the differing interests of the various constituencies, forensic accounting investigators must typically answer the following questions:

  • Who is involved?
  • Could there be coconspirators?
  • Was the perpetrator instructed by a higher supervisor not currently a target of the investigation?
  • How much is at issue or what is the total impact on the financial statements?
  • Over what period did this occur?
  • Have we identified all material schemes?
  • How did this happen?
  • How was it identified, and could it have been detected earlier?
  • What can be done to deter a recurrence?

CFE’s should always keep in mind that they are primarily fact finders and not typically engaged to reach or provide conclusions, or, more formally, opinions. This differs from the financial auditor’s role. The financial auditor is presented with the books and records to be audited and determines the nature, extent, and timing of audit procedures. On one hand, the financial statements are management’s responsibility, and an auditor confirms they have been prepared in accordance with generally accepted accounting principles after completing these procedures and assessing the results. The CFE or forensic accounting investigator, on the other hand, commands a different set of skills and works at the direction of an employer that may be management, the audit committee, counsel, or an auditing firm itself.

Teaming with all concerned parties together with the internal and external auditors, the forensic accounting investigator should strive to bring independence and objectivity to the investigation and strive to assist each of the interested parties to achieve each team member’s unique but related objectives; management understandably may be eager to bring the investigation to a quick conclusion. The chief financial officer may be defensive over the fact that his or her organization allowed this to happen;   the board of directors, through the independent members of its audit committee, is likely to focus on conducting a thorough and complete investigation, but its members may lack the experience needed to assess the effort. In addition, they may be concerned about their personal reputations and liability. The board is likely to look to legal counsel and in some cases, to forensic accounting investigators to define the parameters of the project;  as to counsel, in most investigations in which counsel is involved, they are responsible for the overall conduct of the investigation and will assign and allocate resources accordingly; the internal auditor may have a variety of objectives, including not alienating management, staying on schedule to complete the annual audit plan, and not opening the internal audit team to criticism. The internal audit team may also feel embarrassed, angry, and defensive that it did not detect the wrongdoing; the external auditor may have several concerns, including whether the investigative team will conduct an investigation of adequate scope, whether the situation suggests retaining forensic accountants from the auditors’ firm, whether forensic accountants should be added to the audit team, and even whether the investigation will implicate the quality of past audits.

In summary, team work is complex, hard work.  While fraud is not an everyday occurrence at most companies, boards and auditing firms should anticipate the need to conduct a financial fraud investigation at some time in the future.  CFE’s can be an integral part of the planning for such investigations and can be of great help in designing the pre-planned team work protocols that ensure that, if a fraud exists, there is a high probability that it will be identified completely and dealt with in a timely and appropriate manner.

Exploiting the Dual

businessmeet1Many of today’s CFE’s hold dual certifications as CPA’s, CIA’s, CISA’s and a host of others.  This proven enhanced expertise endows the employers of fraud examiners engaged as full time corporate auditing staff with a whole host of new and exciting fraud detection and prevention capabilities.  This is especially true of corporations whose operations are daily fraud targets.  Rather than dealing with the infrequent single instance of fraud, as is most often the case in conventional CFE practice, these staff practitioners endow their employers with enhanced power in the task of devising investigative and preventative approaches to cope with random, most often automated, fraud attempts arriving on a recurring basis, twenty-four hours a day, 365 days a year.

One of the most effective innovations that dually certified CFE’s can bring to bear in such dynamic fraud environments involves some version of a mixture of continuous monitoring, continuous fraud auditing and continuous assurance. As the external and internal auditing professions view the first of these general concepts, continuous monitoring constitutes a feedback mechanism, primarily used by management, to ensure that systems operate and transactions are processed as prescribed. For example, as one of hundreds of possible examples, management might mandate that its staff CFE (s) periodically monitor the key fraud prevention controls that ensure that customer orders are checked against credit limits to ensure that the controls remain in place and aren’t deactivated.

Continuous auditing for fraud has been defined as the collection of evidence concerning fraud scenarios, by one or more examiners, on systems and transactions, on a continuous basis throughout a temporal period. For example, the staff examiners could routinely extract details of any unusually large adjusting journal entry for investigation, validate the reasons for the entry, determine whether it had been approved, and document these findings. The historical case file of irregularities will be built up from this and like evidence and from its related investigation, as will the examiner’s knowledge of the landscape of on-going fraud threats confronting the business.

Continuous fraud control assurance can even provide a concurrent or on demand assurance opinion on systems or transactions. A continuous opinion could represent an examiner’s or auditor’s opinion that overall fraud prevention controls are operating satisfactorily, unless a report is given to the contrary (often referred to as an ‘evergreen’ fraud control report). On-demand assessment concerning the functioning of key anti-fraud controls can be called for at any time to provide a spot evaluation at a point that does not necessarily coincide with a fiscal year or month-end. For example, a potential investor or lender might want to know the state of a company’s fraud prevention controls on the day that he/she makes a final investing or lending decision. Although these types of control assessments are still relatively rare, it’s possible that, given the pervasiveness of fraud in some heavily automated financial industries, the demand for this type of assessment may accelerate in the future.

Each of these three elements are built upon (and depend on) the one that precedes it. A continuous process of fraud assessment needs continuous monitoring systems to be in place to be effective. These monitoring systems provide the evidence to be collected and assessed upon which to build management assurance.

One of the biggest benefits of a program of continuous fraud control assessment is the beneficial effect it can have on an employing organization’s overall fraud control program. It’s obvious that, with continuous assessment, any key fraud control failures are detected and fixed as soon as they occur, bringing the effectiveness of the failed controls again more closely into conjunction with management’s expectations.  An additional plus for the continuous fraud control evaluation approach is that it provides early warning of problems; employing management can be apprised of a control failure as soon as it happens, providing maximum rectification time. Early warning reduces rectification downtime for the control. The objective is for the external auditors, when they later perform their checks, to find that the control weakness identified by the staff fraud examiner is now corrected and the corrected control operative as of the sign-off date, thus avoiding audit points.  One more advantage conferred by the presence of a dually certified fraud examiner on the audit staff is that many of the controls critical to the anti-fraud program can be fully automated under the CFE’s supervision and thus lend themselves to a continuous review approach. This proactive ‘no surprises’ approach to fraud control should be attractive to all organizations considering employing those holding the CFE certification as either staff auditors or security professionals.

What does it take for management to get this fraud prevention approach off the ground?  First, hire more dually certified CFE’s.  Next, automation is key to the program’s success, especially emphasizing data mining and analytics. Technology that can speed up communication is also needed, because there is no value in identifying an issue quickly if it is not communicated equally quickly to those who need to know about it. Continuous auditing for fraud includes continuous monitoring and reporting by exception on problems that arise. Therefore, the control environment of the employing organization must be at least good enough to ensure that the number of exceptions detected is not initially overwhelming. If anti-fraud controls are at a semi-mature level of effectiveness, however, there is really no reason why, with effort, a continuous assurance approach can’t work.

In setting up continuous audit tests, CFE’s must understand what can go wrong and know what they are looking for, in advance; this is a point where dual certification as an experience CPA or CIA is a plus in guiding the testing process and for creating the business rules for detecting exceptions and understanding them. This latter point is no trivial matter since something that could seem an exception under one set of circumstances, can be perfectly normal under a different set and trained financial assurance professionals know the difference.

Creatively employing their dually certified CFEs in an enhanced fraud detection and prevention effort based on the continuous audit approach confers several benefits to any management while enhancing the fraud prevention program:

–Creation of a database of the most frequently occurring fraud scenarios coupled with the most effective audit approaches to investigate and resolve them;

–Development of tailored data analytics and investigative tools for common fraud scenarios; auditors can get the fraud related data they need when they want them;

— Faster and more thorough fraud examinations and greater depth of audit for the same cost;

— Investigation and resolution of fraud related issues as they occur is a proven proactive approach demonstrating an enhanced level of management due diligence;

— The entire audit staff can have more alternatives in the way they perform fraud related work, including reliance on preventive controls like front end systems edits which prevent fraud be screening out transactions likely to contain fraud on the system’s front end.

–Because fraud related auditing is more effective it becomes more visible for those being audited both within and without the enterprise. Senior management has first-hand knowledge that auditors are ‘on the case’ even if they do not see them every day of the week. This visibility can also act as an additional deterrent to frauds, both internal and external.

The Facts Speak for Themselves

fact-findingOne of the most frequent topics our Chapter receives questions about from new members and from our on-line guests concerns the documenting and reporting of investigative results.  What types of reports do fraud examiners and forensic accountants typically produce based on what types of documentation? What should be included in the various types of documentation and reports and what should be avoided?

The ACFE tells us that documenting an investigation is as important as performing it. A poorly documented case file can lead to a disappointing conclusion, a dissatisfied client, and can even damage the investigator’s reputation. Various means by which the fraud examiner or forensic accounting investigator may report her findings have been established by over two decades of practice.  The form of the report, whether oral or written, is always a matter to be discussed with the client and with counsel. While it’s not the responsibility of the fraud examiner to advise on the legal perils associated with various forms of reporting, there are certain issues of which new investigators should be aware as their clients debate the form of reporting that will conclude the investigator’s examination.

The ACFE suggests that practitioners try to determine at the outset whether a written report is expected and, if so, its form and timing. In the usual circumstance that this point can’t be decided at the inception of the engagement, the examiner should conduct the investigation in a manner that will facilitate a comprehensive oral report, including the key documents and any exhibits necessary to illustrate the findings. Many investigations begin small, but there’s no way to know with certainty where they will lead and what will be required at the conclusion. Although the client may not have requested a report at the outset of the investigation, some event during the investigation may change the client’s mind, and the investigator should to be prepared to respond. For example, you may determine during an investigation that an officer of the company violated a law or regulation, thereby requiring the company to consider self-reporting and possibly

bringing a civil action against the officer and other third parties. Alternatively, you may be subpoenaed for your part in an investigation that has captured the attention of regulatory agencies or law enforcement. While you can testify only as to what procedures you recall performing and the attendant findings, your client, and your own reputation, will be better served if you always have through and proper documentation. Try to perform an investigation as if you might be asked later to report formally on your findings and on the exact procedures performed.

Members also ask about the types of reports.  The most common reports are:

Written reports

  • Report of investigation. This form of written report is given directly to the client, which may be the company’s management, board, audit committee of the board, in-house counsel or outside counsel. The report should stand on its own; that is, it should identify all the relevant evidence that was used in concluding on the allegations under investigation. This is important because the client may rely on the report for various purposes such as corporate filings, lawsuits, employment actions, or alterations to procedures and controls.
  • Expert report filed in a civil court proceeding. The American Institute of Certified Public Accountants (AICPA) publishes an excellent practice aid on the full range of expert reports.
  • Affidavits. These are voluntary declarations of facts and are communicated in written form and sworn to by the witness (declarant) before an officer authorized by the court.
  • Informal reports. These consist of memos to file, summary outlines used in delivery of an oral report, interview notes, spreadsheets listing transactions along with explanatory annotations, and other less-formal written material prepared by the investigation team.

Oral reports

  • Oral reports are usually delivered by the investigation engagement leader to those overseeing an investigation, such as a company’s board, or to those who represent the company’s interests, such as outside counsel.
  • Oral reports involve giving a deposition, as a fact witness or expert witness, during which everything that is said, by all parties to the deposition, is transcribed by a court reporter.

Reports documenting an investigation differ considerably from audit opinions issued under generally accepted auditing standards (GAAS). The investigative report writer is not constrained by the required language of a governing standard, and investigative reports differ from one another in organization and content depending on the client’s stated needs. In contrast, financial audit reports adhere to set formula prescribed by GAAS. The uses of written reports also differ. The client could do any of the following things with an investigative report:

  • Distribute the report to a select group of individuals associated with the company in various capacities;
  • Voluntarily give the report to a prosecutor as a referral for prosecution;
  • Enter the report as evidence in a civil fraud proceeding;
  • Give the report to outside counsel for use in preparing regulatory findings, entering negotiations, or providing other legal services on behalf of the company.

However the client decides to use the report, its basic elements usually include the following organizaton:

  • Identify your client;
  • In the case of a lawsuit, identify the parties;
  • State in broad terms what you were asked to do;
  • Describe your scope, including the period examined;
  • Include mention of any restriction as to distribution and use of the report;
  • Identify the professional standards under which the work was conducted;
  • Identify exclusions in the reliance on your report (the report is not a financial audit, etc.);
  • State that your work should not be relied on to detect all fraud;
  • Include the procedures you performed, technical pronouncements relied upon, and findings.

Although a summary can be helpful to the reader it may be perilous for the report writer in terms of keeping critical information and perspectives intact. Caution is advised when preparing two types of summary sections: executive summary and conclusion.  If you do write a summary, be careful not to offer an opinion on the factual findings unless specifically requested to do so by the client. The facts should speak for themselves.

It may be appropriate to include in a concluding section of the Report of Investigation certain recommendations for additional investigative procedures or a description of control breakdowns you have observed. Also, a carefully written executive summary at the beginning of the report can be extremely helpful to the reader, especially when it precedes a long and complex report. The executive summary should offer in simple, straightforward language an accurate statement of significant findings. Each summarized finding should include a reference to the full description of findings included in the complete Report of Investigation.

Fraud examination reports are powerful tools which can assist client management in a myriad of ways but, like anything else, if ineptly prepared, represent a minefield for the beginning practitioner.

Situational Assessment

fraud-examinationAs a follow-on to our last post, newly minted CFE’s working for their first client can find themselves at something of a loss about the best way to initiate an investigation; I know that was certainly true of me at what now seems so many years ago.

Every fraud investigation is a minefield whose first steps can impact the final outcome significantly. Insufficient care, coordination or discretion at the launch of the investigation may tip off the suspect, causing the destruction of potentially vital evidence. Moreover, information collected hastily without sufficient attention to procedure might prove inadmissible in court, or even lead to sanctions and fines. Any experienced practitioner will tell you that a whole host of challenges beset those of us responsible for looking into potential wrongdoing. But, as the ACFE also tells us, taking the right steps before an investigation can significantly reduce the risk of error, helping to ensure the entire investigation is planned correctly and carried out efficiently.

The ACFE advocates the performance of an initial fact finding or situational assessment phase of every investigation.  The CFE (and his or her employing attorney, if there is one) first need to assess whether an allegation has merit. This process should begin with consideration of the complainant’s credibility and motives (when that person’s identity is known) as well as other possible indications of the allegation’s likely validity. The examiner should avoid snap, simplistic judgments. Just because a complainant lacks credibility or may have ulterior motives doesn’t necessarily mean there is no need for an investigation. By the same token, even a highly credible individual can make an unfounded allegation. Upon close examination, allegations often contain specific facts, especially those related to the workings of the organization, that can help support assertions and provide the CFE a basis for corroboration moving forward.

The recommended initial situational assessment can be additionally vital because insider wrongdoing especially can have a significant impact on the organization, even more so when committed by a member of senior management. The assessment should include examination of monetary, regulatory, reputational, and other known risks.

An obvious goal for the CFE in every fraud case we work is to determine the extent of existing damage and prevent further losses. This can be difficult, as allegations rarely include an exact amount of stolen funds or an assessment of organizational impact. For example, the monetary impact of vendor kickbacks to employees is often hard to assess, as it involves gauging the extent to which the organization may have received insufficient value for the products it purchased. In these circumstances, the CFE may want to assess the extent to which the vendor is used and consider the common fraud risk associated with the industry, organization and type of vendor.

What’s more, in today’s gold fish bowl regulatory environment, issues of concern to regulators increasingly include insider trading, bribery of public officials, manipulation of publicly listed companies’ financial statements, money laundering, and privacy or data breaches. If an organization fails to conduct an adequate fraud investigation or take appropriate corrective measures, the regulator may initiate its own investigation or, where a funding relationship exists, withdraw support from the organization altogether. If allegations relate to an organization’s foreign operations, or involve activities in jurisdictions with extraterritorial legislation, international regulatory requirements should also be considered. Many countries have enacted anti-bribery legislation, including the United States’ Foreign Corrupt Practices Act (FCPA), Canada’s Corruption of Foreign Officials Act, and the United Kingdom’s Bribery Act. Running afoul of these laws can have significant consequences for any of our clients.

And finally, the potential reputational damage to an organization from fraud must never be taken lightly. Examples of circumstances that may pose significant reputational risks include payments to foreign government officials, circumvention of local or foreign laws, and accepting incentives from suppliers.

The CFE and the employing attorney are in a unique position in carrying out the initial situational assessment to collect and evaluate available evidence to assist the organization in its initial understanding of the case and to plan the investigative response. This process may include preparing a preliminary evaluation of the losses or follow-on risks to which the organization has apparently been exposed.  Once the attorney has communicated to the organization the facts and issues, consideration should be given to whether to pursue criminal charges or civil remedies (i.e., recovery of funds), as it will affect the CFE’s approach to the entire inquiry process. For instance, in the United States and Canada, the standard of proof for criminal charges is higher than that of civil remedies. Further, the makeup of the CFE’s investigative team may be different depending on the objectives of the investigation. Decisions may change over time and as new circumstances of the case come to light, the investigative strategy may also need to change.

Ideally, the investigative team for the initial assessment should be kept as small as possible, and participation should be on a “need-to-know” basis. Moreover, team members must not have any conflicts that would, or even be perceived to, impair their judgment or objectivity in the investigation.

ACFE Standards also require that the team be comprised of appropriately skilled and qualified individuals to perform, or at least oversee, the evidence collection process, particularly of electronic evidence. Team members need to be informed that any one of them may be called upon to testify as a witness in court and that notes and work papers are discoverable and could appear before a judge or jury. Therefore, work paper files, including interview notes and communications, should be thorough and carefully maintained. Numerous additional considerations should be kept in mind when choosing members of the investigation team on the front end, including participants’ independence, as well as the potential need for additional legal counsel, supplementary investigative experts, and other expertise. Maintaining independent oversight is crucial to the investigation’s credibility; failure in this area leaves all the investigative findings open to criticism by opposing counsel, regulators, or law enforcement agencies. In many cases, especially those involving financial matters, corporate counsel supported by CFE’s or forensic accountants might be in the best position to manage the overall investigation.

To protect litigation privilege, the employing attorney or independent external counsel will be included in the CFE’s investigation from the beginning. These experts can also advise the CFE on legal matters such as employee suspensions or terminations and evidence gathering techniques to help ensure future court admissibility. Moreover, by adding credibility, counsel, internal or independent, provides assurance that the investigation will stand up to external legal scrutiny.

The independent, reputable CFE can add credibility to a fraud inquiry from first to last, bring current knowledge of relevant issues, and provide or coordinate the acquisition of skills that many companies lack in areas such as computer forensics, analytics, and forensic accounting. Such help is also important if opinion testimony may be required, as the testimony is admissible only if it comes from witnesses (like CFE’s) whom the courts determine are experts. When needed, for example, in cases that may lead to pursuit of criminal charges or civil remedies, supplementary experts should be retained early on. To maintain litigation privilege, investigators and experts should always be retained through the CFE’s employing attorney or external counsel.