Tag Archives: Investigating on the Internet

The Internet & the Unforeseen

Liseli Pennings, last year’s speaker for our Central Virginia Chapter’s training event, ‘Investigating on the Internet’, made the comment during her presentation that on-line investigative tools are outstanding for working unforeseen fraud events.  When a potential fraud risk has been identified through routine risk assessment, what its effects would be can be discussed and hypothetically anticipated to some degree as part of the assessment.  However, Liseli pointed out, when catastrophic fraud events occur without warning, seemingly out of the blue, and no mitigation has been discussed or is even immediately possible, the results can be devastating to our clients. When these types of sudden, unforeseen fraud events occur, rapid information gathering can be critical to a successful investigative outcome and that’s where skillful use of the internet comes in.

Liseli’s comment got me to thinking about a key question.  Are these types of fraud events truly unforeseeable or are they caused by a failure to gather adequate information on the front end to anticipate them and their effects? Unanticipated fraud events and their effects typically are associated with financial factors. However, as we’ve often discussed on this blog, some of the most catastrophic events can be non-financial in nature, such as damage to reputation, which also can lead to financial losses. As part of their proactive risk assessment processes, fraud examiners can play a vital role in monitoring the client’s environment and providing valuable information to management to help identify and mitigate these types of risks.  If an organization is not prepared for these types of sudden, catastrophic fraud events, the losses can sink the organization; only look at what happened to Martha Stewart Enterprises because of her trading scandal and to Target because of the overnight revelation of the hacking of its customer accounts as well as to a host of others.

Viewed narrowly in hindsight, there seems to have been little these companies could realistically have done on the front end to mitigate the effects of such unforeseen events.  The only way to manage such events effectively is to convert them from unforeseen to foreseeable events with potential for catastrophic losses that can be mitigated through anticipation and preparation. Anticipating the potential for such events is critical, requiring information that is current, forward-looking, frequent, comprehensive, reliable, and diversified and available, to an ever-growing extent, to the CFE on the public internet.  Systematic use of the internet to broaden the scope of fraud risk assessment is a trend only now firmly taking hold.

Fraud prevention and mitigation related decision-making takes place in the present and affects the present but, more importantly, it affects the future. Historic information is valuable for some decisions but, to be effective, the information gathered for most decisions must be current and updated continuously. In this respect, CFE’s and risk managers should consider the nature of the information source and the frequency with which it is updated. For example, printed encyclopedias become dated quickly. Web and mobile sources may be considered the most current, but, as Liseli pointed out last year, this is not always the case. The very abundance of internet related resources requires of those gathering on-line information that they exercise extra care in specifying how information is verified and how often as well as when and under what circumstances it is updated.  To have comprehensive and diversified information, examiners must accept that some information they uncover won’t be completely reliable. Knowing that, they must have a methodology for evaluating the degree of reliability of each source, gathering corroborating and refuting information, and discerning the truth among the conflicting information.

When assessing the probability potential for unforeseen fraud events within the context of a client environment, CFE’s and loss prevention managers should avoid the tendency to plan and act based solely on past events and risks. Internet based scanning and assessment systems and processes ideally should be developed to anticipate the next wave of risks that might be carrying unforeseen events ever closer to the organization. It would be simple if dealing with one unforeseen fraud event eliminated all others but fraud examiners especially are aware of how often one fraud spawns another.

In casting a wider, on-line based, risk assessment net forward looking examiners might ask questions like:

–What is the next wave of technological, societal, industrial, and environmental changes that could affect my client organization, and what will be their implications for the organization?

–Have organizations that have a “bring-your-own-device” policy for cell phones, tablets, and other devices considered all the potential implications of such a policy, including privacy issues and the potential risk to proprietary information?

–What information on these devices is discoverable in legal cases?

–Are these sources included in the fraud assessment process?

–How quickly are events changing within the organization and its environment?

How do CFE’s sift through this deluge of information to glean what is relevant to the organization? What filters are available within the media in use? Which sources have features available that push the information to the user based on chosen criteria?

Some such sources are …

–Industry and trade organizations, especially including websites, magazines, newsletters, forums, and roundtables.
–Social media.
–News outlets such as print, Internet, and cable television.
–Think tanks and consultants.
–Governmental and quasi-governmental organizations.
–Personnel using cutting-edge technology.

Unforeseen financial related fraud events most often arise from a lack of information.  To be effective, information gathering must expand beyond those sources that are most familiar to risk assessment professionals and to others like CFEs involved in risk management; the more diverse the sources, the more effective the information gathering. Gathering information from only neutral sources may seem on the surface to be the most effective strategy; but this can create a severe deficit of information. Information from sources in competition with or in opposition to the client organization should be included. This will include information from sources that have a different political stance, moral compass, or divergent viewpoint. Gathering information from governmental organizations should include a wide variety of domestic and international sources. Information gatherers must evaluate the political purpose behind the information, its slant, and the reliability of the information.

Unforeseen fraud events can be devastating to an organization, not just because they are catastrophic, but because they are unexpected and initially mysterious in nature. But like all events, if they can be better understood and anticipated, their effects can be managed and mitigated so they will not be as damaging to the organization.  The use of as many information sources as possible, including those internet based,  is key to assessing their risk and potential impact.

RVACFES May Event Sold Out!

Liseli_2

On behalf of the Central Virginia Chapter and our partners the Virginia State Police and national ACFE, our Chapter officers would like to thank each of you, all our Chapter members and training attendees who made our May Event such a resounding success!  Taught by Liseli Pennings, Deputy Training Director for the ACFE, ‘Investigating on the Internet – Research Tools for Fraud Examiners’ presented a treasure trove of information for the effective utilization of hundreds of readily available on-line resources and tools to support every step of even the most complex fraud investigation and subsequent prosecution.

Liseli_1As the course makes clear, investigations today can be undertaken solely through the investigative resources a computer offers. But there are so many tools available to a fraud examiner beginning an online investigation that it can be difficult to sort out the applicable resources. By better understanding computer and Internet media, examiners can more efficiently conduct investigations and save valuable time and money. While fraud examiners can easily begin searching the Internet without a plan, they will benefit if they develop a strategy prior to conducting a search. Employing a focused search strategy can save time, maintain direction, and make better use of resources.

Liseli presented two analytical techniques designed to analyze the following in an investigative scenario:

SWOT Analysis

— Strengths
— Weaknesses
— Opportunities
— Threats

The SWOT methodology can help professionals achieve the goals of a due diligence investigation or when evaluating a company or person. SWOT is also suited for investigating a product, market, organization, or business venture. Additionally, investigations that entail comparing financial aspects to other companies or markets, such as analyzing one small business or cost in relation to the competition, can benefit from this type of analysis. If an investigator is conducting a search on an individual, it provides analysis into life aspects and characteristics of the person. This method can also be used to conduct a risk assessment that details what an organization can and cannot do, as well as alert the examiner to potential threats and opportunities.

CARA Analysis

Commonly used by law enforcement and private investigators to develop information on a subject, the CARA method analyzes:

— Characteristics
— Associations
— Reputation
–Affiliations

This type of analysis can be used to gain an understanding of an individual rather than a company.

Electronic evidence can change with usage and be altered by improper or purposeful mishandling and storage. Electronic evidence such as social media pages and blog posts can be deliberately removed or altered. Examiners should never assume that a website or post that was available one day will be there the next. Capturing information as it is found is essential because the subjects of an investigation often delete websites and social media profiles. Web pages can be preserved by selecting print screen and pasting the screen capture into a document. When possible, examiners should capture the time, date, time zone, or any other information that can prove when or where data was captured. Not doing so could lead to timeline inconsistencies and contradict alibis when used as evidence and could result in evidence being dismissed due to inaccuracies. It could also affect the examiner’s credibility and negatively impact the case if brought to trial.

When using public and paid-access databases to conduct research, it is important to determine the age of the information. If the date that the information was aggregated is not listed, examiners should look for other sources of information that do include dates.  Examiners must recognize that there are often delays in the reporting and dissemination of information from the sources used by these types of databases.

Some state or local databases might only compile information from certain cities or counties. Examiners who do not find the information they are looking for on a particular site might believe that the information does not exist or that the subject does not have an arrest record when in fact the jurisdiction in question is not included on that site or database. For this reason, it’s important to gain an understanding of exactly which jurisdictions a database covers and what type of information it provides. Determining how long the website or database retains information is also important. Some only retain information for a certain period of time (e.g., five, ten, or twenty years). Furthermore, many databases archive their records after a set number of years to allow faster searches on current information. In such cases, the examiners should search the archived database for information, try another source, or hire a service to conduct a manual record search at the local level. Examiners should avoid the assumption that a lack of records means that an incident did not occur when in fact the database simply might not have the records the examiners need.

Most websites and databases have disclaimers and disclosure statements that users should thoroughly review. Some public and paid databases contain disclosure statements informing users that the subject is notified when someone searches for their information. One such example is when credit header or certain background information is accessed online. The person to whom the information belongs is usually notified when searches pertaining to credit information are conducted with permission by an employer, but notifications can also be enacted when searching other databases for basic information. This could have a significant impact on an investigation. Disclosure practices vary from company to company and across various jurisdictions. It is crucial that examiners review all disclaimers as they will often indicate when the database was last updated or caution that information is not always current or accurate. As such, all information found online should be corroborated for accuracy and all disclaimers should be read thoroughly. Another important legal aspect to consider regarding public and private databases is the dissemination clause-if one exists. Finally, there can be legal ramifications for disseminating third-party information to attorneys or courts, or for using information compiled from certain sources. Sometimes permission is required before disclosing information. Therefore, it is important to read all legal notices and consult an attorney if unsure how to proceed.

Again, our thanks go out to all for making this May event one of our most informative and successful ever!

Before It Happens

tone-at-the-topRegister Today for Investigating on the Internet May 18-19 2016 RVACFES Seminar!

An attendee at our summer seminar on fraud prevention last year, reported that she had become quite discouraged by the amount of in-house fraud her auditors were detecting among the employees of the overseas subsidiary of her non-profit organization.  She asked our speaker, Chris Rosetti, what he would recommend to head off what seemed like a growing number of defalcations that were costing her firm large amounts of time and money to investigate and, in some case to prosecute.   Chris told her it was always motivation that drives employees to commit fraud, and that motivation can take many forms, ranging from family needs or a desire to keep up with a colleague’s lifestyle. Often, employees’ motivation to commit fraud depends on how they perceive they’re being treated by their employers. Nevertheless, there are many ways any management can minimize employees’ motivation to commit fraud. Some common methods include increasing morale, implementing employee support programs, creating a culture of high ethical standards, rewarding loyalty, establishing an open-door policy,  and reducing pressures to make the numbers.

Fraud occurs less frequently when individuals feel positively about their employers than when they feel abused, threatened, or ignored. Negative workplace environments diminish morale and can affect employees’ attitudes about committing fraud. Employees who consider themselves to be unfairly treated are more prone to commit fraud. Accordingly, increasing employee morale can be a powerful tool in decreasing employees’ motivation to commit fraud.  Chris recommended that our questioner’s management might consider steps like the following, relatively low cost ways to boost employee morale in the overseas subsidiary …

–Provide organization-sponsored social events;
–Routinely recognize employees for good work and make the recognition a big deal, taking time to really celebrate accomplishments;
–Offer flexible work arrangements to the greatest extent possible;
–Exhibit a strong ethical tone at the top;
–Engage individual contributors in the decision-making process;
–Listen closely to employee grievances and settle them as soon as possible;
–Tune into employees’ emotional needs;
–Offer competitive compensation and benefits;
–Show employees the results of their work.

Chris went on to emphasize that competitive compensation and benefits are especially important for increasing employee morale. Perceived inequities between a home office and a subsidiary in compensation and benefits policies can contribute to fraud, and less-than competitive compensation is always a negative factor that can increase the risk of fraud. The ACFE reports that employees who feel adequately compensated for their work are less likely to commit fraud against their employers. Management should compare its organization’s compensation structure with those of their competitors to ensure that their employees are not underpaid.

On the flip side management should reduce the following factors, which the ACFE has identified as detracting from a positive work environment:

–Top management who do not seem to care about or reward appropriate behavior;
–Negative feedback and lack of recognition for job performance;
–Perceived inequities in the organization;
–Autocratic rather than participative management;
–Low organizational loyalty or feelings of ownership;
–Unreasonable budget expectations or other financial targets;
–Fear of delivering bad news to supervisors or management;
–Less-than-competitive compensation;
–Poor training and promotion opportunities;
–Lack of clear organizational responsibilities;
–Poor communication practices or methods within the organization.

Chris went on to say that many organizations have begun to realize the benefit of employee support programs. Support programs are designed to help employees cope with personal problems that might motivate them to commit fraud or adversely affect their work performance, health, and well-being. These programs generally include assessment, short-term counseling, and referral services for employees or their family members.

These programs can provide support for a range of issues, including:

–Substance abuse;
–Emotional distress;
–Major life events, including births, accidents, and deaths;
–Health care concerns;
–Financial or legal concerns.

If organizations can offer employees a means to address such issues, they might be able to prevent fraud by those who are suffering. Providing safe outlets for coping can reduce an employee’s motivation to commit fraud.
Creating a culture of high ethical standards is a necessary component to any fraud prevention program. That is, management must be committed to preventing fraud, and it must build an ethical environment. The tone at the top, which is created by the organization’s leadership, refers to the ethical (or unethical) atmosphere in the workplace. According to Chris, whatever tone top management sets will have a trickle-down effect on employees. If the tone set by managers upholds ethics and integrity, employees will be more inclined to follow those same values. But if management appears unconcerned with integrity and focuses solely on the bottom line, employees will be more prone to engage in corrupt activities because they feel that ethical conduct is not a focus or priority within the organization.

Organizations that cultivate ethical cultures frequently encompass strong governance practices, such as:

–Free information flow;
–Employee access to multiple layers of management and effective control of a whistleblower hotline;
–Effective senior management team (including chief executive officer, chief financial officer, and chief operating officer) evaluations, performance management, compensation, and succession planning;
–An employee code of conduct that is clear, concise, and communicated;
–A code of conduct specific for senior management.

An ethical organization culture also includes management assurance of ethical considerations in hiring, evaluating, promoting, and earning policies for employees, as well as ethical considerations in all aspects of the entity’s relationships with customers, vendors, and other stakeholders. Ethical organizations will also address issues of ethics and the impact of ethical behavior on their strategies, operations, and long term survival. The level of management’s commitment to these areas varies widely and directly affects the fraud risk profile of an organization.

Rewarding employees for their loyalty might reduce the likelihood of fraud, but this type of morale boosting activity, according to Chris, can be successful only if the organization has an ethical culture. From a fraud prevention point of view, it’s probably more important that management establish an open-door policy to minimize employee pressures. Having an open door policy gives employees an opportunity to voice their concerns and feel heard. Employees who feel empowered and valued as a member of a team might feel a sense of loyalty to their organization and will be less inclined to commit fraud against their employer. Likewise, if employees can speak freely, managers will understand the pressures facing their employees and might be able to eliminate or reduce them.

Finally, Chris recommended reducing the pressures on employees to “make the numbers at any cost”. This alone can reduce the likelihood of fraud. One way to reduce pressures is to provide performance-based compensation rather than profit based or revenue-based compensation. When compared to profit or revenue-based compensation, performance-based compensation-such as bonuses calculated as a function of clearly set performance indicators-can reduce the motivation to cut corners, cheat, or fraudulently make the numbers. In some industries, it’s possible to tie compensation only to sales or profits. When this is done, it’s important to monitor staff performance closely, and management must encourage ethical behavior on a regular basis.

Investigating on the Internet

online-investigationThis May our Chapter, along with our partners the Virginia State Police and national ACFE will be hosting a two day seminar – ‘Investigating on the Internet – Research Tools for Fraud Examiners’.  This in-depth session will be taught by Liseli Pennings, Deputy Training Director for the ACFE.  We’ll begin enrolling students in mid-March, so pencil in the dates, May 18th and 19th!

Fraud examiners now have the ability to gain insights from, and test correlations with, a vast array of investigative relevant information on the Internet, which can be as diverse as suspect competitor information, regulatory filings, and conversations on social media.  Such analytics can provide CFE investigators with a variety of capabilities from investigative planning and risk assessment to fieldwork. They also enable fraud examination practitioners to provide clients with more compelling information about every experienced fraud.

Internet based investigation tools can be classified into three broad categories:

–Retrospective statistical analysis, used to gain deeper insight into important sub-processes in financial and operational areas related to the investigation subject.

–Forward-looking models, built to predict which areas of the business are riskier or simply require a greater level of fraud prevention focus.

–Advanced visualization analytics, used to help transform the investigation by providing deep analytical insights and actionable information through visual tools like interactive charts and dynamic graphics. In short, investigation on the internet has rapidly evolved from simply allowing CFE’s the ability to provide perspective in hindsight to helping them assemble rich digital views of the present investigative situation. Investigative, internet based analytics provide investigators with the potential to dramatically increase the value of the insights they can provide clients at every level of the examination from evaluation of business risks, to suspect analysis, and on to prosecutorial issues and challenges.

The first step in deploying internet based investigative tools effectively is determining the exact fraud scenario that needs to be addressed – what are the features constituting the scenario under review? Once specific fraud features have been identified, on-line analytical capabilities can be used to source facts, drive understanding, and generate knowledge by addressing three general questions:

–What data can be leveraged to enhance understanding of the exact fraud scenario and improve the performance of its investigation? It’s important to understand the source of the on-line data available and the systems and processes that produce it. Effective data evaluation by the examiner supports the accuracy, completeness, and reliability of the data used in her investigation.

–What is known about the general type of business processes related to the fraud?

–Exactly what fraud scenario is suspected to have transpired and why? What steps should be taken by the client immediately?

Canny use of the internet by the trained investigator can play an important role in answering these questions with a view to optimizing immediate investigative performance. The knowledgeable examiner can frequently look at on-line data from within the organization and outside it, with a focus on patterns, data mining and optimization, data visualization, advanced algorithms, neural analysis, and social networks.

These data can provide powerful insight into every aspect of our cases under investigation. In addition to examination field-work one of the most important uses of internet based investigative tools is to enhance fraud risk management. Analytics available on-line from the ACFE and others help provide a clearer understanding of risks and furnish insights as to how they can be mitigated. Ultimately, the objective is to develop and implement an analytical capability that provides the individual CFE with greater insight into the control failures associated with each major category of fraud. A second important use for internet analytics is to develop a deeper understanding of common fraud related issues. Once a potential issue has been identified, analytics can source the facts (e.g., what does the data tell us about the issue?), drive understanding of the facts (e.g., what has happened?), and generate knowledge (e.g., why did it happen?) to ultimately build a more complete presentation of fraud report findings. A third area for CFE’s to consider is how to leverage the use of the analytics performed for the fraud examination for use by the client throughout their organization. In this regard, the CFE’s report can become an important change agent, driving fraud prevention insights throughout the organization. Business managers and leaders of other organizational risk functions have a need to understand fraud risks and the correlations between data. In many cases, fraud investigative tools developed for use during a fraud examination can evolve into valuable fraud prevention tools and ownership can be transferred to business or functional leaders for ongoing use.

Consider keeping the following in mind when using internet based investigative tools in your investigation:

–Establish a clear understanding of what you’re trying to achieve in your investigation and ensure a linkage to examination planning. This should translate into defined objectives that drive the strategy and long-term vision for the use of the tools as well as surface near-term opportunities.

–Know the data.  It’s important for examiners to understand both the data they have and the data they don’t have when determining how and where to begin using the internet as an investigative tool. This knowledge also prioritizes efforts to collect what’s missing for future analyses and for enhancements to the data driven investigative program.

–Start with a targeted, ad hoc program which will likely yield greater benefits in terms of speeding insights, learning, and long term value. Take the time to learn first and then deploy necessary capabilities across your tool kit.

–Lever existing cumulative insights. These ever building insights may provide clues related to the risks and related fraud scenarios to start with, jump-starting the investigative program and build consistency with prior initiatives.

–Take steps to develop a written plan early on in every examination to take action and measure results accurately. Don’t forget that the client organization, systems, and processes that support fraud response and control remediation must be able to take action working with the insights that your final report provides.

Fraud examiners stand at the beginning of a new era in the use of internet based data to enhance the entire fraud examination life cycle. Taking the steps outlined above can help individual practitioners realize gains in effectiveness and efficiency while providing enhanced investigative services.

Please make plans to join your fellow RVACFE Chapter members and guests for an outstanding learning experience on May 18th and 19th.  You won’t be disappointed!