The unthinkable has happened. We have good employees. Our people are honest. They don’t steal from us. They’re like family. We trust them. So it goes when a company discovers a fraud from within.
Then what happens?
After the initial shock wears off, it’s time to start investigating the situation. The company must know who did it, how the fraud was committed, and what controls can be put in place to stop fraud from happening again. This is all accomplished with an effective fraud investigation.
Companies should have in place a standard set of guidelines for managers to follow when fraud is suspected. Most supervisors and managers have not dealt with on-the-job fraud, so they need guidance when evaluating fraud allegations. Fraud investigation guidelines may also help guard the company against employees’ claims of selective treatment.
The investigative policy will help management decide when an actual investigation is warranted. It may also help to determine how wide-reaching the investigation should be. Additionally, the policy brings uniformity to the process and ensures more equal treatment of similar offenses.
The first step in creating an investigative policy is developing a list of red flags that cause management to consider investigating. For example, one red flag could be a credible tip from an employee. Another example is the discovery of an account that can’t be reconciled and has unusual accounting entries. These are not detailed red flags; rather they are broad guidelines that suggest the minimum factors that trigger an inquiry.
There should be a person or group of people assigned to evaluate the red flags and determine whether an investigation is warranted. Often, a departmental supervisor is the appropriate person to evaluate the red flags. The higher the accused is in the employment ranks, the higher the person evaluating the red flags. For example, if the CFO is potentially involved in a fraud, then the CEO or the Chairman of the Board should examine the situation.
Multiple levels of management may need to be involved in the process. An area manager might gather information about a potential fraud and present it to a higher-level manager, and they jointly decide how to proceed.
The investigative policy should then dictate the action triggers. What criteria cause a high-level examination to begin? What causes us to skip the high-level examination and move straight into a full-blown investigation? If we do a high-level examination, what criteria escalate the process to a full investigation?
Once management decides on a full-blown fraud investigation, they must pull together a team of qualified professionals. Some may be employees of the company, while others might more appropriately be outside consultants.
A fraud examiner or forensic accountant with experience investigating and analyzing fraud should be “in charge” of the investigation. An outside consultant in this role can also bring independence to the project.
There are no preconceived notions about the company, its procedures, or the employees. Internal or external auditors can support the investigation with information on company procedures and controls, but typically don’t have the requisite expertise to do the investigation.
Legal counsel must play an active role in the process, often dictating the direction of the investigation. While the fraud examiner or forensic accountant will plan and perform the investigation, the attorney can point the investigation in the direction of the desired end result.
A management representative and a member of the board of directors should be involved in the investigation as well. They need to know about the potential fraud, and ought to have a “say” in the investigation.
Companies should use outside consultants if necessary. One typical example of this is a computer forensics expert. Oftentimes, companies discipline employees and secure their company-owned computers. A computer consultant who works with digital evidence for a living is usually the best person to examine those computers and retrieve any evidence.
Managing the Process
Good document management procedures are critical, especially in a fraud investigation that is document-intensive. It’s important to organize the documents properly from the start, so that the team doesn’t have to go back through boxes and boxes of papers when someone decides that the document management process was poor.
I recommend organizing documents chronologically, and possibly also separating documents by witness or transaction. For example, a fraud involving an employee and three outside vendors may be best organized by vendor, and then within each vendor’s box, documents are sorted by date.
A database or spreadsheet for tracking documents is also helpful, and the sophistication of that will probably depend upon how large and complex the case is. When tracking documents, the purpose is twofold. First, I want to be able to quickly locate a document if I need it. Second, if someone asks if I saw document XYZ, I want to be able to quickly determine whether or not I have it.
For each document received, it’s important to log the date of the document (if there is one), the source of the document, the date on which it was received, a very brief description of it, and who or what may be associated with it.
A “key document file” can also help in the document management process. This file contains copies of certain key pieces of evidence for quick access. For example, a closing statement for an important real estate transaction may need to be referenced quickly. The original document will stay in the appropriate box or file, but a copy will be made and kept in a key document file for easy referencing.
Every fraud investigation is unique, as each fraud has its own set of facts and details. To detail the process of a fraud investigation would take an entire book, but a few generalities bear mentioning.
The purpose of a fraud investigation is to gather evidence of a fraud, if any. While there are fraud allegations when the investigation starts, the investigator must be objective in her or his work, attempting to determine whether or not there is actually evidence of a fraud.
Evidence of embezzlement or other fraud goes far beyond documentation such as paper, computer files, or other written or printed sources. It also includes testimony received from interviews and interrogations, physical evidence such as fingerprints and stolen objects, personal observation of the fraud investigators, and information collected via surveillance and covert operations.
The heart of a fraud investigation will be document examination, including both the paper documents and digital evidence. The digital component of investigations keeps growing as technology and business evolve at a rapid pace.
Fraud investigators are notorious for looking at many, many details. This may include examination of bank statements, cancelled checks, vendor invoices, accounting system reports, purchasing and inventory records, payroll records, internal and external emails, and a variety of other documents. The amount and type of documentation examined depends upon the scope of the investigation.
In addition to a detailed examination of books and records, fraud investigators may also wish to see other indirectly relevant documentation. This may include prior audit and investigation files, which can give insight into the operations of the company and prior fraud matters.
Personnel records for alleged perpetrators can give background information that may be helpful for further investigation. Security logs detailing access to buildings or secured areas might provide useful information. Finally, computer access records, detailing which username accessed which records at what time, can be another important piece of the puzzle.
The fraud investigation process should not be taken lightly, and should not be left to amateurs. A company often has only one chance to get the investigation right. There are no opportunities to do it over when evidence is compromised or destroyed. Companies should bring in competent professionals who can efficiently complete the investigation so management and employees can get back to doing business.