An investigative policy is an important tool to help manage the process of initiating a corporate fraud investigation. Doing so will help bring uniformity to the evaluation of fraud allegations, and it will help guide management through the decision making relative to the claims.
The first step in creating an investigative policy is drafting a list of red flags that might cause management to investigate. For example, a credible tip from an employee or vendor would be an important red flag which needs follow up.
The policy should help management determine what “credible” means in these situations. Does the tip come from someone who is usually reliable and honest? Does the tip make sense in light of known facts about the employees and the company? Are there sufficient details about the allegations so as to lend credibility to them? Was any credible evidence submitted with the tip?
Another type of tip might be an irregularity discovered in the accounting records. Maybe an account can’t be reconciled and it also has unusual entries made to it.
There are literally hundreds of different triggers for fraud investigations, and management should be given some general guidelines that relate to your company and industry.
An investigative policy should also outline who will be responsible for evaluating red flag and deciding if a full-blown investigation is warranted. Many times, a departmental supervisor is the right person to evaluate the red flags.
However, when allegations are raised against someone higher in the employment ranks, it’s not quite so easy to decide who handles it. In general, however, the person evaluating red flags should be at least one level higher than the person implicated. For example, if the CFO is potentially involved in a fraud, then the CEO or the Chairman of the Board should examine the situation.
More than one level of management may need to be involved in the evaluation process. For example, an area manager might gather information about a potential fraud and present it to a higher-level manager who helps decide how to proceed.
The investigative policy must also dictate action triggers. What causes a high-level examination to begin? What causes management to skip the high-level examination and move straight into a full-blown investigation? If we do a high-level examination, what escalates the process to a full investigation?
By having these outlined clearly for management in an investigative policy, a company is more likely to have a thorough evaluation of fraud red flags, as well as a more efficient process for doing so.
This is just a brief overview of the process of developing your investigative policy. It’s meant to point you in the right direction. It’s going to take some time (and maybe the involvement of a fraud expert) to get your fraud policy developed, but hopefully this helps you understand some of the critical elements.