Danger Ahead!: A Guide to Conducting Successful Fraud Investigations
The 2008 Association of Certified Fraud Examiners Report to the Nation highlighted the fact that fraud imposes a significant risk to any business, large or small. The study shows small businesses fall prey to the risk of fraud due to a variety of issues including lack of segregation of duties, poor internal controls, and lack of management oversight. We, as litigation services practitioners, should be aware of these risks as we may be tasked with assisting a client who reports a suspected fraud and resulting loss of assets. We must also be aware of the inherent risks associated with investigating allegations of fraud as they present significant concerns for those who disregard or are not concerned with the consequences.
What would you do when this call comes in?
As you complete your invoices and begin cleaning off your desk for the weekend, you receive a call from Gil Howard, the Controller at OMD, one of your largest clients. OMD is the largest processor of dairy products in the Mid-Atlantic States. The Company employs approximately 1500 employees throughout the country and is headquartered in Pittsburgh, PA. Gil discovered some suspicious payments to a vendor not known to him. The payments totaled $48,000 and occurred over the previous 6 months. Gil learned that Tom Petty, Purchasing Manager, authorized all $ 48,000 payments on behalf of OMD. Gil has become suspicious and would like you to conduct an investigation.
Conducting a fraud investigation, as with any litigation engagement, brings inherent risks to the practitioner and the client company. Some of the risks associated with fraud investigations include:
- Adverse publicity (internal & external)
- Disruptions to the business operations
- Disgruntled employees
- Potential cost and uncertain results
- Legal liability including: defamation, discrimination, privacy violations, and failure to protect attorney-client privilege
The practitioner must navigate these risks to ensure an effective outcome whereby all affected parties’ interests are protected during the investigation. Even the person suspected of committing the fraud has rights and privileges to consider.
Companies experiencing a potential fraud are not usually in favor of making it known to the general public. Additionally, they must be equally as cautious to avoid internal leakage of rumors or facts, which may hinder or jeopardize the results of the investigation. An employee’s career and reputation are at risk when they become the subject of a fraud investigation. The employee usually remains employed with the company if the allegation is not substantiated. Therefore it is important to keep the steps of investigation confidential and limited to those on a "need to know" basis.
Practitioners are advised to establish the "need to know" list with the client at the beginning stages of the investigation. They are also advised to refrain from using email to communicate opinions or findings as the messages could end up in the "inbox" of an unintended recipient including the subject of the investigation, the media, or an attorney.
Disruptions to Business Operations
The process of conducting an investigation normally takes time as the practitioner examines documents, conducts interviews, and gathers evidence. These procedures often require the involvement of company personnel. Practitioners are advised to establish expectations up front to prepare the client for these disruptions. A well prepared client is a cooperative client. It will also help to identify a single point of contact at the company who receives periodic updates of the investigation. This individual is tasked with keeping other client personnel updated on the progress of the investigation, enabling the practitioner to focus on the investigation and spend less time updating client personnel. This practice enhances to the effectiveness of his or her time.
The initiation of a fraud investigation is likely to create some disturbance among employees as they grow concerned about the inquiry and the possible consequences resulting from the findings. Employees suspected of fraud are more likely to express concern to management regarding the disruption. Oftentimes, management will look to the practitioner to accelerate resolution of the investigation in order to calm the environment. We must be aware of this risk and be sure to establish expectations early to assure management that we will endeavor to resolve the allegations effectively and efficiently, regardless of employee pushback. Practitioners should also be aware that employees guilty of misconduct may use this pushback approach to suppress the investigation with the hope that management will refrain from authorizing or continuing the engagement, and as a result, the guilty party may avoid detection.
Potential Cost and Uncertain Results
How many times have you been asked, "What will the fees be for such an engagement?" Be very cautious when answering this question when proposing an engagement, as fraud investigations are extremely unpredictable and can last much longer than planned. A simple expense reporting fraud once turned out to be a major violation of the Foreign Corrupt Practices Act and took several months to complete. The findings resulted in the termination of several key employees from a Fortune 500 Company.
It is difficult to predict the length of time to complete a fraud investigation. A phased approach is suggested, whereby you provide the client an estimate of fees for the first week or two. You can then sit down and discuss the preliminary findings with the client after the initial phase of the investigation is complete. In some instances you may have exhausted all leads and determined a responsible party within this prescribed time. In other cases, you may have only shaken the leaves on the tree and are now ready to begin a more extensive review to determine the outcome.
Clients appreciate the phased approach and concern for their finances. Some firms advocate a holistic approach to reviewing 10 years of transactions quoting very high fees in their proposals. In most instances, the client prefers the more conservative approach to resolving the problem.
Be mindful of the fact that results of your findings are uncertain. You may expect to uncover instances of fraud within the purchasing department of a company based upon the allegation only to determine collusion between the purchasing agent and the Vice President of Sales. These uncertain results often surprise the client who is now tasked with addressing the potential departure, or prosecution, of a senior level employee. Clients should be made aware of the possibility of such results to minimize surprises down the road.
Conducting a fraud investigation may expose the company and practitioner to legal liability. Potential liability resulting from these engagements usually arises from violation of employee rights, privacy issues, defamation, or discrimination. Experienced litigation practitioners with extensive fraud investigation experience are often able to navigate these risky waters and avoid any concerns. However, there are some who enter the "creek without a paddle" and "throw caution to the wind". The following are examples of procedures that may create increased exposure:
- Placing a video camera in the men’s locker room to film a potential sale of controlled substances
- Refusing to allow an employee to leave an admission-seeking interview until the employee confessed to the alleged misconduct
- Failing to properly label documents when conducting an engagement under attorney-client-privilege
- Improperly collecting electronic evidence by using techniques not acceptable by the courts or that taint the evidence thereby rendering it inadmissible in court
- Securing personal bank account statements from a cooperative bank teller without the proper authorization or consent
These examples demonstrate some of the missteps made by practitioners who were careless or perhaps unaware of the consequences of their actions. It is important to understand potential legal pitfalls associated with conducting fraud investigation engagements. When in doubt, always consult with counsel or another more experienced practitioner in the profession.
Plan of Attack
Those practitioners who follow a well thought out plan often enjoy the best results. Each phase of the investigation should be conducted properly from receipt of allegation to final resolution. This process includes the following stages:
- Preliminary Evaluation/Determine Predication
- Assembling the Team
- Investigative Fieldwork
Step One – Preliminary Evaluation/Determine Predication
Predication refers to the circumstances that, taken as a whole, would lead a reasonable, prudent professional to believe a fraud has occurred, is occurring, or will occur.1 The practitioner is ill-advised to begin an investigation without predication. One could analogize it to a police officer making an arrest without probable cause. The practitioner must first analyze the allegation and conduct some preliminary analysis to determine if an investigation is warranted. For example, a purchasing agent is suspected of colluding with a vendor to facilitate payment of inflated invoices. One might first determine if the Company has paid any invoices from this vendor and the amounts paid over the previous six months. Second, the practitioner might determine if the purchasing agent maintains any decision-making responsibility for the type of services or products provided by the vendor. Any facts uncovered that support the allegation can be used to establish predication. The practitioner must also consider those facts that contradict the allegation in order to ensure an objective process.
If the practitioner can establish a relationship between the vendor and employee, there may be reason to advance the analysis. However, without some form of cause (predication), the practitioner is not advised to begin reviewing employee email, web logs, phone records, or conducting admission-seeking interviews, as this would create the appearance of a "witch hunt." Make sure you are justified before launching a formal investigation even though the client is ready to move forward.
Step Two - Assembling the Team
The greatest asset to the practitioner is the team he or she assembles to conduct the investigation. We cannot be completely competent in all areas of fraud investigation and should rely on the competency of others to assist us when necessary. Consider the following specialized areas for inclusion as part of the team:
- Forensic Accountants
- Controls reviews
- Data mining
- Root cause analysis
- Legal Counsel
- Attorney-client-privilege cases
- Employment law guidance
- Privacy rights guidance
- Information Technology/Computer Forensics
- Electronic evidence retrieval and review
- Hard drive imaging
- Internet activity log
- Company Security Personnel
- Physical access records
- Interviewing skills
- Background on employees or prior incidents of fraud
- Investigative background
- Company Management
- Background on employee(s)
- Support for investigation
- Access to company books and records
- Human Resources Personnel
- Employee personnel files
- Employee morale
- Previous incidents of misconduct or disciplinary action
- Assist with employee interviews
The inclusion of specialists from each discipline provides significant benefits to the practitioner throughout the investigation. Launching and conducting an investigation without a competent team is like performing an operation without nurses, anesthesiologist, and other medical staff. Sooner or later, someone could end up in serious trouble.
Step Three – Investigative Fieldwork
Once the team is assembled, the practitioner normally begins investigative fieldwork to establish the validity of the allegation. This stage involves examination of documents, analytical procedures, evidence collection, and witness and subject interviews. This stage of the process normally requires the most time.
If substantiated, the results of the investigation may possibly conclude in a civil and/or criminal proceeding. It is recommended the practitioner conduct each investigation with the intent of proving "beyond a reasonable doubt" as required by criminal courts. Civil courts require proof by a preponderance of the evidence. Evidence that satisfies the requirements of criminal court will probably meet the requirements of civil litigation.
Richard Nose, a former Internal Revenue Service Agent, described in his book seven different forensic techniques to consider when conducting an investigation of alleged financial related crimes2. NACVA has incorporated these techniques into its Forensic Accounting Academy curriculum. They include the following:
- Public Document Reviews & Background Investigations
- Interviews of Relevant Persons
- Confidential Sources
- Laboratory Analysis of Physical & Electronic Evidence
- Physical & Electronic Surveillance
- Undercover Operations
- Analysis of Financial Transactions
The inclusion of these steps will help ensure a comprehensive review of all facts and an effective and efficient resolution of the investigation.
Recall our earlier conversation with Gil Howard and determine possible steps to resolve the allegation of procurement fraud committed by Tom Petty, the Purchasing Manager.
- Public Document Reviews & Background Investigations
- Check ownership of vendor to determine potential conflicts of interest or related party transactions
- Check physical location of vendor to determine if it is a legitimate company
- Review fictitious name registration information to see if Mr. Petty is listed as an owner of any businesses
- Conduct asset searches to determine if Mr. Petty may possibly be living beyond his means
- Check Mr. Petty’s personnel file for previous incidents of misconduct or performance related issues
- Interviews of Relevant Persons
- Mr. Petty’s manager
- Human resources personnel
- Vendor personnel
- Shipping/receiving personnel
- Mr. Petty
- Accounts payable personnel
- Personnel responsible for managing the vendor master file
- Confidential sources
- Former manager or co-workers
- Ex-spouse if he is divorced
- Other vendors who deal with Mr. Petty
- Laboratory analysis of physical & electronic evidence
- Document review (invoices, purchase orders, checks, receiving slips)
- Computer forensics (examine hard drive, Internet logs files, and emails for suspicious documents, correspondence, and/or web browsing activity)
- Physical & electronic surveillance
- Examine shipping and receiving area for receipt of ordered materials from the vendor
- Drive by the employee’s home for estimated asset value
- Examine cell phone or office phone records for multiple calls to vendor
- Real-time monitoring of email/Internet activity
- Undercover operations
- Video recording of shipping and receiving area
- Independent purchase of materials from vendor to compare pricing
- Analysis of financial transactions
- Examine cancelled checks issued to vendor
- Review spending trends with vendor to determine percent increase over the previous 6 months
- Determine person responsible for establishing and approving the vendor in the vendor master file
- Compare product pricing from vendor to similar products sold by other vendors
Step Four – Reporting
Although practitioners use various report writing styles and formats, a fraud examination report should contain (although the order may vary) the following sections:
- Executive Summary
- Estimated Loss and Recovery
- Evidence Collected
- Procedures Performed
- Final Disposition
The writer should be considerate of the target audience for the report, which could consist of one or more of the following:
- Internal/external audit
- Legal counsel – plaintiff’s attorney, defense attorney, prosecuting attorney
- Law enforcement
- Audit committee
- Insurance company
The report should include the what, where, when, who, and how of the fraud. Additionally, the writer is advised to include control recommendations to avoid future occurrences of fraud within the company. The report should not contain recommendations for disciplinary action or opinions on whether the employee is "guilty" of fraud. This determination is left to the "trier of fact". The writer should state the results of the investigation and avoid conclusions of guilt or innocence.
The writer is advised to use language similar to that below as their conclusions:
"The investigation uncovered sufficient evidence to support the allegations."
"The findings disclosed during our examination support the allegations raised by the company."
The written report is often the practitioner’s opportunity to showcase their talents. Some of the best fraud examiners are unable to clearly communicate their finding via the written word. We only receive one chance to make a first impression. A flawed report may negatively impact the practitioner’s reputation and ultimately their ability to build a viable practice.
Stage Five - Remediation
The last stage of the investigative process involves remediating the findings. The practitioner can play multiple roles during the remediation stage including, but not limited to the following:
- Root cause analysis
- Testifying in civil or criminal court
- Recovery of assets
- Liaison with law enforcement
- Future fraud prevention
The practitioner often submits the written report and provides management with a verbal summary of findings. The practitioner who takes the extra step to make suggestions to assist with the remediation process is one who will be called back by the client in the event of future occurrences of fraud. This stage involves providing sound consultation and advice regarding decisions to prosecute, litigate, recover assets, and avoid future fraudulent activity.
Control failures that allow a fraud to occur require attention on the part of management and other company personnel. The initiation of a criminal prosecution by a law enforcement agency can be somewhat complicated if the client is unsure who to call or how to present their case. Some clients might be intimidated by this venture. Law enforcement agencies are more inclined to advance a case for criminal prosecution when the client presents the complaint in an orderly, well detailed fashion. This includes presenting the written report, physical and documentary evidence, and any additional information needed to substantiate the allegation.
Finally, the practitioner is often tasked with testifying as a fact or expert witness related to his or her work performed during the engagement.
The act of conducting fraud investigations brings inherent risk to the practitioner and client. Although these engagements are challenging, they provide a great deal of reward for the practitioner as they assist clients through troubled times. The practitioner who chooses to chart a professional course before navigating these risky waters will often achieve the intended results and serve the client’s best interest.
 Albrecht, W. Steve, Albrecht, Conan C., Albrecht, Chad O., Fraud Examination, 2nd Edition, (Thompson South-Western, Mason, OH - 2006).
 Nossen, Richard A., Norvelle, Joan W., The Detection, Investigation, and Prosecution of Financial Crimes, (Thoth Books, Richmond Va. – 1993).