Category Archives: Engagement Planning

The Right Question, the Right Way

As every CFE knows, an integral part of the fraud examination process involves obtaining information from people. Regardless of the interview’s objective, all CFEs should embrace the role of interviewer and use the time-tested techniques recommended to us by the ACFE. But asking the right questions does not necessarily ensure key information will be uncovered; an effective interviewer also recognizes the need to separate truth from deception. Consequently, crafting effective questions, understanding the communication dynamics at play, actively participating in the interview process, and remaining alert to signs of deception will help examiners increase the effectiveness and efficiency of our interviews and of our overall engagements.

Some interviewers try to gather as much information using as few questions as possible and end up receiving convoluted or vague responses. Others seek confirmation of every detail, which can quickly turn an interview into an unproductive probing of minutia. Balancing thoroughness and efficiency is imperative to obtaining the necessary and relevant facts without overburdening the interviewee. Because the location of this line varies by interviewee, CFEs can find this balance most effectively by ensuring they ask only clear questions throughout the interview.

Some individuals might respond to a question in a way that doesn’t provide a direct answer or that veers off topic. Sometimes these responses are innocent; sometimes they are not. To make the most of an interview, examiners must remain in control of the situation, regardless of how the interviewee responds.  Being assertive does not require being impolite, however. In some instances, wording questions as a subtle command (e.g., “Tell me about…. or “Please describe….) can help establish the interview relationship. Additionally, remaining in control does not mean dissuading the interviewee from exploring pertinent topics that are outside the planned discussion points.  Interview questions can be structured in several ways, each with its own strengths, weaknesses, and ideal usage. Open questions ask the interviewee to describe or explain something. Most examination interviews should rely heavily on open questions, as these provide the best view of how things operate and the perspective of the staff member involved in a particular area. They also enable the reviewer to observe the interviewee’s demeanor and attitude, which can provide additional information about specific issues. However, if the CFE believes an individual might not stay on topic or may avoid providing certain information, open questions should be used cautiously.  In contrast, closed questions can be answered with a specific, definitive response, most often “yes” or “no.” They are not meant to provide the big picture but can be useful in gathering details such as amounts and dates. Examiners should use closed questions sparingly in an informational interview, as they do not encourage the flow of information as effectively as open questions.

Occasionally, the questioner might want to direct the interviewee toward a specific point or evoke a certain reply. Leading questions can be useful in such circumstances by exploring an assumption, a fact or piece of information, that the interviewee did not provide previously. When used appropriately, such questions can help the interviewer confirm facts that the interviewee might be hesitant to discuss. Examples of leading questions include: “So there have been no changes in the process since last year?” and “You sign off on these exception reports, correct?” If the interviewee does not deny the assumption, then the fact is confirmed. However,  before using leading questions, the interviewer should raise the topic with open questions and allow the interviewee the chance to volunteer information.

The examiner should establish and maintain an appropriate level of eye contact with the interviewee throughout the interview to personalize the interaction and build rapport. However, the appropriate level of eye contact varies by culture and even by person; consequently, the examiner should pay attention to the interviewee to determine the level of eye contact that makes him or her comfortable.

People tend to mirror each other’s body language subconsciously as a way of bonding and creating rapport. CFEs can help put interviewees at ease by subtly reflecting their body language. Further, the skilled interviewer can assess the level of rapport established by changing posture and by watching the interviewee’s response. This information can help CFEs determine whether to move into sensitive areas of questioning or to continue establishing a connection with the individual.

Confirming periodically that the examiner is listening can encourage interviewees to continue talking. For example, the interviewer can provide auditory confirmation with a simple “mmm hmmm” and nonverbal confirmation by nodding or leaning toward the interviewee during his or her response.

When the interviewee finishes a narrative response, the examiner can encourage additional information by echoing back the last point the person made. This confirms that the interviewer is actively listening and absorbing the information, and it provides a starting point for the person to continue the response.

Occasionally, the examiner might summarize the information provided to that point so that the interviewee can affirm, clarify, or correct the interviewer’s understanding.

Most often, the greatest impediment to an effective interview is the interviewer him or herself.  While it is clearly important for the interviewer to observe, to listen, and to assess the subject in a variety of ways, the role of the interviewer, and the effect he or she has on the interview process, cannot be minimized.

The interviewer typically focuses on the subject as the person who will provide the information he or she seeks. The interviewer concentrates on establishing rapport, listening effectively, analyzing the subject’s verbal and nonverbal communication, and gauging how much or how little the subject is telling her. These are valid areas of concentration for the interviewer. One significant risk is that the interviewer may pay too little attention to the negative influences s/he can bring to the interview, process. The terms interview and communication are interchangeable, and effective communication is a two-way street. What makes the interviewer an effective communicator and effective interviewer is not just the signals he or she picks up from the subject but also the signals, the information, the tone, and the body language he or she sends to the subject. It is highly presumptuous of the interviewer to think he or she has little or no effect on the subject and that the subject is not evaluating, assessing, and analyzing the interviewer.

The interviewer’s style of dress, jewelry, and grooming may tell the subject as much about the interviewer as does the interviewer’s demeanor. If the interviewer is overdressed for the occasion, does it make the subject feel inferior or intimidated? If too casual, does the interviewer send a signal of the lack of importance of the interview and, as a result, does the subject become too relaxed or not as attentive? Attire should have a desired effect. For example, when interviewing an enforcement officer or other professional who is familiar with uniforms and clothing as indicators of status, it may be appropriate to wear a coat and tie. In general, it is best to always to err on the side of conservative dress for the circumstances.

The examiner should not attempt to interview two or more persons at one time unless there is no other option. It is more difficult to control an interview with two or more subjects. One subject may be more dominant than the other. The subjects will influence each other’s memories. Some subjects will not want to embarrass themselves in front of a peer or supervisor. The environment for confidential communications will be adversely affected.

When the interviewer responds to the subject’s responses, he sends signals. At times, it might be advisable to not write notes down at the time the individual tells the interviewer something sensitive. Rather, the interviewer might consider devoting his attention to the subject and writing down the sensitive information after the conversation has moved away from the sensitive area.  The interviewer should never become argumentative, antagonistic, or belligerent. The use of the  “Good Cop, Bad Cop” routine can have unwanted results, especially long term. The CFE interviewer should use tact, speak clearly and with authority but without use of threatening language. The interviewer should consistently set a professional tone.

Finally, all individuals want to be shown respect. Maintaining the personal dignity of the subject is critical for the success of the interview and follow-up efforts. Everyone wants respect, from homeless persons to top executives. To be shown respect, especially if the subject is not accustomed to it, is disarming and contributes to that essential, professional tone.

Structure & Scope

T.J. Jones presented himself as a turnaround specialist to the Chairman of the Board of Central State Corporation, a medium sized, public company, a mid-western manufacturer of computer equipment, who hired him to take over a large, but under-performing division of the company.  Jones immediately set out lofty goals for sales and profits and very quickly replaced all the existing senior staff of the division with new hires loyal to himself. To meet his inflated goals, two of Jones’s managers, in addition to legitimate equipment sales, shipped bricks to distributors and recorded some as sales of equipment to retail distributors and some as inventory out on consignment. No real products left the plant for these “special sales.” The theory was that actual sales would inevitably grow, and the bricks could be replaced later with real products. In the meantime, the unwitting distributors thought they were holding consignment inventory in the unopened cartons.

The result was that overstated sales and accounts receivable quickly caused overstated net income, retained earnings, current assets, working capital, and total assets. Prior to the manipulation, annual sales of the division were $135 million. During the two falsification years of the fraud, sales were $185 million and $362 million. Net income went up from a loss of $20 million to $23 million (income), then to $31 million (income); and the gross margin percent went from 6 percent to 28 percent. The revenue and profit figures outpaced the performance of Central State’s industry category. The accounts receivable collection period grew to 94 days, while it was 70 days elsewhere in the industry.

All the paperwork was in order because the two hand-picked managers had falsified the sales and consignment invoices, even though they did not have customer purchase orders for all the false sales. Shipping papers were in order, and several co-operating shipping employees knew that not every box shipped contained disk drives. Company accounting and control procedures required customer purchase orders or contracts evidencing real orders. A sales invoice was supposed to indicate the products and their prices, and shipping documents were supposed to indicate actual shipment. Sales were always charged to a customer’s account receivable.  During the actual operation of the fraud there were no glaring control omissions that would have pointed to financial fraud. Alert auditors might have noticed the high tension created by concentration on meeting profit goals. Normal selection of sales transactions with vouching to customer orders and shipping documents might have turned up a missing customer order. Otherwise, the paperwork would have seemed to be in order. The problem lay in Jones’ and his managers’ power to override controls and to instruct some shipping staff to send dummy boxes.  Confirmations of distributors’ accounts receivable may have elicited exception responses. The problem was to have a large enough confirmation sample to pick up some of these distributors or to be skeptical enough to send a special sample of confirmations to distributors who took the “sales” near the end of the accounting period. Observation of inventory could have included some routine inspection of goods not on the company’s premises.

The overstatements were not detected. The auditor’s annual confirmation sample was typically small and did not contain any of the false shipments. Tests of detail transactions did not turn up any missing customer orders. The inventory out on consignment was audited by obtaining a written confirmation from the holders, who apparently over the entire period of the fraud had not opened even one of the affected boxes. The remarkable financial performance was attributed to good management.

The fraud was revealed by one of Jones’ subordinate managers who was arrested on an unrelated drug charge and volunteered as a cooperating witness in exchange for the dropping of the drug charge.

This hypothetical case is a good example of the initial situation confronting management when a fraud affecting the financial statements comes to light, often with little or no warning. Everyone involved with company management will have a strong intuitive sense that an investigation is necessary; but the fact is that the company has now lost faith in the validity of its own public disclosures of financial performance.

That will need to be fixed. And it is not enough to simply alert markets that previously issued financial results are wrong; outsiders will want to know what the correct numbers should have been. The only way to find out is to dig into the numbers and distinguish the falsified results from the real ones. Beyond the need to set the numbers straight, the company will need to identify those complicit in the fraud and deal with them. This is not only a quest for justice but the need to restore credibility, and the company will be unable to do so until outsiders are satisfied that the wrongdoing executives and staff have been identified and removed.  Thus, the company needs an audit report on its financial statements. The need for a new audit report arises from the likelihood that, once a company’s financial statements have been found to be unreliable, the company’s external auditor will want to pull its existing, inaccurate,  report.

As a practical matter, pulling its report involves the external auditor’s recommendation that the company issue a press release that previously issued financial statements are not to be relied upon. Once the company issues such a press release, it will be out of compliance with any number of SEC regulations. It will no longer satisfy the threshold prerequisites for trading on the company’s securities exchange. It will be viewed by many, and certainly the plaintiff class action bar, as coming close to having admitted wrongdoing. And everyone on the outside, not to mention its own board of directors, will want answers fast. A critical step in the restoration of important business relationships and a return to compliance with regulatory requirements is the new auditor’s report. And, where fraudulent financial reporting has been discovered, an in-depth and comprehensive investigation is often the only way to get one.

A critical issue at the outset of a financial fraud investigation is its structure and scope. A key attribute for which the external auditor, as well as the SEC, will be on the lookout is that the investigation is overseen by the audit committee. In public companies, it is the audit committee that has explicit legal responsibility for oversight of financial reporting, and accounting fraud falls squarely within the orbit of financial reporting.  In addition, the audit committee, as a matter of statutory design, is structured to be independent and possessed of a level of financial sophistication that makes it the most viable subset of the board of directors to oversee the investigative efforts in this case. It’s also the audit committee that has the statutory power to engage and pay outside advisers even without the consent of management, a statutory power that can be vital if management, or part of management, as in our hypothetical case above, is a participant in the fraud.

The audit committee’s role is to oversee the investigation, not actually conduct it. For that it needs to look to outside professionals, and there are two types. The one is the outside counsel to the audit committee. If the audit committee has not already engaged outside counsel, it needs to do so. It’s audit committee counsel who will conduct the interviews, comb through the financial records, and present factual findings for audit committee consideration. Individual audit committee members may choose to sit in on interviews, and that is their choice. But it’s audit committee counsel who will conduct the investigation. The other group of professionals is the forensic accountants and/or CFEs.  Audit committee counsel, while knowledgeable of financial reporting obligations and investigative techniques, will probably not possess a sufficiently detailed knowledge of accounting systems, generally accepted accounting principles
(GAAP), or computerized ledgers. For that, audit committee counsel is well advised look for help to the category of accountants and fraud examiners specifically trained in digging into financial records for evidence of fraud.

What exactly is the audit committee looking for in such an investigation? There are primarily two things. The first, obviously enough, is what the actual numbers should have been. Often fraudulent entries involve judgment calls where the operative question is not whether the number matches the underlying financial records but whether the judgment behind the number was exercised in good faith.  The operative question for the investigators is whether the executive exercised his judgment in good faith to make the best estimate allowed by reasonably available information. Sometimes it’s not so easy to tell.

Beyond the correct numbers, the second thing for which the investigators are looking is executive complicity. In other words: who did it? Again, the good faith of those potentially involved comes into play. The investigators are not seeking simply whether executives reported financial results that turned out to be wrong. The issue rather is whether the executives tried to get them right. If they did and made an honest mistake or estimated incorrectly, that does not sound like fraud and may not even be a violation of GAAP to begin with. The main point here is that, when it comes to executive complicity, the investigators are ordinarily looking for evidence of wrongful intent (scienter). In other words, they are looking for an intentional misapplication of GAAP or an approach to GAAP that is so reckless as to constitute the equivalent of an intentional misapplication.

The scope of the investigation, then, should not pose too difficult an issue at the outset.  Initially, the scope will be largely defined by the potential improprieties that have been uncovered. The tricky question becomes: how far should the investigators go beyond the suspicious entries? The judgment calls here are formidable. One of the key issues involves the expectations of the external auditor and, beyond that, the SEC. If the scope is not sufficiently broad, the investigation may not be satisfactory to either one. Indeed, an insufficient scope can place the external auditor in a particularly awkward spot insofar as the SEC may subsequently fault not only the audit committee for inadequate scope but the external auditor’s acceptance of the audit committee’s investigative report.

An additional complicating factor involves the way fraud starts and grows. A critical issue to consider is that, overtime, as the Central State example illustrates, the manipulations will often get increasingly aggressive as the perpetrators spread the fraud throughout many line items so that no single account stands out as unusual but a substantial number are affected. For example, to prevent the distortion of accounts receivable from getting too large, Jones and his accomplices spread the fraud into inventory, then asset capitalization, then net income. The spread of the fraud is analogous to pouring a glass of water on a tabletop. It can spread everywhere without getting too deep in any one place.

So, once fraudulent financial reporting has been identified, even in just a few entries, the investigators will want to consider the possibility that it’s a symptom of a broader problem. If the investigators have been lucky enough to nip it in the bud, that may be the end of it.  Unfortunately, if the fraud has gotten big enough to be detected in the first place, such a limited size cannot be assumed. Even where the fraud ostensibly starts out small the need for a broader scope has got to be considered.

The scope of the investigation, therefore, can start out with its parameters guided by the suspicious entries revealed at the outset. In most cases, though, it will need to broaden to ensure that additional areas are not affected as well. Throughout the investigation, moreover, the scope will have to remain flexible. The investigators will have to stay on the lookout for additional clues, and will have to follow where they lead. Faced with an ostensibly ever-widening scope, initial audit committee frustration is both to be expected and understandable. But there is just no practical alternative.

Asked and Answered

Some months ago, I was involved as a member of an out-of-town fraud examination team during which the question of note taking during an investigative interview arose. A younger member of the team (a junior internal auditor) wanted to know about approaches to the documentation of not just one, but possibly of the several prospective interview sessions it initially appeared might be necessary regarding the examination.

As the ACFE tells us, notes, whether handwritten or recorded, always send an unambiguous signal to the subject that the interviewer is memorializing his or her comments. Interviews without notes are significantly limited in their value and may even signal to the interview subject that it may later be just a question of her word against the interviewer’s. If the interviewer takes only cryptic or shorthand notes and later reviews those notes with the subject to confirm what was said, the interviewer should recognize that the notes, while confirmed and edited to a certain extent, will still be less than complete.

On the other hand, tape recording an interview is a significant obstacle to full cooperation. People are reluctant to be recorded. For the most part, the use of tape recorders to take notes is not recommended in situations involving a potential fraud. Most subjects will resist the use of recorders and, even in circumstances where the subject may have agreed to their use, their responses will be more guarded than if a recorder was not used. If a recorder is used, be sure to begin the taping by recording the date, time, names of the individuals present, and an acknowledgment by the subject that they know the interview is being recorded and they have agreed to be recorded.

Once the interviewer has determined how s/he will document the interview, s/he should ask the subject if it is okay to take notes or record the session. It is the polite and professional thing to do and it serves two purposes:

–It is part of the process by which the subject is encouraged to be a participant;
–If the subject balks or tells the interviewer she does mind that the interviewer takes notes, it can open a line of questioning by the interviewer to determine the exact cause of the subject’s objections;

The subject should always be advised that note taking is critical to the integrity of the process and that notes ensure that what the subject says is documented properly. Failure to take notes limits the information to the memory and interpretation of the interviewer.  In a professional setting, most subjects will understand the critical nature of notes. Very few people will say it is not all right to take notes, regardless of how they feel about it. If they are absolutely opposed to the taking of notes, find out why and concentrate on what the subject says and reduce the interview to notes as quickly as possible after the interview. With a hostile subject who opposes note taking, the interviewer can ask if it is okay for her to make selected notes regarding dates or things the interviewer might not remember later. The interviewer can explain that it is important that s/he understand the subject’s position or communication correctly. If the subject is still adamant about the interviewer not taking notes, it should be documented in the interviewer’s report.

As the fraud interviewer develops his or her interviewing skill set, s/he should concentrate on taking verbatim notes which, among other things, include, at a minimum, nouns, pronouns, and verbs. Some practitioners recommend that the interviewer not attempt to write everything down. The argument is that, in doing so, the interviewer will not have an opportunity to observe the subject’s nonverbal communications.

The generally accepted recommendation is, therefore, where feasible, that the interviewer take down verbatim as much of what the subject says as is possible. This includes repeated words and parenthetical comments. This practice allows the interviewer to later review what the subject said as opposed to what the interviewer thought the subject said. Note taking also provides additional documentation of what the subject is communicating and (when reviewed after the fact in the light of additional knowledge) of what the subject has excluded.

During the act of taking notes, the interviewer should exercise caution. Taking notes intermittently can signal to the subject that the interviewer takes notes only when the information is important. Conversely, if, during the interview, a very sensitive area is broached, or if the subject indicates that s/he is uncomfortable with an area or issue, the interviewer can put her pencil down, lean forward, establish good eye contact, and listen to the subject. The simple suspension of note taking may place the subject at ease. As soon as the interview moves to a less sensitive area, the interviewer should try to reduce the previously mentioned sensitive area to notes. If the subject associates note taking with core interview information, the subject may interpret continued note taking as encouragement to continue talking.

The interviewer should not write down interpretive comments while taking notes. The interviewer should however make notes, where appropriate, in cases where verbal and
nonverbal indications of both resistance or cooperation are found.

The interviewer should always take notes with the possibility in mind that the notes may be subjected to third party scrutiny. This scrutiny may extend to opposing counsel in the event of litigation. The interviewer’s notes may or may not be privileged materials. With this in
mind, the interviewer should consider the following:

–Begin each separate set of interview notes on a clean page;
–Identify the date, time, and place of the interview and all the individuals present at the interview;
–Obtain as much background data on the subject as possible, including telephone numbers, and identify means of contacting him or her, including alternate numbers for family and friends;
–Initial and date the notes;
–Document the interviewer’s questions;
–Take verbatim notes if possible. Concentrate, but do not limit notes of the subject’s responses to:
• Nouns
• Pronouns
• Verb tense
• Qualifiers
• Indicators of responsibility, innocence, or guilt
–Do not document conclusions or interpretations;
–Report any unusual change in body language in an objective manner. Document the changes in body language and tone, if applicable, in conjunction with notes of what the subject or interviewer said at the time the body language or tone changed;
–At the conclusion of the interview, review the notes with the subject to confirm what the subject has said.

Finally, following the interview, your notes should be reproduced in printed form as quickly as possible.  Enough cannot be said for the value of a well-documented set of interview notes for every aspect of a subsequent investigation; their presence or absence can make or break your entire case.

In Plain Sight

By Rumbi Petrozzello, CPA/CFF, CFE
2017 Vice-President – Central Virginia Chapter ACFE

Recently, I was listening to one my favorite podcasts, Radiolab, and they were discussing a series on Audible called “Ponzi Supernova”. Reporter Steve Fishman hounded infamous Ponzi schemer, Bernie Madoff, for several years. One day, Bernie called Steve, collect, and thus began the conversations between Madoff and Fishman that makes this telling of the Madoff Ponzi scheme like none other.

The tale is certainly compelling (how can a story of the largest known Ponzi scheme not be fascinating) and hearing Bernie Madoff talking about what he did and hearing what he says motivated him makes this series something I listened to from beginning to end, almost without taking a break. Through it all, as had happened just about every time I read or heard about Madoff, I was amazed that he was able to perpetrate his fraud for as long as he did, which, depending on who you believe, started somewhere between the early 1960s and 1992 (even Madoff gives different dates for when he started). This is no surprise. All too often, when fraudsters are caught, they try to minimize the extent of their wrongdoing. If they know that you’ve found $1,000, they’ll tell you that $1,000 was all they took. If you go on to find more, then the story will change a little to include what you’ve found. It’s very rare that a fraudster will confess to the full extent of her crime at the first go around (or even at the second or third).

As I listened to the series, something became very apparent. Often when people discuss the Madoff Ponzi scheme, one tends to get the feeling that, for decades, he took money from new investors to pay off old investors and carried on his multi-billion-dollar scheme without a single soul blowing the whistle on him. But that’s not the case. In a 477-page report from the U.S. Securities and Exchange Commission Office of Investigations (OIG) entitled “Investigation of Failure of the SEC to Uncover Bernard Madoff’s Ponzi Scheme – Public Version”, between June 1992 and December 2008, the Securities and Exchange Commission (SEC) received “six substantive complaints” regarding Madoff’s company and some of these complaints were submitted more than once.

One complaint mentioned in the report was received three times, with versions submitted in 2000, 2001 and 2005; the 2005 version was even entitled “The World’s Largest Hedge Fund is a Fraud”. This complaint series was submitted by Madoff’s most well-known nemesis, the whistleblower, Harry Markopolos. But, there were at least five other individuals who shared their concerns and suspicions about Madoff with the SEC. Three of these specifically used the words “Ponzi scheme”, including the first complaint, in 1992. Based on these complaints, the SEC conducted two investigations and three examinations and, even though the complaints explicitly stated that they suspected that Madoff Investments was a Ponzi scheme, none of the investigations or examinations concluded that Madoff was operating a Ponzi scheme. To add to this, the SEC was aware of two articles that questioned Madoff’s returns. Over the years, several investment companies performed their own due diligence and decided that Madoff’s company did not make sense and they believed that investing with Madoff would be a violation of their fiduciary duty to their clients. Despite all of this, none of these investigations or exams contained a finding of fraud.

Whether you’re a Certified Fraud Examiner (CFE) or a CPA, Certified in Financial Forensics (CFF), the work that you do is governed by a set of professional standards that help establish a performance baseline. This begins with competence. This means that those taking on an assignment should be able to complete the assignment successfully. This does not necessarily mean that whoever is leading the job needs to know how to do everything. It does mean that they should ensure that there is the right skill set working on the job, even if it means the use of referrals or consultation. Too many times, while reading the OIG report, the reader confronts the mention of a lack of experience. Listening to Ponzi Supernova, I learnt that at least one examiner was only three weeks out of school. The OIG report stated that, for one examination, because the person leading the investigation had no knowledge of how to investigate a suspected Ponzi scheme, they decided to just not investigate that claim; they decided instead to investigate what they knew, and that was front running (though even that investigation was carried out poorly).

Another ACFE professional standard is that of due professional care. Due professional care “requires diligence, critical analysis and professional skepticism”. It also means that any conclusion that a CFE reaches, must be supported by evidence that is relevant, sufficient and competent. Several times during the various investigations and examinations, SEC staff would ask Madoff or his employees questions and then accept any answers they were given without seeking any third-party confirmation. Sometimes, even when third-party confirmation was sought, the questions asked of those third parties were not the correct ones. Madoff himself tells the story of how, in 2006, Madoff testified that he settled trades for his advisory clients through his personal Depository Trust Company (DTC) account and he even gave the SEC his DTC account information. At this point Madoff was sure that, once the SEC checked this out, his fraud would be discovered. Instead, the SEC merely asked the DTC if Madoff had an account, and nothing more. Had they asked about account activity, they would have then discovered that Madoff’s account, even though it existed, did not trade anywhere near the volume purported by his statements. This brings up other aspects of due professional care; adequate planning and supervision. With proper supervision, the less experienced can be trained not just to ask questions, but to ask, and get adequate answers to, the correct questions. The person reviewing their work would be able to ask them, “did the answer that you got from the DTC answer the question that we are asking? Can we now confirm not that Madoff has an account with the DTC but, instead, that he is trading billions of dollars through these accounts?”

Time and time again, in the OIG report, the SEC stated that they did not have experienced and adequate staff for their examinations and investigations of Madoff. This was an excuse that was used to explain why, for instance, they did not send out requests for third-party confirmations, even after drafting them. In one case, staff stated that they did not send out a request to the National Association of Securities Dealers (NASD) because it would have been too time-consuming to review the data received. Adequate planning would have made sure that there was sufficient, qualified staffing to review the data. Adequate supervision would have ensured that this excuse for not sending out the request was squashed. However, it is not the case that no third-party confirmation requests were sent out. Some were and some of those sent out received responses. Responses were received from the NASD and other financial institutions These entities all claimed that there was no activity with Madoff on the dates that the examiners were asking about. Even with that information, there was no follow-up on the part of the examiners. At every turn, there seemed to be a lot of trust and just about no verification. This is even more surprising when you hear that the examiners would write notes about how Madoff was obviously lying and how many people had reported to the SEC that Madoff was running a dishonest business. Even with so much distrust, and so many whistleblowers, it turned out that those sent to shine a light on Madoff’s operations all seemed to be looking in all the wrong places.

Part of planning an investigation is determining what is being investigated and how the investigation is going to be executed. A very important part of the process is determining, beforehand, what will be done with negative results. When third-party responses were received and they all stated Madoff had not done business with them as claimed, the responses appear to have been filed and no further action taken. When responses were not received, the SEC did not follow up to find out why nothing had been returned. They likely would have found that the institution had not responded to the inquiry because there was nothing to respond about. There does not appear to have been a defined protocol on what to do when the answer to the question, “did this happen” was “No.”

I urge you to, at the very least, read the executive summary of the OIG report. For me at least, what Madoff could get away with, time and time again, with each subsequent SEC examination or investigation, is jaw-dropping. The fact that 1) several whistleblowers shared their concerns and even accompanied them with a great deal of detail and 2) that articles were written and yet, 3) those with access to the information that could prove, with very little effort, that Madoff was not doing what he claimed to be doing, found nothing of concern is something I struggle to comprehend. This whole sad history does underline the importance of referring to, and abiding by, our professional standards, to minimize the risk of missing a fraud like this one. Most importantly, it reduces the risk that someone might get an aneurism trying to wrap their mind around how, even when so many others could see that something was amiss, the watchdog missed it all!

Team Work is Hard Work

From reading posts and comments posted to LinkedIn, it seems that a number of our Chapter members and guests from time to time find themselves involved in internal fraud investigations either as members of internal or external audit units or as sole practitioners.  As CFE’s we know that we can make significant contributions to a financial crime investigation, if we can work effectively, as team members, with the victim company’s internal and external auditors, as well as with other constituents involved in resolving allegations or suspicions of internal fraud. In addition to a thorough knowledge of accounting and auditing, CFE’s bring to bear a variety of skills, including interviewing, data mining and analysis.  We also know that some auditors assume that simply auditing more transactions, with the use of standard procedures, increases the likelihood that fraud will be found. While this can prove to be true in some cases, when there is suspicion of actual fraud, the introduction of competent forensic accounting investigators may be more likely to resolve the issue and bring it to a successful conclusion.

Within the boundaries of an investigation, we CFE’s typically deal with numerous constituencies, each with a different interest and each viewing the situation from a different perspective. These parties to the investigation may well attempt to influence the investigative process, favor their individual concerns, and react to events and findings in terms of personal biases. CFE’s thus often have the task of conveying to all constituencies that the results of the investigation will be more reliable if all participants and interested parties work together as a team and contribute their specific expertise or insight with objectivity. In the highly-charged environment created by a financial crime investigation, the forensic accounting investigator can make a huge contribution just by displaying and encouraging the balance and level headedness which comes from his or her detailed familiarity with the mechanics of the standard types of financial fraud.

The ACFE recommends that all parties with a stake in the process, management, audit committee, auditors, and legal counsel, should always consider including forensic accounting investigators in the front-end process of decision making about an investigation. One of the key initial decisions is, usually, the degree to which the forensic accounting investigators can work with and rely on the work of others, specifically, the internal and external auditors. Another common front-end decision is whether CFE’s—with their knowledge of accounting systems, controls, and typical fraud schemes, may be added to the team that eventually evaluates the organization’s business processes to strengthen the controls that allowed the fraud to occur. Management may at first be inclined to push for a quick result because it feels the company will be further damaged if it continues to operate under a shadow.

Senior executives may be unable or in some cases unwilling to see the full scope of issues and may attempt to limit the investigation, sometimes as a matter of self-protection, or they may seek to persuade the CFE that the issues at hand are immaterial. Whatever happened, it happened on their watch, and they may understandably be very sensitive to the CFE’s intrusion into their domain. Any defensiveness on the part of management should be defused as quickly and as thoroughly as possible, usually through empathy and consideration on the part of the forensic accounting investigator. The party or entity engaging the forensic accounting investigator, for example, the audit committee, management, or counsel, should be committed to a thorough investigation of all issues and is ultimately responsible for the investigation. The committee may engage CFE’s and forensic accounting investigators directly and look to them for guidance, or it may ask outside counsel to engage the CFE, who usually will work at counsel’s direction in fulfilling counsel’s responsibilities to the audit committee.

Every CFE should strive to bring independence and objectivity to the investigation and strive to assist each of the interested parties to achieve their unique but related objectives. As to the CFE’s  objectives, those are determined by the scope of work and the desire to meet the goals of whoever retained their services. Regardless of the differing interests of the various constituencies, forensic accounting investigators must typically answer the following questions:

  • Who is involved?
  • Could there be coconspirators?
  • Was the perpetrator instructed by a higher supervisor not currently a target of the investigation?
  • How much is at issue or what is the total impact on the financial statements?
  • Over what period did this occur?
  • Have we identified all material schemes?
  • How did this happen?
  • How was it identified, and could it have been detected earlier?
  • What can be done to deter a recurrence?

CFE’s should always keep in mind that they are primarily fact finders and not typically engaged to reach or provide conclusions, or, more formally, opinions. This differs from the financial auditor’s role. The financial auditor is presented with the books and records to be audited and determines the nature, extent, and timing of audit procedures. On one hand, the financial statements are management’s responsibility, and an auditor confirms they have been prepared in accordance with generally accepted accounting principles after completing these procedures and assessing the results. The CFE or forensic accounting investigator, on the other hand, commands a different set of skills and works at the direction of an employer that may be management, the audit committee, counsel, or an auditing firm itself.

Teaming with all concerned parties together with the internal and external auditors, the forensic accounting investigator should strive to bring independence and objectivity to the investigation and strive to assist each of the interested parties to achieve each team member’s unique but related objectives; management understandably may be eager to bring the investigation to a quick conclusion. The chief financial officer may be defensive over the fact that his or her organization allowed this to happen;   the board of directors, through the independent members of its audit committee, is likely to focus on conducting a thorough and complete investigation, but its members may lack the experience needed to assess the effort. In addition, they may be concerned about their personal reputations and liability. The board is likely to look to legal counsel and in some cases, to forensic accounting investigators to define the parameters of the project;  as to counsel, in most investigations in which counsel is involved, they are responsible for the overall conduct of the investigation and will assign and allocate resources accordingly; the internal auditor may have a variety of objectives, including not alienating management, staying on schedule to complete the annual audit plan, and not opening the internal audit team to criticism. The internal audit team may also feel embarrassed, angry, and defensive that it did not detect the wrongdoing; the external auditor may have several concerns, including whether the investigative team will conduct an investigation of adequate scope, whether the situation suggests retaining forensic accountants from the auditors’ firm, whether forensic accountants should be added to the audit team, and even whether the investigation will implicate the quality of past audits.

In summary, team work is complex, hard work.  While fraud is not an everyday occurrence at most companies, boards and auditing firms should anticipate the need to conduct a financial fraud investigation at some time in the future.  CFE’s can be an integral part of the planning for such investigations and can be of great help in designing the pre-planned team work protocols that ensure that, if a fraud exists, there is a high probability that it will be identified completely and dealt with in a timely and appropriate manner.

Exploiting the Dual

businessmeet1Many of today’s CFE’s hold dual certifications as CPA’s, CIA’s, CISA’s and a host of others.  This proven enhanced expertise endows the employers of fraud examiners engaged as full time corporate auditing staff with a whole host of new and exciting fraud detection and prevention capabilities.  This is especially true of corporations whose operations are daily fraud targets.  Rather than dealing with the infrequent single instance of fraud, as is most often the case in conventional CFE practice, these staff practitioners endow their employers with enhanced power in the task of devising investigative and preventative approaches to cope with random, most often automated, fraud attempts arriving on a recurring basis, twenty-four hours a day, 365 days a year.

One of the most effective innovations that dually certified CFE’s can bring to bear in such dynamic fraud environments involves some version of a mixture of continuous monitoring, continuous fraud auditing and continuous assurance. As the external and internal auditing professions view the first of these general concepts, continuous monitoring constitutes a feedback mechanism, primarily used by management, to ensure that systems operate and transactions are processed as prescribed. For example, as one of hundreds of possible examples, management might mandate that its staff CFE (s) periodically monitor the key fraud prevention controls that ensure that customer orders are checked against credit limits to ensure that the controls remain in place and aren’t deactivated.

Continuous auditing for fraud has been defined as the collection of evidence concerning fraud scenarios, by one or more examiners, on systems and transactions, on a continuous basis throughout a temporal period. For example, the staff examiners could routinely extract details of any unusually large adjusting journal entry for investigation, validate the reasons for the entry, determine whether it had been approved, and document these findings. The historical case file of irregularities will be built up from this and like evidence and from its related investigation, as will the examiner’s knowledge of the landscape of on-going fraud threats confronting the business.

Continuous fraud control assurance can even provide a concurrent or on demand assurance opinion on systems or transactions. A continuous opinion could represent an examiner’s or auditor’s opinion that overall fraud prevention controls are operating satisfactorily, unless a report is given to the contrary (often referred to as an ‘evergreen’ fraud control report). On-demand assessment concerning the functioning of key anti-fraud controls can be called for at any time to provide a spot evaluation at a point that does not necessarily coincide with a fiscal year or month-end. For example, a potential investor or lender might want to know the state of a company’s fraud prevention controls on the day that he/she makes a final investing or lending decision. Although these types of control assessments are still relatively rare, it’s possible that, given the pervasiveness of fraud in some heavily automated financial industries, the demand for this type of assessment may accelerate in the future.

Each of these three elements are built upon (and depend on) the one that precedes it. A continuous process of fraud assessment needs continuous monitoring systems to be in place to be effective. These monitoring systems provide the evidence to be collected and assessed upon which to build management assurance.

One of the biggest benefits of a program of continuous fraud control assessment is the beneficial effect it can have on an employing organization’s overall fraud control program. It’s obvious that, with continuous assessment, any key fraud control failures are detected and fixed as soon as they occur, bringing the effectiveness of the failed controls again more closely into conjunction with management’s expectations.  An additional plus for the continuous fraud control evaluation approach is that it provides early warning of problems; employing management can be apprised of a control failure as soon as it happens, providing maximum rectification time. Early warning reduces rectification downtime for the control. The objective is for the external auditors, when they later perform their checks, to find that the control weakness identified by the staff fraud examiner is now corrected and the corrected control operative as of the sign-off date, thus avoiding audit points.  One more advantage conferred by the presence of a dually certified fraud examiner on the audit staff is that many of the controls critical to the anti-fraud program can be fully automated under the CFE’s supervision and thus lend themselves to a continuous review approach. This proactive ‘no surprises’ approach to fraud control should be attractive to all organizations considering employing those holding the CFE certification as either staff auditors or security professionals.

What does it take for management to get this fraud prevention approach off the ground?  First, hire more dually certified CFE’s.  Next, automation is key to the program’s success, especially emphasizing data mining and analytics. Technology that can speed up communication is also needed, because there is no value in identifying an issue quickly if it is not communicated equally quickly to those who need to know about it. Continuous auditing for fraud includes continuous monitoring and reporting by exception on problems that arise. Therefore, the control environment of the employing organization must be at least good enough to ensure that the number of exceptions detected is not initially overwhelming. If anti-fraud controls are at a semi-mature level of effectiveness, however, there is really no reason why, with effort, a continuous assurance approach can’t work.

In setting up continuous audit tests, CFE’s must understand what can go wrong and know what they are looking for, in advance; this is a point where dual certification as an experience CPA or CIA is a plus in guiding the testing process and for creating the business rules for detecting exceptions and understanding them. This latter point is no trivial matter since something that could seem an exception under one set of circumstances, can be perfectly normal under a different set and trained financial assurance professionals know the difference.

Creatively employing their dually certified CFEs in an enhanced fraud detection and prevention effort based on the continuous audit approach confers several benefits to any management while enhancing the fraud prevention program:

–Creation of a database of the most frequently occurring fraud scenarios coupled with the most effective audit approaches to investigate and resolve them;

–Development of tailored data analytics and investigative tools for common fraud scenarios; auditors can get the fraud related data they need when they want them;

— Faster and more thorough fraud examinations and greater depth of audit for the same cost;

— Investigation and resolution of fraud related issues as they occur is a proven proactive approach demonstrating an enhanced level of management due diligence;

— The entire audit staff can have more alternatives in the way they perform fraud related work, including reliance on preventive controls like front end systems edits which prevent fraud be screening out transactions likely to contain fraud on the system’s front end.

–Because fraud related auditing is more effective it becomes more visible for those being audited both within and without the enterprise. Senior management has first-hand knowledge that auditors are ‘on the case’ even if they do not see them every day of the week. This visibility can also act as an additional deterrent to frauds, both internal and external.

On Auditors, Lawyers & Data

corp-counselWhen it comes to gaining access to sensitive, internal digital data during a forensic examination, the corporate council can be the fraud examiner’s best ally.  It, therefore, behooves us to fully understand the unifying role the client counsel holds in overseeing the entire review process.  As our guest blogger, Michael Hart, and other experienced practitioners have pointed out, data analysis becomes most effective when it’s integrated into the wider forensic accounting project.  If the end results are to cohere with findings from other sources, forensic data analysis should not be performed as a separate investigation, walled off from the other review efforts undertaken to benefit the client. Today, it’s a truism that data analysis can serve many functions within a forensic accounting project. On some occasions, it’s rightfully the main engine of an engagement. When such is the case, data analysis is used for highlighting potentially unusual items and trends. More often, however, in actual practice, data analysis is a complementary part of a wider forensic accounting investigation, a piece of a puzzle (and never the be all and end all of the investigation), that involves several other parallel methods of information analysis or evidence gathering, including document review, physical inspection, and investigative interviews.

The timing of the data analysis work depends on the extent to which the forensic accounting team needs to work with the results as defined by counsel. Frequently, once the method of a fraud has been established, data analysis is conducted to estimate the amount of damage. If the team knows that several components of an organization were affected by a fraud scheme, that team may be able to compare these results with those derived from analyses of unaffected branches and, after adjusting for other relevant factors, provide management with a broad estimate of the total effect on the financial statements. When such an approach is used, the comparison should be performed after the investigation has determined the characteristics of the fraud scheme. However, in most cases, as the ACFE tells us, the purpose of data analysis in an investigation is to identify suspicious activity on which the forensic accounting team can act.

Suspicious transactions can be identified in several ways: comparing different sources of evidence, such as accounting records and bank statements, to find discrepancies between them; searching digital records for duplicate transactions; or identifying sudden changes in the size, volume, or nature of transactions, which need to be explained. While data analysis often is a fast and effective way of highlighting potential areas of fraud, it will never capture every detail that an experienced fraud examiner can glean from reviewing an original document. If data analysis is performed to identify suspicious activity, it typically is performed before any manual review is carried out. This helps ensure that investigative resources are targeting suspicious areas and are concentrating on confirming fraudulent activity rather than concentrating on a search for such activity within a sea of legitimate transactions.

The first person to be contacted when there is a suspected fraud is typically in-house counsel. Depending on the apparent severity of the matter and its apparent location in the company, other internal resources to be alerted at an early stage, in addition to the board (typically through its audit committee), may include corporate security, internal audit, risk management, the controller’s office, and the public relations and investor relations groups. Investigations usually begin with extensive conversation about who should be involved, and the responsible executives may naturally wish to involve some or all the functions just mentioned.  Depending on the circumstances, the group of internal auditors (if there is one) can in fact be a tremendous asset to an independent forensic investigative team. As participants in the larger team, internal auditors’ knowledge of the company may improve both the efficiency with which evidence is gathered and the forensic team’s effectiveness in lining up interviews and analyzing findings. The ACFE advices client executives and in-house counsel to engage an external team but to consider making available to that team the company’s internal auditors, selected information systems staff and other internal resources for any investigation of substantial size.

The key to the success of all this from the forensic accountant’s point of view, especially in gaining access to critical digital data, can be the corporate counsel.  On one hand, the forensic accounting investigator may find that the attorney gives the forensic accounting investigator free rein to devise and execute a strategic investigative plan, subject to the attorney’s approval. That scenario is particularly likely in cases of asset misappropriation. On the other hand, some attorneys insist on being involved in all phases of the investigation. It’s the attorney’s call. When engaged by counsel, forensic accounting investigators take direction from counsel. You should advise per your best judgment, but in the end, you work at counsel’s direction.

When working with attorneys on projects involving sensitive digital data, forensic accounting investigators should specifically understand:

  • Their expected role and responsibilities vis-à-vis other team members;
  • Critical managers and players within the information systems shop and their various roles;
  • What other professionals are involved (current or contemplated);
  • The extent and source of any external scrutiny (SEC, IRS, DOJ, etc.);
  • Any legal considerations (extent of privilege, expectation that the company intends to waive privilege, expectation of criminal charges, and so on);
  • Anticipated timing issues, if any;
  • Expected form, timing, and audience of interim or final deliverables;
  • Specifics of the matters under investigation, as currently understood by counsel;
  • Any limitations on departments or personnel that can be involved, interviewed, or utilized in the investigation process.

Independent counsel, with the help of forensic accounting investigators, often takes the lead in setting up, organizing, and managing the entire investigative team. This process may include the selection and retention of other parties who make up the team. Independent counsel’s responsibilities typically encompass the following:

  • Preparing, maintaining, and disseminating a working-group list (very helpful in sorting out which law firms or experts represent whom);
  • Establishing the timetable in conjunction with the board of directors or management, disseminating the timetable to the investigating team, and tracking progress against it;
  • Compiling, submitting, and tracking the various document and personnel access requests that the investigating team members will generate;
  • Organizing client or team meetings and agendas;
  • Preparing the final report with or for the board or its special committee, or doing so in conjunction with other teams from which reports are forthcoming;
  • Establishing and maintaining communication channels with the board of directors and other interested parties, generally including internal general counsel, company management, regulatory personnel, law enforcement or tax authority personnel, and various other attorneys involved.

As fraud examiners, we’re frequently conversant in areas related to financial accounting and reporting such as valuation, tax, and the financial aspects of human resource management but conversant doesn’t necessarily indicate a sufficient level of knowledge to fully guide a complex organizational investigation.  What we can do, however, is to work closely with the corporate counsel to assist him or her in the building of a team on the back of which even the most complex examination can be brought to a successful conclusion.

From the Head Down

fishThe ACFE tells us that failures in governance are among the most prominent reasons why financial and other types of serious fraud occur.  Often the real cause of major corporate scandals and failures detailed in the financial trade press is a series of unwelcome behaviors in the corporate leadership culture: greed, hubris, bullying, and obfuscation leading to fantasy growth plans and decisions taken for all the wrong reasons; so, that old saying remains true, fish rot from the head down.

CFE’s find themselves being increasingly called upon by corporate boards and upper operating management to assist as members of independent, control assurance teams reviewing governance related fraud risk. In such cases, where a board has decided to engage a third party, such as a consulting firm or law firm, to assess the risk associated with certain governance processes and practices, a CFE member of the team can ensure that the scope of work is sufficient to cover the risk of fraud, that the team’s review process is adequate, and that the individuals involved can provide a quality assessment.  Thus, if the CFE has suggestions to make concerning any fraud related aspect of the engagement, these can be shared with the review team as a whole.

As the fraud expert on a review team identifying governance related risks, the ACFE recommends that the CFE keep an open mind. Even the best boards, with the most experienced and competent directors, can fail. Examples of red flag, fraud related governance risks to consider include:

–Organizational strategies are approved and performance monitored by executives and the board without reliable, current, timely, and useful information;
–There is too great a focus on short-term results without sufficient attention to the organization’s long-term strategy;
–Oversight by the board is limited by a lack of directors with the required business, industry, technical, IT, or other experience;
–The board’s dynamics do not include sufficient challenge and skeptical inquiry by independent directors;
–Oversight by the audit committee is limited by a lack of experience in financial reporting and auditing;
–There have been instances in the past of the external auditors having failed to detect material misstatements because part of their team lacked the necessary industry experience and understanding of relevant accounting standards;
–Board oversight of risk management is constrained by a lack of risk management experience;
–Strategies approved by the board are not linked to individual goals and objectives of managers in operating departments or over key business processes;
–IT priorities are not consistent with business and organizational priorities due to a lack of communication and alignment of goals and incentive programs;
–Employees do not understand the corporate code of business conduct because it has not been clearly communicated and/or explained to them.

Once the team has identified and assessed the principal governance-related risks, the first step is to determine how to address them. The review team should take each in turn and determine the best approach. Several options might be considered. Using generally accepted traditional control approaches, many governance-related risk areas (such as awareness of the corporate code of conduct, alignment of management incentive plans and organizational strategies, or the quality of information used by the executive leadership team and the board) can be addressed without too much difficulty.

Next, the CFE needs to consider which fraud risks to recommend to the team for periodic re-assessment in recurring risk assessment plans. It’s not necessary or appropriate to periodically assess every identified governance-related fraud risk, only those that represent the most significant on-going risk to the success of the organization and its achievement of its overall fraud prevention objectives.

In a relatively mature organization, the most valuable role for the CFE team member is likely to be that of providing assurance that governance policies and practices are appropriate to the organization’s fraud risk control and management needs – including compliance with applicable laws and regulations – and that they are operating effectively.  On the other hand, if the organization is still refining its governance processes, the CFE may contribute more effectively to the governance review team in an anti-fraud consulting capacity advising or advocating improvements to enhance the evolving fraud prevention component of the organization’s governance structure and practices.

Within the context of the CFE’s traditional practice, there will be times when the board or general counsel (which has so often historically directly engaged the services of CFEs) wants the assessment of a particular governance fraud risk area to be performed by the in-house counsel.  In such instances, the CFE can directly partner with the in-house staff, forming a relationship alternative to performance as a review team member with another type of assurance provider or outside consultant.  This arrangement can offer significant advantages, including:

–Ensuring that the CFE has the benefit of the in-house legal team’s subject-matter expertise as well as knowledge of the company;
–Allow more CFE control over the scope of work, the way the engagement is performed, the conclusions drawn, and over the final report itself; for example, some CFE’s might feel more confident about expressing an opinion on whether the fraud risk under review is managed effectively by the board with in-house counsel support.

A risk-based fraud prevention plan is probably not complete unless it includes consideration of the risks inherent in the organization’s governance processes. Selecting which areas of governance to review should be based on the assessed level of risk, determined with input from management and (in all likelihood) the board itself. Different governance risk areas with fraud impact potential may merit different CFE involved review strategies, but, whatever approach is taken, careful planning is always a must.

Reviews of fraud risk related to corporate governance are never easy, and they often carry political risk. However, they are clearly important and should be given strong consideration as a component of every fraud prevention effort – not just because they are required by professional assurance standards, but because governance process failures can contribute so devastatingly to financial frauds of all kinds.

Situational Assessment

fraud-examinationAs a follow-on to our last post, newly minted CFE’s working for their first client can find themselves at something of a loss about the best way to initiate an investigation; I know that was certainly true of me at what now seems so many years ago.

Every fraud investigation is a minefield whose first steps can impact the final outcome significantly. Insufficient care, coordination or discretion at the launch of the investigation may tip off the suspect, causing the destruction of potentially vital evidence. Moreover, information collected hastily without sufficient attention to procedure might prove inadmissible in court, or even lead to sanctions and fines. Any experienced practitioner will tell you that a whole host of challenges beset those of us responsible for looking into potential wrongdoing. But, as the ACFE also tells us, taking the right steps before an investigation can significantly reduce the risk of error, helping to ensure the entire investigation is planned correctly and carried out efficiently.

The ACFE advocates the performance of an initial fact finding or situational assessment phase of every investigation.  The CFE (and his or her employing attorney, if there is one) first need to assess whether an allegation has merit. This process should begin with consideration of the complainant’s credibility and motives (when that person’s identity is known) as well as other possible indications of the allegation’s likely validity. The examiner should avoid snap, simplistic judgments. Just because a complainant lacks credibility or may have ulterior motives doesn’t necessarily mean there is no need for an investigation. By the same token, even a highly credible individual can make an unfounded allegation. Upon close examination, allegations often contain specific facts, especially those related to the workings of the organization, that can help support assertions and provide the CFE a basis for corroboration moving forward.

The recommended initial situational assessment can be additionally vital because insider wrongdoing especially can have a significant impact on the organization, even more so when committed by a member of senior management. The assessment should include examination of monetary, regulatory, reputational, and other known risks.

An obvious goal for the CFE in every fraud case we work is to determine the extent of existing damage and prevent further losses. This can be difficult, as allegations rarely include an exact amount of stolen funds or an assessment of organizational impact. For example, the monetary impact of vendor kickbacks to employees is often hard to assess, as it involves gauging the extent to which the organization may have received insufficient value for the products it purchased. In these circumstances, the CFE may want to assess the extent to which the vendor is used and consider the common fraud risk associated with the industry, organization and type of vendor.

What’s more, in today’s gold fish bowl regulatory environment, issues of concern to regulators increasingly include insider trading, bribery of public officials, manipulation of publicly listed companies’ financial statements, money laundering, and privacy or data breaches. If an organization fails to conduct an adequate fraud investigation or take appropriate corrective measures, the regulator may initiate its own investigation or, where a funding relationship exists, withdraw support from the organization altogether. If allegations relate to an organization’s foreign operations, or involve activities in jurisdictions with extraterritorial legislation, international regulatory requirements should also be considered. Many countries have enacted anti-bribery legislation, including the United States’ Foreign Corrupt Practices Act (FCPA), Canada’s Corruption of Foreign Officials Act, and the United Kingdom’s Bribery Act. Running afoul of these laws can have significant consequences for any of our clients.

And finally, the potential reputational damage to an organization from fraud must never be taken lightly. Examples of circumstances that may pose significant reputational risks include payments to foreign government officials, circumvention of local or foreign laws, and accepting incentives from suppliers.

The CFE and the employing attorney are in a unique position in carrying out the initial situational assessment to collect and evaluate available evidence to assist the organization in its initial understanding of the case and to plan the investigative response. This process may include preparing a preliminary evaluation of the losses or follow-on risks to which the organization has apparently been exposed.  Once the attorney has communicated to the organization the facts and issues, consideration should be given to whether to pursue criminal charges or civil remedies (i.e., recovery of funds), as it will affect the CFE’s approach to the entire inquiry process. For instance, in the United States and Canada, the standard of proof for criminal charges is higher than that of civil remedies. Further, the makeup of the CFE’s investigative team may be different depending on the objectives of the investigation. Decisions may change over time and as new circumstances of the case come to light, the investigative strategy may also need to change.

Ideally, the investigative team for the initial assessment should be kept as small as possible, and participation should be on a “need-to-know” basis. Moreover, team members must not have any conflicts that would, or even be perceived to, impair their judgment or objectivity in the investigation.

ACFE Standards also require that the team be comprised of appropriately skilled and qualified individuals to perform, or at least oversee, the evidence collection process, particularly of electronic evidence. Team members need to be informed that any one of them may be called upon to testify as a witness in court and that notes and work papers are discoverable and could appear before a judge or jury. Therefore, work paper files, including interview notes and communications, should be thorough and carefully maintained. Numerous additional considerations should be kept in mind when choosing members of the investigation team on the front end, including participants’ independence, as well as the potential need for additional legal counsel, supplementary investigative experts, and other expertise. Maintaining independent oversight is crucial to the investigation’s credibility; failure in this area leaves all the investigative findings open to criticism by opposing counsel, regulators, or law enforcement agencies. In many cases, especially those involving financial matters, corporate counsel supported by CFE’s or forensic accountants might be in the best position to manage the overall investigation.

To protect litigation privilege, the employing attorney or independent external counsel will be included in the CFE’s investigation from the beginning. These experts can also advise the CFE on legal matters such as employee suspensions or terminations and evidence gathering techniques to help ensure future court admissibility. Moreover, by adding credibility, counsel, internal or independent, provides assurance that the investigation will stand up to external legal scrutiny.

The independent, reputable CFE can add credibility to a fraud inquiry from first to last, bring current knowledge of relevant issues, and provide or coordinate the acquisition of skills that many companies lack in areas such as computer forensics, analytics, and forensic accounting. Such help is also important if opinion testimony may be required, as the testimony is admissible only if it comes from witnesses (like CFE’s) whom the courts determine are experts. When needed, for example, in cases that may lead to pursuit of criminal charges or civil remedies, supplementary experts should be retained early on. To maintain litigation privilege, investigators and experts should always be retained through the CFE’s employing attorney or external counsel.