Category Archives: Examination Follow-Up

Value Added

value-addedI was reading an article in one of the business magazine to which I subscribe the other day in which a well-known business pundit was reporting that the Fortune 500 companies he interviewed for his article were becoming more and more concerned with getting increased levels of value at every level from their investments in their co-partners.  This search for higher levels of value means more pressure for performance at those same management levels and with more pressure, as every CFE knows, comes more potential for management frauds.  Fraud prevention programs cannot be immune to this phenomenon.

CFE’s have traditionally not had to consider the importance of adding value when performing their investigations since, in the case of a suspected or identified fraud, the ‘value’ of the investigation was all too apparent, i.e., to describe and, possibly, prosecute the fraudster and to lay the ground work to prevent a similar instance of the same scenario from recurring. Beyond the written report of the investigation itself, follow on (if there was any) typically consisted of verifying compliance with policies and procedures, without providing recommendations for improvement of the fraud prevention program itself or performing other consultative activities. The fraud examiner’s role was often more akin to that of a police officer than to that of a business partner.

In today’s environment, however, the evidence from practice increasingly indicates that CFE’s, like all other co-parties, are under increasing pressure to provide services that enhance the value of their client’s investment in the valuable fraud prevention services CFE’s can provide, as adding value is becoming widely considered an integral part of even the investigative process.  But what does adding value entail, and how do CFE’s provide it? While the answer may vary depending on individual circumstances, CFE’s make potentially value-adding contributions throughout the entire investigative process and in almost every aspect of our work.

When management engages the services of the CFE, it’s applying a governance control.  CFE investigations provide management, the board of directors, external auditors, and, most importantly, the audit committee with vital information about the fraud and about the key controls whose failure allowed it.  This information is the groundwork for the prosecution of the fraudster, for corrective action, for the repair of the control structure, and vital for future fraud prevention.  This type of information may or may not be possible for CFE’s to quantify monetarily in all cases, but it definitely constitutes a value-added service to management.

Most large organizations employ some sort of risk-based fraud prevention plan or program. Management, needs to address the highest fraud risks within its organization, and the fraud prevention program must reflect and address those risks. It’s here that CFE consultation can prove invaluable.  A plan developed by incorporating the organization’s highest risk departments, business units, processes, and their respective fraud prevention controls makes effective use of limited organizational resources and thereby also adds value through efficiency.

During an engagement, the CFE may observe numerous opportunities for anti-fraud related process improvement or other enhancements that might ultimately either increase the organization’s security or help fulfill its over-all duty to protection its assets. But a word of caution. While this activity constitutes adding value, investigators need to be wary of overstepping. If they come to believe every engagement should routinely include a recommendation to improve the organization’s fraud prevention effort, practitioners risk directing organizational resources ineffectively. An investigator who spends too much time looking for improvements or added controls may be harming the organization by misdirecting resources that could be applied to more critical areas.  In evaluating risk versus reward, investigators must determine if the effort and resources expended to find an improvement are worth the potential benefits.  Key to prevention of this misstep is to communicate closely with your client and use that communication to never lose sight of how your investigation fits into the bigger picture of overall management objectives for its organization. It’s within that overall context that the fraud prevention effort should always be embedded.

Management, boards of directors, audit committees, and corporate counsel will all rely eventually on the fraud examiner’s report on the facts of an investigation and on the related fraud prevention controls over the processes and risks within the organization, and they will likely view this information as value-added.  So, to add value effectively through reporting, CFE’s need to consider where they want their audience to focus. Accordingly, they should consider the needs, wants, and resources of the various stakeholders who have engaged them. The final investigative report should be easy for readers to navigate, and if appropriate, it should stratify findings into categories of importance to effectively support the dual objectives of possible prosecution and immediate remediation.  With that said, every well written fraud report will add future value through its impact on the organization’s fraud prevention effort and the investigator should write it with an eye to that important follow-on objective.

Fraud examiners are recognized by the courts and by the public as fraud specialists. Their expertise in this and related areas enables them to help management analyze fraud related risks to the organization and to assist in the design of controls to mitigate those risks. By having the expertise to perform investigations, research issues, and benchmark with peers on best practices, CFE’s can become a truly valuable resource to any client management for fraud prevention program design. These activities also constitute adding value.

Developing a complete understanding of all the aspects of how the fraud examination process fits into the client organization should be an ongoing undertaking that also adds value, though it may be difficult to quantify in terms of dollars saved, or earnings, or reduced risks. To a degree, CFE’s, as I said above, add value simply by performing their functions effectively and efficiently. But careful attention to the organization’s risk profiles and to the information requirements of various players in the organizational governance framework represent an ongoing challenge to fraud examination and forensic accounting practitioners alike, and are the key to ensuring that the value they add is maximized.

Should We Fire Jane?

getting-firedAs a CFE your client’s employees are fifteen times more likely to steal from them than their customers. A classic rule of thumb for employers to use when considering employee dishonesty is: 10% of employees will steal no matter what is done; 10% of employees will never steal, no matter what the circumstances; and the remaining 80% may steal if you let them. The goal of loss prevention programs is, thus, to keep this 80% group from stealing. A strong deterrent for dishonest employees is knowing exactly what the ramifications of their actions will be. Employees must know that if any employee, at any level, steals or violates company policy, they will receive a fair hearing, swift, consistent, and serious sanctions will be imposed; and termination from employment, criminal prosecution and civil action may result.

So, it appears from your examination that Jane has embezzled what appears to be a lot of money over the past two years and she hasn’t cooperated with the investigation. Now your fraud report comprehensively lays out all the facts of the case and your client asks you flat out, “Should we fire Jane?”

Regardless of whether or not your client decides to seek criminal or civil recovery of fraud losses against an employee, your client needs to consider the future of the employee at their company. When confronted with a possible wrongdoer or with an employee like Jane who refuses to cooperate in the investigation of a suspected fraud, most employers immediately want to fire the employee. Whether the employee can or should be discharged depends on the facts of the case and the law in the employer’s state. There is usually a way to discharge the employee, but such cases need to be handled carefully so that the client doesn’t inadvertently open themselves to liability.

In some U.S. states, absent an employment contract, employment is considered “at will.” This means that the employer or the employee can sever their relationship at any time for virtually any reason. The only exception is that the employee cannot be discharged for a discriminatory reason based on such things as race, sex, disability, or national origin. In other states, the employer may be prohibited from terminating the employee unless the termination is for “just cause.” Before discharging any employee, it’s best to document in the employee’s file that the employer has ”just cause” to terminate employment, whether or not the client operates in an “at will” state.

Although there is no exact definition of “just cause,” there are several questions that the client company should ask before terminating Jane:

— Did Jane know that the conduct would be subject to discipline?

— Was the rule the employee violated reasonably relate to the safe, efficient, or orderly, operation of the business?

— Did the company investigate, formally or otherwise, to discover whether the employee violated the rule?

— Did the company conduct a fair and objective investigation?

— Did the company obtain significant evidence of a violation?

— Was the decision nondiscriminatory?

— Was the discipline related to the seriousness of the offense and the prior record of the employee?

As a CFE, your final report provides invaluable insight in formulating and obtaining documented answers to a majority of these questions.  If, based on the facts, the client company feels that discharge of the employee is likely, it should make sure that the employee’s actions and the company’s actions are well-documented and placed in the employee’s personnel file.

Make your client aware that issues of employee termination are complex and that in many cases it’s prudent to consult corporate counsel before acting. At least one state has recognized the right of an employee to sue for the employer’s failure to properly investigate charges against the employee before discharging him or her. Most of the courts that have addressed this issue have refused to recognize the claim however. Many states now recognize an implied contract between employers and employees arising out of employee handbooks. Handbook provisions might limit the right to discharge for ”just cause,” and the issue might be whether the employer has enough evidence of wrongdoing to constitute “just cause.” A few states recognize a duty on the part of the employer to deal with its employees fairly and in good faith. Documentation from the CFE’s report that the employer had good cause to terminate the employee should defeat this claim.

Other states recognize a public policy exception to “at will” employment. The employee must prove that her conduct is favored by a relevant public policy and that the employer retaliated against her for engaging in this “protected” activity. Again, the company will need to show that it had good cause to fire the employee and that it was not retaliating against the employee because of the protected conduct. For example, if an employee is fired because she supported a particular political candidate in the last election, a court or jury might find that his termination is in violation of the general public policy allowing people to vote for whomever they please. However, if the employee was conducting fund-raising activities on company time, the company would likely have good cause to terminate the employee and such termination would not be in retaliation of the employee’s support of a particular candidate.

The CFE can be of great assistance in marshaling the facts related to all the aspects of an employee discharge for cause.  Just bear in mind that these issues are often more complex than they seem and so always recommend that clients proceed with caution.

Making It Right


Register Today for Investigating on the Internet May 18-19 2016 RVACFES Seminar!

Congratulations!  You and your investigative team did all the hard work over many months and your client company has obtained a conviction of the bad guy.  What happens next?  The restitution phase of your examination, of course!  Client’s counsel has probably already told you (if you didn’t know it before) that the primary goal of a criminal statute is punishment of the convicted defendant, and for the most part criminal procedure does not concern itself with compensation or reparation of your client, the defendant’s victim. However, there are some opportunities to pursue recovery of losses caused by criminal conduct after the defendant’s conviction of which you should be aware.  So, according to the ACFE, what are some of the main issues involved with restitution?

Where the court suspends part or all of the defendant’s jail time and substitutes instead a term of probation, the court has the authority – either by statute or by its inherent powers – to specify the conditions of that probation, including an order to make restitution to the victim or otherwise to cooperate in the victim’s efforts to recover money or property. Restitution as a condition of probation can be ordered against both individual and corporate defendants, and may include a provision for installment payments over time to the victim. Usually the court will take the defendant’s ability to pay into account in ordering restitution, so that the defendant has a reasonable chance of meeting the restitution condition.  These and all terms of probation are supervised by the defendant’s probation officer who reports any failure of the defendant to obey or comply with probation conditions to the court. Restitution and other probationary terms are enforced by the threat of withdrawing probation and returning the defendant to jail to serve out his sentence if he fails to comply with one or more conditions of probation.

The court-designated probation officer usually makes sentencing recommendations – including any special probationary terms – to the court, so you should present any request to include a term of restitution to the probation officer as early in the pre-sentence investigation/evaluation process as possible. A request from the prosecuting attorney to include restitution as a term of probation also carries weight with the probation officer and with the court, so try to cultivate the prosecutor and familiarize her with your claim and supporting evidence. Cooperation with the prosecutor and police during the criminal prosecution can pay dividends in their willingness after conviction to persuade the court to impose a term of probation with an order of restitution.

Federal law (18 USC §§3663A and 3664) and an increasing number of state statutes direct or permit judges to order convicted defendants to make restitution to victims of their crimes as part of their punishment after conviction. These restitution orders are in addition to any other penalties provided by law for the defendant’s crimes. Unlike Victim’s Compensation Funds, these statutes apply to all crimes, including purely economic crimes. They also apply to defendants who do not receive probation as part of their sentence. Typically, statutory criminal restitution orders direct the return of the victim’s property, or its monetary equivalent if the property cannot be returned. Value may be calculated as of the date of loss or the date of sentencing, whichever is greater, according to some statutes. They also may direct the return of the fruits of the crime or the victim’s actual out-of-pocket expense caused by the crime.

A criminal restitution order may not apply, or be available, for a loss for which the victim has received, or will receive, compensation from another source, e.g. insurance (although the insurer may become subrogated to the victim’s rights and a court may enter the restitution order in favor of the insurer or other representative of the victim). Some statutes set a limit to the amount of restitution that can be ordered against a defendant who did not receive probation (although the limit usually does not apply to an order to return the victim’s property or its equivalent value) and/or direct the judge to take the defendant’s ability to pay into account. The federal statute and other state statutes direct that full restitution be ordered, although the court may take the defendant’s ability to pay into consideration in creating a payment schedule.

Unlike restitution that is ordered as a condition of conditional release (probation), a criminal restitution order can be enforced against the defendant even after his discharge from probation or his release from prison. The federal statute (and some state statutes) provide that a criminal restitution order may be enforced as a civil judgment by the victim against the defendant. Restitution orders also typically survive the death of the victim and may be enforced by his heirs or representatives. Criminal restitution orders are cumulative remedies and do not preclude the victim’s separate civil lawsuit against the defendant for the same conduct for which he was criminally convicted. However, any property or money received by the victim under a criminal restitution order will be credited against any civil judgment or restitution order.

The federal courts, and an increasing number of state courts, use legislatively mandated sentencing guidelines for convicted defendants. Besides the crime itself, and attendant facts and circumstances, these guidelines consider other factors that would allow a court to depart from the guidelines to enhance or reduce a sentence. One such factor is the defendant’s voluntary restitution before trial of the fruits of the crime or other compensation of the victim(s). This is not so much a remedy for the victim as encouragement for the wrongdoer to voluntarily make restitution before trial. Keep this fact in mind when negotiating with a criminal defendant for his cooperation during your fraud recovery effort.

Finally, be aware that many states maintain funds for the compensation of crime victims. These usually are funded, in part, by surcharges or fines assessed against the criminally convicted defendants. However, by the statutory terms and definitions, these funds typically are available only for crime victims who suffer physical injury or death from the defendant’s crime. However, it never hurts to look up the law in the relevant jurisdiction to see if reimbursement in whole or part for financial loss from fraudulent criminal conduct is available.

Investigating on the Internet

online-investigationThis May our Chapter, along with our partners the Virginia State Police and national ACFE will be hosting a two day seminar – ‘Investigating on the Internet – Research Tools for Fraud Examiners’.  This in-depth session will be taught by Liseli Pennings, Deputy Training Director for the ACFE.  We’ll begin enrolling students in mid-March, so pencil in the dates, May 18th and 19th!

Fraud examiners now have the ability to gain insights from, and test correlations with, a vast array of investigative relevant information on the Internet, which can be as diverse as suspect competitor information, regulatory filings, and conversations on social media.  Such analytics can provide CFE investigators with a variety of capabilities from investigative planning and risk assessment to fieldwork. They also enable fraud examination practitioners to provide clients with more compelling information about every experienced fraud.

Internet based investigation tools can be classified into three broad categories:

–Retrospective statistical analysis, used to gain deeper insight into important sub-processes in financial and operational areas related to the investigation subject.

–Forward-looking models, built to predict which areas of the business are riskier or simply require a greater level of fraud prevention focus.

–Advanced visualization analytics, used to help transform the investigation by providing deep analytical insights and actionable information through visual tools like interactive charts and dynamic graphics. In short, investigation on the internet has rapidly evolved from simply allowing CFE’s the ability to provide perspective in hindsight to helping them assemble rich digital views of the present investigative situation. Investigative, internet based analytics provide investigators with the potential to dramatically increase the value of the insights they can provide clients at every level of the examination from evaluation of business risks, to suspect analysis, and on to prosecutorial issues and challenges.

The first step in deploying internet based investigative tools effectively is determining the exact fraud scenario that needs to be addressed – what are the features constituting the scenario under review? Once specific fraud features have been identified, on-line analytical capabilities can be used to source facts, drive understanding, and generate knowledge by addressing three general questions:

–What data can be leveraged to enhance understanding of the exact fraud scenario and improve the performance of its investigation? It’s important to understand the source of the on-line data available and the systems and processes that produce it. Effective data evaluation by the examiner supports the accuracy, completeness, and reliability of the data used in her investigation.

–What is known about the general type of business processes related to the fraud?

–Exactly what fraud scenario is suspected to have transpired and why? What steps should be taken by the client immediately?

Canny use of the internet by the trained investigator can play an important role in answering these questions with a view to optimizing immediate investigative performance. The knowledgeable examiner can frequently look at on-line data from within the organization and outside it, with a focus on patterns, data mining and optimization, data visualization, advanced algorithms, neural analysis, and social networks.

These data can provide powerful insight into every aspect of our cases under investigation. In addition to examination field-work one of the most important uses of internet based investigative tools is to enhance fraud risk management. Analytics available on-line from the ACFE and others help provide a clearer understanding of risks and furnish insights as to how they can be mitigated. Ultimately, the objective is to develop and implement an analytical capability that provides the individual CFE with greater insight into the control failures associated with each major category of fraud. A second important use for internet analytics is to develop a deeper understanding of common fraud related issues. Once a potential issue has been identified, analytics can source the facts (e.g., what does the data tell us about the issue?), drive understanding of the facts (e.g., what has happened?), and generate knowledge (e.g., why did it happen?) to ultimately build a more complete presentation of fraud report findings. A third area for CFE’s to consider is how to leverage the use of the analytics performed for the fraud examination for use by the client throughout their organization. In this regard, the CFE’s report can become an important change agent, driving fraud prevention insights throughout the organization. Business managers and leaders of other organizational risk functions have a need to understand fraud risks and the correlations between data. In many cases, fraud investigative tools developed for use during a fraud examination can evolve into valuable fraud prevention tools and ownership can be transferred to business or functional leaders for ongoing use.

Consider keeping the following in mind when using internet based investigative tools in your investigation:

–Establish a clear understanding of what you’re trying to achieve in your investigation and ensure a linkage to examination planning. This should translate into defined objectives that drive the strategy and long-term vision for the use of the tools as well as surface near-term opportunities.

–Know the data.  It’s important for examiners to understand both the data they have and the data they don’t have when determining how and where to begin using the internet as an investigative tool. This knowledge also prioritizes efforts to collect what’s missing for future analyses and for enhancements to the data driven investigative program.

–Start with a targeted, ad hoc program which will likely yield greater benefits in terms of speeding insights, learning, and long term value. Take the time to learn first and then deploy necessary capabilities across your tool kit.

–Lever existing cumulative insights. These ever building insights may provide clues related to the risks and related fraud scenarios to start with, jump-starting the investigative program and build consistency with prior initiatives.

–Take steps to develop a written plan early on in every examination to take action and measure results accurately. Don’t forget that the client organization, systems, and processes that support fraud response and control remediation must be able to take action working with the insights that your final report provides.

Fraud examiners stand at the beginning of a new era in the use of internet based data to enhance the entire fraud examination life cycle. Taking the steps outlined above can help individual practitioners realize gains in effectiveness and efficiency while providing enhanced investigative services.

Please make plans to join your fellow RVACFE Chapter members and guests for an outstanding learning experience on May 18th and 19th.  You won’t be disappointed!

Follow the Leader

ManAtChart2One of our members was recently requested by her client to follow up on the fraud remediation efforts it had undertaken as a result of her fraud report (which resulted in the successful prosecution of a corporate manager).  The client in this case had no internal audit department or other staff to assist in fraud control remediation follow up and so engaged our Chapter member to assist their preparation for a year-end review by their external auditors.  Although fraud examiners have no formal requirement to perform follow ups at the close of our examinations, more and more CFE’s, given the complexity of some of today’s frauds, are being engage, as a follow on assignment, to assist our clients in doing so.

In a perfect world, our clients would be able to implement fraud control remediation steps after every engagement, leaving no doubt as to the status of re-mediated controls. But in the real world, of course, sometimes the precise remediation steps aren’t clear to the client and competing priorities, budget limitations, and other factors often prevent clients from putting the best prevention controls in place.  Significant on-going fraud risks may remain unaddressed, exposing the particular business process directly affected by the fraud, or even the whole organization, to potential harm.

Our member was happy for an additional opportunity to assist her client and, as a Certified Internal Auditor (CIA) as well as a CFE, her approach to the problem was interesting and, to me, well worth sharing.  Internal audit departments are required by their standards to establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action. This guidance was useful to our member in performing her follow up assignment.  But how formal should the follow up process be? What documentation should be created, and to whom should the results be communicated? How often should follow-up occur? These are all questions the chief internal auditor usually answers, but they can also be quite useful to CFE’s in shaping an approach in the event they are enlisted to conduct or participate in follow-up engagements of the examinations they’ve performed.

It goes without saying that a CFE’s follow-up procedures should best be tailored to the circumstances and culture of the client organization. To ensure fraud prevention policies and procedures are appropriately tailored to the organization, the CFE needs to evaluate organizational culture. There are two main types of organizational culture: formal and informal. In a formal culture, the board actively questions upper management about operational issues and risks facing the organization. The board relies on some internal entity like a budget or internal auditing division to identify issues and associated risks and to work with management to develop action plans that mitigate those risks. It requests that the assigned division provide some type of reasonable assurance that the issues and associated risks identified during any reviews are mitigated. Moreover, upper management actively participates in any follow-up engagements and seeks assurance that its managers are implementing action plans appropriately. In an informal culture, the board focuses more on operations and less on the issues, risks, and action plans identified in review reports. The board does not require reasonable assurance that risks identified in fraud reports are being mitigated. Upper management only requires an update on the progress being made on implementing any action plan.  Our chapter member’s client culture was of the latter, informal kind.

In an informal culture, follow-up procedures might entail simply asking appropriate departmental staff and management about the progress of action plans. During these discussions, the CFE may review only limited documentation. Based on the information obtained, the CFE can then make a final judgment regarding action plan status (i.e., complete, still in process, or unaddressed). The significance of the issues identified, associated fraud risks, and required action plans will also affect follow-up procedures. If any of the risks, issues, or plans are significant or affect future fraud prevention, the CFE may want to set up a schedule to periodically spot check the client’s progress on set dates during the remediation.

Regardless of the specific procedures used, documentation always constitutes the most important part of any follow-up process. With regard to documentation, our member followed IIA guidance according to which internal auditors should record relevant information to support the conclusions and engagement results. Follow-up procedures and results are no exception – CFE’s should ensure that follow-ups are documented just like any other review engagement.

The documentation should note who was interviewed, the date of the interview, the documentation reviewed, and the CFE’s assessment of whether recommended action plans are complete, still in progress, or unaddressed. In the case where members of the client’s management fail to implement management’s remediation action plan, the documentation should explain why. Moreover, it should indicate how affected management is mitigating the associated risk or whether management has simply chosen to accept it.

In my opinion, the CFE should considering periodically updating the client’s senior management on the progress of the remediation effort; such reporting should include significant risk and control, governance, and other issues as may be relevant to the effort. Because follow-up procedures are an integral part of management’s fraud prevention activities, the update report’s format will depend on the client’s expectations as defined to the CFE at the beginning of the follow up assignment.  These expectations will typically be a reflection of the organization’s culture.

In a formal culture, a CFE might conclude the follow up engagement by sending written reports to upper management (and the board) on any open issues. One of these reports would be detailed, listing issues, impact, action plans, employees responsible for implementation, status, and progress notes. The second report would be a summary heat map.  The heat map would quantify findings from the current follow-up engagement, including:

–Original issues from the fraud report;
–Action plans implemented to re-mediate the identified fraud scenario;
–Open action plans to revise the fraud prevention program (if warranted);
–Open action plans not due yet;
–Open action plans past due, as well as their impact;
–Aspects of the plan that will not be implemented (because of cost, redundancy, etc.).

In an informal culture, by contrast, the reporting procedures typically might consist of an oral presentation to upper management and the board. This is what our member chose to do.  The presentation included a discussion of the action plan implemented, the number of open actions, and the impact of open actions on the fraud prevention program. Even though the information was delivered verbally, the presentation’s content was still documented. If the number of open action items had grown substantially since the last follow-up engagement, our member tells us she would have discussed this finding with the client as well.

Thanks to our member for bringing forward a creative approach to following up on examination results!