Category Archives: Client Relations - Page 2

Inside and Out

college-studentsI had quite a good time a little over a month ago, addressing a senior auditing class at the University of Richmond on the topic of how fraud examiners and forensic accountants can work jointly together, primarily with a client’s internal auditors and, secondarily with its external auditors, to substantially strengthen any fraud investigation assignment.

Internal and external auditors each play an important role in the governance structure of their client organizations. Like CFEs, both groups have mutual interests regarding the effectiveness of internal financial controls, and both adhere to ethical codes and professional standards set by their respective professional bodies. Additionally, as I told the very lively class, both types of auditors operate independently of the activities they audit, and they’re expected to have extensive knowledge about the business, industry, and strategic risks faced by the organizations they serve. Yet, with all their similarities, internal auditing and external auditing are two distinct functions that have numerous differences. The Institute of Internal Auditors (IAA) defines internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” Internal auditors in the public sector (where I spent most of my audit career as a CIA) place an additional emphasis on providing assurance on performance and compliance with policies and procedures. Concerned with all aspects of the organization – both financial and non-financial – the internal auditors focus on future events because of their continuous review and evaluation of controls and processes.

In contrast, external auditing provides an independent opinion of a company’s financial statements and fair presentation. This type of auditing encompasses whether the statements conform with Generally Accepted Accounting Principles, whether they fairly present the financial position of the organization, whether the results of operations for a given period are represented accurately, and whether the financial statements have been affected materially (i.e., whether they include a misstatement that is likely to influence the economic decisions of financial statement users). External auditing’s approach is mainly historical in nature, although some forward-looking improvements may be suggested in the auditors’ recommendations to management based on the analysis of controls during a financial statement audit.

I emphasized to the students that these definitions alone pinpoint the key distinctions that separate the two audit approaches. However, internal auditing is much broader and more encompassing than external auditing. Its value resides in the function’s ability to look at the underlying operations that drive the financial numbers before those numbers hit the books. For instance, when considering “sales” as a line item in a set of financial statements, the external audit focuses primarily on the existence, completeness, accuracy, classification, timing, posting and summarization of sales numbers. The internal audit goes beyond these assertions and looks at sales operations in a much broader context by asking questions regarding the target market, sales plan, organizational structure of the sales department, qualifications of sales personnel, effectiveness of sales operations, measurement of sales performance, and compliance with sales policies.

These types of questions probe the very core of sales operations and can greatly impact the sales numbers recorded in financial statements. For example, assuming a sales number of $6 million, the external auditor has merely to render an opinion regarding the validity of that number. The internal auditor, however, can ask whether the number could  have really been $12 million, if only the right market had been targeted, and if operations had been effective in the first place. It’s this emersion in detail and the overall knowledge of operations that makes the internal auditor such a strong partner for the fraud examiner in any joint investigation.

Internal auditors represent an integral part of the organization – their primary clients are management and the board. Although historically internal auditors reported to the chief financial officer or other senior management staff, for the last two decades internal auditing has reported directly to the audit committee of the board of directors, which helps strengthen auditor independence and objectivity. Today, internal audit functions, for the most part, follow this reporting relationship, which is consistent with the IIA’s Standard on Organizational Independence.

The chief audit executive’s (CAE’s) appointment is normally meant to be permanent, unless he or she resigns or is dismissed. In some quasi and intergovernmental organizations, CAEs are given tenured positions – five-year appointments, for example – to enhance independence.  Conversely, external auditors are not part of the organization, but are engaged by it. Their objectives are set primarily by statute and by their main client, the board of directors. External auditors are appointed by the board, and they submit an annual report to the company’s shareholders. The appointment is meant to extend for a specified time – external auditors can be re-appointed at the company’s annual general meeting. In some jurisdictions, there are limits on an external auditor’s length of service, often five or seven years.

In general, internal audit functions are not mandatory for organizations. Instead, their installment is left up to individual organizations’ discretion but internal auditing is mandatory in some cases. Companies listed on the New York Stock Exchange must have an internal audit function, whether in-house or outsourced.  An external audit is legally required for many companies, particularly those listed on a public exchange. External audits of some government agencies are also legislated, requiring government auditors to submit the audit report to their respective legislature.

The necessary qualifications for an internal auditor rest solely on the judgment of the employer. Although internal auditors are often qualified as accountants, some are qualified engineers, sales personnel, production engineers, and management personnel who have moved through the ranks of the organization with a sound knowledge of its operations and have garnered experience that makes them abundantly qualified to perform internal auditing. Annually, more and more internal auditors hold the IIA’s Certified Internal Auditor designation, which demonstrates competency and professionalism in the field of internal auditing. Because of their continuous investigation into all the organization’s operating systems, internal auditors who remain in the same organization for many years constitute a unique resource to the CFE of comprehensive and current knowledge of the organization and its operations.

External auditors are required to understand errors and irregularities, assess risk of occurrence, design audits to provide reasonable assurance of material detection, and report on such findings. In most countries, auditors of public companies must be members of a body of professional accountants recognized by law – for example, the Institute of Chartered Accountants in England and Wales, American Institute of Certified Public Accountants, or Canadian Institute of Chartered Accountants.  Because external auditors’ scope of work is narrowly focused on financial statement auditing, and they come into the organization only once or twice a year, their knowledge of the organization’s operations is unlikely to be as extensive as that of the internal auditors.

Those entering the CFE profession need to realize that patterns of business growth, globalization, and corporate scandals have changed the thrust of the internal audit profession in recent years. In its early years, internal auditing focused on protection oriented objectives and emphasized compliance with accounting and operational procedures, verification of calculation accuracy, fraud detection and protection of assets. Gradually, new dimensions were added that ranged from an evaluation of financial and compliance risks to an assessment of business risks, ethics and corporate governance. These changes have only increased the gap between the disciplines of internal and external auditing. Yet, despite their differences, internal auditing and external auditing no longer work in competition, as was the case before the U.S. Sarbanes-Oxley Act was enacted, when a company’s external auditors would sometimes compete with in-house audit departments for internal audit work. Regulations like Sarbanes-Oxley prohibited the external auditor from providing both external and internal audit services to the same company. Today all CFEs can benefit from the complementary skills, areas of expertise, and perspectives of both the external and the internal auditors.  The ACFE recommends that to strengthen the fraud prevention program they should meet periodically to discuss common interests (like the fraud prevention program), strive to understand each other’s scope of work and methods, discuss audit coverage and scheduling to minimize redundancies, jointly assess areas of fraud risk, and provide access to each other’s reports, programs, and work papers.

In summary, fulfilling its oversight responsibilities for assurance, the board also should require internal and external auditors to coordinate their audit work to increase the economy, efficiency, and effectiveness of the overall audit process. Despite some similarities, a world of difference exists between internal auditing and external auditing. Nonetheless, both audit types, and the respective services they provide, are essential to maintaining an effective governance structure. With a greater understanding of the unique perspective of each, CFEs can maximize the aggregate contribution or each to our joint investigations and thereby ensure organizational success.

Bob the Builder

bobthebuilder

by Rumbi Petrozzello
2016 Vice President – Central Virginia ACFE Chapter

The soundtrack of my summer was a cacophony of drills, sanders and related discordant noises, all guaranteed to drive me to near insanity. Since the bulk of this seemed to be happening right outside my window, the result was a shrinking view of the sky, more views into the homes of my neighbors than I ever wanted and a near-constant film of dust on everything in our home, despite all our best efforts. I thought that construction was looming large only in my life but, coming off a trip to Nashville, Tennessee, I see that I’m far from alone. I took a tour bus around the city and, it almost seemed the city skyline was made up of little else than the silhouettes of massive construction cranes. There’s a lot going on in an industry that, at least in New York City, has a history of control by organized crime.

It’s hardly surprising – construction projects span long periods of time and require many moving parts. There can be several contractors responsible for different parts of a construction project, and each of those contractors hires subcontractors. Because projects range from moderate to long term, contractors and subcontractors will bill periodically for work in progress and, there is a lot of leeway for estimating just how much of the project has been completed. Depending on the contract, there may be head room to get paid for cost overruns and, if there’s room for that, you can be sure that someone is going to try to take advantage. There is no shortage of ways in which fraud or error can occur when it comes to construction. Controlling various aspects of the construction industry was lucrative business for organized crime for many years. Nowadays, the regular fraudster on the street has also found his way into profiting from construction related fraud – if the opportunity is there, the ethically challenged always seem to find ways to exploit it.

As forensic accountants and fraud examiners, we may find ourselves being called upon to investigate such frauds. Sometimes companies decide to be proactive and bring us in to assess, suggest and institute practices that will help prevent, detect and deter fraudulent activities. In either case, there is much that we can do. An important aspect of this type of effort is our emphasizing to the client and the wider business community the importance of well-kept and comprehensive business records. As tedious as some of this may feel to those maintaining the records, such records can prove invaluable when things go wrong. Contractors and their subcontractors should both maintain up-to-date ledgers. The ledger information should be corroborated by supporting information. Examples of critical documentation are:

  • Payroll records – this includes matching the ledger information to time cards, information from payroll processing companies and filings with city, state and federal authorities.
  • Bank statements – bank statements should be reconciled to the general ledger and there should be searches for possible bank accounts that are not reported on the ledger. Is the contractor transferring funds to accounts for related companies? What information is on the credit card statements and how does it relate to the contractors’ ledgers? Does information on brokerage accounts match information in the general ledger?
  • Invoices – do the vendors declarations of what’s going on make sense? Do their submitted expenses make sense? Can you immediately understand their expenses or is the information vague and lacking enough detail to determine what the vendor is being paid for? Have costs been misclassified? Follow the money … we should always stop and take the time to look and see where the money is going and why it’s going there.

Many construction projects employ union workers. Because unions tend to be organizations with lots of bureaucracy, it follows that they tend also to be organizations with lots of records. If a union tells you that it does not have many records, that fact alone should raise a red flag. When seeking to verify information from such organizations, there are various standard records we can request:

  • Shop steward report – This is a report that will show the names of the employees working, the times they reported for work and left and out and the number of hours worked. This information can be very useful in testing if the hours claimed are reasonable.
  • Job descriptions – Do the job descriptions make sense and do they match the employees that are claiming to be doing the work? In one case in New York City, a legally blind man was listed on the books as a heavy machinery operator. Subsequent investigation revealed that he was indeed blind; and he never went anywhere near heavy machinery.
  • Member profiles – Review benefits and see to whom the union pays those benefits. Review the records and see if anything jumps out at you as being unusual, requiring further information and perhaps investigation. Do you have a member (or members) listed who’s well-paid for not doing much?
  • Look at the records the general contractor keeps and see if they match the records kept by the union.

If you’ve been brought in to perform proactive fraud prevention and detection work, encourage and suggest that, if one does not already exist, the company set up an effective and comprehensive whistleblower program. Confidential sources are often the most important element of an investigation. These sources can also be very helpful in making sure that you ask for all the documents needed for your specific investigation and they can also make valuable suggestions precisely where else you can look for vital case information.

If my city is anything like yours, there are a lot of construction projects being planned and in the works. You don’t have to look hard at all to find media reporting on cost overruns and fraud in the construction industry. From The Big Dig in Boston to personal tales told to you by friends, there are many ways in which the moving parts of any construction project can be exploited by fraudsters. There are also many ways in which we can be of service as forensic accountants and fraud examiners to deter, detect and investigate every aspect of this exploitation.

On Auditors, Lawyers & Data

corp-counselWhen it comes to gaining access to sensitive, internal digital data during a forensic examination, the corporate council can be the fraud examiner’s best ally.  It, therefore, behooves us to fully understand the unifying role the client counsel holds in overseeing the entire review process.  As our guest blogger, Michael Hart, and other experienced practitioners have pointed out, data analysis becomes most effective when it’s integrated into the wider forensic accounting project.  If the end results are to cohere with findings from other sources, forensic data analysis should not be performed as a separate investigation, walled off from the other review efforts undertaken to benefit the client. Today, it’s a truism that data analysis can serve many functions within a forensic accounting project. On some occasions, it’s rightfully the main engine of an engagement. When such is the case, data analysis is used for highlighting potentially unusual items and trends. More often, however, in actual practice, data analysis is a complementary part of a wider forensic accounting investigation, a piece of a puzzle (and never the be all and end all of the investigation), that involves several other parallel methods of information analysis or evidence gathering, including document review, physical inspection, and investigative interviews.

The timing of the data analysis work depends on the extent to which the forensic accounting team needs to work with the results as defined by counsel. Frequently, once the method of a fraud has been established, data analysis is conducted to estimate the amount of damage. If the team knows that several components of an organization were affected by a fraud scheme, that team may be able to compare these results with those derived from analyses of unaffected branches and, after adjusting for other relevant factors, provide management with a broad estimate of the total effect on the financial statements. When such an approach is used, the comparison should be performed after the investigation has determined the characteristics of the fraud scheme. However, in most cases, as the ACFE tells us, the purpose of data analysis in an investigation is to identify suspicious activity on which the forensic accounting team can act.

Suspicious transactions can be identified in several ways: comparing different sources of evidence, such as accounting records and bank statements, to find discrepancies between them; searching digital records for duplicate transactions; or identifying sudden changes in the size, volume, or nature of transactions, which need to be explained. While data analysis often is a fast and effective way of highlighting potential areas of fraud, it will never capture every detail that an experienced fraud examiner can glean from reviewing an original document. If data analysis is performed to identify suspicious activity, it typically is performed before any manual review is carried out. This helps ensure that investigative resources are targeting suspicious areas and are concentrating on confirming fraudulent activity rather than concentrating on a search for such activity within a sea of legitimate transactions.

The first person to be contacted when there is a suspected fraud is typically in-house counsel. Depending on the apparent severity of the matter and its apparent location in the company, other internal resources to be alerted at an early stage, in addition to the board (typically through its audit committee), may include corporate security, internal audit, risk management, the controller’s office, and the public relations and investor relations groups. Investigations usually begin with extensive conversation about who should be involved, and the responsible executives may naturally wish to involve some or all the functions just mentioned.  Depending on the circumstances, the group of internal auditors (if there is one) can in fact be a tremendous asset to an independent forensic investigative team. As participants in the larger team, internal auditors’ knowledge of the company may improve both the efficiency with which evidence is gathered and the forensic team’s effectiveness in lining up interviews and analyzing findings. The ACFE advices client executives and in-house counsel to engage an external team but to consider making available to that team the company’s internal auditors, selected information systems staff and other internal resources for any investigation of substantial size.

The key to the success of all this from the forensic accountant’s point of view, especially in gaining access to critical digital data, can be the corporate counsel.  On one hand, the forensic accounting investigator may find that the attorney gives the forensic accounting investigator free rein to devise and execute a strategic investigative plan, subject to the attorney’s approval. That scenario is particularly likely in cases of asset misappropriation. On the other hand, some attorneys insist on being involved in all phases of the investigation. It’s the attorney’s call. When engaged by counsel, forensic accounting investigators take direction from counsel. You should advise per your best judgment, but in the end, you work at counsel’s direction.

When working with attorneys on projects involving sensitive digital data, forensic accounting investigators should specifically understand:

  • Their expected role and responsibilities vis-à-vis other team members;
  • Critical managers and players within the information systems shop and their various roles;
  • What other professionals are involved (current or contemplated);
  • The extent and source of any external scrutiny (SEC, IRS, DOJ, etc.);
  • Any legal considerations (extent of privilege, expectation that the company intends to waive privilege, expectation of criminal charges, and so on);
  • Anticipated timing issues, if any;
  • Expected form, timing, and audience of interim or final deliverables;
  • Specifics of the matters under investigation, as currently understood by counsel;
  • Any limitations on departments or personnel that can be involved, interviewed, or utilized in the investigation process.

Independent counsel, with the help of forensic accounting investigators, often takes the lead in setting up, organizing, and managing the entire investigative team. This process may include the selection and retention of other parties who make up the team. Independent counsel’s responsibilities typically encompass the following:

  • Preparing, maintaining, and disseminating a working-group list (very helpful in sorting out which law firms or experts represent whom);
  • Establishing the timetable in conjunction with the board of directors or management, disseminating the timetable to the investigating team, and tracking progress against it;
  • Compiling, submitting, and tracking the various document and personnel access requests that the investigating team members will generate;
  • Organizing client or team meetings and agendas;
  • Preparing the final report with or for the board or its special committee, or doing so in conjunction with other teams from which reports are forthcoming;
  • Establishing and maintaining communication channels with the board of directors and other interested parties, generally including internal general counsel, company management, regulatory personnel, law enforcement or tax authority personnel, and various other attorneys involved.

As fraud examiners, we’re frequently conversant in areas related to financial accounting and reporting such as valuation, tax, and the financial aspects of human resource management but conversant doesn’t necessarily indicate a sufficient level of knowledge to fully guide a complex organizational investigation.  What we can do, however, is to work closely with the corporate counsel to assist him or her in the building of a team on the back of which even the most complex examination can be brought to a successful conclusion.

Value Added

value-addedI was reading an article in one of the business magazine to which I subscribe the other day in which a well-known business pundit was reporting that the Fortune 500 companies he interviewed for his article were becoming more and more concerned with getting increased levels of value at every level from their investments in their co-partners.  This search for higher levels of value means more pressure for performance at those same management levels and with more pressure, as every CFE knows, comes more potential for management frauds.  Fraud prevention programs cannot be immune to this phenomenon.

CFE’s have traditionally not had to consider the importance of adding value when performing their investigations since, in the case of a suspected or identified fraud, the ‘value’ of the investigation was all too apparent, i.e., to describe and, possibly, prosecute the fraudster and to lay the ground work to prevent a similar instance of the same scenario from recurring. Beyond the written report of the investigation itself, follow on (if there was any) typically consisted of verifying compliance with policies and procedures, without providing recommendations for improvement of the fraud prevention program itself or performing other consultative activities. The fraud examiner’s role was often more akin to that of a police officer than to that of a business partner.

In today’s environment, however, the evidence from practice increasingly indicates that CFE’s, like all other co-parties, are under increasing pressure to provide services that enhance the value of their client’s investment in the valuable fraud prevention services CFE’s can provide, as adding value is becoming widely considered an integral part of even the investigative process.  But what does adding value entail, and how do CFE’s provide it? While the answer may vary depending on individual circumstances, CFE’s make potentially value-adding contributions throughout the entire investigative process and in almost every aspect of our work.

When management engages the services of the CFE, it’s applying a governance control.  CFE investigations provide management, the board of directors, external auditors, and, most importantly, the audit committee with vital information about the fraud and about the key controls whose failure allowed it.  This information is the groundwork for the prosecution of the fraudster, for corrective action, for the repair of the control structure, and vital for future fraud prevention.  This type of information may or may not be possible for CFE’s to quantify monetarily in all cases, but it definitely constitutes a value-added service to management.

Most large organizations employ some sort of risk-based fraud prevention plan or program. Management, needs to address the highest fraud risks within its organization, and the fraud prevention program must reflect and address those risks. It’s here that CFE consultation can prove invaluable.  A plan developed by incorporating the organization’s highest risk departments, business units, processes, and their respective fraud prevention controls makes effective use of limited organizational resources and thereby also adds value through efficiency.

During an engagement, the CFE may observe numerous opportunities for anti-fraud related process improvement or other enhancements that might ultimately either increase the organization’s security or help fulfill its over-all duty to protection its assets. But a word of caution. While this activity constitutes adding value, investigators need to be wary of overstepping. If they come to believe every engagement should routinely include a recommendation to improve the organization’s fraud prevention effort, practitioners risk directing organizational resources ineffectively. An investigator who spends too much time looking for improvements or added controls may be harming the organization by misdirecting resources that could be applied to more critical areas.  In evaluating risk versus reward, investigators must determine if the effort and resources expended to find an improvement are worth the potential benefits.  Key to prevention of this misstep is to communicate closely with your client and use that communication to never lose sight of how your investigation fits into the bigger picture of overall management objectives for its organization. It’s within that overall context that the fraud prevention effort should always be embedded.

Management, boards of directors, audit committees, and corporate counsel will all rely eventually on the fraud examiner’s report on the facts of an investigation and on the related fraud prevention controls over the processes and risks within the organization, and they will likely view this information as value-added.  So, to add value effectively through reporting, CFE’s need to consider where they want their audience to focus. Accordingly, they should consider the needs, wants, and resources of the various stakeholders who have engaged them. The final investigative report should be easy for readers to navigate, and if appropriate, it should stratify findings into categories of importance to effectively support the dual objectives of possible prosecution and immediate remediation.  With that said, every well written fraud report will add future value through its impact on the organization’s fraud prevention effort and the investigator should write it with an eye to that important follow-on objective.

Fraud examiners are recognized by the courts and by the public as fraud specialists. Their expertise in this and related areas enables them to help management analyze fraud related risks to the organization and to assist in the design of controls to mitigate those risks. By having the expertise to perform investigations, research issues, and benchmark with peers on best practices, CFE’s can become a truly valuable resource to any client management for fraud prevention program design. These activities also constitute adding value.

Developing a complete understanding of all the aspects of how the fraud examination process fits into the client organization should be an ongoing undertaking that also adds value, though it may be difficult to quantify in terms of dollars saved, or earnings, or reduced risks. To a degree, CFE’s, as I said above, add value simply by performing their functions effectively and efficiently. But careful attention to the organization’s risk profiles and to the information requirements of various players in the organizational governance framework represent an ongoing challenge to fraud examination and forensic accounting practitioners alike, and are the key to ensuring that the value they add is maximized.

Not for Sale

expert-witness_2by Rumbi Petrozzello
2016 Vice President – Central Virginia ACFE Chapter

As soon as John Turturro flashed onto the screen, in an ad for the HBO limited series “The Night Of”, I knew that we would be watching the show, even if it turned out to be an eight hour ad for dish detergent. My husband is a huge John Turturro fan, and misses nothing in which the actor appears. Fortunately, “The Night Of” turned out to be a very engaging crime procedural that had us hooked from the first episode.  The show was great in that it got us thinking about the criminal justice system. They even had a CPA who was not a stereotype – where you start feeling sleepy just at the sight of him – and he even came with a few surprises too. What really caught my attention on “The Night Of”, however, was not the portrayal of the CPA but of the expert witnesses.

During the investigation, the prosecutor deals with two forensic experts she expects to put on the stand during the trial. In both cases, she speaks with them to find out if the evidence that they have analyzed will help her convict the accused, Nazir Khan, of murder. In one case, she speaks with the medical examiner about how the suspect injured his hand. She then not only suggests a scenario (that works in her favor) which is different from his analysis but also coaches him until he sounds convincing. She also consults an expert about the possible effects of certain drugs and, again, pushes for an opinion that will help her case. In both instances, the experts seem to have no problem changing their narratives to suit the prosecutor, their client.

I was both horrified and disappointed by the ease with which this happened. When I scoured various recaps of the episodes, the critics either skipped over those moments on the show or wrote about them as though they were just par for the course when dealing with expert witnesses. Even when I read articles about the show that consulted and interviewed legal experts, the conversation was centered mainly around the lawyers’ behavior in the court room and on life in prison. Not a single legal expert (all lawyers in the pieces that I read) discussed what actually happens in their reality with expert witnesses.

It’s sad that the defense didn’t appear to make any great attempt at challenging the prosecution experts. They did put forth their own witness who, when testifying, did spend time putting forth information that seemed based on science, and not feelings. I was actually surprised that the defense, with its very limited budget, was able to hire their own expert, who came with a very impressive resume that was highlighted when he took the stand. The casual attitude that critics and reviewers have taken, when writing about these experts, hints at how many view the expert witness as a hired gun or shill, out to say whatever their client wants, not as an objective professional, advocating for the truth and, as such, a potentially critical component of the trail process.

When attending continuing education session on being an expert witness, the question invariably comes up – how do I make sure that I am taken seriously as a neutral witness and not simply as someone giving an opinion for pay? There are several steps that you, and the lawyer that you are working with, can take to clarify your position as a credible expert.

  • Money, money, money! It’ss very important to make it clear that you are being paid for your time and not your testimony. Your fee should be based on the time that you spend on the case and should never be a fee contingent on the outcome of the case. Let the judge and jury know that you will be paid, regardless on how the case turns out.
  • In order to maintain credibility and also avoid a possible Daubert motion (raised before or during trial, to exclude the presentation of unqualified evidence to the jury), your work should be based solely on the “reliable application” of “reliable principles and methods”.
  • Of course, you should be able to take the judge and jury through the steps of your investigation, from start to finish. They should be able to see and understand clearly how you came to the conclusions that you have reached.
  • Are you qualified to give the opinions you are giving? Share your qualifications and experience, so that people know that you have received all the relevant training required to support your investigation as well as the conclusions and the facts on which you are opining. Professional credentials, such as the CFE, CFF and CPA, are all viewed with respect, the possession of any of which goes a long way to support your being viewed as a qualified expert.
  • Know your work. When you’re on the stand, be sure that you know the relevant subject matter and all the issues you are testifying about backwards and forwards so that you won’t ever be caught slack-jawed, unable to answer some important question about your work.

It’s a lamentable fact that the current general view of the expert witness, as portrayed on television and in the movies, is that of someone who will say whatever the client pays them to say and that the experts who base their work on facts are viewed as the rare heroes. Taking the steps to establish ourselves as credible and objective will go a long way to building a positive view of all expert witnesses. That and, perhaps, getting a few friends in the film business!

Situational Assessment

fraud-examinationAs a follow-on to our last post, newly minted CFE’s working for their first client can find themselves at something of a loss about the best way to initiate an investigation; I know that was certainly true of me at what now seems so many years ago.

Every fraud investigation is a minefield whose first steps can impact the final outcome significantly. Insufficient care, coordination or discretion at the launch of the investigation may tip off the suspect, causing the destruction of potentially vital evidence. Moreover, information collected hastily without sufficient attention to procedure might prove inadmissible in court, or even lead to sanctions and fines. Any experienced practitioner will tell you that a whole host of challenges beset those of us responsible for looking into potential wrongdoing. But, as the ACFE also tells us, taking the right steps before an investigation can significantly reduce the risk of error, helping to ensure the entire investigation is planned correctly and carried out efficiently.

The ACFE advocates the performance of an initial fact finding or situational assessment phase of every investigation.  The CFE (and his or her employing attorney, if there is one) first need to assess whether an allegation has merit. This process should begin with consideration of the complainant’s credibility and motives (when that person’s identity is known) as well as other possible indications of the allegation’s likely validity. The examiner should avoid snap, simplistic judgments. Just because a complainant lacks credibility or may have ulterior motives doesn’t necessarily mean there is no need for an investigation. By the same token, even a highly credible individual can make an unfounded allegation. Upon close examination, allegations often contain specific facts, especially those related to the workings of the organization, that can help support assertions and provide the CFE a basis for corroboration moving forward.

The recommended initial situational assessment can be additionally vital because insider wrongdoing especially can have a significant impact on the organization, even more so when committed by a member of senior management. The assessment should include examination of monetary, regulatory, reputational, and other known risks.

An obvious goal for the CFE in every fraud case we work is to determine the extent of existing damage and prevent further losses. This can be difficult, as allegations rarely include an exact amount of stolen funds or an assessment of organizational impact. For example, the monetary impact of vendor kickbacks to employees is often hard to assess, as it involves gauging the extent to which the organization may have received insufficient value for the products it purchased. In these circumstances, the CFE may want to assess the extent to which the vendor is used and consider the common fraud risk associated with the industry, organization and type of vendor.

What’s more, in today’s gold fish bowl regulatory environment, issues of concern to regulators increasingly include insider trading, bribery of public officials, manipulation of publicly listed companies’ financial statements, money laundering, and privacy or data breaches. If an organization fails to conduct an adequate fraud investigation or take appropriate corrective measures, the regulator may initiate its own investigation or, where a funding relationship exists, withdraw support from the organization altogether. If allegations relate to an organization’s foreign operations, or involve activities in jurisdictions with extraterritorial legislation, international regulatory requirements should also be considered. Many countries have enacted anti-bribery legislation, including the United States’ Foreign Corrupt Practices Act (FCPA), Canada’s Corruption of Foreign Officials Act, and the United Kingdom’s Bribery Act. Running afoul of these laws can have significant consequences for any of our clients.

And finally, the potential reputational damage to an organization from fraud must never be taken lightly. Examples of circumstances that may pose significant reputational risks include payments to foreign government officials, circumvention of local or foreign laws, and accepting incentives from suppliers.

The CFE and the employing attorney are in a unique position in carrying out the initial situational assessment to collect and evaluate available evidence to assist the organization in its initial understanding of the case and to plan the investigative response. This process may include preparing a preliminary evaluation of the losses or follow-on risks to which the organization has apparently been exposed.  Once the attorney has communicated to the organization the facts and issues, consideration should be given to whether to pursue criminal charges or civil remedies (i.e., recovery of funds), as it will affect the CFE’s approach to the entire inquiry process. For instance, in the United States and Canada, the standard of proof for criminal charges is higher than that of civil remedies. Further, the makeup of the CFE’s investigative team may be different depending on the objectives of the investigation. Decisions may change over time and as new circumstances of the case come to light, the investigative strategy may also need to change.

Ideally, the investigative team for the initial assessment should be kept as small as possible, and participation should be on a “need-to-know” basis. Moreover, team members must not have any conflicts that would, or even be perceived to, impair their judgment or objectivity in the investigation.

ACFE Standards also require that the team be comprised of appropriately skilled and qualified individuals to perform, or at least oversee, the evidence collection process, particularly of electronic evidence. Team members need to be informed that any one of them may be called upon to testify as a witness in court and that notes and work papers are discoverable and could appear before a judge or jury. Therefore, work paper files, including interview notes and communications, should be thorough and carefully maintained. Numerous additional considerations should be kept in mind when choosing members of the investigation team on the front end, including participants’ independence, as well as the potential need for additional legal counsel, supplementary investigative experts, and other expertise. Maintaining independent oversight is crucial to the investigation’s credibility; failure in this area leaves all the investigative findings open to criticism by opposing counsel, regulators, or law enforcement agencies. In many cases, especially those involving financial matters, corporate counsel supported by CFE’s or forensic accountants might be in the best position to manage the overall investigation.

To protect litigation privilege, the employing attorney or independent external counsel will be included in the CFE’s investigation from the beginning. These experts can also advise the CFE on legal matters such as employee suspensions or terminations and evidence gathering techniques to help ensure future court admissibility. Moreover, by adding credibility, counsel, internal or independent, provides assurance that the investigation will stand up to external legal scrutiny.

The independent, reputable CFE can add credibility to a fraud inquiry from first to last, bring current knowledge of relevant issues, and provide or coordinate the acquisition of skills that many companies lack in areas such as computer forensics, analytics, and forensic accounting. Such help is also important if opinion testimony may be required, as the testimony is admissible only if it comes from witnesses (like CFE’s) whom the courts determine are experts. When needed, for example, in cases that may lead to pursuit of criminal charges or civil remedies, supplementary experts should be retained early on. To maintain litigation privilege, investigators and experts should always be retained through the CFE’s employing attorney or external counsel.

Who’s the Client?

lawyer_1While I was away on vacation last week our Chapter received an on-line comment-request from a CFE practitioner currently working on a fraud investigation for an attorney on the legal staff of a major international corporation.   The commenter was seeking some overview information relating to the protection of the content of her soon to be completed investigative report under U.S. law.  As I’m sure most of you remember, the attorney-client privilege applies where there is a (1) confidential (2) communication (3) between attorneys and their clients (4) made for the purpose of rendering or receiving legal advice.

To protect the report of an internal investigation, the report should be communicated to the lawyer (preferably the lawyer should initiate the investigation), it should not be distributed to anyone else, and it should be for the purpose of providing the lawyer information he or she needs to render a legal opinion or provide legal advice. The key element is that the attorney (whether in-house counsel-or outside counsel) is having the investigation conducted for the purpose of providing legal advice to the company.  The privilege generally extends to information gathered by investigators like our CFE enquirer if the investigator is acting at the direction of the attorney.

The ACFE tells us that the existence of the following will help ensure that communications gathered during the investigation will be protected under the attorney-client privilege:

–The communications were made by corporate employees to counsel;
–The communications were made at the direction of corporate superiors in order for the company to obtain legal advice from counsel;
–The employees were aware that the communications were being made in order for the company to obtain legal advice;
–The information needed was not available from upper management;
–The communications concerned matters within the scope of the employees’ corporate duties;
–The communications were confidential when made and were kept confidential by the company.

CFE’s and forensic accountants should not make the mistake of believing that just because an attorney is involved all reports and communications are protected by the attorney-client privilege. The privilege protects only those communications related to the attorney providing legal advice. Often courts will seek to determine whether the attorney was actually rendering legal advice or merely performing investigative services. Some courts have taken a narrow view of the privilege and have held that if the investigation could have been conducted just as easily by a private investigator, then the lawyer was acting as just that, an investigator, not as a lawyer; therefore, the privilege would not apply.

The ACFE cautions that the most often overlooked requirement is that the CFE’s report remain confidential. Even if a report meets all of the other requirements (prepared by a CFE for the attorney for the purpose of providing legal advice), the privilege will be lost if it is disclosed to anyone other than “the client.” In the corporate setting, it’s often hard to determine just who “the client” is. However, it’s generally clear that senior officials within the company are authorized to seek advice from an attorney on behalf of the company and to act on such advice. Accordingly, most courts have held that communications between an attorney and senior-level management are protected, while communications between an attorney and lower-level employees may not be.  Therefore, special care should be taken to ensure that the attorney-client privilege is not waived inadvertently by giving documents or communicating information to anyone outside the investigation team, including members of law enforcement. If information gathered during an investigation is shared with law enforcement, then the privilege may be waived not only as to the information given, but also to any other information relating to the same subject matter. This is known as “horizontal” waiver. Some courts have held that waiver of the privilege as to one document implies waiver as to all documents concerning the same subject matter.

If a fraud examiner or forensic accountant feels that a case should be recommended for criminal prosecution, the examiner should consult with the attorney before providing any information to government or law enforcement authorities. For example, if an investigator submits a copy of his report to the prosecutor who initiates criminal proceedings based on the findings in the report, the criminal defendant may be able to require the investigator to provide all the documents he or she used in writing the report. In such an instance, the investigator may be considered to have waived the privilege. Likewise, if law enforcement requests the results of an investigation or information gathered during an investigation, the attorney should be consulted before turning over the information. Some courts have held that the privilege is not waived if a company is subpoenaed to produce the information.

The work product doctrine protects materials that are prepared in anticipation of litigation.  the Supreme Court has set forth some protection for materials prepared with an eye toward litigation. The Court has stated that the doctrine promoted the “orderly prosecution and defense of legal claims” by providing attorneys with a zone of privacy that was essential to their role as an adversary.  People often mistakenly believe that the work product doctrine is connected to, or is part of, the attorney-client privilege. It is not. One of the main differences between the work product doctrine and the attorney-client privilege is that the work product doctrine is not a privilege. The work product doctrine is a provision of the discovery rules which provides that in certain instances, items will be protected from discovery. As such, the work product doctrine is really a “qualified immunity” from discovery. It differs from an evidentiary privilege (such as attorney-client privilege) in that even if the document falls within the definition of “work product,” the judge still can order that the document be produced if the opposing party can show “substantial need” for the protected information and that the information cannot be obtained from another source. However, even if “substantial need” is shown, the mental impressions and opinions of an attorney concerning the litigation are not subject to disclosure under any circumstances.

In virtually every lawsuit, there will be disputes about what must be produced and what is protected from discovery. The rules are not always clear, and they are not applied consistently in either the federal or state courts. One good, but not foolproof protection, is to put the phrase “PRIVILEGED AND CONFIDENTIAL” at the top of every document produced regarding the case. Of course, this statement is not evidence the document is legally privileged or protected, but it does show an intention to keep the communication confidential, and will alert others that the document contains sensitive information.

Some general exceptions to the privilege rule are:

–Only the holder of a privilege, or the holder’s designated representative, can assert the privilege.
–If the holder, after having notice and opportunity, fails to assert it, the privilege is waived.
–If the holder discloses significant information to someone outside the protected relationship, the privilege does not hold.
–The communication must be pertinent to the protected relationship (a physician and a patient must be discussing health issues), or there is no privilege. Ordinary discussion not deemed confidential is not protected.

The Expert & the Internet

expert-witnessesPart of the wrap up process our Chapter performs following each of our two day seminars is a review of attendee question topics.  As nearly all of them do, our recent ‘Investigating on the Internet: Research Tools for Fraud Examiners’ seminar elicited a number of thoughtful questions, several from attendees whose practices include testimony as an expert witness and employment as legal consultants.   From the tenor and content of the questions it appears that these CFEs were acting as experts and consultants in the legal process by assisting attorneys with the financial details of a suit, and testifying about these practices at trial. In such cases CFE’s analyze documents and transactions, both internet based and hard copy, showing how the fraud was accomplished and, when possible, who the most likely perpetrators were. The CFE acts as a guide and adviser for the attorney in assembling the case, and, sometimes, as a major participant as an expert witness in explaining the ways of fraud to a judge and jury.

Experts, in general, are brought in when required by law, as in malpractice suits where a member of a profession, say a physician, has to explain the infraction against professional by-laws or principles; where key points are deemed sufficiently technical or complex, like “cooking-the-books” schemes involving intricate accounting manipulations; or for assisting (some would say, for swaying) the jury in making its final decision.  Federal Rule of Evidence 702 tells us that an expert witness with appropriate knowledge and credentials may testify in any proceeding where scientific, technical, or specialized knowledge will shed light on the dispute.  Even in cases that don’t go to trial, experts may still be involved in mediation, arbitration, settlement conferences, or summary judgment motions. Experts contribute value to the trial process in a myriad of ways. They provide background information to guide and frame a case; during discovery they investigate, run tests, advise on depositions, prepare other witnesses, make exhibits, and respond to the opposition’s discovery requests; they file written opinions, which are entered as evidence into the court record; and they testify in actual proceedings should the case actually make it to a courtroom.

Once they accept a case, many experts immediately begin utilizing on and off-line tools to start the process of assembling a narrative version of the events. This detailed summary of the facts of the case serves as the raw material for rendering an official opinion. It’s important that the narrative text be written with care and professionalism. The text may (and probably will) have to be produced during discovery. Additionally, a well-written narrative helps the client attorney in preparing and executing the case at trial.  As our speaker, Liseli Pennings, pointed out, perhaps the thorniest challenge for CFEs, once they’re engaged to work on a case, is setting a value on business losses due to fraud. Even though financially related information available on the internet and elsewhere can be of great value in estimating the loss, there may be several methods appropriate for evaluating net worth/net loss appropriate to a given case, each rendering a different number at the end. And regardless of the numbers, there’s always the human element.

Article V. of the Association of Certified Fraud Examiners Code of Professional Ethics states:

A fraud examiner, in conducting examinations, will obtain evidence or other documentation to establish a reasonable basis for any opinion rendered.  No opinion shall be expressed regarding the guilt or innocence of any person or party.

The rule that prohibits opinions regarding the guilt or innocence of any person or party is a rule of prudence. Clearly, it’s prudent for a Certified Fraud Examiner to refrain from usurping the role of the jury. In a courtroom, no good attorney would ask a Certified Fraud Examiner for such a conclusion, and no alert judge would allow such testimony. The fraud examiner’s job is to present the evidence in his report. Such evidence might constitute a convincing case pointing to the guilt or innocence of a person. But a clear line should be drawn between a report that essentially says “Here is the evidence” and one that steps over the line and says “He is the guilty (innocent) person.”  Nevertheless, there is a fine line between recommending action – forwarding the evidence to a law enforcement agency or filing a complaint or lawsuit – and giving an opinion on guilt or innocence. Certified Fraud Examiners may make such recommendations because they think the evidence is strong enough to support a case. They might even have a conclusion about whether the suspect committed a crime. The rule does not prohibit the Certified Fraud Examiner, under the proper circumstances, from accusing the person under investigation. However, the ultimate decision of whether a person is “guilty” or “innocent” is for a jury to determine. The CFE is free to report the facts and the conclusions that can be drawn from those facts, but the decision as to whether or not a person is guilty of a crime is a decision for the judge or jury.

As Liseli pointed out caution as to information reliability is the by-word for every use of internet based information in general and use by expert witnesses is no exception. According to discovery rules governing expert testimony, everything the expert says or writes about the case after being hired is subject to discovery by opposing counsel. That means everything: internet downloads, narrative versions of the case, comments to the press or law enforcement, hypothetical reconstructions, even notes can be demanded and used by the opposing party.  However, CFE’s acting as expert witnesses need to be aware of the consulting expert exception.

Experts may consult on the attorney’s work product, i.e., materials the attorney prepares as background for a case. While performing background work, the expert is said to be working as an associate of the attorney, so the exchange is protected…they are two professionals conferring. However, once the expert is hired as a witness, and begins entering opinions as part of the attorney’s case, there is no privilege for any contribution the expert makes. The distinction is something like this: when acting as “witnesses,” experts are bringing official information to the court, and so must disclose any contact with the case; when experts act as “consultants” or “associates” for attorneys or law enforcement, they are only assisting the attorney, and do not have to disclose their involvement in the case.

There is one trap for the unwary. The rule is that if an expert will testify at trial, everything s/he does regarding the case must be turned over to the other side. If an expert works only as a consultant to the attorney, then her work product is not discoverable. However, if a testifying expert reviews the work of the consultant expert, then the work of the consultant expert will be discoverable. Just remember this, if you are hired to testify at trial, anything you used to form your opinion will be subject to review by the opposing party. This includes information downloaded from the internet, notes from other experts, documents received from the plaintiff or defendant, and any documents or notes from the attorney. Be sure to consult with the attorney before you review anything. If the attorney has not given the document to you, then ask before you read. Otherwise, you may inadvertently destroy the confidentiality or privilege of the material.

The utilization of internet based information resources introduces yet another layer of complexity to the employment of CFE’s as expert witnesses and/or attorney consultants.  The information available is often vast, almost instantly available and constantly changing.  Practitioners and their client attorneys must decide on a case by case basis whether it’s best utilized in the role of a consultant or in that of an expert witness.

Should We Fire Jane?

getting-firedAs a CFE your client’s employees are fifteen times more likely to steal from them than their customers. A classic rule of thumb for employers to use when considering employee dishonesty is: 10% of employees will steal no matter what is done; 10% of employees will never steal, no matter what the circumstances; and the remaining 80% may steal if you let them. The goal of loss prevention programs is, thus, to keep this 80% group from stealing. A strong deterrent for dishonest employees is knowing exactly what the ramifications of their actions will be. Employees must know that if any employee, at any level, steals or violates company policy, they will receive a fair hearing, swift, consistent, and serious sanctions will be imposed; and termination from employment, criminal prosecution and civil action may result.

So, it appears from your examination that Jane has embezzled what appears to be a lot of money over the past two years and she hasn’t cooperated with the investigation. Now your fraud report comprehensively lays out all the facts of the case and your client asks you flat out, “Should we fire Jane?”

Regardless of whether or not your client decides to seek criminal or civil recovery of fraud losses against an employee, your client needs to consider the future of the employee at their company. When confronted with a possible wrongdoer or with an employee like Jane who refuses to cooperate in the investigation of a suspected fraud, most employers immediately want to fire the employee. Whether the employee can or should be discharged depends on the facts of the case and the law in the employer’s state. There is usually a way to discharge the employee, but such cases need to be handled carefully so that the client doesn’t inadvertently open themselves to liability.

In some U.S. states, absent an employment contract, employment is considered “at will.” This means that the employer or the employee can sever their relationship at any time for virtually any reason. The only exception is that the employee cannot be discharged for a discriminatory reason based on such things as race, sex, disability, or national origin. In other states, the employer may be prohibited from terminating the employee unless the termination is for “just cause.” Before discharging any employee, it’s best to document in the employee’s file that the employer has ”just cause” to terminate employment, whether or not the client operates in an “at will” state.

Although there is no exact definition of “just cause,” there are several questions that the client company should ask before terminating Jane:

— Did Jane know that the conduct would be subject to discipline?

— Was the rule the employee violated reasonably relate to the safe, efficient, or orderly, operation of the business?

— Did the company investigate, formally or otherwise, to discover whether the employee violated the rule?

— Did the company conduct a fair and objective investigation?

— Did the company obtain significant evidence of a violation?

— Was the decision nondiscriminatory?

— Was the discipline related to the seriousness of the offense and the prior record of the employee?

As a CFE, your final report provides invaluable insight in formulating and obtaining documented answers to a majority of these questions.  If, based on the facts, the client company feels that discharge of the employee is likely, it should make sure that the employee’s actions and the company’s actions are well-documented and placed in the employee’s personnel file.

Make your client aware that issues of employee termination are complex and that in many cases it’s prudent to consult corporate counsel before acting. At least one state has recognized the right of an employee to sue for the employer’s failure to properly investigate charges against the employee before discharging him or her. Most of the courts that have addressed this issue have refused to recognize the claim however. Many states now recognize an implied contract between employers and employees arising out of employee handbooks. Handbook provisions might limit the right to discharge for ”just cause,” and the issue might be whether the employer has enough evidence of wrongdoing to constitute “just cause.” A few states recognize a duty on the part of the employer to deal with its employees fairly and in good faith. Documentation from the CFE’s report that the employer had good cause to terminate the employee should defeat this claim.

Other states recognize a public policy exception to “at will” employment. The employee must prove that her conduct is favored by a relevant public policy and that the employer retaliated against her for engaging in this “protected” activity. Again, the company will need to show that it had good cause to fire the employee and that it was not retaliating against the employee because of the protected conduct. For example, if an employee is fired because she supported a particular political candidate in the last election, a court or jury might find that his termination is in violation of the general public policy allowing people to vote for whomever they please. However, if the employee was conducting fund-raising activities on company time, the company would likely have good cause to terminate the employee and such termination would not be in retaliation of the employee’s support of a particular candidate.

The CFE can be of great assistance in marshaling the facts related to all the aspects of an employee discharge for cause.  Just bear in mind that these issues are often more complex than they seem and so always recommend that clients proceed with caution.

When a Fraud Goes Public

reputation

Download Our Chapter’s Free App RVACFES on Google-Play!

There’s a high probability that every fraud examiner, during the course of his or her career, will work on at least one fraud that hits the newspapers.  Your client and its counsel will undoubtedly turn to you as a member of the investigative team for input, especially, as is most frequently the case, the whole experience will be new to them. Given the overwhelming importance of corporate on-line and off-line reputation as a driver of value and with sustainability as a strategic concern, the bottom-line value of communicating with all corporate publics about both tangible and intangible events affecting performance has risen. This is doubly the case with a sensitive issue like a publicized fraud. Today, the ACFE tells us, intangible assets can account for as much as 70 percent of the value of a business. They include brand, employee loyalty, credibility, trust, and (perhaps of most importance) reputation. In a world continually rocked by corporate governance and other scandals, attention to reputation risk is proving more important than ever. Because organizations derive that reputation from how their various stakeholders and publics perceive their performance, behavior, and actions in the goldfish bowl of social media, the need for more careful management of the public information interface is also vital but especially so in a crisis.

The ACFE also reports that a growing number of major global companies are investing substantial resources to manage their reputational risk, and have increased their efforts to do so over the last five years. Indeed, 82 percent of risk managers report their companies are making a “substantial” effort to manage reputational risk, and 81 percent said they’ve increased their focus on reputational risk during the last 36 months. That’s partly because risk managers recognize the difficulty most enterprises have attempting to wrap their corporate arms around the nuances of just what a reputation is and what risks it faces, and also because less than half of the executives surveyed said the management of reputational risk was “highly integrated” with their enterprise risk management (ERM) function or another risk oversight program.

During the fraud risk assessment process many CFE’s have likely suspected or even warned that the actions that some of their client enterprises were taking or planning to take – especially those related to over-the-top spending or perceived lapses in corporate ethical judgement – might not be viewed today with the stakeholder disinterest they once were.   Now, every management must deal with reputational risks that were not necessarily reputational risks in the past, and they must deal with changes – rapid in many cases given social media – in the public’s estimation of what is and isn’t acceptable corporate behavior.

Any publicized fraud, major or minor, impacts the corporate reputation and serves as proof that all of its key fraud risks are intertwined; each risk can impact others. Losses to fraud impact reputation just as surely as bad strategic decisions. To help minimize the negative effects of these intertwined threats, organizations should consider identifying risk champions within the organization, including the CEO, the president, regional presidents, and, sagely, the marketing director, whose roles would include not only monitoring and reporting on on-going reputational risks but, acting as a committee,  in actively shaping the corporate response to a publicized fraud.  These champions routinely look for reputational risks as part of their day-to-day activities, arranging for corporate auditors to test anti-fraud controls and look at policies and procedures that might carry some type of reputational risk.  Likewise, every member of management should be sensitized to be aware of reputational risks and educated to identify areas for audit that, in their opinion, are not being managed correctly and thus likely represent loci of developing fraud-related threats to the enterprise’s good name.

Organizations which haven’t experienced a publicized fraud often overlook the multifaceted nature of reputational risk and the need to consider it at the inherent level, rather than focusing, as so many organizations do, on reputational risk at the lower, residual level; damage to reputation is never just a residual effect and should never be viewed as such. This judgment error can leave managements complacent about the magnitude of damage a threat to the company’s reputation can cause. A sense of comfort with the expected perceived control level can make many boards and executives not think about the inherent, potentially devastating reputational risks that are always lurking around every corner.  Never forget, the world’s response to a damaged reputation is faster and harsher today than ever before.

Just how fast social media can change and affect the public’s opinion of any company is something of which many organizations are still insufficiently aware.  Although companies cannot prevent anti-company commentary related to a fraud on social media sites, they can monitor them and possibly influence them. It’s doubtful that many of today’s client senior management were taught the practice of determining potential reputational risks and of monitoring a corporation’s response to them on social media.  CFE’s need to recommend that client companies expand their public mood-tracking activities to these venues when actually responding to and addressing a published fraud.

The management of reputational risk during a publicized fraud requires a constantly updated, fresh approach to what could happen and the reverberations it could have throughout an enterprise’s public universe. Financial responsibility as one type of reputational risk that is not new; as consumers become more actively involved in narratives involving stock market manipulation and corporate corruption, companies are more at risk for being labeled as ‘irresponsible’ if they don’t have a perceived high level of corporate governance. Worldwide slow economic growth has made the reputational risk of all corporate related missteps a greater threat to any company because it simply might not be able to recover from a financial fraud fallout as quickly as it might have in high growth times. Slow growth may also lead more employees to engage in the kind of activity – fraud, theft, quality corner-cutting – that can damage an organization’s reputation and the general public is well of aware of the fact.

Helping client companies manage reputational risk during their response to publicized frauds, including that risk in their fraud risk assessments and then on-going reassessment of the performance of risk related  controls is an area where CFE’s can add tremendous value at very little incremental cost; doing so will certainly add value to the overall fraud prevention effort. And don’t overlook training front line employees in their role in protecting the corporate reputation.

Thoughtful, coordinated management of the fallout from a publicized fraud is the difference between a company stumbling blindly into a far worse reputation debacle than necessary, and heading off disaster by acting swiftly to contain the reputational damage and move the organization forward. CFE’s have a critical role to play in all of this.