Category Archives: Fraud Recovery Plan

Forensic Data Analysis

As a long term advocate of big data based solutions to investigative challenges, I have been interested to see the recent application of such approaches to the ever-growing problem of data beaches. More data is stored electronically than ever before, financial data, marketing data, customer data, vendor listings, sales transactions, email correspondence, and more, and evidence of fraud can be located anywhere within those mountains of data. Unfortunately, fraudulent data often looks like legitimate data when viewed in the raw. Taking a sample and testing it might not uncover fraudulent activity. Fortunately, today’s fraud examiners have the ability to sort through piles of information by using special software and data analysis techniques. These methods can identify future trends within a certain industry, and they can be configured to identify breaks in audit control programs and anomalies in accounting records.

In general, fraud examiners perform two primary functions to explore and analyze large amounts of data: data mining and data analysis. Data mining is the science of searching large volumes of data for patterns. Data analysis refers to any statistical process used to analyze data and draw conclusions from the findings. These terms are often used interchangeably. If properly used, data analysis processes and techniques are powerful resources. They can systematically identify red flags and perform predictive modeling, detecting a fraudulent situation long before many traditional fraud investigation techniques would be able to do so.

Big data are high volume, high velocity, and/or high variety information assets that require new forms of processing to enable enhanced decision making, insight discovery, and process optimization. Simply put, big data is information of extreme size, diversity, and complexity. In addition to thinking of big data as a single set of data, fraud investigators and forensic accountants are conceptualizing about the way data grow when different data sets are connected together that might not normally be connected. Big data represents the continuous expansion of data sets, the size, variety, and speed of generation of which makes it difficult for investigators and client managements to manage and analyze.

Big data can be instrumental to the evidence gathering phase of an investigation. Distilled down to its core, how do fraud examiners gather data in an investigation? They look at documents and financial or operational data, and they interview people. The challenge is that people often gravitate to the areas with which they are most comfortable. Attorneys will look at documents and email messages and then interview individuals. Forensic accounting professionals will look at the accounting and financial data (structured data). Some people are strong interviewers. The key is to consider all three data sources in unison.

Big data helps to make it all work together to bring the complete picture into focus. With the ever-increasing size of data sets, data analytics has never been more important or useful. Big data requires the use of creative and well-planned analytics due to its size and complexity. One of the main advantages of using data analytics in a big data environment is that it allows the investigator to analyze an entire population of data rather than having to choose a sample and risk drawing erroneous conclusions in the event of a sampling error.

To conduct an effective data analysis, a fraud examiner must take a comprehensive approach. Any direction can (and should) be taken when applying analytical tests to available data. The more creative fraudsters get in hiding their breach-related schemes, the more creative the fraud examiner must become in analyzing data to detect these schemes. For this reason, it is essential that fraud investigators consider both structured and unstructured data when planning their engagements.

Data are either structured or unstructured. Structured data is the type of data found in a database, consisting of recognizable and predictable structures. Examples of structured data include sales records, payment or expense details, and financial reports. Unstructured data, by contrast, is data not found in a traditional spreadsheet or database. Examples of unstructured data include vendor invoices, email and user documents, human resources files, social media activity, corporate document repositories, and news feeds. When using data analysis to conduct a fraud examination, the fraud examiner might use structured data, unstructured data, or a combination of the two. For example, conducting an analysis on email correspondence (unstructured data) among employees might turn up suspicious activity in the purchasing department. Upon closer inspection of the inventory records (structured data), the fraud examiner might uncover that an employee has been stealing inventory and covering her tracks in the record.

Recent reports of breach responses detailed in social media and the trade press indicate that those investigators deploying advanced forensic data analysis tools across larger data sets provided better insights into the penetration, which lead to more focused investigations, better root cause analysis and contributed to more effective fraud risk management. Advanced technologies that incorporate data visualization, statistical analysis and text-mining concepts, as compared to spreadsheets or relational database tools, can now be applied to massive data sets from disparate sources enhancing breach response at all organizational levels.

These technologies enable our client companies to ask new compliance questions of their data that they might not have been able to ask previously. Fraud examiners can establish important trends in business conduct or identify suspect transactions among millions of records rather than being forced to rely on smaller samplings that could miss important transactions.

Data breaches bring enhanced regulatory attention. It’s clear that data breaches have raised the bar on regulators’ expectations of the components of an effective compliance and anti-fraud program. Adopting big data/forensic data analysis procedures into the monitoring and testing of compliance can create a cycle of improved adherence to company policies and improved fraud prevention and detection, while providing additional comfort to key stakeholders.

CFEs and forensic accountants are increasingly being called upon to be members of teams implementing or expanding big data/forensic data analysis programs so as to more effectively manage data breaches and a host of other instances of internal and external fraud, waste and abuse. To build a successful big data/forensic data analysis program, your client companies would be well advised to:

— begin by focusing on the low-hanging fruit: the priority of the initial project(s) matters. The first and immediately subsequent projects, the low-hanging investigative fruit, normally incurs the largest cost associated with setting up the analytics infrastructure, so it’s important that the first few investigative projects yield tangible results/recoveries.

— go beyond usual the rule-based, descriptive analytics. One of the key goals of forensic data analysis is to increase the detection rate of internal control noncompliance while reducing the risk of false positives. From a technology perspective, client’s internal audit and other investigative groups need to move beyond rule-based spreadsheets and database applications and embrace both structured and unstructured data sources that include the use of data visualization, text-mining and statistical analysis tools.

— see that successes are communicated. Share information on early successes across divisional and departmental lines to gain broad business process support. Once validated, success stories will generate internal demand for the outputs of the forensic data analysis program. Try to construct a multi-disciplinary team, including information technology, business users (i.e., end-users of the analytics) and functional specialists (i.e., those involved in the design of the analytics and day-to-day operations of the forensic data analysis program). Communicate across multiple departments to keep key stakeholders assigned to the fraud prevention program updated on forensic data analysis progress under a defined governance program. Don’t just seek to report instances of noncompliance; seek to use the data to improve fraud prevention and response. Obtain investment incrementally based on success, and not by attempting to involve the entire client enterprise all at once.

—leadership support will gets the big data/forensic data analysis program funded, but regular interpretation of the results by experienced or trained professionals are what will make the program successful. Keep the analytics simple and intuitive; don’t try to cram too much information into any one report. Invest in new, updated versions of tools to make analytics sustainable. Develop and acquire staff professionals with the required skill sets to sustain and leverage the forensic data analysis effort over the long-term.
Finally, enterprise-wide deployment of forensic data analysis takes time; clients shouldn’t be lead to expect overnight adoption; an analytics integration is a journey, not a destination. Quick-hit projects might take four to six weeks, but the program and integration can take one to two years or more.

Our client companies need to look at a broader set of risks, incorporate more data sources, move away from lightweight, end-user, desktop tools and head toward real-time or near-real time analysis of increased data volumes. Organizations that embrace these potential areas for improvement can deliver more effective and efficient compliance programs that are highly focused on identifying and containing damage associated with hacker and other exploitation of key high fraud-risk business processes.

New Rules for New Tools

I’ve been struck these last months by several articles in the trade press about CFE’s increasingly applying advanced analytical techniques in support of their work as full-time employees of private and public-sector enterprises.  This is gratifying to learn because CFE’s have been bombarded for some time now about the risks presented by cloud computing, social media, big data analytics, and mobile devices, and told they need to address those risk in their investigative practice.  Now there is mounting evidence of CFEs doing just that by using these new technologies to change the actual practice of fraud investigation and forensic accounting by using these innovative techniques to shape how they understand and monitor fraud risk, plan and manage their work, test transactions against fraud scenarios, and report the results of their assessments and investigations to management; demonstrating what we’ve all known, that CFEs, especially those dually certified as CPAs, CIAs, or CISA’s can bring a unique mix of leveraged skills to any employer’s fraud prevention or detection program.

Some examples …

Social Media — following a fraud involving several of the financial consultants who work in its branches and help customers select accounts and other investments, a large multi-state bank requested that a staff CFE determine ways of identifying disgruntled employees who might be prone to fraud. The effort was important to management not only because of fraud prevention but because when the bank lost an experienced financial consultant for any reason, it also lost the relationships that individual had established with the bank’s customers, affecting revenue adversely. The staff CFE suggested that the bank use social media analytics software to mine employees’ email and posts to its internal social media groups. That enabled the bank to identify accurately (reportedly about 33 percent) the financial consultants who were not currently satisfied with their jobs and were considering leaving. Management was able to talk individually with these employees and address their concerns, with the positive outcome of retaining many of them and rendering them less likely to express their frustration by ethically challenged behavior.  Our CFE’s awareness that many organizations use social media analytics to monitor what their customers say about them, their products, and their services (a technique often referred to as sentiment analysis or text analytics) allowed her to suggest an approach that rendered value. This text analytics effort helped the employer gain the experience to additionally develop routines to identify email and other employee and customer chatter that might be red flags for future fraud or intrusion attempts.

Analytics — A large international bank was concerned about potential money laundering, especially because regulators were not satisfied with the quality of their related internal controls. At a CFE employee’s recommendation, it invested in state-of-the-art business intelligence solutions that run “in-memory”, a new technique that enables analytics and other software to run up to 300,000 times faster, to monitor 100 percent of its transactions, looking for the presence of patterns and fraud scenarios indicating potential problems.

Mobile — In the wake of an identified fraud on which he worked, an employed CFE recommended that a global software company upgrade its enterprise fraud risk management system so senior managers could view real-time strategy and risk dashboards on their mobile devices (tablets and smartphones). The executives can monitor risks to both the corporate and to their personal objectives and strategies and take corrective actions as necessary. In addition, when a risk level rises above a defined target, the managers and the risk officer receive an alert.

Collaboration — The fraud prevention and information security team at a U.S. company wanted to increase the level of employee acceptance and compliance with its fraud prevention – information security policy. The CFE certified Security Officer decided to post a new policy draft to a collaboration area available to every employee and encouraged them to post comments and suggestions for upgrading it. Through this crowd-sourcing technique, the company received multiple comments and ideas, many of which were incorporated into the draft. When the completed policy was published, the company found that its level of acceptance increased significantly, its employees feeling that they had part ownership.

As these examples demonstrate, there is a wonderful opportunity for private and public sector employed CFE’s to join in the use of enterprise applications to enhance both their and their employer’s investigative efficiency and effectiveness.  Since their organizations are already investing heavily in a wide variety of innovative technologies to transform the way in which they deliver products to and communicate with customers, as well as how they operate, manage, and direct the business, there is no reason that CFE’s can’t use these same tools to transform each stage of their examination and fraud prevention work.

A risk-based fraud prevention approach requires staff CFEs to build and maintain the fraud prevention plan, so it addresses the risks that matter to the organization, and then update that plan as risks change. In these turbulent times, dominated by cyber, risks change frequently, and it’s essential that fraud prevention teams understand the changes and ensure their approach for addressing them is updated continuously. This requires monitoring to identify and assess both new risks and changes in previously identified risks.  Some of the recent technologies used by organizations’ financial and operational analysts, marketing and communications professionals, and others to understand both changes within and outside the business can also be used to great advantage by loss prevention staff for risk monitoring. The benefits of leveraging this same software are that the organization has existing experts in place to teach CFE’s how to use it, the IT department already is providing technical support, and the software is currently used against the very data enterprise fraud prevention professionals like staff CFEs want to analyze.  A range of enhanced analytics software such as business intelligence, analytics (including predictive and mobile analytics), visual intelligence, sentiment analysis, and text analytics enable fraud prevention to monitor and assess risk levels. In some cases, the software monitors transactions against predefined rules to identify potential concerns such as heightened fraud risks in any given business process or in a set of business processes (the inventory or financial cycles).  For example, a loss prevention team headed by a staff CFE can monitor credit memos in the first month of each quarter to detect potential revenue accounting fraud. Another use is to identify trends associated with known fraud scenarios, such as changes in profit margins or the level of employee turnover, that might indicate changes in risk levels. For example, the level of emergency changes to enterprise applications can be analyzed to identify a heightened risk of poor testing and implementation protocols associated with a higher vulnerability to cyber penetration.

Finally, innovative staff CFEs have used some interesting techniques to report fraud risk assessments and examination results to management and to boards. Some have adopted a more visually appealing representation in a one-page assessment report; others have moved to the more visual capabilities of PowerPoint from the traditional text presentation of Microsoft Word.  New visualization technology, sometimes called visual analytics when allied with analytics solutions, provides more options for fraud prevention managers seeking to enhance or replace formal reports with pictures, charts, and dashboards.  The executives and boards of their employing organizations are already managing their enterprise with dashboards and trend charts; effective loss prevention communications can make effective use of the same techniques. One CFE used charts and trend lines to illustrate how the time her employing company was taking to process small vendor contracts far exceeded acceptable levels, had contributed to fraud risk and was continuing to increase. The graphic, generated by a combination of a business intelligence analysis and a visual analytics tool to build the chart, was inserted into a standard monthly loss prevention report.

CFE headed loss prevention departments and their allied internal audit and IT departments have a rich selection of technologies that can be used by them individually or in combination to make them all more effective and efficient. It is questionable whether these three functions can remain relevant in an age of cyber, addressing and providing assurance on the risks that matter to the organization, without an ever wider use of modern technology. Technology can enable the an internal CFE to understand the changing business environment and the risks that can affect the organization’s ability to achieve its fraud prevention related objectives.

The world and its risks are evolving and changing all the time, and assurance professionals need to address the issues that matter now. CFEs need to review where the risk is going to be, not where it was when the anti-fraud plan was built. They increasingly need to have the ability to assess cyber fraud risk quickly and to share the results with the board and management in ways that communicate assurance and stimulate necessary change.

Technology must be part of the solution to that need. Technological tools currently utilized by CFEs will continue to improve and will be joined by others over time. For example, solutions for augmented or virtual reality, where a picture or view of the physical world is augmented by data about that picture or view enables loss prevention professionals to point their phones at a warehouse and immediately access operational, personnel, safety, and other useful information; representing that the future is a compound of both challenge and opportunity.

First Steps to Prosecution

A recent study sponsored by the financial trade press indicated some haziness among assurance professionals generally about the precise mechanism(s) underlying the process by which the authorities make the initial decision to prosecute or not to prosecute alleged financial statement fraud.

In the U.S. federal system, a criminal investigation of fraudulent financial reporting can originate in all sorts of ways. An investigation may be initiated because of a whistleblower, an anonymous tip, information supplied by a conscientious or guilt-ridden employee, or facts discovered during a routine annual audit of the company’s financial statements. In addition, the company’s public disclosure of financial misstatements may itself lead to the commencement of a criminal investigation. However initially initiated, the decision to start a criminal investigation is entirely within the discretion of the United States Attorney in each federal district.

For the prosecutor, the decision whether to open an investigation can be difficult. The main reason is the need for the prosecutor to establish criminal intent, that is, that the perpetrator not only got the accounting wrong but did so willfully. Often, bad accounting will be the result of judgment calls, which can be defended as exactly that, executive determinations or judgement calls that, while easy to second guess with the benefit of hindsight, were made in good faith at the time. Thus, a prosecutor evaluating the viability of a criminal prosecution will be looking for evidence of conduct so egregious that the perpetrator must have known it was wrong. This is not to suggest that evidence of a wrongful intent is the only consideration. A prosecutor’s exercise of his or her prosecutorial discretion may consider all kinds of factors in deciding whether criminal inquiry is warranted. Those factors may include the magnitude and nature of the accounting misstatements, whether individuals personally benefited from the misstatements or acted pursuant to the directive of a superior, whether documents were fabricated or destroyed, the probable deterrent or rehabilitative effect of prosecution, and the likelihood of success at trial. The availability of governmental resources may also be a factor.

Where the putative defendant is a corporation, partnership, or other business organization, a more settled set of factors come into play:

–The nature and seriousness of the offense, including the risk of harm to the public, and applicable policies and priorities, if any, governing the prosecution of corporations for certain categories of crime;
–The pervasiveness of wrongdoing within the corporation, including the complicity in, or the condoning of, the wrongdoing by corporate management;
–The corporation’s history of similar misconduct, including prior criminal, civil, and regulatory enforcement actions against it;
–The corporation’s timely and voluntary disclosure of wrong-doing and its willingness to cooperate in the investigation of its agents;
–The existence and effectiveness of the corporation’s preexisting compliance program;
–The corporation’s remedial actions, including any efforts to implement an effective corporate compliance program or to improve an existing one, to replace responsible management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with the relevant government agencies;
–Collateral consequences, including whether there is disproportionate harm to shareholders, pension holders, employees, and others not proven personally culpable, as well as the impact on the public arising from the prosecution;
–The adequacy of the prosecution of individuals responsible for the corporation’s malfeasance;
–The adequacy of remedies such as civil or regulatory enforcement actions.

However, a prosecutor gets there, once s/he determines to commence a criminal investigation, there is no doubt that those who are its targets will quickly come to view it as a priority over everything else. The government’s powers to investigate are broad, and, once a determination to go forward is made, the full resources of the government, including the FBI, can be brought to bear. The criminal sentences resulting from a successful prosecution can be severe if not excessive, particularly considering the enhanced criminal sentences put in place by Sarbanes-Oxley.  The ACFE reports that one midlevel executive at a company who elected to proceed to trial was convicted and received a prison sentence of 24 years. The fact that the sentence was subsequently set aside on appeal does little to mitigate the concern that such a sentence could be imposed upon a first-time, nonviolent offender whose transgression was a failure to apply generally accepted accounting principles.

Typically, a company learns that it is involved in a criminal investigation when it receives a grand jury subpoena, in most instances a subpoena duces tecum, compelling the company or its employees to furnish documents to the grand jury. In an investigation of fraudulent financial reporting, such a subpoena for documents may encompass all the files underlying the company’s publicly disseminated financial information, including the records underlying the transactions at issue and related emails.

For a CFE’s client company counsel and for the company’s executives generally, the need to respond to the subpoena presents both an opportunity and a dilemma. The opportunity stems from the company’s ability, in responding to the subpoena, to learn about the investigation, an education process that will be critical to a successful criminal defense. The dilemma stems from the need to assess the extent to which active and complete cooperation should be pledged to the prosecutor at the outset. The formulation of a response to a criminal subpoena, therefore, constitutes a critical point in the investigatory process. Those involved are thereby placed in the position of needing to make important decisions at an early stage that can have lasting and significant effects.  The CFE can support them in getting through this process.

Once an initial review of the subpoena and its underlying substance is complete, one of the first steps in formulating a response is often for company counsel to make a phone call to the prosecutor to make appropriate introductions and, to the extent possible, to seek background information regarding the investigation. In this initial contact, the prosecutor will be understandably guarded. Nonetheless, some useful information will frequently be shared. A general impression may be gained about the scope and focus of the investigation and the timing of additional subpoenas and testimony. Thereafter, it is not unusual for an initial meeting to be arranged to discuss in greater detail the company’s response. One benefit of such a meeting is that some level of additional information may be forthcoming.

From the outset, company counsel will be undertaking a process that will be ongoing throughout the criminal proceedings: learning as much as possible about the prosecutor’s case. The reason is that, unlike a civil case, in which broad principles of discovery enable the defendants to learn the details of the adversary’s evidence, the procedural rules of a criminal investigation result in much greater secrecy. Less formal methods of learning the details of the prosecutor’s case, therefore, are critical. In these initial contacts, the establishment of a sound foundation for the company’s dealings with the prosecutor is an important aspect of the investigation. To state it simply, CFE’s should always support that those dealings be premised on a foundation of candor.

Although it may be appropriate at various stages to decline to discuss sensitive matters, counsel should avoid making a factual statement on any subject about which it may be incompletely or inaccurately informed. This admonition applies to subjects such as the existence and location of files, the burden of producing documents, and the availability of witnesses. It also applies to more substantive matters bearing on the guilt or innocence of parties. CFE’s should, again, counsel their clients that a relationship with the prosecutor based on trust and confidence is key.

The judgment regarding the extent of cooperation with the prosecutor can be a tough one. Unlike in a civil proceeding, where cooperation with regulatory authorities (such as the SEC) is generally the preferred approach, the decision to cooperate with the government in a criminal investigation may be much more difficult, insofar as a subsequent effort to oppose the government (should such a change of approach be necessary) would be impeded by the loss of a significant tactical advantage, the loss of surprise. In criminal cases, the government is not afforded the same broad rights of discovery available in civil proceedings. It is entirely possible for a prosecutor to have no significant knowledge of the defense position until after the start of a trial. On the other hand, the privileges available to a corporation are limited. There is, most importantly, no Fifth Amendment privilege against self-incrimination for companies.  Furthermore, almost any kind of evidence, even evidence that would be inadmissible at trial, except for illegal wiretaps or privileged material, can be considered by a grand jury. Therefore, the company’s ability to oppose a grand jury investigation is limited, and the prosecutor may even consider a company’s extensive zeal in opposition to constitute obstruction of justice. Moreover, the prosecutor’s ultimate decision about indictment of the company may be affected by the extent of the company’s cooperation. And corporate management may wish to demonstrate cooperation as a matter of policy or public relations.

One issue with which a company will need to wrestle is whether it is appropriate for a public company or its executives to do anything other than cooperate with the government. On this issue, it is useful for executives to appreciate that the U.S. system of justice affords those being investigated certain fundamental rights, and it is not unpatriotic to take advantage of them. As to individuals, one of the most basic of these rights is the Fifth Amendment privilege against self-incrimination. Insofar as, in fraud cases, guilt can be established through circumstantial evidence, executives need to keep in mind that it demonstrates no lack of civic virtue to take full advantage of constitutional protections designed to protect the innocent.

A challenge is that many of these judgments regarding cooperation must be made at the outset when the company’s information is limited. Often the best approach, at least as a threshold matter, will be one of courteous professionalism, meaning respect for one’s adversary and reasonable accommodation pending more informed judgments down the road. Premature expressions of complete cooperation are best avoided as a subsequent change in approach can give rise to governmental frustration and anger.

Following the initial steps of the grand jury subpoena and the preliminary contact with the prosecutor, CFE’s are uniquely positioned to assist corporate counsel and management in the remaining stages of the criminal investigation of a financial crime:

–Production of documents;
–Grand jury testimony;
–Plea negotiations (if necessary);
–Trial (if necessary).

The Class Action Machine

lawsuitThe recent troubles at Wells Fargo raised a number of questions in the mind of one of our Chapter members about the class action lawsuits that seem to immediately follow public announcement of such financially involved frauds.  Specifically, she asked about who among the various classes of defendants in a typical financial fraud case are most likely to get sued after the fact.

As I’m sure most financial professionals know, a class action is a type of lawsuit in which a single representative individual is permitted to sue on behalf of an entire group of similarly situated individuals known as a “class.” A class action theoretically comes about when an aggrieved shareholder (or in Wells Fargo’s case a shareholder or perhaps a type of defrauded account holder) contacts a lawyer and explains that s/he has been harmed. The law then generally permits that single party to sue on behalf of all similar share or account holders. Although the common conceptual justification for class action litigation begins with a single aggrieved affected individual reaching out to a lawyer to seek redress, the reality is somewhat different. As our Chapter member indicated she is aware, shareholder class action litigation tends to be prosecuted by a small number of highly specialized law firms and, over the years, these firms have developed practices and relationships that enable them to take the lead in commencing shareholder litigation almost on their own. A practical consequence is that, within days after issuance of a press release revealing financial fraud, the class action lawyers will normally have their lawsuits already prepared.

The catalyst for commencement of the litigation will often be the company’s initial press release announcing the fraud. Among other things, the lawyers may glean from the press release that accounting irregularities have surfaced, that earlier SEC filings are false, which line items on the financial statements are affected, and the board of directors’ preliminary information as to how far back the accounting irregularities go. With that information in hand, the class action lawyers will quickly extract from their word processors an earlier complaint filed in a similar case and quickly insert the specifics regarding the particular company at hand. In their haste to be the first firm to file a lawsuit, the process of revision is not always completely thorough and factual errors are common in almost all initial filings.

Although an exposition in detail of all the steps involved in such a suit are beyond the scope of this short post, the following are the typical steps that unfold during the process:

  • The company’s initial press release;
  • The company’s receipt of a series of complaints;
  • Production of a single consolidated complaint;
  • Motion to dismiss by the defendant company;
  • Document productions;
  • Depositions;
  • Settlement (if necessary);
  • Trial (almost never).

From the perspective of the board of directors, the result will be that, within several days of the issuance of the company’s initial press release, the company will begin receiving a number of seemingly duplicative lawsuits in which the only significant difference seems to be the name of the representative shareholder seeking to represent the interests of the class. In truth, a shareholder gains no meaningful strategic advantage over the defendants in rushing to be named the class representative. In the end, only one class of similarly situated shareholders will be certified and only one complaint ordinarily will survive.  Rather than trying to get a strategic advantage over the defendants, the interest of a plaintiff in rushing to be named the class representative is to get an advantage over the other plaintiff shareholders—or, more precisely, their lawyers. For a class action plaintiff’s lawyer, having one’s client named the class representative opens the door to the lion’s share of the legal fees.

So, to answer our reader’s question, who are the main candidates most likely to get sued in one of these actions?

  • The company. The corporate entity will almost inevitably be named a defendant. Also named may be a parent company or holding company. The plaintiffs will argue that the corporate entity or entities are responsible for the wrongdoing of their individual officers and directors;
  • Officers who have resigned, been terminated, or placed on leave. It may be that the initial press release will have identified particular officers who have resigned, been terminated by the board, or been placed on paid or unpaid leave. The plaintiffs’ lawyers will infer from any such corporate action the officers’ complicity in wrongdoing;
  • The CEO and the CFO. Prime candidates to be included as defendants are the chief executive officer and the chief financial officer. The plaintiffs will infer from their positions some level of complicity. Also, they will have signed what have now turned out to be incorrect SEC filings, such as a Form 10-K or Forms 10-Q;
  • Particular officers. Beyond the CEO and CFO, other officers may be named as defendants depending on the nature of the fraud (as described in the press release) and a particular officer’s proximity to it. For example, if the fraud involved improper revenue recognition (on fraudulently opened accounts, for example), the plaintiffs may seek to include as a defendant the officer or officers with responsibility in the new account generation area. Similarly, if the fraud involved improprieties at some remote location, those responsible for operations or the financial reporting function of that location may be named;
  • Outside directors. These days, outside directors tend not to be included as defendants. Historically, all outside directors would be named as defendants almost as a matter of course. Congress’s passage of federal securities law tort reform in the mid-1990s, however, has operated as an important impediment to the inclusion of the entire board—at least in the absence of evidence suggesting an individual director’s knowledge or complicity;
  • Underwriters. Where the company has publicly issued stock within the last three years, the underwriters may be included. For the corporate issuer, this is particularly unfortunate insofar as typical underwriting documents will provide for corporate indemnification of the underwriter in the absence of the underwriter’s own wrongdoing;
  • Selling shareholders. An issuance of public stock within the prior three years may also open the door to the inclusion as defendants of shareholders who participated as sellers in the offering. Plaintiffs may seek to show their complicity based on inferences drawn from their natural desire to see the stock price sustained or increased during the period prior to their sale;
  • The outside auditor. Several years ago, inclusion of the outside auditor in an accounting irregularities case occurred as a matter of course. Today, the inclusion of the outside auditor as a defendant, at least in the first complaint, has become less automatic. As with the inclusion of outside directors, the federal securities law tort reform legislation in the mid-1990s erected barriers to naming the outside auditor, at least without particularized facts showing auditor complicity. However, the auditor may not be left out forever. An important objective of the plaintiffs will be assembling detailed evidence sufficient to make claims against the auditor stick.

As to the outcome of these type of suits, in the great majority of cases, the parties will come (sooner or later) to a negotiated settlement dollar number.  A canned form of a settlement agreement will emerge from the files of the plaintiff’s law firm marked up to meet the circumstance of the present case and signed, effectively ending the process.

Our thanks to our Chapter member for a thought provoking question!  Please, keep them coming!

Of Estimates, Errors & Fraud

fraud-warningThere was a local case of embezzlement in the news last week in which the suspected perpetrator claimed that a number of her seemingly fraudulent transactions, as identified by her company’s external auditors, were in reality ‘mistakes’ (mostly either accounting or estimating errors) or, in other cases, just simple missteps occasioned by ignorance of her company’s accounting policies. Somewhat surprisingly, this all too common defense seemed to cast some doubt, at least from the newspaper’s point of view, on the overall propriety of the entire prosecution. For me, the case brought to mind, on one hand, the differing roles of external auditors and forensic accountants and, on the other, the often critical role played in investigations by the introduction of the foggy elements of accounting estimates, simple errors and ignorance.

Unlike the external auditors in this case, the forensic accounting investigator’s concern is not limited to reaching a general opinion on financial statements taken as a whole, derived from reasonable efforts within a reasonable materiality boundary. Instead, the forensic accounting investigator’s concern is, at a much more granular level, with the detailed development of factual information—derived from both documentary evidence and testimonial evidence—about the who, what, when, where, how, and why of a specific, suspected or known impropriety.  In my opinion, it’s the lack of such investigative granularity in the follow-up to the simple discovery of the individual fraud by the auditors in this recent case that resulted in the ‘ambiguity’ expressed by the newspaper.

The auditors discovered the suspected fraud through their routine sampling procedures, which predication of the existence of an impropriety would have furnished the starting point for the work of a forensic accountant had one been called in. Think of it like the relationship between the accountant and the financial analyst.  The financial analyst’s work typically begins when that of the accountant ends; the audited financial statements are the foundation on which the work of the financial analyst rests.  So too do discoveries of improprieties by auditors often lead to a subsequent investigative hand off to forensic investigators.  The forensic investigator starts by seeking and examining all relevant evidence concerning the particular case made available, not only by the auditors, but by all the concerned parties.  Based on the investigative findings, the forensic accounting investigator then assesses and measures losses or other forms of damage to the organization and recommends and implements corrective actions, often including changes in accounting processes and policies and/or personnel actions. In addition, the forensic accounting investigator assists management in taking preventive actions to eliminate recurrence of the problem. In contrast to the external auditors, the forensic accounting investigator’s more complete findings and recommendations may form the basis of testimony in litigation proceedings or criminal actions against the perpetrators. They may also be used in testimony to government agencies such as the Securities and Exchange Commission in the United States or the Serious Fraud Office in the United Kingdom. Accordingly, the scope of the investigation and the evidence gathered and documented must be capable of withstanding challenges that may be brought by adversely affected parties on both sides of the prosecution or by skeptical regulators.

Clearly, there are many commonalities between auditing and forensic accounting which, at best , can support the formation of a close working partnership. Both rely on:

  • Knowledge of the industry and the company, including its business practices and processes;
  • Knowledge of the generally accepted accounting principles of the jurisdiction in question;
  • Interpretation of business documents and records;
  • Independence and objectivity—perhaps the most important commonality.

The foggy nature of estimates and errors arises in financial transactions and statements due to the continuous nature of business. Unlike a footrace that ends at the finish line or an athletic contest that ends with the final buzzer, a business and its transactions are continually in varying stages of completion. There are many items in a financial statement for which the final outcome is not known with precision. Given the complexity and continuity of business, it’s difficult to capture a clear snapshot of a company’s financial position and performance at a random point in time. As a general matter, estimates are most commonly made concerning the final amounts of cash that will be received or paid once assets or liabilities are finally converted into cash. Such estimates can encompass, for example, allowances for uncollectible customer receivables, estimates of liabilities for claims or lawsuits brought against a company, the amount of profit or loss on a long-term contract, and the salability of inventory that is past its prime. Most estimates are based on three types of information: past performance of the same or similar items, what is currently occurring, and what management perceives as the probable outcome. Further complicating matters, the weight to assign each type of information varies depending on the particular circumstances. But no matter how determined, unlike the score of a sporting contest, an estimate on the books or in financial statements is a prediction of what will happen, not the objective tally of what has already taken place.  For all these and a host of other reasons, the ACFE tells us that accounting estimates are always a fertile ground for every type of financial fraud.

What the forensic investigator brings into this mix is his or her informed, holistic approach (as outline above) to the detailed analysis of any specific, predicated fraud.   Legitimate assertion of managerial confidence in the business’s ability to achieve certain estimated results is one thing. A deceptive misinterpretation that is intended to generate a favorable estimate is another thing altogether and may pose a substantial investigative challenge well beyond the scope of most routine financial audits. Practicing forensic accounting investigators are trained to address the often vexing complexities and alternative rationales that may be offered to explain the difference between an estimate and an actual result. Given that estimates often constitute the cause of material differences in financial statement presentations, the ability to distinguish between the manipulatively self-serving and the merely incorrect is a critical element of many forensic investigations.

To get back to our newspaper case, U.S. auditing standards state that the main difference between fraud and error is intent. Errors are unintentional misstatements or omissions of amounts or disclosures in financial statements. So, errors may involve:

  • Mistakes in gathering or processing data from which financial statements are prepared;
  • Unreasonable accounting estimates arising from oversight or misinterpretation of facts;
  • Mistakes in the application of accounting principles related to amount, classification, manner of presentation, or disclosure.

Fraud, on the other hand, is defined in SAS 99 as an intentional act that results in a material misstatement. The motive or intent of an individual in making accounting entries is not the primary focus of the external auditor’s procedures as it is of the forensic investigators. Auditors direct their efforts toward determining objectively measurable criteria regarding account balances and transactions by asking: Do the assets exist? How much was paid? What is the basis of the estimate? Is it reasonable? How much was collected? Were the goods shipped to the customer? By asking questions such as these and obtaining evidence to support the estimate where appropriate, auditors can be better positioned to ascertain that the amounts in the books are correct. Thus, given the focus of the auditor, intent is not uniformly relevant; evaluation of intent is a subjective as opposed to an objective evaluation, and ascertaining intent is a difficult exercise at which the trained forensic accountant is highly skilled.

For the foreseeable future, corporate fraud will continue to present substantial challenges and opportunities for fruitful partnership between auditors and forensic accounting investigators. However, it must be recognized that the complexities of the business world and the ingenuity of highly educated, white-collar criminals will always manage to produce schemes that unfortunately go undetected until they reach significant proportions. Forensic accounting investigators will investigate, prosecutors will convict, and regulators will react with new and more requirements … and, without question,  the fraudsters will always be with us.

After the Deluge

delugeFew events are more devastating to a firm’s reputation than a well-publicized fraud and even more so if the fraud extends to a circle of one or more trusted business partners.

The ACFE tells us that a fraud can impact an organization’s reputation in many ways; and that reputation is based on how well the firm meets the expectations of diverse stakeholders such as customers and investors. Events like a fraud that indicate the organization may have fallen short of such expectations can impact the bottom line directly in terms of sales, expenses, and capital availability.  Surviving and moving forward from such an event and, more importantly, restoring confidence and ensuring that reputational damage is not extended or repeated depends on the policies and people the organization has in place to manage its damaged reputation moving forward.

What’s essential is that every organization have some sort of formal plan in place, preferably prior to a fraud event, to manage the post event fall out; if it doesn’t have such a plan, it behooves every enterprise to develop one as a critical component of its overall fraud prevention program.

The nature of the reputational risk specific to the organization, its risk appetite, and its major reputational risk management activities are all important pieces of information used to craft the overall fraud response plan. Defining the focus and output of the response plan is a critical step not only to development of the plan itself, but also to craft the timing of effective communications to stakeholders, pre and post any fraud event, addressed by the plan. Determining these details up front will give management the substance needed to create a road map that yields compelling results both through the after-fraud period and into the future.

The first step in crafting a reputational risk component of the fraud response plan is to determine the specific nature of this type of risk at the CFE’s client organization. For example, a company that produces consumer products may need to consider its reputation in terms of:

–Consumers. Perceived product quality, value, and safety.
–Investors. Perceived future returns on investment resulting from the company’s innovations, strategy, and execution.
–Suppliers/vendors. Perceived reliability of orders and timeliness of payment.
–Employees. Perceived fairness of the treatment they receive while manufacturing, selling, and supporting the company and its products.
–Online community. Perceptions of stakeholders, including consumers’ product opinions, media reporting on company activities, and competitors.
–Regulatory entities. Perception that the company’s products comply with laws.
–Local community. Perception of the company as a responsible corporate citizen.

CFE’s need to identify the key reputational risks, work with business process experts to prioritize those risks based on the extent to which they could impact the bottom line, and then determine which risks will be included in the final plan. A plan that tries to cover all aspects of reputational risk in the manner of a check list may be too broad to execute; the enterprise’s specific reputational risks to be covered need to be identified and pre-agreed to with management up front.  As the CFE and management work to determine the reputational risk scope, both need to understand the organization’s reputational risk appetite. Many organizations conceive risk appetite solely in terms of financial impact, sometimes further defining it based on financial drivers such as customer loss or asset value reduction. Facilitating a discussion of reputational risk appetite among the enterprises business process owners is a valuable CFE contribution that not only will assist in the development of the response plan, but also in its acceptance by the business. Quantifying reputational risk appetite helps management understand the tangible impact of the risk and thus how much reputational risk executives are willing to bear. In addition, it allows the CFE to communicate the impact of the reputational review work in the individualized value terms defined by the organization’s leadership.

The value added by the up-front work to understand the major vehicles the organization presently uses to manage its reputational risk will depend on the factors affecting that risk and the nature of the business itself.  Some mitigation activities may be proactive, such as establishing a product quality department or monitoring the organization’s social media presence. Others may be reactive, such as having a sales refund plan.  It’s important to remember successful reputation management following a fraud does not hinge upon one person or process (like having a hotline of public relations function), but rather on a series of controls and processes across the entire organization that work together to form a wide pattern of reputational defense. Being aware of existing activities will prepare CFE’s to include an evaluation of them in the fraud response plan. The focus of a fraud response plan can vary based on the nature of the risk and the maturity of the reputational risk management infrastructure. If there is no formal existing plan, then the CFE might prepare and present a best practice fact finding of the present state of the controls over reputational risk. If some kind of response program does exist, then the CFE might focus on control enhancement and process improvement. Financial implications, including reputational damage impact modeling and the cost of risk mitigation, also could be made part of an existing response plan, as could regulatory compliance processes such as the steps involved in the reporting of data breaches.

When one or more of the victim enterprise’s business partners are involved in a fraud against it, the reputational challenge in the post-fraud period is further complicated.  Important questions to ask concerning such third-party relationships during and after the investigative and prosecutorial phases of the fraud are complete include:

–Is there a formal business contract?
–What requirements and rights regarding compliance, possible fraud and anti-corruption does the contract contain?
–Does the contract include an audit clause?
–Who owns the business partner?
–Has the partner disclosed all relevant third-party relationships?
–Have all of the partner’s operating locations been disclosed?
–Does the partner have ongoing litigation or unique governmental relationships that might create an adverse impression among existing customers or external regulators?

Where information is needed involving client response to post-fraud reputational impact, CFE’s can visit partner organizations to gather the appropriate data.  Red flags impacting reputational risk for the CFE to be aware of include limited information about the respective entities, inconsistent data points, operations in politically charged locales, prior regulatory sanctions, and connections to or ownership by politically exposed individuals or environments with uncertain economic or commercial laws or regulations. And while examination of these items falls within the purview of compliance or legal departments, and ultimately management, some opportunity exists for CFE’s to assist with the review of due diligence reports to assess the completeness and adequacy of information in support of management’s general reputation evaluation process and decision-making.

While supporting the preparation and on-going management of client fraud response plans, CFE’s can provide additional value as the organization experiences changes over time. As the company grows, changes its sourcing and marketing strategies, and acquires other businesses, new third parties that provide products and services to and on behalf of the company will be identified and should be considered for inclusion in the company’s reputational planning.  The company’s reputational management efforts need to keep pace with the organization, and CFE’s can help evaluate the scope and breadth of that program by assessing alignment with the company’s changing business and operational fraud prevention profile.

Acting within the framework of their knowledge of the client organization, business risk assessment competency, and mandate to evaluate the adequacy of design and overall effectiveness of anti-fraud related internal controls, CFE’s can help facilitate any company’s fraud recovery/reputational repair due diligence efforts.