Category Archives: Construction Fraud

The Unsanctioned Invoice

Of all the frauds classified as occupational, one of the most pernicious encountered by CFEs is the personal purchase with company funds scam. I say pernicious because not only is this type of fraud a cancer, devouring it’s host organization from within, but also because this basic fraud scenario can take on so many different forms.

Instead of undertaking externally involved schemes to generate cash, many employed fraudsters choose to betray their employers by simply purchasing personal items with their company’s money. Company accounts are used by the vampires to buy items for their side businesses and for their families. The list of benefiting recipients goes on and on. In one case a supervisor started a company for his son and directed work to the son’s company. In addition to this ethically challenged behavior, the supervisor saw to it that his employer purchased all the materials and supplies necessary for running the son’s business. As the fraud matured, the supervisor purchased materials through his employer that were used to add a room to his own house. All in all, the perpetrator bought nearly $50,000 worth of supplies and materials for himself and various others using company money.

One might wonder why a purchases fraud is not classified by the ACFE as a theft of inventory or other assets rather than as a billing scheme. After all, in purchases schemes the fraudster buys something with company money, then takes the purchased item for himself or others. In the case cited above, the supervisor took building materials and supplies. How does this differ from those frauds where employees steal supplies and other materials? On first glance, the schemes appear very similar. In fact, the perpetrator of a purchases fraud is stealing inventory just as s/he would in any other-inventory theft scheme. Nevertheless, the heart of the scheme is not the taking of the inventory but the purchasing of the inventory. In other words, when an employee steals merchandise from a warehouse, s/he is stealing an asset that the company needs, an asset that it has on hand for a particular reason. The harm to the victim company is not only the cost of the asset, but the loss of the asset itself. In a purchasing scheme, on the other hand, the asset which is taken is superfluous. The perpetrator causes the victim company to order and pay for an asset which it does not really need in the course of business, so the only damage to the victim company is the money lost in purchasing the particular item. This is why purchasing schemes are categorized as invoice frauds.

Most of the employees identified by the ACFE as undertaking purchase schemes do so by running unsanctioned invoices through the accounts payable system. The fraudster buys an item and submits the bill to his employer as if it represented a purchase on behalf of the company. The goal is to have the company pay the invoice. Obviously, the invoice which the employee submits to his company is not legitimate. The main hurdle for a fraudster to overcome, therefore, is to avoid scrutiny of the invalid invoice and to obtain authorization for the bill to be paid.

As in the many cases of shell company related schemes we’ve written about on this blog, the person who engages in a purchases scheme is often the very person in the company whose duties include authorizing purchases. Obviously, proper controls should preclude anyone from approving her own purchases. Such poorly separated functions leave little other than her conscience to dissuade an employee from fraud. Nevertheless, CFEs see many examples of small to medium sized companies in which this lapse in controls exists. As the ACFE continues to point out, fraud arises in part because of a perceived opportunity. An employee who sees that no one is reviewing his or her actions is more likely to turn to fraud than one who knows that her company applies due diligence in the attempt to detect all employee theft.

An example of how poor controls can lead to fraud was the case where a manager of a remote location of a large, publicly traded company was authorized to both order supplies and approve vendor invoices for payment. For over a year, the manager routinely added personal items and supplies for his own business to orders made on behalf of his employer. The orders often included a strange mix of items; technical supplies and home furnishings might, for instance, be purchased in the same order. Because the manager was in a position to approve his own purchases, he could get away with such blatantly obvious frauds. In addition to ordering personal items, the perpetrator changed the delivery address for certain supplies so that they would be delivered directly to his home or side business. This scheme cost the victim company approximately $300,000 in unnecessary purchases. In a similar case, an employee with complete control of purchasing and storing supplies for his department bought approximately $100,000 worth of unnecessary supplies using company funds. The employee authorized both the orders and the payments. The excess supplies were taken to the perpetrator’s home where he used them to manufacture a product for his own business. It should be obvious that not only do poor controls pave the way for fraud, a lack of oversight regarding the purchasing function can allow an employee to remove huge amounts from the company’s bottom line.

Not all fraudsters are free to approve their own purchases. Those who cannot must rely on other methods to get their personal bills paid by the company. The chief control document in many voucher systems is the purchase order. When an employee wants to buy goods or services, s/he submits a purchase requisition to a superior. If the purchase requisition is approved, a purchase order is sent to a vendor. A copy of this purchase order, retained in the voucher, tells accounts payable that the transaction has been approved. Later, when an invoice and receiving report corresponding to this purchase order are assembled, accounts payable will issue a check.

So in order to make their purchases appear authentic, some fraudsters generate false purchase orders. In one case, an employee forged the signature of a division controller on purchase orders. Thus the purchase orders appeared to be authentic and the employee was able to buy approximately $3,000 worth of goods at his company’s expense. In another instance, a part time employee at an educational institution obtained unused purchase order numbers and used them to order computer equipment under a fictitious name. The employee then intercepted the equipment as it arrived at the school and loaded the items into his car. Eventually, the employee began using fictitious purchase order numbers instead of real ones. The scheme came to light when the perpetrator inadvertently selected the name of a real vendor. After scrutinizing the documents, the school knew that it had been victimized. In the meantime, the employee had bought nearly $8,000 worth of unnecessary equipment.

Purchase orders can also be altered by employees who seek to obtain merchandise at their employer’s expense. In one instance, several individuals conspired to purchase over $2 million worth of materials for their personal use. The ringleader of the scheme was a low-level supervisor who had access to the computer system which controlled the requisition and receipt of materials. This supervisor entered the system and either initiated orders of materials that exceeded the needs of a particular project or altered existing orders to increase the amount of materials being requisitioned. Because the victim organization had poor controls, it did not compare completed work orders on projects to the amount of materials ordered for those projects. This allowed the inflated orders to go undetected.

Another way for an employee to get a false purchase approved is to misrepresent the nature of the purchase. In many companies, those with the power to authorize purchases are not always attentive to their duties. If a trusted subordinate vouches for an acquisition, for instance, busy supervisors often give rubber stamp approval to purchase requisitions. Additionally, employees sometimes misrepresent the nature of the items they are purchasing in order to pass a cursory review by their superiors.

Instead of running false invoices through accounts payable, some employees make personal purchases on company credit cards or running accounts with vendors. As with invoicing schemes, the key to getting away with a false credit card purchase is avoiding detection. Unlike invoicing schemes, however, prior approval for purchases is not required. An employee with a company credit card can buy an item merely by signing his or her name (or forging someone else’s) at the time of purchase. Later review of the credit card statement, however, may detect the fraudulent purchase.

As with invoicing schemes, those who committed the frauds were often in a position to approve their own purchases;, the same is often true with credit card schemes. A manager in one case, reviewed and approved his own credit card statements. This allowed him to make fraudulent purchases on the company card for approximately two years.

Finally, there is, the fraudster who buys items and then returns them for cash. A good example of such a scheme is that in which an employee made fraudulent gains from a business travel account. The employee’s scheme began by purchasing tickets for herself and her family through her company’s travel budget. Poor separation of duties allowed the fraudster to order the tickets, receive them, prepare claims for payments, and distribute checks. The only review of her activities was made by a busy and rather uninterested supervisor who approved the employee’s claims without requiring support documentation. Eventually, the employee’s scheme evolved. She began to purchase airline tickets and return them for their cash value. An employee of the travel agency assisted in the scheme by encoding the tickets as though the fraudster had paid for them herself. That caused the airlines to pay refunds directly to the fraudster rather than to her employer. In the course of two years, this employee embezzled over $100,000 through her purchases scheme.

The Conflicted Board

Our last post about cyberfraud and business continuity elicited a comment about the vital role of corporate governance from an old colleague of mine now retired and living in Seattle.  But the wider question our commenter had was, ‘What are we as CFEs to make of a company whose Board willfully withholds for months information about a cyberfraud which negatively impacts it customers and the public? From the ethical point of view, does this render the Board somehow complicit in the public harm done?’

Governance of shareholder-controlled corporations refers to the oversight, monitoring, and controlling of a company’s activities and personnel to ensure support of the shareholders’ interests, in accordance with laws and the expectations of stakeholders. Governance has been more formally defined by the Organization for Economic Cooperation and Development (OECD) as a set of relationships between a company’s management, its Board, its shareholders, and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set (including about ethical continuity), and the means of attaining those objectives and monitoring performance. Good corporate governance should provide proper incentives for the Board and management to pursue objectives that are in the interests of the company and its shareholders and should facilitate effective monitoring.

The role and mandate of the Board of Directors is of paramount importance in the governance framework. Typically, the directors are elected by the shareholders at their annual meeting, which is held to receive the company’s audited annual financial statements and the audit report thereon, as well as the comments of the chairman of the Board, the senior company officers, and the company auditor.

A Board of Directors often divides itself into subcommittees that concentrate more deeply in specific areas than time would allow the whole Board to pursue. These subcommittees are charged with certain actions and/or reviews on behalf of the whole Board, with the proviso that the whole Board must be briefed on major matters and must vote on major decisions. Usually, at least three subcommittees are created to review matters related to (1) governance, (2) compensation, and (3) audit, and to present their recommendations to the full Board. The Governance Committee deals with codes of conduct and company policy, as well as the allocation of duties among the subcommittees of the Board. The Compensation Committee reviews the performance of senior officers, and makes recommendations on the nature and size of salaries, bonuses, and related remuneration plans. Most important to fraud examiners and assurance professionals, the Audit Committee reviews internal controls and systems that generate financial reports prepared by management; the appropriateness of those financial reports; the effectiveness of the company’s internal and external auditors; its whistle-blowing systems, and their findings; and recommends the re-election or not of the company’s external auditors.

The Board must approve the selection of a Chief Executive Officer (CEO), and many Boards are now approving the appointment of the Chief Financial Officer (CFO) as well because of the important of that position. Generally, the CEO appoints other senior executives, and they, in turn, appoint the executives who report to them. Members of these committees are selected for their expertise, interest, and character, with the expectation that the independent judgment of each director will be exercised in the best interest of the company. For example, the ACFE tells us, members of the Audit Committee must be financially literate, and have sufficient expertise to understand audit and financial matters. They must be of independent mind (i.e., not be part of management or be relying upon management for a significant portion of their annual income), and must be prepared to exercise that independence by voting for the interest of all shareholders, not just those of management or of specific limited shareholder groups.

Several behavioral expectations extend to all directors, i.e., to act in the best interest of the company (shareholders & stakeholders), to demonstrate loyalty by exercising independent judgment, acting in good faith, obedient to the interests of all and to demonstrate due care, diligence, and skill.

All directors are expected to demonstrate certain fiduciary duties. Shareholders are relying on directors to serve shareholders’ interests, not the directors’ own interests, nor those of management or a third party. This means that directors must exercise their own independent judgment in the best interests of the shareholders. The directors must do so in good faith (with true purpose, not deceit) on all occasions. They must exercise appropriate skill, diligence, and an expected level of care in all their actions.

Obviously, there will be times when directors will be able to make significant sums of money by misusing the trust with which they have been bestowed and at the expense of the other stakeholders of the company. At these times a director’s interests may conflict with those of the others. Therefore, care must be taken to ensure that such conflicts are disclosed, and that they are managed so that no harm comes to the other shareholders. For example, if a director has an interest in some property or in a company that is being purchased, s/he should disclose this to the other directors and refrain from voting on the acquisition. These actions should alert other directors to the potential self-dealing of the conflicted director, and thereby avoid the non-conflicted directors from being misled into thinking that the conflicted director was acting only with the corporation’s interests in mind.

From time to time, directors may be sued’ by shareholders or third parties who believe that the directors have failed to live up to appropriate expectations. However, courts will not second-guess reasonable decisions by non-conflicted directors that have been taken prudently and on a reasonably informed basis. This is known as the business judgment ru1e and it protects directors charged with breach of their duty of care if they have acted honestly and reasonably. Even if no breach of legal rights has occurred, shareholders may charge that their interests have been ‘oppressed’ (i.e., prejudiced unfairly, or unfairly disregarded) by a corporation or a director’s actions, and courts may grant what is referred to as an oppression remedy of financial compensation or other sanctions against the corporation or the director personally. If, however, the director has not been self-dealing or misappropriating the company’s opportunities, s/he will likely be protected from personal liability by the business judgment rule.

Some shareholders or third parties have chosen to sue directors ‘personally in tort’ for their conduct as directors, even when they have acted in good faith and within the scope of their duties, and when they believed they were acting in the best interests of the corporations they serve.  Recently, courts have held that directors cannot escape such personal liability by simply claiming that they did the action when performing their corporate responsibilities. Consequently, directors or officers must take care when making all decisions that they meet normal standards of behavior.

Consequently, when management and the Board of a company who has been the victim of a cyber-attack decides to withhold information about the attack (sometimes for weeks or months), fundamental questions about compliance with fiduciary standards and ethical duty toward other stakeholders and the public can quickly emerge.   The impact of recent corporate cyber-attack scandals on the public has the potential to change future governance expectations dramatically. Recognition that some of these situations appear to have resulted from management inattention or neglect (the failure to timely patch known software vulnerabilities, for example) has focused attention on just how well a corporation can expect to remediate its public face and ensure ongoing business continuity following such revelations to the public.

My colleague points out that so damaging were the apparently self-protective actions taken by the Boards of some of these victim companies in the wake of several recent attacks to protect their share price, (thereby shielding the interests of existing executives, directors, and investors in the short term) that the credibility of their entire corporate governance and accountability processes has been jeopardized, thus endangering, in some cases, even their ability to continue as viable going concerns.

In summary, in the United States, the Board of Directors sits at the apex of a company’s governing structure. A typical Board’s duties include reviewing the company’s overall business strategy, selecting and compensating the company’s senior executives; evaluating the company’s outside auditor, overseeing the company’s financial statements; and monitoring overall company performance. According to the Business Roundtable, the Board’s ‘paramount duty’ is to safeguard the interests of the company’s shareholders.  It’s fair to ask if a Board that chooses not to reveal to its stakeholders or to the general investor public a potentially devastating cyber-fraud for many months can be said to have meet either the letter or the spirit of its paramount duty.

Cyberfraud & Business Continuity

We received an e-mail inquiry from a follower of our Chapter’s LinkedIn page last week asking specifically about recovery following a cyberfraud penetration and, in general, about disaster planning for smaller financial institutions. It’s a truism that with virtually every type of business process and customer moving away from brick-and-mortar places of business to cloud supported business transactions and communication, every such organization faces an exponential increase in the threat of viruses, bots, phishing attacks, identity theft, and a whole host of other cyberfraud intrusion risks.  All these threats illustrate why a post-intrusion continuity plan should be at or near the top of any organization’s risk assessment, yet many of our smaller clients especially remain stymied by what they feel are the costs and implementational complexity of developing such a plan. Although management understands that it should have a plan, many say, “we’ll have to get to that next year”, yet it never seems to happen.

Downtime due to unexpected penetrations, breeches and disasters of all kinds not only affect our client businesses individually, but can also affect the local, regional, or worldwide economy if the business is sufficiently large or critical. Organizations like Equifax do not operate in a vacuum; they are held accountable by customers, vendors, and owners to operate as expected. Moreover, the extent of the impact on a business depends on the products or services it offers. Having an updated, comprehensive, and tested general continuity plan can help organizations mitigate operational losses in the event of any disaster or major disruption. Whether it’s advising the organization about cyberfraud in general or reviewing the different elements of a continuity plan for fraud impact, the CFE can proactively assist the client organization on the front end in getting a cyberfraud-recovery continuity plan in place and then in ensuring its efficient operation on the back end.

Specifically, regarding the impact of cyberfraud, the ACFE tells us that, until relatively recently, many organizations reported not having directly addressed it in their formal business continuity plans. Some may have had limited plans that addressed only a few financial fraud-related scenarios, such as employee embezzlement or supplier billing fraud, but hadn’t equipped general employees to deal with even the most elemental impacts of cyberfraud.   However, as these threats increasingly loomed, and as their on-line business expanded, more organizations have committed themselves to the process of formally addressing them.

An overall business continuity plan, including targeted elements to address cyberfraud, isn’t a short-term project, but rather an ongoing set of procedures and control definitions that must evolve along with the organization and its environment. It’s an action plan, complete with the tools and resources needed to continue those critical business processes necessary to keep the entity operating after a cyber disruption. Before advising our clients to embark on such a business continuity plan project, we need to make them aware that there is a wealth of documentation available that they can review to help in their planning and execution effort. An example of such documentation is one written for the industry of our Chapter’s inquirer, banking; the U.S. Federal Financial Institutions Examination Council’s (FFIEC’s) Business Continuity Planning Handbook. And there are other such guides available on-line to orient the continuity process for entities in virtually every other major business sector.  While banks are held to a high standard of preparedness, and are subject to regular bank examination, all types of organizations can profit from use of the detailed outline the FFIEC handbook provides as input to develop their own plans. The publication encourages organizations of all sizes to adopt a process-oriented approach to continuity planning that involves business impact analysis as well as fraud risk assessment, management, and monitoring.

An effective plan begins with client commitment from the top. Senior management and the board of directors are responsible for managing and controlling risk; plan effectiveness depends on management’s willingness to commit to the process from start to finish. Working as part of the implementation team, CFEs can make sure both the audit committee and senior management understand this commitment and realize that business disruption from cyber-attack represents an elevated risk to the organization that merits senior-level attention. The goal of this analysis is to identify the impact of cyber threats and related events on all the client organizations’ business processes. Critical needs are assessed for all functions, processes, and personnel, including specialized equipment requirements, outsourced relationships and dependencies, alternate site needs, staff cross-training, and staff support such as specialized training and guidance from human resources regarding related personnel issues. As participants in this process, CFEs acting proactively are uniquely qualified to assist management in the identification of different cyberfraud threats and their potential impacts on the organization.

Risk assessment helps gauge whether planned cyberfraud-related continuity efforts will be successful. Business processes and impact assumptions should be stress tested during this phase. Risks related to protecting customer and financial information, complying with regulatory guidelines, selecting new systems to support the business, managing vendors, and maintaining secure IT should all be considered. By focusing on a single type of potential cyber threat’s impact on the business, our client organizations can develop realistic scenarios of related threats that may disrupt the cyber-targeted processes.  At the risk assessment stage, organization should perform a gap analysis to compare what actions are needed to recover normal operations versus those required for a major business interruption. This analysis highlights cyber exposures that the organization will need to address in developing its recovery plan. Clients should also consider conducting another gap analysis to compare what is present in their proposed or existing continuity plan with what is outlined (in the case of a bank) in the recommendations presented in the FFIEC handbook. This is an excellent way to assess needs and compliance with these and/or the guidelines available for other industries. Here too, CFEs can provide value by employing their skills in fraud risk assessment to assist the organization in its identification of the most relevant cyber risks.

After analyzing the business impact analysis and risk assessment, the organization should devise a strategy to mitigate the risks of business interruption from cyberfraud. This becomes the plan itself, a catalog of steps and checklists, which includes team members and their roles for recovery, to initiate action following a cyber penetration event. The plan should go beyond technical issues to also include processes such as identifying a lead team, creating lists of emergency contacts, developing calling trees, listing manual procedures, considering alternate locations, and outlining procedures for dealing with public relations.  As members of the team CFEs, can work with management throughout response plan creation and installation, consulting on plan creation, while advising management on areas to consider and ensuring that fraud related risks are transparently defined and addressed.

Testing is critical to confirm cyber fraud contingency plans. Testing objectives should start small, with methods such as walkthroughs, and increase to eventually encompass tabletop exercises and full enterprise wide testing. The plan should be reviewed and updated for any changes in personnel, policies, operations, and technology. CFEs can provide management with a fraud-aware review of the plan and how it operates, but their involvement should not replace management’s participation in testing the actual plan. If the staff who may have to execute the plan have never touched it, they are setting themselves up for failure.

Once the plan is created and tested, maintaining it becomes the most challenging activity and is vital to success in today’s ever-evolving universe of cyber threats. Therefore, concurrent updating of the plan in the face of new and emerging threats is critical.

In summary, cyberfraud-threat continuity planning is an ongoing process for all types of internet dependent organizations that must remain flexible as daily threats change and migrate. The plan is a “living” document. The IT departments of organizations are challenged with identifying and including the necessary elements unique to their processes and environment on a continuous basis. Equally important, client management must oversee update of the plan on a concurrent basis as the business grows and introduces new on-line dependent products and services. CFEs can assist by ensuring that their client organizations keep cyberfraud related continuity planning at the top of mind by conducting periodic reviews of the basic plan and by reporting on the effectiveness of its testing.

Bob the Builder

bobthebuilder

by Rumbi Petrozzello
2016 Vice President – Central Virginia ACFE Chapter

The soundtrack of my summer was a cacophony of drills, sanders and related discordant noises, all guaranteed to drive me to near insanity. Since the bulk of this seemed to be happening right outside my window, the result was a shrinking view of the sky, more views into the homes of my neighbors than I ever wanted and a near-constant film of dust on everything in our home, despite all our best efforts. I thought that construction was looming large only in my life but, coming off a trip to Nashville, Tennessee, I see that I’m far from alone. I took a tour bus around the city and, it almost seemed the city skyline was made up of little else than the silhouettes of massive construction cranes. There’s a lot going on in an industry that, at least in New York City, has a history of control by organized crime.

It’s hardly surprising – construction projects span long periods of time and require many moving parts. There can be several contractors responsible for different parts of a construction project, and each of those contractors hires subcontractors. Because projects range from moderate to long term, contractors and subcontractors will bill periodically for work in progress and, there is a lot of leeway for estimating just how much of the project has been completed. Depending on the contract, there may be head room to get paid for cost overruns and, if there’s room for that, you can be sure that someone is going to try to take advantage. There is no shortage of ways in which fraud or error can occur when it comes to construction. Controlling various aspects of the construction industry was lucrative business for organized crime for many years. Nowadays, the regular fraudster on the street has also found his way into profiting from construction related fraud – if the opportunity is there, the ethically challenged always seem to find ways to exploit it.

As forensic accountants and fraud examiners, we may find ourselves being called upon to investigate such frauds. Sometimes companies decide to be proactive and bring us in to assess, suggest and institute practices that will help prevent, detect and deter fraudulent activities. In either case, there is much that we can do. An important aspect of this type of effort is our emphasizing to the client and the wider business community the importance of well-kept and comprehensive business records. As tedious as some of this may feel to those maintaining the records, such records can prove invaluable when things go wrong. Contractors and their subcontractors should both maintain up-to-date ledgers. The ledger information should be corroborated by supporting information. Examples of critical documentation are:

  • Payroll records – this includes matching the ledger information to time cards, information from payroll processing companies and filings with city, state and federal authorities.
  • Bank statements – bank statements should be reconciled to the general ledger and there should be searches for possible bank accounts that are not reported on the ledger. Is the contractor transferring funds to accounts for related companies? What information is on the credit card statements and how does it relate to the contractors’ ledgers? Does information on brokerage accounts match information in the general ledger?
  • Invoices – do the vendors declarations of what’s going on make sense? Do their submitted expenses make sense? Can you immediately understand their expenses or is the information vague and lacking enough detail to determine what the vendor is being paid for? Have costs been misclassified? Follow the money … we should always stop and take the time to look and see where the money is going and why it’s going there.

Many construction projects employ union workers. Because unions tend to be organizations with lots of bureaucracy, it follows that they tend also to be organizations with lots of records. If a union tells you that it does not have many records, that fact alone should raise a red flag. When seeking to verify information from such organizations, there are various standard records we can request:

  • Shop steward report – This is a report that will show the names of the employees working, the times they reported for work and left and out and the number of hours worked. This information can be very useful in testing if the hours claimed are reasonable.
  • Job descriptions – Do the job descriptions make sense and do they match the employees that are claiming to be doing the work? In one case in New York City, a legally blind man was listed on the books as a heavy machinery operator. Subsequent investigation revealed that he was indeed blind; and he never went anywhere near heavy machinery.
  • Member profiles – Review benefits and see to whom the union pays those benefits. Review the records and see if anything jumps out at you as being unusual, requiring further information and perhaps investigation. Do you have a member (or members) listed who’s well-paid for not doing much?
  • Look at the records the general contractor keeps and see if they match the records kept by the union.

If you’ve been brought in to perform proactive fraud prevention and detection work, encourage and suggest that, if one does not already exist, the company set up an effective and comprehensive whistleblower program. Confidential sources are often the most important element of an investigation. These sources can also be very helpful in making sure that you ask for all the documents needed for your specific investigation and they can also make valuable suggestions precisely where else you can look for vital case information.

If my city is anything like yours, there are a lot of construction projects being planned and in the works. You don’t have to look hard at all to find media reporting on cost overruns and fraud in the construction industry. From The Big Dig in Boston to personal tales told to you by friends, there are many ways in which the moving parts of any construction project can be exploited by fraudsters. There are also many ways in which we can be of service as forensic accountants and fraud examiners to deter, detect and investigate every aspect of this exploitation.