INTRODUCTION TO CONDUCTING AN INTERNAL FRAUD INVESTIGATION – Part I

This is the first installment in a two-part expose in which I walk you through the basic outline of conducting an internal fraud investigation. By “internal” I mean that the setting is inside an organization.

___________________________________________________________________

INTRODUCTION

Occupational fraud comes in a variety of forms, such as fraudulent financial statements, financial fraud, accounting irregularities, or asset misappropriation, just to name a few.

Even though employers should first of all understand the necessity of a preventive approach to fraud in today’s workplace (see my earlier post, A Contingency Plan for Responding to Workplace Fraud), there are many instances where an internal investigation is necessary. Employers can and do successfully conduct internal workplace investigations. The goal of this article is to instruct the HR manager, Internal Audit manager or anyone else delegated to conduct the probe, about the potential issues surrounding an investigation and when it might be appropriate to seek outside advice. Also, this article attempts to instruct the the investigators about the issues of employee whistleblower protection and how it pertains to different situations throughout the internal investigation.

MECHANICS OF A FRAUD INVESTIGATION

Before the issue of fraud arises, employers and human resource managers can attempt to prevent or greatly diminish the likelihood of workplace fraud if certain issues are addressed early on. Education, training, and written contingent plans, policies and procedures addressing internal fraud are systemic devices that a company can use to deter or prevent internal fraud. Combined with systemic devices and preventive efforts, addressing the fraud up front through consistent enforcement and sanctions, (including discharging employees who commit fraud), will send a clear message to all that the organization will not compromise its integrity.

Once an allegation of fraud arises, the company is faced with many considerations, several of which are discussed below. The twelve questions that follow generally represent the different stages in an internal fraud investigation and will facilitate the organisation’s evaluation of the allegation of fraud.

1. SHOULD THE COMPANY EVEN CONDUCT AN INTERNAL INVESTIGATION?

Some practitioners argue that with all the noise and bad publicity that accompany news of fraud, a better alternative for a company — particularly one that merely suspects fraud — is to leave the matter alone. They caution that if the company conducts an in-house investigation and prepares a written report in connection with the investigation, the news will out and the outcome will be tantamount to washing its dirty linen in public. Yet, allowing the fraud to go unaddressed in any company is advocating for, to use an old adage, the sweeping of dirt under the carpet. Sound business and legal judgment supports conducting an investigation, but proceeding with skill, caution, and confidentiality. In the end, an internal investigation should be conducted if for no other reason than to stop the fraud or send a message throughout the company that fraud will not be tolerated.

2. WHAT IS THE EXTENT AND PERVASIVENESS OF THE FRAUD?

When the company decides to conduct an investigation, an investigator must continually address the timing, scope, and viability of conducting an internal investigation.

  •  Timing: a fraud investigation must be prompt and swift.
  •  Scope: if the alleged fraud involves high level employees, an investigator must get the support of the top level executives to conduct an investigation and to have full authority to interview those high level employees.
  • Viability: the seriousness, duration, and frequency of the possible fraud will help in determining whether an internal investigation can competently and swiftly uncover and deal with the fraud.

Addressing these issues will give the investigator the clearest picture of the extent of the fraud in the company and possible needed safeguards — such as evidential document retention, external advice, and security concerns.

3. WHO CONDUCTS THE INVESTIGATION?

HR managers, Loss Control officers and/or Internal Auditors are increasingly being called upon to conduct in-house investigations. The question of whether to bring in outsiders, such as the police, regulators, forensic auditors, fraud examiners, or handle the matter in-house is an open one. This decision is fact and case specific, and will depend upon the duration and breadth of the potential problem as well as potential in-house investigatory skills. Many times the in-house investigations are coordinated with outside help. If the company initially decides that it will conduct an internal investigation instead of an external investigation, the roles of the individuals involved in the investigation should be clearly defined. If the investigation is conducted in-house under the supervision of, say, an internal auditor or HR manager, the benefits may include:

  •  more knowledge about the company’s business, employees, and procedures;
  •  increased control over the investigation as well as the possible resulting publicity.

On the other hand, the disadvantages of keeping the investigation in-house may include:

  • insufficient training in carrying out fraud investigations;
  • less objectivity than an external investigation;
  • possible conflicts between the company’s well-being and management’s professional obligations; and
  • susceptibility to organizational politics, leading to possible loyalty issues between the investigator and the employees involved (witnesses, suspects and their sympathizers) and lack of support.

Although some of the disadvantages are not damaging to the company generally, the existence of such factors when conducting an in-house investigation may lead to all sorts of problems.

4. WHO IS BEING DEFRAUDED?

If the harm is internal, the company can deal with the issue through targeting and dealing with the offender appropriately, definitively, and swiftly. If the harm is external – such as a vendor, supplier, customer, or shareholder – the company should analyze how to rectify the current situation with the outside parties. In these situations, outside advice should be sought, and the investigator and the employer must be aware that companies are generally liable for the fraud committed by their directors, officers, employees, and agents.

5. SHOULD THE EMPLOYEE HAVE KNOWN THAT CERTAIN CONDUCT IS FRAUDULENT OR AGAINST COMPANY POLICY?

In answering this question, a company must examine its policies and procedures, its education and training concerning workplace fraud, and its commitment to preventing internal fraud. The answer to this question is important later on in the investigation process when the company will have to decide what to do with an employee who is found to have engaged in fraudulent acts either against the company or against external entities.

6. WHAT IS THE PURPOSE OF THE INVESTIGATION?

Either through an anonymous tip, an external source (supplier, vendor, etc.), a suspicion from upper management, internal audit or a complaint from an employee, someone in management realized that there may be fraud going on in the company and that it must be dug out. The company realizes that the goal is to either

  • find fraud or no fraud, or
  • find fraud and identify who is responsible.

In other words, the purpose of the investigation is to find the truth.

Prior to any interviewing, the investigator should have a clear understanding of the alleged violation, any documents or statements that support the violation, and a working knowledge of the area to be investigated. Next, the investigator –

  • gathers as many facts and documents as possible,
  • develops a strategic order to interview the employees or the suspect(s), and, finally,
  • establishes some sort of measuring system by which to gauge the credibility of the sources of the information.

In Part II we will be looking at the art of conducting interviews and documenting the investigation processes, etc. Stay tuned!

————————————————————————————————————

Advertisements

What do you think? What strategies do you, or your company, use to manage the risk of fraud and error in your organisation? Are you primarily proactive or reactive in your approach to risk management? Share your experience in the Comment box below.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s