Taking the PULSE of a Fraud Investigation

Here are five steps to conducting an expert fraud investigation, and five common investigation mistakes to avoid.

When you are assigned by senior management, the audit committee, or your superior to head a team of professionals to conduct a fraud investigation, what do you do? You have two options: embrace the challenge or decline the offer and risk gaining a reputation as someone who doesn’t rise to the occasion.

Internal audit experts often say that good internal auditors must be brave, and nowhere is this statement more accurate than during a fraud investigation. Conducting a well-executed fraud investigations requires internal auditors to leverage all of their top skills, including communication and people skills, deep knowledge of the business and processes, the ability to sift through large amounts of data, a nose for when something doesn’t seem right, and a little bit of old fashioned intestinal fortitude.

A complex fraud investigation can get the best of even the most talented internal auditor, so before you start, you need a plan. Part of the plan is knowing the critical steps of conducting an investigation, illustrated here with the acronym, PULSE.

P – Preparation

U – Unclog preconceptions and rumors

L – Legal counsel solicitation

S – Scrutiny and management of evidence

E – Execution of the prepared case and reporting

 P – Preparation
In everything you do, preparation is critical to success. Failure to prepare and plan will lead to disastrous consequences. The time and effort invested in preparation will certainly reduce wasted resources. Like any other engagement, a fraud investigation assignment is no different. It must have a clearly defined scope, be backed by a corporate policy, and conducted by a defined project team. The reporting lines must also be clearly spelled out.

• Scope

What was the triggering event that caused the investigation to be initiated? What specific type of fraud are you investigating and the types of evidence required? Who initiated the investigation? Why was the investigation initiated? What are the specific questions the investigation will seek to answer?

• Corporate Investigation Policy

The company must have a formalized fraud investigation policy, that should be appropriately configured, communicated, and followed by all, regardless of rank or position. The policy should include the investigation steps to be followed during a fraud investigation. It should also include the types of conduct that could trigger an investigation, who is responsible for the investigation, and procedures to report on the results of the investigation.

• Project Team

The roles and responsibilities among the project team members must be clearly defined to avoid doubts and ambiguity. The more specific the lines of responsibility are, the better it is for all on the team.

• Reporting Lines

To whom should the investigating team report their findings, and what, generally, should be included in the report?

A fraud investigation engagement requires an array of professionals and skills. Thus hiring of an external professional consultant or outside law firm may be required to fill gaps in those skill sets. The mindset and approach to an investigative assignment is fundamentally very different from a normal internal audit type of assignment. The skills required can be summarized to include:

• Accounting and auditing skills;
• Investigative, creative, and imaginative minds with lateral thinking skills;
• The ability to see beyond numbers;
• Evidence collection, assessment, and preservation: the ability to collect evidence legally that can be used in prosecution.

Fraud investigation engagements involve collecting and scrutinizing heaps of data. Thus it is imperative that a proper evidence log and data management system be put in place to manage the volumes of the collected data. The pros and cons of each data management system need to be discussed and evaluated in light of the magnitude of the case. A simple data management system may be effective for a simple investigation but a more complex and robust system may be required for complex investigations. Failure to manage this aspect of the investigation will result in disaster for the team and the company.

»COMMON INVESTIGATION MISTAKE: Not limiting the scope of the investigation in the beginning. One of the most common mistake investigating teams make is that they do not clearly define the scope of the investigation from the beginning. It is very easy for the scope to quickly become unwieldy and for the investigation to get out of hand. The investigation should be limited to answering a predefined set of questions outlined at the start. That doesn’t mean the scope can’t change as the investigation unfolds, but those decisions should be made as a team in a conscious manner. Also, be on the lookout for rogue members of the investigation team who may use the investigation as a rationale for pursuing unrelated agendas.

U –Unclog Preconceptions and Rumors
In any investigation, there will be a fog or cloud surrounding the events or circumstances you are investigating. These include the rumors that have swirled around the office, the half-truths and partial information you may have picked up from those talking about the case in the hallways or even media reports on the event. These rumors and half-truths can clog up an investigation, send you down the wrong path, or cloud your judgement.

It’s important to unclog your mind of these preconceptions, and set aside the information and evidence you may have gathered, not as part of the preparation stage, but informally and maybe even unintentionally. In other words, to keep an open mind you must clear out the information that hasn’t yet been gathered as part of the formal investigation.

That said, it doesn’t mean you turn your brain off before starting an investigation. Indeed, a nugget of information that you picked up informally or through informal channels could prove crucial to the investigation down the road. But those shouldn’t act as a starting point or cloud the direction of the investigation from the beginning.

»COMMON INVESTIGATION MISTAKE: Having informal ‘off the record’ conversations or meetings during the investigation. Informal calls, meetings, or hallway chats about the investigation only serve to increase the fog around the investigation, not to clear things up. A common mistake is to talk about the investigation with others in the company who aren’t directly involved. Having conversations about the case that aren’t part of the investigation and are not being recorded or noted in the same way can send the investigation down the wrong road or damage the impartiality of the investigators.

L – Legal Counsel Solicitation
It is important that the documents and data compiled by the investigating team are reviewed and vetted by legal counsel, either internally or by an outside firm hired to help with the investigation. This process should not be done at the end of the investigation only, but it should be an on-going process, where legal counsel’s opinion is sought whenever the investigators are in doubt or unclear on some aspect of the case.

It is important to secure legal counsel’s opinion on complex issues in order to ensure that the documents, evidence, and reports from the investigation are able to withstand the scrutiny of the court of law, should legal action be necessary.

»COMMON INVESTIGATION MISTAKE: Reluctance to involve outside help. It’s natural for companies to want to keep a tight lid on the details of potential wrongdoing. But when that tendency results in a reluctance to secure outside help, such as outside counsel to oversee the investigation, companies risk making their problems worse. First, the fraud might require reporting to regulators, such as the SEC or U.S. Department of Justice, for example, in cases of bribery or securities fraud. Outside legal counsel can be a big help in making such determinations. Second, it could appear that the company was engaged in a coverup, particularly for large frauds that involve members of the public.

Now, that we have our case and legal counsel by our side, it’s show time.

S – Scrutiny and Management of Evidence
This aspect of investigation requires an investigator to posses a variety of skill sets:

• Communication skills

An investigator is required to interact and interview people, including the alleged perpetrator(s), fellow colleagues, and vendors and suppliers to build up the case for legal counsel to review and then to present to management, the board, and law enforcement if neccessary. The investigating team professionals must be well-versed in interviewing techniques, be able to read body language, and have high emotional intelligence.

• Observation skills

A good investigator should also have or gain a good understanding of the relationships between colleagues involved in the case and the social connections among groups in the organization. This aspect will be helpful in the gathering of additional evidence to support the case.

• Creative thinking

Investigators must also be able to think out of the box and look beyond numbers as some links may not be direct and can be camouflaged through layering (going through several parties to make the transaction look legitimate).

The soft skills required here are very important as perpetrators of fraud will often rationalize their behavior as being correct and will continuously defend their actions or attempt to deceive investigators. The ability to infer information from tone of voice, what is being said, what is not being said, and the ability to take clues from their responses and body language is critical to seeing through deception.

While gathering, storing, and analyzing data and evidence, it’s important not to forget the aspects of data management and evidence integrity. The entire case could be jeopardized if the collected evidence has been tampered with or its chain of custody can’t be accounted for. The data and documents collected must be genuine and in the same condition as they were when collected by the investigating team. For example, the site where the evidence was seized should be clearly recorded, and no marking, stapling, or hole-punching of the original documents should occur.

As such, it is imperative that all data and documents collected be secured in a safe and sound place and their integrity preserved. They must be easily retrievable when required by the investigating team or members of legal counsel. All access to and chain of custody of the data and evidence should be clearly and meticulously documented.

»COMMON INVESTIGATION MISTAKE: Not enough supporting evidence collected in the course of the investigation. Well-documented interviews with those involved or who have knowledge of the potential wrongdoing will make up the heart of the investigation. But data, including financial analysis and data analytics, must support those findings. Don’t rely solely on interviews, but support those finding with data. And be on the lookout for those who are putting up barriers to accessing that data. Get support from management or the board to gain access to any data that could be relevant and spend the time sifting through it.

E – Execution of the Prepared Case and Reporting
The final aspect of the investigation can take several forms. Generally, a formal report is to be vetted by legal counsel before being presented to company management (provided management is not involved in the wrongdoing), the board of directors, and if necessary, regulators or law enforcement. The presented evidence must be clear and concise, limited to facts of the case, and well documented.

Legal counsel, management (excluding those who might have been involved), and the board will want answers to the following questions:

• How the alleged fraud was perpetrated?
• Who were the perpetrators of fraud and how long it has been going on?
• Who might have known about or enabled the fraud and looked the other way, and who should have known about it?
• What was the quantum involved?
• What were the controls lapses (if any) that resulted in the fraud being perpetrated?
• What corrective action (if any) should be taken to prevent a re-occurrence of the event?

After reporting the unvarnished results internally to management and the board, there are some complex decisions to make, including, should the findings be reported publicly and should law enforcement, regulators, or other government officials be notified of the findings. Generally, if a crime has been committed or regulations violated, they should. The investigation team and board should lean heavily on the help of legal counsel to make such determinations.

Another consideration, as the investigation wraps up and the results are reported to the proper individuals and organizations, is what changes to make to prevent such fraud from happening again. The findings should inform internal policymakers to review the policies and procedures, controls, and cultural aspects and consider changes that might need to be made. Increased training might also be needed to ensure employees and managers are aware of the rules and know their responsibilities.

»COMMON INVESTIGATION MISTAKE: Including too much unsubstantiated material or opinions in the final report. It’s temping to read into the facts and evidence of the case and express those opinions in the final report. Don’t do it. Unless the findings are obvious, the report on the investigation should take a “just the facts, ma’am” approach.

It is important to remember that fraud investigations involve a variety of professionals, skills, and techniques, and should usually not be a conducted by one person. Team work and communication within the investigating team and with other personnel is equally important as planning the engagement. A solid preparation and a carefully crafted plan in capturing, recording, gathering, and safekeeping of evidence will ensure a high level of objectivity and professionalism in the completing the engagement and achieving the desired results. 

(PHOTO: Holmes!!, by Dynamosquito, used under CC BY-SA 2.0, from Flickr)

Sanjeev Gathani CFE, GRCA, CRCP, ATM is founder and CEO of Better Business Governance (BBG) – APAC Pte Ltd., with 20 years of experience in governance, risk, and compliance. He is also a licensed private investigator and fraud expert based in Singapore.

Did you enjoy this article? Consider making a small donation to support independent business journalism at Internal Audit 360°. Click Here! And much thanks to those who have already donated. Our success depends on it.