Part Two: Fraud Investigation Requirements and Best Practices
Baseline Requirements – A successful internal investigation program should include the following baseline requirements:
- Independence – The group or individual(s) assigned responsibility to conduct internal investigations should have an appropriate level of independence to investigate all matters without inappropriate or undue influence by management
- Defined Scope and Responsibilities – Defining scope and responsibilities is particularly important if there is a team approach in conducting internal investigations, it minimizes confusion as to who is the lead investigator and each member’s role.
- Documented Procedures – The investigation process should be well-documented to ensure consistency in approach, work performed, and outcome.
- Case management system – There should be a case management system, the internal investigation system of record, that captures key data and information. The case management system can be as simple as hard copy files that consistently maintain the same information or as sophisticated as an electronic software solution.
- Skilled Staff – The individuals conducting the investigations must be experienced and knowledgeable; this is particularly true of the individuals who will be conducting the accusatory interviews.
Collaborative Approach Internal investigations should be collaborative, drawing on other groups’ knowledge or expertise:
- Audit has knowledge about the subject area’s internal controls and processes.
- Corporate Communications should be notified if there is a concern that the matter may be leaked to the news media.
- Corporate Security should be involved if there is a workplace violence concern, this group also usually has law enforcement contacts.
- Human Resources should be consulted and involved in all investigations involving employees to assist in ensuring consistency in employment decisions.
- IT can provide information on system access, and pull emails.
- Legal should be consulted when regulatory or legal requirements are not clearly defined.
Investigation Objectives – There should be two objectives of every investigation:
- Determining who committed the unethical or fraudulent activity
- Determining how the unethical or fraudulent activity occurred or went undetected
While investigations should strive to identify who committed the unethical or fraudulent activity; arguably, the more important of the two objectives is identifying how the unauthorized activity was allowed to occur and/or go undetected, and making recommendations to prevent future occurrences.
Investigation Plan – At the beginning of every investigation, an investigation plan should be developed; it is the formal framework as to how the investigation will proceed. The plan should be tailored to address the concerns noted in the allegation as well as the general investigation objectives. The plan should be considered a” living” document, that should be expanded or contracted as facts are discovered.
Investigation Fieldwork – The fieldwork is the means by which the plan is completed and the objectives achieved. All investigations should be conducted, and documented, as if the final work product will be scrutinized in a court of law. Ongoing communication with key stakeholders ensures there are no surprises; it allows the stakeholders to process the information, ask questions, and provide insight that may be relevant to the investigation.
Conducting the Interview – One of the last steps of an investigation is interviewing the individual(s) named in the allegation. Prior to doing so, an interview plan should be developed that details general and specific topics to be discussed. Additionally, the investigator should discuss potential interview outcomes (i.e. admission, denial but no reasonable explanation, denial and new information provided, etc.) with key stakeholders and agree upon actions to be taken for each outcome. This ensures that the interview concludes decisively.
The interview should consist of three individuals; the interviewer, the subject, and a witness. Ideally, the witness is someone from the subject’s management team who is familiar with related processes but doesn’t have a personal attachment to the subject. The role of the witness during the interview should be as an observer. At the conclusion of the interview the subject should be asked to provide a written statement and, if appropriate, restitution.
Reporting Results – One of the most difficult aspects of any investigation, particularly lengthy and/or complex investigations, is summarizing the investigation in a clear and concise report. Using a standard format simplifies the process. The report should not be a reiteration of the detailed investigation but instead a summary of the pertinent facts and conclusions drawn from the facts, and be written in the third person. The report should also include any findings and recommendations related to control weaknesses identified during the investigation. Management should be required to respond to the finding and recommendations within a specified timeframe with an action plan that will remediate identified risks.
In addition to reporting on the individual investigation results, periodically a “bird’s eye view” or holistic view of completed investigations should be performed to identify any overarching trends or systemic issues that should be addressed at an enterprise level.
by Tom Holland, CFE