Near our home, there’s a city firehouse. Inside 24 hours a day are trained professionals ready to go when the alarm sounds. Their equipment is maintained in outstanding condition, their trucks are fueled, and their protective jackets, boots and helmets are already in place. They don’t wait for the alarm to go off before thinking through what they might need, recruiting their staff, buying equipment and getting their training. That’s already done.
That’s exactly the way you should look at you ability to respond to fraud incidents. Evaluate your fraud response needs during periods of calm. Not crisis.
Gaps in capabilities should be addressed before a fraud incident is being pursued.
As part of fraud risk brainstorming, think through what skills might be needed later if identified risks become reality. In many organizations, these skills do not necessarily need to be available in-house. But you should know exactly who to call if you need them in a hurry. Assess internal capabilities. Build relationships with outsiders before they are needed.
Here is a list of good places to start.
Legal Oversight
At the center of the response team are lawyers skilled in criminal matters. These attorneys should be able to provide quick response guidance to members of the investigative team. They should be available when needed, and provide oversight of the investigative process. Consider other legal needs that may arise, such as employment law, government contracting, procurement, international commerce, real estate, technology, intellectual property, and environmental law.
Investigators, Fraud Examiners, and Forensic Accountants
This group will comprise the core investigative team. While the roles of the three groups mentioned in the title above are similar, the specific subspecialties of each are important to have available. These skills may all be found in one person, or we may need multiple experts to fill the investigative needs.
Certified Fraud Examiners
While there are many sources of help, many Certified Fraud Examiners (Association of Certified Fraud Examiners, Austin, TX www.acfe.com) are experts in fraud issues and can bring first-hand experience to your fraud incidents. In many organizations, CFEs are an integral part of the investigative team.
Internal Auditors
If your organization has a formal internal audit function, this resource should be utilized in pursuing reported suspicions. Internal auditors have the capability to review issues from the inside: that is, they can often pull data, double check facts and interview employees quietly. This allows the organization to take initial steps in the incident response process without attracting a lot of attention.
Experienced internal auditors have expertise in internal controls as a core skill. They should be an active part of efforts to identify fraud risks and assess the adequacy of prevention and detection controls. Using auditing analytical procedures and tools (including computer-assisted audit techniques), internal audit can also surface fraud indicators for further investigation. Last, they are a critical resource to management in efforts to strengthen controls after a fraud incident has surfaced.
Information Technology and Computer Forensics
Few business fraud cases fail to touch on electronic records. Information technology expertise is needed to assess the risks to these records and to assist in the collection of necessary data stored in electronic form.
Computer forensics expertise is often necessary to preserve data that will be used as evidence in legal proceedings. Qualified experts in these fields should be formally on call if not on staff. These skills should be found before you need them, as response time to collect and protect critical data may be very short.
Human Resources
The response team should include human resources specialists with fraud background. Fraud involves people, and often those people are employees.
Rights and obligations need to be honored. Laws and employment contracts must be respected. Decisions must be adequately and appropriately documented. Mistakes must be avoided. The qualified HR representative can assist in all of these concerns, and should be a core member of the response team.
John J. Hall, CPA
John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”
take that first step. North? South? East? West? Or something angled in between. Get the first steps wrong and you are headed way off in the wrong direction five steps later. And every subsequent step takes you even further from your intended goal.
justified. In short, the ROI – Return in Investment – doesn’t justify the effort.
controls limit access to resources and information. They provide for high-quality recording, review, approval, and summation of transactions and other events. And they ensure that objectives are achieved and organization assets are protected.
action and report what doesn’t look right to them. Break down any barriers that discourage reporting. Make it easy to report – including anonymously.