Imagine discovering that a valued employee has been stealing money from your company. What do you do?
One of the worst situations a business can find itself in is discovering that a longtime, trusted employee has been embezzling money from the company. Such a situation can have long-lasting negative consequences and is the reason why all employers should have a plan in place to deal with it should it ever occur.
The discovery of financial fraud within your organization is far from an everyday occurrence, yet how you respond can have a dramatic effect on whether you can achieve a successful outcome. In the absence of a fraud response plan, management is left to their own devices – sometimes with disastrous consequences. There are also various risks to avoid: From unwittingly compromising the evidentiary value of data, to making uninformed decisions based on underdeveloped evidence, to inadvertently tipping off the suspect, conducting a successful investigation can be a sensitive operation.
Your fraud response plan – a foundational element to anti-fraud policies – sends a signal that the organization will not tolerate fraud. Designed to outline the steps to take when fraud is suspected, a fraud response plan provides the framework for ensuring that allegations of fraud are handled prudently and systematically.
1. Keep the initial response discreet.
Bear in mind, the improprieties you discover are likely just the tip of the iceberg. Unlike a bank robber threatening you at gunpoint, concealment is the modus operandi of the fraudster. Your initial response should be one of discretion. Avoid the temptation to alert others or directly confront employees. Any information you gather should only be shared on a need-to-know basis.
Due to its sensitive nature, a fraud investigation should be a confidential undertaking. The oversight of any investigation should be assigned to a senior leader or team of senior leaders who understand the weight of the potential situation. Regardless of the size and structure of your organization, the responsibility should reside with management to authorize investigative actions and coordinate the overall response.
2. Secure potential evidence.
Take immediate steps to safeguard data and other potentially relevant information:
- Computers and other media: Avoid the urge to examine computers and other electronic media. Don't connect external devices or even turn computers on or off. Doing so alters the original evidence, rendering it useless in an investigation. Have hard drives mirror-imaged by a computer forensic specialist. A mirror image creates a bit-by-bit copy of the original drive, allowing examination of the copied drive without disturbing the data. During the examination, the computer forensic specialist will look for documents, emails and files – deleted or intact – that may provide the financial investigators with the who, what, where, when and why of the investigation.
- Desk and office space: Secure – don't search – the implicated employee's workspace. To avoid a misstep, the search for evidence should only be undertaken by trained professionals.
3. Enlist a fraud response team.
The complexity of a financial investigation is not the time for a do-it-yourself mentality. The intricate maze of a fraud investigation requires specialists with deep knowledge in various areas:
- Legal counsel: An attorney with employment experience can assist you through the web of employer and employee rights. Additionally, an attorney with white-collar crime experience can be invaluable in developing and executing a plan from investigation through resolution – either civil or criminal.
- Financial investigator: A financial investigator, such as a Certified Fraud Examiner, will maximize the efficiency and effectiveness of the investigation. Avoid the temptation to use your accountant as your financial investigator. The accountant who does your taxes or financial statement audit is unlikely to be independent of the situation being investigated, nor to be familiar with the proper development of evidence or testifying to their findings.
- Computer forensic specialist: The preservation of digital evidence is critical to most financial investigations. The proper collection and handling of digital information can make or break your ability to recover proceeds of the crime. Avoid the temptation to use your IT personnel. A computer forensic expert will use forensically sound methods to recover and preserve digital evidence.
4. Deal with the alleged perpetrator.
Try to ignore the impulse to immediately terminate the suspected employee. As difficult as it may be to keep the potential fraudster around, employees have a duty to cooperate with employers during a lawful investigation. Retaining the employee during an investigation can make interviews and obtaining records to prove wrongdoing much easier. Once they are off your payroll, the chance of getting information from them diminishes exponentially.
After the employee has been notified that they are the subject of an investigation, do not allow them to touch or remove anything from their office except personal items. The employee should be accompanied while in the office, then escorted from the premises.
It is also critical that you deactivate passwords to deny access to company information systems. The worst cyberthreats don't necessarily come from outside the organization, but rather internally from its employees. A disgruntled employee can wreak havoc on information systems in a matter of seconds.
5. Contact your insurer.
Failure to put your insurer on notice can void coverage. Many policies have a 30- or 60-day notification provision from the first day you discover that a loss may have occurred. There's no time to waste.
By using the steps above, you can formulate a fraud response plan that prepares you for the worst-case scenario should fraud occur at your company. Taking the right action from the start is critical to the integrity of an investigation, and it can make or break a case.