You Found Fraud, Now What? 5 Steps to Immediately Take After Suspecting Fraud in Your Company



Kelly Todd, CFE
Managing member & member in charge of forensic investigations
Forensic Strategic Solutions, LLC

Despite efforts to prevent fraud, the unfortunate reality is that it still happens — in fact, according to the ACFE's 2016 Report to the Nations, it is estimated that companies lose 5% of revenue each year to fraud. If you suspect fraud has occurred at your organization, take these immediate action steps:

  1. Safeguard potential evidence. Preservation of evidence is key. Secure any and all potential evidence — but by all means, avoid the temptation to examine the evidence on your own. Electronic evidence is fragile and easily altered. Did you know that simply turning a computer off or on can alter potential evidence? Secure computers, cellphones and external electronic media sources such as thumb drives. Maintaining the evidence will help your forensic accounting team identify what occurred, who committed the fraud and why.
  2. Gather a team. Enlist a forensic accountant and computer forensic specialist to help you collect, analyze and store the data. It would be wise to hire an outside financial investigator who is familiar with and experienced in fraud investigations — using an in-house accountant is not appropriate, as they are not as objective as an outside source. In fact, someone on the accounting team may be part of the problem. Retain an employment lawyer to ensure you stay on the right side of the law regarding the rights of the suspected employee. 
  3. Deal with the suspected employee. Don’t fire the suspected employee immediately — it could make gathering evidence much more difficult. Instead, restrict their access to company data. Do not let them remove their computer or any other company items and documents from their office.
  4. Notify your insurance provider. A crucial fact for employers to know is that you must notify your insurance provider within 30 to 60 days, depending on your policy. Failure to do so could cause a loss of coverage.
  5. File proof of loss. You will need to document any losses with your insurance provider in a specified time frame. Documenting a claim with an insurance provider takes time to ensure it is properly recorded. It is possible to file an extension should you need one, but be sure not to miss any deadlines or you risk forfeiting coverage.

The best way to mitigate fraud risks is to have internal controls and external resources available to prevent them from happening in the first place. Should fraud occur, the initial steps you take in addressing suspected fraud can hinder or greatly help your efforts — don’t make the mistake of collecting evidence and acting without the assistance of a team of forensic specialists and legal professionals.

5 Ways to Mitigate Fraud Risk

RISK gauge.jpg


Kelly Todd, CFE
Managing member & member in charge of forensic investigations
Forensic Strategic Solutions, LLC

The growing abundance of internal and external threats can make it difficult to stay ahead of fraudsters. While fraud itself hasn’t changed all that much in recent years, the risks continue to grow in both size and complexity as technology changes and the ability to move, share and expose corporate assets becomes easier.

In today’s technology-crazed age, the scope of risk is growing, and businesses that do not keep up with evolving threats will be vulnerable. Here are some tips on how to keep up:

  1. Monitor your data. In the past, this meant monitoring transactional data to proactively identify anomalies indicative of fraud. Now, however, fraud can be committed in a variety of ways, including uploading sensitive data to the “cloud,” emailing company information, and saving sensitive information on a smartphone or sharing via social media. It’s essential to safeguard your company’s information to ensure it is not shared outside of your business in a malicious manner. Monitoring technology that promptly notifies you when company data is leaving the office, or when shared online, is readily available. Talk with your data security professional for the appropriate solution to monitor and secure your sensitive data.
  2. Establish proactive communication with employees around fraud. Educate your employees on what is and is not appropriate regarding the use of company technology and handling of company information. Establish policies that define the expectation of privacy and your company’s right to monitor network activity. Hold regular training on fraud and ethical behavior in the workplace and establish a chain of command in dealing with suspected fraudulent activity so that your employees are well-equipped to deal with any ethical dilemmas.
  3. Implement company policies on confidentiality and nondisclosure. Upon hiring, employees should be given information on confidentiality policies they must sign and agree to. If your current employees were not subjected to these agreements upon their hiring, implement the policies and require each of your employees to consent. If an employee violates the company policy, they should know that there will be consequences. If an employee leaves the organization, enforce agreed-upon nondisclosure terms.
  4. Set up a whistleblower hotline. Most frauds are discovered by tip or by accident, according to the 2016 ACFE Report to the Nations. It is important that employees work in an environment where they feel they can speak up if they see wrongdoing. Whistleblower hotlines often generate a wide range of reports – implement a few guiding principles around the type of matters that get reported to the audit committee, including significant deficiencies in internal control, senior management malfeasance, accounting irregularities, theft and financial losses, and broad deviations from the organizations anti-fraud policies.
  5. Hire the right people. Mitigate fraud risks by preventing nefarious actors from gaining access to your data in the first place. A thorough vetting of new hires remains critical. All too often, the unfounded belief a former employer won’t share anything of value keeps references from being checked – but if you don’t ask, you will never know.  Pick up the phone and check those references.

Internal controls have been the standard to prevent fraud in the workplace, but as the landscape becomes more multifaceted, new measures like the ones above are necessary.

Despite efforts to prevent fraud, the unfortunate reality is that it still happens. Stay tuned tomorrow for my five tips on what to do once fraud has been detected. 

Saints or Sinners: Whistleblowers' Difficult Position in the Asia-Pacific Region


Sarah Hofmann
ACFE Public Information Officer

Whistleblowers can be divisive characters. Celebrated by some as heroes and denounced by others as snitches, few other elements that come up during a fraud investigation can spark such polarizing labels. During her session at the 2016 ACFE Fraud Conference Asia-Pacific, Jessica Sidhu, CFE, Llb, explored the precarious position whistleblowers are in. “Is a whistleblower a good person or a bad person? Is he a traitor or is he a patriot?” she asked the audience. “Only when you’ve answered this question will you be able to take a whistleblower seriously.”

The topic was especially pertinent to discuss during the conference in Singapore, as the government of neighboring Malaysia has been involved for a few years with the 1Malaysia Development Bhd (1MDB) scandal. Global investigators believe that millions of dollars from the state investment fund 1MDB entered Malaysian Prime Minister Najib Razak's personal bank accounts.

Sidhu herself was formerly head of administration and finance at the Malaysian Attorney-General's Chambers (AGC) and was involved with a special task force investigating various financial cases, including a probe into 1MDB. She was reportedly fired “suddenly” in late 2015 and had her permanent residency revoked by the Immigration Department of Malaysia.

During her remarks at the conference, Sidhu discussed Andre Xavier Justo, a former PetroSaudi International executive who is believed to be the main whistleblower in the 1MDB case. He allegedly leaked documents to independent media site Sarawak Report, which established a link between Prime Minister Najib and the missing funds from 1MDB. Justo is currently in jail but is expected to be pardoned at the end of 2016.

Sidhu explored the challenges that whistleblowers face from the very first decision they make: whether to tell someone what they know or suspect. She said, “Sixty-five percent of whistleblowers are insiders and eighty percent of them have approached [their bosses or oversight bodies] internally, but were rejected or turned back.”

It is common for even the most well-intentioned investigators to ignore or discount the reports of whistleblowers for a variety of reasons. Sidhu described a situation her team experienced where one male employee made multiple reports against a female coworker for suspected fraud. Each report was investigated; however they were unable to find any evidence to back up his claims until the tenth report.

Read the full article in The Fraud Examiner, the ACFE's monthly newsletter, archives on