Corrupt politicians are a common trope in society, but what's more uncommon is how to spot the red flags of shady dealings. Breakout speaker Michael Schidlow, CFE, CAMS-Audit, head of financial crime risk training and emerging risk advisory at HSBC Bank, took attendees at the 29th Annual ACFE Global Fraud Conference in Las Vegas last month on a ride through the world of political corruption combining pop culture references with infamous real-world examples involving names like Gaddafi and Putin.Read More
Kelly Todd, CFE
Managing member & member in charge of forensic investigations
Forensic Strategic Solutions, LLC
Despite efforts to prevent fraud, the unfortunate reality is that it still happens — in fact, according to the ACFE's 2016 Report to the Nations, it is estimated that companies lose 5% of revenue each year to fraud. If you suspect fraud has occurred at your organization, take these immediate action steps:
- Safeguard potential evidence. Preservation of evidence is key. Secure any and all potential evidence — but by all means, avoid the temptation to examine the evidence on your own. Electronic evidence is fragile and easily altered. Did you know that simply turning a computer off or on can alter potential evidence? Secure computers, cellphones and external electronic media sources such as thumb drives. Maintaining the evidence will help your forensic accounting team identify what occurred, who committed the fraud and why.
- Gather a team. Enlist a forensic accountant and computer forensic specialist to help you collect, analyze and store the data. It would be wise to hire an outside financial investigator who is familiar with and experienced in fraud investigations — using an in-house accountant is not appropriate, as they are not as objective as an outside source. In fact, someone on the accounting team may be part of the problem. Retain an employment lawyer to ensure you stay on the right side of the law regarding the rights of the suspected employee.
- Deal with the suspected employee. Don’t fire the suspected employee immediately — it could make gathering evidence much more difficult. Instead, restrict their access to company data. Do not let them remove their computer or any other company items and documents from their office.
- Notify your insurance provider. A crucial fact for employers to know is that you must notify your insurance provider within 30 to 60 days, depending on your policy. Failure to do so could cause a loss of coverage.
- File proof of loss. You will need to document any losses with your insurance provider in a specified time frame. Documenting a claim with an insurance provider takes time to ensure it is properly recorded. It is possible to file an extension should you need one, but be sure not to miss any deadlines or you risk forfeiting coverage.
The best way to mitigate fraud risks is to have internal controls and external resources available to prevent them from happening in the first place. Should fraud occur, the initial steps you take in addressing suspected fraud can hinder or greatly help your efforts — don’t make the mistake of collecting evidence and acting without the assistance of a team of forensic specialists and legal professionals.
Andi McNeal, CFE, CPA
ACFE Director of Research
Julia, an accounts payable clerk, gave her manager two weeks’ notice that she was leaving to take a new job. On the surface, there was no dramatic “I quit” moment or signs that Julia was leaving on anything other than a positive note. During her exit interview, an HR representative had Julia sign some forms, went over the termination of her benefits and asked Julia a few cursory questions. When questioned about her reasons for leaving, Julia stated that she’d been offered a position at another company that paid more — which was true. But what Julia didn’t reveal — simply because she was never asked — is that the reason she began looking for another job was that she was deeply disturbed by a pattern of dishonest behavior displayed by the company’s controller. As she left the organization, so did management’s chance to glean, and act on, the information Julia held. Instead, the company’s controller was able to continue his dishonesty undetected — to the tune of embezzling more than $275,000 from the organization.
Many organizations conduct exit interviews as a matter of company policy. Far fewer use these interviews as a formal element of their anti-fraud programs, leaving them vulnerable to missing candid and crucial information about ethical issues and blind spots, and even the warning signs of potential or existing fraud. Like employee surveys and a reporting hotline, exit interviews provide an opportunity for employees to give (sometimes brutally honest) feedback as they are departing the company. And management should want that feedback — especially from individuals who have seen what the company has to offer and choose to move on.
Although the perceived risk of retaliation should be diminished for employees who are leaving, some individuals might have concerns about negative professional references for future jobs or other forms of retribution. Consequently, the exit interview should be conducted in a way that makes clear the value management places on hearing what the exiting employee has to say. Rather than the employee’s supervisor, the party conducting the exit interview should generally be someone from the HR department or ethics team; some organizations even outsource exit interviews to a third-party provider to add a layer of independence and foster the individual’s comfort in the process.
During exit interviews, the interviewer should ask departing employees questions like:
- Why are you leaving the company?
- Why did you begin looking for another job (if applicable)?
- Did you feel you were adequately trained and equipped to do your job well?
- Did you receive adequate training regarding the company’s compliance, ethics and anti-fraud policies?
- How would you describe the organization’s culture?
- Did your coworkers, supervisors and management adhere to the company’s compliance, ethics and anti-fraud policies?
- Did you know how to report concerns about fraud, dishonesty or other misconduct?
- Were you comfortable talking to your direct supervisor about ethical concerns or issues?
- Do you have any unresolved ethical concerns or issues related to the position you are leaving?
- Do you have knowledge about any unresolved ethical issues in general?
- Do you have knowledge of any potential fraud that occurred during your time with the company?
If someone seems reluctant to provide information or if the interviewer suspects the individual is holding back, a different line of questioning — such as “Would you recommend this company to a friend as a place to work?” or “If you could change anything about your position here or the company overall, what would it be?” — might help reframe the conversation and open the lines of communication. The interviewer should also follow up on any responses that indicate potential ethical issues or signs that the individual has knowledge of misconduct with additional questions. Additionally, the interviewer should be trained in what to do with the information provided by the exiting employee, including when and to whom to escalate any issues noted for further investigation.
And yes, disgruntled employees might use an exit interview to complain about personal issues or grumble about specific coworkers. But those same employees might be dissatisfied because their legitimate concerns were overlooked during their employment. Much like the tips received through a helpline, it’s better to have employees providing their honest thoughts — even if management has to sort through them to find the real red flags to follow — than to have employees keep quiet and not have the flags waved at all. And disgruntled employees can be a source of valuable insight into issues of organizational or department culture that should be noted and potentially explored.
When conducted effectively, exit interviews can provide management with a wealth of knowledge to help assess the culture of specific departments and the organization as a whole, as well as to uncover issues that might otherwise have been missed. If only Julia’s employer had known to use her exit interview for this purpose, the company might have been able to uncover the controller’s scheme much sooner.
Mandy Moody, CFE
ACFE Media Manager
The ACFE would like to thank all International Fraud Awareness Week Official Supporters, supporting media, bloggers, tweeters and posters for their amazing participation in Fraud Week last week. We would also like to thank our Featured Supporters this year: CRI Group, BNP Paribas, Mashreq, USAA, FGB and ADCB. The success of Fraud Week could not have happened without all of these dedicated people working together around the globe to spread the message that fraud can be prevented and detected.
Even with the many articles and resources shared, you might not have seen all that was done to highlight fraud detection and prevention. Here are some Fraud Week highlights you might have missed:
- Video - Fraud: Yes, It Can Happen To Your Business
- Video - Too Much Trust: How Fraud Happens Where You Least Expect It
- Infographic - The True Cost of Fraud
- Article - Know Where You Are Going: The Value of Interviewing Fraudsters
- Article - Frontline Impact: 3 Practices For Creating Organizational Fraud Awareness
- Article - Tackling Fraud in Higher Education: Universities Are Taking Up the Mantle of Fraud Prevention for Fraud Week
Remember, fraud awareness doesn't begin and end with Fraud Week. It is a year-round effort being supported by fraud examiners all over the world. Thank you all again, and we look forward to next year’s event!
John E. “Jack” Little, CFE, CPA, and Jenny Mak
Organizations of all sizes should regularly evaluate the systems they have in place to deter fraud, abuse and misconduct. This involves an organized review of current policies, procedures and controls that safeguard and protect an organization’s assets from unnecessary risk.
As part of a project in the spring 2015 Fraud Examination class in the Dyson School of Applied Economics and Management at Cornell University, a checklist was developed to aid in the evaluation of such systems. The class focused on understanding different types of fraud through textbook readings, guest speakers and local fraud cases. We began creating the checklist by reviewing a white paper authored by a group of forensic investigators from KPMG titled Fraud Risk Management, Developing a Strategy for Prevention, Detection and Response. The document provides an overview of the fundamentals involved in deterring the risk of fraud and abuse within organizations.
Applying key concepts from this resource, the class converted it into a checklist that can be used to gather information, document controls and procedures, and evaluate existing policies. The checklist focuses on three key areas of control: prevention, detection and response. Additionally, it indicates the specific KPMG document page number from which the question was developed for ease of guidance and reference. The checklist works in a way such that opportunities for improvement in the system of internal controls, policies and procedures become apparent when the questions are answered and the comments written up.
Once this checklist was designed, the student group moved to apply it to the systems used by Cornell University. Students first completed the checklist with information that was readily available online. Later, students met with the University Audit Office and Cornell Human Resources, both of whom provided additional information via interviews and discussions. After the meetings, the student circled back around to complete any gaps in the checklist. A copy of the completed checklist can be found here.
At the conclusion of our work, the class came to believe that the systems and controls in place at Cornell University were adequate. However, we had a number of suggestions for improvements to those systems and controls to strengthen the processes. Those recommendations were:
- Consider having a more formal fraud risk assessment conducted by independent outside consultants.
- Expand its use of data analytics within the internal audit function of the University Audit Office.
- To continue improvement in campus-wide training programs for fraud deterrence.
- To implement a universal acknowledgment by employees documenting their familiarity with Cornell’s policies and procedures for the deterrence of fraud, abuse and misconduct.
In a closing meeting with University Auditor Glen Mueller and Audit Director Mark Perry, the student group presented the completed checklist and recommendations. Since the final meeting, the University Audit Office has made a shift towards continuous monitoring through the use of data analytics and is actively working towards implementing the use of ACL software to track fraud.
It is our hope that by sharing this checklist, there will be a benefit for both practitioners and management of organizations who must consider a review of their systems of fraud deterrence.
John E. “Jack” Little, CFE, CPA, is the senior lecturer of accounting at the Dyson School of Applied Economics and Management at Cornell University in Ithaca, New York, and a local practitioner. His email address is: firstname.lastname@example.org.
Jenny Mak is senior in the Dyson School of Applied Economics and Management at Cornell University and will graduate with a Bachelor’s of Science with concentrations in accounting and finance in December. Upon graduation she will begin her career in the profession and will sit for the CPA Exam. Her email address is: email@example.com.