Delivered Wrongful Convictions: The U.K. Postal Scandal

Delivered Wrongful Convictions: The U.K. Postal Scandal

In one of the most significant miscarriages of justice in the history of the United Kingdom, more than 900 post office branch managers were wrongly accused of theft or fraud due to a flawed computer system called Horizon. This scandal, which unfolded between 1999 and 2015, has had profound consequences, including imprisonment, financial ruin and other tragic outcomes. 

Read More

CFE Shares Unique IT Challenges and Most Memorable Case

CFE Shares Unique IT Challenges and Most Memorable Case

Shannon Grayer, CFE, CBM, CCEP, may have earned his CFE more than a decade ago, but his passion for learning more about the world and fraud examination has never waned. The head of ethics and compliance investigations for CSRA Inc. has lived in multiple countries, stays abreast of technological advancements in the IT industry and works with major players in U.S. national security.

Read More

Using an IT Background to Unravel Fraud Schemes

MEMBER PROFILE

John Schneider, CFE, CISA, CIA
Chief Gaming Inspector, Pokagon Band Gaming Commission in Michigan

John Schneider, CFE, CISA, CIA, serves as Chief Gaming Inspector at Pokagon Band Gaming Commission in Michigan. As a former IT director, Schneider knows the use of technology can be a key advantage both for fraudsters and the investigators trying to catch them.

Which types of fraud cases are the most interesting to you, personally? Did a certain type of investigation really draw you in?

Inside jobs, such as skimming and cash larceny, are fascinating to me because of the many creative ways people come up with to exploit internal control weaknesses. Investigations into fraudsters at a table game (such as blackjack, roulette, etc.) really draw me in – like a puzzle that must be solved. How did they get away with it? How did we catch them? What controls can be implemented to thwart future attempts? It is truly a cat and mouse environment.

During your career, you have also worked as an internal auditor and as an IT director. How did you make the transition from IT into auditing and fraud?

Technology often is either the tool used to exploit control weaknesses (think hackers), or technology itself is being exploited in order to successfully commit fraud. I was asked many times to conduct fraud investigations as an IT director because I knew the systems and their audit log/reporting capabilities. This logically extended into surveillance reviews, physical and logical control systems, and so forth. In my opinion, fraud examiners of the future – and even the now – must have or develop a solid IT background to be effective in many types of fraud investigations.

So, when the opportunity to join the PBGC came up, I jumped at it. It was a natural transition for me. As a tribal member myself, I am proud to serve the Pokagon Band of Potawatomi Indians.

What do you think are some of the most important things for fraud examiners to keep in mind when working to prevent and detect fraud?

Two things:  1) No internal control system is completely immune from being exploited, and 2) The fraud triangle helps to explain why everyone is a potential suspect. I know that sounds jaded, but how many times have you heard the reaction, “I can’t believe he/she did that” after the guilty party was identified?

What advice do you have for other fraud examiners who would follow in your footsteps?

Gain at least a fundamental understanding of IT, learn to assess the effectiveness of internal controls and get your CFE certification, of course. The knowledge and subsequent recognition gained through the certification process has been invaluable. And no, I’m not just saying that because of this interview.

Do you have any hobbies when you're not fighting fraud?

I recently became more involved in tribal gaming regulations at the national level with the National Tribal Gaming Commissioners/Regulators (NTGCR) organization. I also speak at conferences on occasion regarding tribal gaming regulation, IT, audit and fraud. I  play guitar, tennis and basketball in my spare time.

Read John's full profile on ACFE.com.

Computer Forensics: Following the Digital Bread Crumbs

GUEST BLOGGER

Phillip Rodokanakis, CFE, EnCE, ACE, DFCP
U.S. Data Forensics, LLC
Herndon, Va.

During the execution of search warrants in the late 1980s and early 1990s, investigators would examine every piece of paper we could get our hands on. We would look at computers, scratch our heads and wonder, “How do we access the digital data they contained?” At the time we had no protocols or tools to retrieve and examine digitally stored data.

Computer forensics was reportedly coined in 1991 at the first training session sponsored by the International Association of Computer Investigative Specialists (IACIS). Since that time, the term has become accepted in the computer security field and the legal profession. Recent technological advances have introduced computing capabilities to all kind of new devices, like PDAs (Personal Digital Assistants), smartphones, iPads, etc. Accordingly, the term digital forensics was introduced to cover all types of digital devices that have become commonplace in our daily lives.

Even though these terms are widely recognized now, they invoke different thoughts as to what this discipline really entails. Some think that computer forensics involves the collection of digital files from computer systems in order to present them in searchable electronic databases. Others believe that they may involve a forensic review of electronic data stored in large databases. So what is computer or digital forensics?

Just like when a fingerprint examiner performs an examination of latent fingerprint impressions found at a crime scene with the goal of linking them to the known fingerprints of a suspect, a digital forensics expert examines computer and digital storage systems to identify relevant evidence that is stored on digital storage devices and which may link a suspect to the case under investigation. In particular, Computer Forensics deals with the acquisition, preservation, identification, extraction, analysis and documentation of digital evidence.

CFEs must familiarize themselves with the type of data that can be obtained from digital forensic examinations. A thorough examination of storage devices by a competent digital forensic examiner may yield evidence that is otherwise unavailable. I have been involved in a number of cases where the digital forensic examination led to finding the “smoking gun” literally in a matter of hours, whereas traditional investigative approaches would have taken months to identify the culprits, if ever.

As trial attorneys rely more and more on proving cases through the introduction of digital evidence, new litigation support technologies and services have evolved. Computer or digital forensics is one such example, where specially trained professionals use basic investigative and IT skills to find evidence that is left behind on digital storage devices. Additionally, the introduction and authentication of digital evidence in a court of law usually requires testimony by an expert witness, meaning that digital forensic examiners must also qualify as expert witnesses.

To learn more about digital forensics, go here.

Electronic Discovery, or eDiscovery, is another example of a technology that has evolved from the use of digital evidence. Want to know more about eDiscovery? Tune in next month.