Académique Documents
Professionnel Documents
Culture Documents
Initial Action
It is important to remember that when fraud is first
suspected, the matter may well be more serious than it It is vital that all allegations of fraud
may initially appear. This is because fraudsters rarely
restrict their activities to only one modus operandi or are treated seriously and that
method. Therefore, every effort should be made to
obtain as much information as possible before anyone
responsibility for handling fraud
is questioned, confronted or interviewed. This is
particularly important in organizations or business units
incidents is assigned to a senior,
with a close working environment, where there may be
a strong temptation to simply question an employee as
trusted individual or collection of
soon as suspicion is raised. individuals
It is also important to be aware that larger scale frauds
are often international in nature. Therefore, any fraud
Initial responsibility designation
contingency planning must include measures for taking
Fraud investigation is, by necessity, a confidential
legal and investigative action across jurisdictions.
task and is a sensitive matter for the vast majority of
organizations. It is vital that all allegations of fraud are
In addition, most frauds involve the use of a computer
treated seriously and that responsibility for handling
at some stage in the planning or execution of the fraud.
fraud incidents is assigned to a senior, trusted individual
This is particularly evident in today’s environment, when
or collection of individuals. In many organizations, that
the majority of white collar employees are allocated a
responsibility is handed to a corporate security advisor,
computer by their employer. Business is conducted by
internal audit manager or risk management director.
computer and correspondence normally involves a
In other organizations, the responsibility is shared
computer through the widespread use of corporate
between members of senior management or an audit
e-mail. The pervasive involvement of the computer into
committee and the organization’s human resources
most facets of corporate life means that electronic
personnel and corporate lawyers are involved from
evidence is often vital to investigating corporate fraud.
a very early point. Fraud incident management
Obtaining that electronic piece of evidence is a specialist
responsibility is an important role and those chosen to
skill which should be discussed with your forensic
administer the role must come from the appropriate
specialists.
legal and management level to authorise investigative
actions and to co-ordinate the organization’s overall
Initial actions are crucial to the eventual outcome of an
response to fraud incidents.
investigation and, if a proper strategy is put in place and
adhered to, the extent of fraudulent activity can usually
be assessed and action taken to resolve the matter
successfully. This usually means assimilating sufficient
evidence to dismiss errant staff and to commence civil
and/or criminal proceedings against those concerned in
the fraud, or claims against insurers, if so desired.
Most frauds involve the use of a such as legal, corporate security, insurance external
lawyers, police and telecommunications agencies,
computer at some stage in the forensic accountants and investigators.
Checklist fraud:
n discovering a potential
Initial action checklist upo gat ion or
nt manager that an alle
1. Alert the fraud incide
suspicion exists
and details of initial
A typical Fraud Response Plan contains: 2. Document date, time
report/discovery if
• purpose of the plan, ervations and actions –
• policy statement, 3. Take notes of all obs e, it is worth
ing a me nta l not
something is worth tak
• definition of fraud,
a written note) ple who
• roles and responsibilities including lity (only inform those peo
4. Maintain confidentia rran ted
fraud response team, suspected act). Unwa
need to know about the ces sfu l
• objectives including civil and damage potential suc
disclosure can seriously
criminal response, front the suspect.
investigations. Do not con
• reporting of suspicions and collection pec ted act or wrongdoing
and preservation of evidence. 5. Write out in full the sus
including:
e occurred
• What is alleged to hav
e committed the act
• Who is alleged to hav
• Is the activity continu ing
• Where did it occur
loss or potential loss
• What is the value of the
As part of their overall • Who knows of the act
ivity
ly
precursor to adopting an 7. Obtain evidence and
place in a secure area. (on
t alerting any sus pec ts)
where it is possible withou
incident management plan 8. Protect evidence from
dam age or contamination
uisition
ually taking note of acq
9. List each item individ
ation) and where the item
(incl. time, date and loc
by David Clements, director, Forensic and Dispute was securely stored
witnesses
Services, Deloitte Corporate Finance Ltd 10. Identify all potential
den ce is in the process of
11. Unless electronic evi t
go into the suspect/targe
being destroyed do not
computer systems ess
/or remove suspect’s acc
12. If possible, secure and w IT
tems. Do not allo
to relevant computers/sys
min e com puter
department to exa
ent ial sus pec ts and extent of fraud
13. Consider other pot