When fraud is discovered, it can be devastating to those in charge. They probably never expected it. They thought their employees were trustworthy. They might have even left their guard down
After management gets over the initial shock of discovering a potential internal fraud, it’s time to get to work. We’ve got to figure out exactly who was involved, how the fraud was committed, and what controls can be established to stop fraud from happening again.
It is important for companies to develop a policy related to internal fraud investigations. Although fraud in commonplace in corporate America, there are many supervisors, managers, and executives who have never dealt with employee theft and deception firsthand.
The investigative policy is going to help guide management through the process of assessing a situation and determining whether a full-blown investigation is necessary. It will help them determine how extensive the investigation should be. It brings uniformity to the process of evaluating suspicions of fraud, and having a good investigative policy may also guard against employees’ claims of selective treatment.
The first step in creating an investigative policy is developing a list of red flags for a company. These red flags will be the types of clues or triggers that management sees or becomes aware of. For example, a credible tip from an employee could be a red flag. Missing or incomplete documentation for an unusual transaction might also be a red flag. An account that can’t be reconciled might be another example.
The list of red flags shouldn’t be a detailed list; rather it should be a set of broad guidelines that outline minimum factors that trigger an inquiry.
Next, the investigative policy should outline the person or people assigned to evaluate red flags and determine whether an actual investigation is warranted. Often the immediate supervisor of an area or an employee will be the appropriate person to evaluate the triggers.
The higher the level of the employee suspected of committing fraud, the higher the person evaluating the red flags. For example, if the CFO is suspected of participating in a fraud, then the CEO or the Chairman of the Board is probably the right person to evaluate the situation.
The investigative policy should dictate the triggers for action. What causes a high-level examination to be done? Under what circumstances might we skip the high-level examination and move right into a full investigation? If we do a cursory review of a situation, what criteria causes us to escalate it to a full-blown investigation?
Having an investigative policy brings a level of uniformity and quality control to the process of evaluating potential internal frauds. A strong set of guidelines also gives management more confidence in addressing the possibility of fraud within the company.