Conducting investigations I Heart Audit Conference

Transcription

1 Conducting investigations I Heart Audit Conference February 2018

2 Agenda 2018 Global economic crime survey results Investigation lifecycle When to consider an independent investigation Please feel free to ask questions during the presentation. 2

3 Global economic crime survey 3

4 Survey results 4

5 Survey results 5

6 Assessment of business ethics and compliance programs 6

7 Factors contributing to economic crime committed by internal actors 7

8 Impact of economic crime 8

9 Most likely characteristics of internal fraudster 9

10 People measures implemented to address increased regulatory expectations 10

11 Investigation lifecycle 11

12 Identifying the issue Common detection methods include: Corporate Control - Internal Audit, fraud risk management, suspicious transaction monitoring Corporate Culture - Internal/external tip-off, whistle-blowing system Beyond Management Influence - Accidental discovery, law enforcement How was the crime initially detected? 14% 11% 11% 11% Suspicious transaction testing Internal Audit Tip-Off (internal) By Accident 12

13 Investigation lifecycle Reporting Follow-up Interviews of Knowledgeable Persons Scope & Background Analysis of Financial Transactions Evidence Collection 13

14 Scope & background Goals and objectives Documentation Legal considerations Work program 14

15 Evidence collection Identify, protect and preserve relevant documents Work with Legal to send a document preservation notice Consider collecting hard copy documents (office & cube sweeps), servers, Network drives, hard drives (e.g., laptops, smart phones, external drives), etc. Work with IT to stop back-up tape deletion rotation Capture complete data Search available backups/old and archived data Consider walking the facilities for old tapes Recover deleted s/files Run specialized software to crack password-protected files (or just ask for the passwords) 15

16 Evidence collection Factors to consider: Ownership, chain of custody (physical documents, electronic data) Documents received log (who, what, when, where) Original documents should be copied/scanned Never make notes on original documents Data security is first priority. Rigorous encryption and safety protocols must be exercised. The e-discovery process would involve: Identification Preservation Collection Processing Review Analysis Production 16

17 Evidence collection Thoroughly process & analyze data - Dedupe population methodically - Test search term syntax & apply terms methodically across custodians Limiting analysis to common file extensions and not requesting file signatures may inadvertently eliminate potential key documents Consider use of analytic options to more efficiently search data (e.g., BrainSpace) Train readers in investigation background and review tool Consider foreign language files: - May be difficult to process due to unusual character sets - May be ignored if readers are unfamiliar with the language in which the document is written Identify responsive, relevant, key documents Document procedures performed (there will likely be questions later) 17

18 Evidence collection Direct Real Circumstantial Internal Records Financial records Legal records HR Electronic media Interviews 18

19 Analysis of financial transactions Planning Identify data, files, and fields Design tests based on past experience, company policies, data and fields, transactions, etc. Acquisition Master files, transaction files, employee data PO fields, VAT fields, vendor listing Validation Reconcile data to source files Tie data to the financial statements Analysis Identify red flags, false positives, and procedural breaches Consider purchase patterns, sequential invoicing, retrospective POs, and master-file duplicates Results Trace paperwork, review files, conduct interviews Implement controls and monitor compliance 19

20 Interview of knowledgeable persons Purpose of the interview The purpose of interviewing is to gather information and evidence as well as differentiate/eliminate suspects and witnesses. Interview Objective is to gain information Open ended Notes should be taken The witness should do the talking Tone should be supportive Interrogation Objective is to gain a confession or admission Highly structured No notes The investigator should do the talking Tone should be accusatory 20

21 Interview of knowledgeable persons Interview process Decide who will take notes and through what method Notes will be less accurate than a recording, but should be words to that effect Place key quotes in quotation marks Prepare memorandum of notes soon after the interview is conducted Review relevant documents to identify materials that will assist in conducting the interview or for which an explanation is needed Know subject matter Understand the interviewee s background Prepare an outline, detailing the topics to be addressed and the documents to be used in connection with each topic Cover necessary topics to complete the interview If additional time is needed, advise the witness and attempt to gain his/her commitment of continued cooperation Express appreciation for the time and effort expended to complete the interview If appropriate, permit the witness to ask any questions express concerns he/she may have regarding the investigative process or the subject matter of the investigation Use a standard introduction for each interview you conduct providing the interviewee with: - Name - Company affiliation - Purpose of the interview - Any legal implications Build rapport with the interviewee Use a combination of direct, leading, and open-ended questions Paraphrase key responses to ensure mutual understanding Consider verbal and non-verbal cues Select a location that will facilitate the interview Don t conduct the interview alone select attendees in order to facilitate the interview 21

22 Interview of knowledgeable persons Preparing for the interview Decide who will take notes and through what method Notes will be less accurate than a recording, but should be words to that effect Place key quotes in quotation marks Prepare memorandum of notes soon after the interview is conducted Relevant documents Documents requiring further explanation Subject matter knowledge Interviewee s background Understand the allegations Outline questions Cover necessary topics to complete the interview If additional time is needed, advise the witness and attempt to gain his/her commitment of continued cooperation Express appreciation for the time and effort expended to complete the interview If appropriate, permit the witness to ask any questions express concerns he/she may have regarding the investigative process or the subject matter of the investigation Use a standard introduction for each interview you conduct providing the interviewee with: - Name - Company affiliation - Purpose of the interview - Any legal implications Build rapport with the interviewee Use a combination of direct, leading, and open-ended questions Paraphrase key responses to ensure mutual understanding Consider verbal and non-verbal cues Select a location that will facilitate the interview Don t conduct the interview alone select attendees in order to facilitate the interview 22

23 Interview of knowledgeable persons Interview setting Decide who will take notes and through what method Notes will be less accurate than a recording, but should be words to that effect Place key quotes in quotation marks Prepare memorandum of notes soon after the interview is conducted Review relevant documents to identify materials that will assist in conducting the interview or for which an explanation is needed Know subject matter Understand the interviewee s background Prepare an outline, detailing the topics to be addressed and the documents to be used in connection with each topic Cover necessary topics to complete the interview If additional time is needed, advise the witness and attempt to gain his/her commitment of continued cooperation Express appreciation for the time and effort expended to complete the interview If appropriate, permit the witness to ask any questions express concerns he/she may have regarding the investigative process or the subject matter of the investigation Use a standard introduction for each interview you conduct providing the interviewee with: - Name - Company affiliation - Purpose of the interview - Any legal implications Facilitating environment Multiple participants Build rapport with the interviewee Use a combination of direct, leading, and open-ended questions Paraphrase key responses to ensure mutual understanding Consider verbal and non-verbal cues 23

24 Interview of knowledgeable persons During the interview Decide who will take notes and through what method Notes will be less accurate than a recording, but should be words to that effect Place key quotes in quotation marks Prepare memorandum of notes soon after the interview is conducted Review relevant documents to identify materials that will assist in conducting the interview or for which an explanation is needed Know subject matter Understand the interviewee s background Prepare an outline, detailing the topics to be addressed and the documents to be used in connection with each topic Cover necessary topics to complete the interview If additional time is needed, advise the witness and attempt to gain his/her commitment of continued cooperation Express appreciation for the time and effort expended to complete the interview If appropriate, permit the witness to ask any questions express concerns he/she may have regarding the investigative process or the subject matter of the investigation Standard introduction Purpose of interview Build rapport with interviewee Use direct, leading, and openended questions Select a location that will facilitate the interview Don t conduct the interview alone select attendees in order to facilitate the interview Paraphrase key responses to confirm understanding Consider verbal/non-verbal cues 24

25 Interview of knowledgeable persons Concluding the interview Decide who will take notes and through what method Notes will be less accurate than a recording, but should be words to that effect Place key quotes in quotation marks Prepare memorandum of notes soon after the interview is conducted Review relevant documents to identify materials that will assist in conducting the interview or for which an explanation is needed Know subject matter Understand the interviewee s background Prepare an outline, detailing the topics to be addressed and the documents to be used in connection with each topic Cover necessary topics Gain cooperation for additional interview Express appreciation Permit witness to ask questions, if appropriate Use a standard introduction for each interview you conduct providing the interviewee with: - Name - Company affiliation - Purpose of the interview - Any legal implications Build rapport with the interviewee Use a combination of direct, leading, and open-ended questions Paraphrase key responses to ensure mutual understanding Consider verbal and non-verbal cues Select a location that will facilitate the interview Don t conduct the interview alone select attendees in order to facilitate the interview 25

26 Interview of knowledgeable persons Meeting notes Decide who will take notes Determine note methodology Key quotes in quotation marks Prepare memorandum soon after interview Review relevant documents to identify materials that will assist in conducting the interview or for which an explanation is needed Know subject matter Understand the interviewee s background Prepare an outline, detailing the topics to be addressed and the documents to be used in connection with each topic Cover necessary topics to complete the interview If additional time is needed, advise the witness and attempt to gain his/her commitment of continued cooperation Express appreciation for the time and effort expended to complete the interview If appropriate, permit the witness to ask any questions express concerns he/she may have regarding the investigative process or the subject matter of the investigation Use a standard introduction for each interview you conduct providing the interviewee with: - Name - Company affiliation - Purpose of the interview - Any legal implications Build rapport with the interviewee Use a combination of direct, leading, and open-ended questions Paraphrase key responses to ensure mutual understanding Consider verbal and non-verbal cues Select a location that will facilitate the interview Don t conduct the interview alone select attendees in order to facilitate the interview 26

27 Follow up Once the initial document review and interviews have been completed: Consider the evidence gathered Re-evaluate the scope Perform additional procedures as needed Consider remediation procedures if needed 27

28 Reporting Do Consider the stakeholders Summary of process and results Independent and objective language Spell and grammar check Write opinions Use qualitative words (all, large, etc.) Legal determinations where appropriate Don t 28

29 Common investigation pitfalls Not bringing questions to someone s attention Directly confronting the suspect Failure to secure data Electronic media process if flawed Failure to assess the ramifications Expectation that an investigation is quick Tendency to do a superficial investigation Concluding on suspect culpability based on conjecture Dismissing the allegations based on materiality/value Dismissing the allegations based on personal knowledge of the suspect Not communicating early and openly with external auditors Not anticipating stakeholder requirements 29

30 When to consider an independent investigation 30

31 Investigation life cycle Phase I Preliminary investigation Multiple Source Origination Consider coordinating with internal resources. Incident Claim Capture Evaluate? Yes No End Consider concluding investigation internally. No No Senior management implication No Preliminary Investigation Incident appears to be an isolated issue Document Protection Yes Do concerns relate to potential: a. Illegal acts, b. Restatement, or c. Misbehavior by senior mgmt. Yes Independent Investigation Conducted Yes Phase II 31

32 Investigation life cycle Phase II Independent investigation Independent Investigation Conducted Sizing and dating of problems Information Gathering Interviews Document Gathering E-media Communication Strategy: Audit Committee Auditors Regulators Investigation team Re-scoping and additional procedures Phase III 32

33 Investigation life cycle Phase III Reporting and remediation Remediation Recommendations Investigative Report (oral or written) Preservation of Investigation Documentation Respond to Inquiries Findings Follow-up with Management, Audit Committee, and/or Ind. Accountants 33

34 Common asset misappropriation schemes Asset Misappropriation involves theft, embezzlement or wrongful use of an organization s assets. Disbursement Related Receipt Related Corruption Related Other Check Fraud Skimming Bid rigging Bustout Billing & Fictitious Vendors Ghost Employees Check Kiting Lapping Kickbacks Ponzi or pyramid scheme Overpayment to Employees Expense Reimbursements 34

35 Common financial statement fraud schemes Revenue-Related Schemes Expenses- Related Schemes Balance Sheet Schemes Significant Management Estimates Other Financial Statement Schemes Channel Stuffing Conditional Sales (including consignment sales) Bill and Hold Cut-off Backdating Sham Sales Round-tipping Unauthorized shipment Reclassification of COGS to Operating Expenses Channel Incentives and Rebates Cookie Jar Reserves Capitalization of Expenses Gross Versus Net Recognition Concealed Liabilities Fraudulently stating valuation of assets and liabilities Inventory valuation schemes Fictitious assets Misappropriation of assets Biases can result in overly optimistic or overly conservative assumptions Failure to record or disclose known expenses Manipulation of fair value estimates Manipulation of period depreciation or amortization Improper disclosures Improper classification of account balances (e.g. current vs. non-current) Failure to properly disclose stock compensation and executive compensation 35

36 Examples of Make the entry in January so as not to highlight the issue to auditors I have instructed XXXX to have YYYY come in tomorrow and erase critical data off the servers and computers in use I have increased the percentage stated in the estimated cost report to get the earned revenue up to the value actually reported We can produce (dummy) documentation that will satisfy XXX s appetite and ostensibly be seen to be compliant Never thought I d ever admit this, but under your caption - Attorney- Client Privilege - I feel like I m in a confessional To close this year end, we had to do a lot of very desperate things, more than you can possibly imagine This shipment will be leaving the building with Elvis this afternoon. XXX (not the customer) will be holding this order for 30-days 36

37 Questions? 37

38 2018 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details.