Attribute 9: Investigation Standards

The Need for Competent Fraud Handling and Investigation

An agency with a comprehensive fraud control strategy is more likely to detect fraud. However, evidence can be easily spoilt and investigations damaged or hindered. Both investigative and operational staff at all levels need to be clear about how to deal with fraud situations so that their actions are effective.

Room for improvement existed in terms of this attribute in 53% of agencies surveyed. A general lack of formal guidelines and poor staff training was particularly apparent.

It is vital that once fraud has been detected it is handled and investigated competently.

Initial Investigations

There appears to be some misconception concerning when investigation of a fraud matter will be undertaken and when Police involvement will be sought. Fraud is a criminal offence. It must be treated as such from the outset. Suspected fraud must not be left unexplored nor should investigation be unreasonably deferred. Time lost may later prove to be critical. For example, considerable damage may be done to the organisation by the perpetrator during any elapsed time.

All instances of suspected fraud must be promptly examined by the agency to establish whether a basis exists for further action.

It is very important that operational and line management officers in the agency are completely clear as to when and how to proceed in any given fraud situation. Particular attention should be given to protocols, procedures and the dissemination of sufficient knowledge of relevant legal/investigation issues to ensure that any form of evidence will not be lost or contaminated during the preliminary phases. It must be completely clear how initial investigations will be undertaken, and by whom.

After initial investigation by the agency if a reasonable basis appears to have been established for believing that fraud may indeed have occurred the situation must be reported to the Police. Likewise the Independent Commission Against Corruption must be advised.

A record should be maintained of all fraud disclosures received. However, fraud investigations can easily become complex and drawn out. Momentum can be lost. Ongoing damage could be being done to the agency. The effectiveness of the investigation could be impaired. Systems and protocols should be established to monitor investigations and report upon their status and results as they proceed.

All disclosures received and investigations initiated should be on record. This in turn should initiate an information control structure for management to monitor the investigation. Senior management or the fraud control committee can then expect to receive reports on the status and progress of the investigation on a regular scheduled basis. Instances where no further action is required must be endorsed with the appropriate reasons. However, agencies should consider the form and detail of information to be provided to management in the first instance, to protect the rights of individuals regarding personal information. Reference to the NSW Privacy Committee's "Data Protection Principles" will be of assistance here.

Investigating Responsibilities

At the time of reporting to the Police and ICAC or shortly thereafter, the issue of further investigation of the alleged offence should be discussed by the agency with each body with the goal of resolving a satisfactory approach to the matter. All parties must know what is going on and how to proceed.

The Personnel Handbook suggests that (Division 3, Part 2, Section 2.3.6):

the department ought only to investigate sufficiently to form this view (i.e. that a criminal offence may have been committed) leaving further investigation to the Police themselves.

However, this approach may not always be the most appropriate. Such matters should be discussed and resolved with the relevant external authorities. Aspects such as the size and nature of the alleged offence, expertise required and available resources may need to be considered. In a general sense, potential options to undertake investigations include:

• Police
• Independent Commission Against Corruption
• contract external auditors
• external investigators
• agency staff, such as:
  • fraud/corruption prevention manager or unit
  • internal audit
  • other internal review units
  • selected management and/or staff.

Agency size may often be one of the significant factors here. For example, a medium to large agency may be more likely to:

• employ its own specialist fraud investigation unit.
• closely involve the Police or even engage seconded Police Officers to conduct investigations.
• delegate responsibility to the Fraud Control/Corruption Prevention Manager or Internal Audit Manager.
• train selected management officers to assist in investigations.
• contract investigation out to specialists.

A small agency may be more likely to:

• use their contract auditors or specialists to conduct the review.
• make use of general management, but primarily rely on Police or ICAC expertise and resources.

Investigation Plans

Where it has been discussed and agreed with the external authorities that further investigation of a suspected fraud situation should be undertaken by the agency (at least up to some agreed point) the next step in the process is the development of an investigation plan.

Management input or direction can be exceedingly helpful at this early stage. The investigating officer or team becomes aware of management intentions and the direction that has to be taken from the outset of the investigation. Management input at the commencement and at critical checkpoints during the investigation can result in a collaboration of ideas to streamline the review process, identify new issues and prevent the investigation from detouring from the main objectives of the review.

Management should be aware that their role is one of guidance. Management should not become directly involved in the investigation process nor should management attempt to unduly influence the report. There have been occasions when senior managers have been involved in defrauding their organisation. Inquiries are specialised undertakings and require true independence to operate efficiently and effectively.

Fraud investigations must be conducted without interference from management.

The investigation approach should be planned from the outset by the team leader and approved by senior management. Matters to be considered and confirmed by management as part of the planning process should include:

• terms of reference for the investigation.
• specific issues and matters to be examined in depth.
• identification of functional areas and key staff to be involved.
• identification of specialist expertise or support required.
• expected costs and time period for the investigation.
• milestones, key review points and report-back dates.
• possible outcome/s.

Senior management or the fraud committee in consultation with the investigators should also determine which officers will be notified of impending investigations and when.

Officers to be notified can be broken into three groups:

• those being investigated.
• line management (whose areas may be affected by the investigation).
• those directly involved in the investigation process.

Conducting Investigations

It is absolute folly to believe that investigating fraud is a simple matter. Despite continuing indications of this many organisations still approach fraud investigation in a casual manner.

The head of a major Police corporate crime group in one State recently publicly stated that traditional Police investigative resources were no longer equipped to handle the growing complexities of fraud situations. It was proposed that the best way to tackle fraud investigation is with multidisciplinary teams incorporating such disciplines as information technology, accountancy and law together with Police in the one investigation team. Such teams were highly trained and equipped with modern technology to support their efforts.

Obviously such arrangements are directed towards the most major and complex frauds and agencies will not face such situations every day. However, fraud investigation should not be underrated or approached lightly.

The agency's investigation standards and/or the plan for a particular investigation should specify procedures to be followed for determining/approving:

• if the investigation should continue at any point.
• if a changed approach or investigating agent should be utilised or become involved at any point due to developments in the investigation.

If it is likely or intended that investigations will be undertaken in-house (even if only on some occasions or to a certain point) the agency should decide who will be involved in the investigation process. It is then imperative that the section, group or individual officers nominated possess and maintain the requisite skills and knowledge. Ongoing training and professional development is essential. However, evidence suggests that many officers involved in investigations are not adequately skilled and trained.

Investigations must be undertaken by skilled officers.

Where considerable investigation in-house is likely over time compilation of an investigation procedures manual is considered desirable to provide consistency and maintain standards. There are a great many topics, issues, techniques and processes which could be contained within such a manual. There are many experts and sources of guidance in this field which agencies can make use of if required. This Guide does not serve such a purpose.

However, as a minimum it would be expected that such a manual would specify an agency's investigation standards in terms of such matters as:

• ensuring the examination is performed with due care, proper process, impartiality and objectivity.
• collection of sufficient and reliable evidence (in terms of legal rules of evidence and admissibility).
• protecting physical evidence and the evidence trail.
• developing investigation procedures and analytical methods.
• coordinating the investigation with management, personnel, legal counsel, other specialists and other members of the team.
• maintaining the rights of individuals.
• conducting investigative and disciplinary interviews.

It is imperative that responsibility has been clearly assigned and relevant systems developed to ensure that full and complete records are maintained of all fraud reports and situations. In addition to suitable normal physical security arrangements an agency may wish to address the possibility of tampering with or unauthorised removal of material from official records either now or at some time in the future. Measures in this respect can range from very simple ones (such as minute numbering all pages and parts of all documents, and numbering all items of evidence) to quite sophisticated means (usually technological).

Records of Investigations

Agencies need to become aware of the issues surrounding the retention and disposal of records and to give particular thought to records relating to unproved or minor matters.

The question of what retention period should be applicable to internal investigation-related personal information is expected to be the subject of further consultation between the ICAC and the NSW Privacy Committee. However, at present the Personnel Handbook states that all information on unproven allegations should be destroyed. For proven allegations, Section 16.6.3 of the Handbook states that staff records should be disposed of in accordance with the General Records Disposal Schedule - Personnel Records issued by the Archives Office of NSW. Based on that schedule, counselling/discipline files should be disposed of five years after the last action on the file for officers who are paid below Common Salary Point 75, or retained offsite for officers above that point.

Interim and Final Reports from Investigations

In addition to routine status reporting, where possible it is suggested that a good practice is for an interim report to be submitted to the fraud control committee at a suitable point during the course of each investigation. This provides the committee with a fuller picture of the situation and provides a useful opportunity for management to provide advice on the direction and/or form of the investigation.

Care should be taken to ensure that any interim reporting practices introduced do not cause delays in the process or cause premature conclusions to be reached. Verbal interim reporting arrangements may be suitable in some situations.

The final report from each investigation should initially be presented to senior management or the fraud control committee. It should subsequently be forwarded with their endorsements and/or recommendations to the chief executive for appropriate action. The agency should formally set a standard for the maximum period which may elapse between the committee's receipt and on-forwarding of such reports. It is recognised that a realistic standard in this regard may depend on a number of factors. However, where practicable a standard of no more than a week is suggested.

The reporting format for interim and final reports is a matter for the investigator and for each agency to determine. However, it is suggested that information to be provided in interim reports should include:

• nature of the irregularity.
• actual or estimated amount involved.
• location of the office, plant or site where the irregularity occurred.
• type of operation.
• means by which the irregularity was identified.
• formal history of the matter within the agency to date.
• name(s) and details of the individual(s) involved (if known).
• the current form and substance of information and evidence in relation to the matter.
• explanation of the circumstances of the irregularity.
• action taken (including method of investigation), facts uncovered, present status of employee and steps taken to protect company assets from further loss.
• indications whether the most recent audit of the location uncovered any circumstances which might have indicated that an irregularity was in progress.
• further action or investigation required to complete the matter.
• expected final reporting timeframe.

In terms of final reports, it is suggested that information to be provided should include:

• who carried out the investigation.
• existence of confirmed fraud and location.
• amount involved.
• name and position of employee(s) and non-employee(s) involved.
• personnel information.
• methods used to detect the irregularity.
• time period over which the irregularity occurred.
• means of disclosure.
• statement as to whether there was:
  • an absence of internal control.
  • a circumvention of internal control through collusion.
  • effective internal control.
• steps taken to prevent recurrence.
• the names of the insurance companies and other persons from whom recoveries were made and amounts recovered.
• copy of any statement made by employees.
• current employment status of those involved.
• property and/or funds recovered.
• any arrangements made for restitution.
• disciplinary action taken or proposed.
• result of any Police action or prosecution.
• overall costs and time frame to conduct and finalise the investigation.

It is also imperative that a follow up review at some future point in time is conducted to ensure recommendations have been implemented and are working effectively to prevent any reoccurrence of fraud. A standard should be set in this regard. A period of 6-12 months is suggested.

An important but sometimes neglected process is following up the recommendations of fraud investigation reports.

A Few Investigation Tips

• always give thought to the legal admissibility of evidence. Can it be absolutely validated and attested to? Care needs to be taken with photographic evidence in this context.

• keep a log of where all evidence was obtained.

• hand write your notes. They are the most authentic.

• try to write verbatim transcripts of important discussions with key officers.

• protect and secure original documents.

• substitute annoted photocopies of key documents onto official files if they are needed for the conduct of regular business.

• never mark originals of key documents in any way, even with highlighter pens.