Today: January 20, 2018

To Contribute →

Login Register


June 17, 2015 at 5:45 pm | Waseem Ahmed

Fraud investigation


Investigations and other related enforcement activities including off-site and on-site surveillance and inspections are potent weapons in the regulatory arsenal of law enforcement agencies globally. Investigations are made either for detailed examinations or to find out facts. Regulatory and law enforcement agencies can effectively accomplish their statutory mandate if they exercises their investigative authority prudently and professionally.

Financial and white-collar crimes have increased tremendously in recent years. Investigators and law enforcement personnel need to be well-equipped in combating such crimes. An investigator shall have the ability to elicit facts from evidences and witnesses in a fair, impartial, lawful and accurate manner.


Officers of regulatory authorities can optimize their investigative efforts by utilizing  certain techniques and best practices while carrying out investigations. It is said that a successful investigator is part lawyer, part accountant, part criminologist, and part detective. Following best practices shall be kept in view by the investigators while performing these diverse roles:

  • Financial statement fraud is usually a means to an end rather than an end in itself. When people cook the books, they may be doing it to buy more time to quietly fix business problems.
  • Important red flags associated with commonly encountered fraudulent activities shall be pre-defined for assistance during investigation.
  • Nonfinancial measures (NFMs) and disclosures, normally presented in directors’ report and other narrative reporting instruments, are helpful to detect financial statement fraud. For example, expansion in production facilities, an NFM, shall generally correlate with turnover/revenue growth, being financial measures, in the medium- to long-term. Any inconsistent patterns between the two sets of financial and non-financial disclosures may prove helpful to detect irregularities.
  • Forensic examination of documents is a pre-requisite in most investigation cases. Fake documents may be characterized by signature forgeries, substituted pages, counterfeited documents, ink differences, alterations, etc.
  • Such examinations may also involve analysis of paper folds and sequence of folds, comparison of torn or cut paper edges, restoration of charred documents, and detection of inserted texts, etc.
  • Evidence may be direct or circumstantial. While the former shows prima facie the facts at issue, the latter indirectly shows culpability of the alleged violation or offence. However, direct evidence is hard to come in majority of the investigations.
  • Investigators must be well aware of the rules of evidence. In many instances, a case fit for prosecution is not admitted by the court due to improperly obtained evidence.
  • Investigators must properly secure physical/documentary evidence. Only copies of documents should be used for marking, not originals.
  • Investigators must properly record and maintain the proceedings of hearings/interviews conducted, whether on-site or off-site. They may consider to transcribe the proceedings of hearings/off-site interviews forthwith. The possibility of electronic note-taking through tape-recording can be explored, since a large portion of proceedings during hearings generally went unrecorded manually.
  • Utilizing Data Analysis and Case Reporting Tools:
  • Regulatory and Law Enforcement Agencies around the globe are utilizing the latest data analysis and reporting tools to enable them cope with the complex and multi-disciplinary aspects involving financial investigations.
  • A number of computer programs, traditionally called Computer Assisted Auditing Techniques (CAATs), have been developed that enables the investigator to sift through heaps of information.
  • These tools help identify red flags; enable effective data mining as well as advanced data manipulation and analysis, reporting and case management. Many such tools are available in the market from which to choose:
    • ACL for Windows – a data analysis, audit and reporting software that keeps original data intact
    • Active Data for Excel – An add-in that makes highly technical operations in Excel easily understandable and manageable
    • Monarch for Windows – transforms electronic reports generated by other programs into text files, spreadsheets or database tables
    • i2 Analyst’s Notebook – a powerful professional visualization and analysis tool
    • CaseMap – A database product used to organize information about the facts, cast of characters, and issues and questions in any investigation.

Box 1: Selected Investigation softwares/CAATs

Type Vendor URL
         Active Data Information Active
         Active Audit Information Active
         Excel->AutoFilter Excel
         Access Microsoft
Statistical Software
          SAS SAS Institute Inc.
          SPSS SPSS Inc.
Data Mining Software
          ACL ACL Services Ltd.
          IDEA Audimation Services Inc.
          PanAudit Computer Assocation (CA)
          Monarch Datawatch
  1. CONDUCTING Covert Operations:
·      A covert operation is designed to obtain evidence by use of resources whose true role is undisclosed to the target.·      A major category of covert operations include surveillance operations, which uses the skills of observation to determine the activity of individuals, and to gather actionable information/evidence.
  • Covert operations may be used as a last resort, and after other/statutorily defined means of obtaining information are exhausted.
  • In actual practice, companies undertaking illegal business activities or inciting innocent investors through, for example, lucrative Ponzi/ MLM schemes can be visited by investigators as potential customers to gather material, actionable information. However, the admissibility of evidence obtained through such means in the courts need to be assessed.
  1. Utilizing Computer Forensics:
  • Computer forensics is an investigative discipline that includes the preservation, identification, extraction, and documentation of computer hardware and data for evidentiary purposes and root cause analysis. Computer forensic activities help establish and maintain a continuing chain of custody, which is critical in determining admissibility of evidence in courts.
·      Notable computer forensic activities include:o  Recovering deleted e-mails.o  Monitoring e-mails for indicators of potential fraud.o  Performing investigations after terminations of employment.o  Recovering evidence after formatting a hard drive.
  1. Reporting results of investigation:
  • A well-written investigation report can alone win or lose a case in the court. It conveys to the litigator necessary evidence and provides credibility to the investigation conducted.
  • Investigators shall convey only the facts without editorializing or giving judgments.
  • Investigators shall avoid using jargons, and use complex or technical terms in their proper contexts.
  • Investigators shall avoid expressing an opinion on the guilt or innocence of the entity/person being probed. Their primary focus shall be on fact finding and evidence collection based on the ToRs of investigation. The ultimate decision shall be left to the discretion of the adjudicating authority.

 OTHER Do’s and Dont’s of Investigations:

  • A timeline/chronology of events must be maintained and updated regularly. It is a must in large and complex cases, and enables better case management.
  • Fraud investigation cases must be disposed off within a reasonable period. Investigators shall never fall in love with their cases!
  • ‘Follow the Money’ approach is recommended to be adopted. Since the prima facie consideration in most investigation cases is of a financial nature, this approach is worth consideration, and the trail normally leads to the suspect.
  • All the cases must be proceeded with the assumption that they will end up in litigation. This would enable the investigator to properly obtain and maintain actionable evidence and elicit witnesses when needed.


  • Regulatory and law enforcement authorities shall invest in necessary IT infrastructure to equip their enforcement staff with the necessary data analysis and case reporting/management software, and get the enforcement staff trained for its effective utilization.
  • Capacity building and training in the areas of evidence collection, interviewing suspects, computer forensics, may also be carried out.
  • Necessary coordination shall be enhanced with other regulatory authorities and LEAs, locally as well as internationally, to share material, actionable information needed for effective investigations and other enforcement actions.
  • An Enforcement Manual outlining strategic objectives and policy parameters of enforcement functions shall be developed.


  1. Fraud Examiners’ Manual, International Edition, 2012, Association of Certified Fraud Examiners, USA
  2. Financial Investigations and Forensic Accounting, Second Edition, George A. Manning
  3. Fraud Auditing and Forensic Accounting, Fourth Edition, © 2010 John Wiley & Sons, Tommie W. Singleton, Aaron J. Singleton


Waseem Ahmed

The writer is a Certified Fraud Examiner from the Association of Certified Fraud Examiner, Inc. USA, and is working as Joint Registrar with the Securities & Exchange Commission of Pakistan.