When fraud strikes your employer or one of your corporate clients, do top executives:
A) Consider you a key advisor and strategic problem-solver?
Or, once you’ve reported your investigative findings, do they:
B) Thank you for your technical input and huddle without you to craft internal and external communications and other critical aspects of their fraud response plan?
If too often the answer is B, take a look at these brief case studies in corporate communications. By mastering the concepts they illustrate, you’ll move closer to a seat at the table with senior management.
EARN YOUR PLACE
It might surprise you that investigative brilliance isn’t a prerequisite for admission to the inner circle.
“To sit at that table, you have to understand and acknowledge what’s important to everyone else there,” said Jonathan E. Turner, CFE, CII, chairman of the ACFE Board of Regents and a principal of Wilson & Turner Incorporated, an investigative consultancy headquartered in Memphis, Tenn. Turner specializes in prevention and detection of financial fraud and employee crime.
“When the CEO, the chief legal counsel, and the HR chief plan the organization’s communications about a fraud,” he said, “you’d better be able to frame your recommendations in terms they’ll respond to. It’s not their job to understand you, but it is your job to communicate with them.”
What advisor-investigator CFEs have, and their investigator-only peers often lack, is a combination of interdisciplinary empathy and a comprehensive grasp of the organization’s business. This powerful ability, when combined with an open mind and willingness to try a new approach, can help you achieve your company’s anti-fraud objectives.
Begin by thoroughly and methodically familiarizing yourself with the respective responsibilities and viewpoints of each major player. Then explain to them that while fraud prevention is a top priority for the organization, you realize it’s not the only one.
AIM TO KNOW AND PERSUADE
Don’t expect to have as much influence as the general counsel or head of human resources. That kind of pull isn’t necessary to achieve your objective, which is to mitigate risk and damages by enhancing management’s anti-fraud savvy.
“Who are the primary players in fraud-related communications? It depends on the scale of the company, its international exposure, if any, its regulatory and legal environment, and other, situation-specific factors,” said Larry Barton, Ph.D., former vice president of corporate communications at Motorola, Inc., and now president and CEO of The American College, an educational institution for finance professionals, located in Bryn Mawr, Pa.
Barton said the CFO, legal counsel, human resources, and the corporate communications department most often will formulate a response for the organization when it encounters fraud. This group must quickly decide whether and how to communicate with internal and/or external audiences.
“The fraud response team also should include a CFE,” Barton said. “One of the biggest communication challenges for a company is determining whether and when it has to notify a regulator or other government entity of a potential instance of fraud. The team needs a CFE at its side when making that decision.”
That’s not the only counsel a CFE could provide to the fraud response team. Introduce yourself to your organization’s government relations officer (GRO), and learn all you can about his or her activities and responsibilities. If your organization doesn’t have a GRO, quickly teach yourself about this function. GROs typically determine when reports are necessary to comply with regulatory requirements.
To illustrate the GRO’s importance, Barton cited how Hewlett Packard (HP) recently learned that Russia and Germany are investigating if HP employees bribed Russian officials to secure lucrative sales contracts in 2003.
“I guarantee that HP’s Washington, D.C., GRO had to notify the U.S. State Department of this investigation,” Barton said. “And HP also must have spoken with its European GRO about potential effects in the European Union.”
Naturally, the GRO’s purview includes domestic issues. For example, Barton said, “At some point the GRO of a local hospital that encounters actual or potential Medicare or Medicaid fraud will have to notify the state or the regional Center for Medicare and Medicaid Services of what it knows and is doing about it.”
To the average CFE, the facts of the fraud and the regulatory requirements are all you need to know when deciding what to communicate to internal and external audiences.
ACKNOWLEDGE AND ACT
Sometimes, however, additional factors come into play. Consider another case involving HP: In 2006, the company was plagued by unauthorized leaks to the media of sensitive discussions among its board of directors. Attempting to stanch the leaks, which HP feared would adversely affect the price of its stock, the company conducted a wide-ranging and complex investigation. It included secretly obtaining board members’ phone records, and identified one person as a likely suspect. When confronted with the evidence, that person resigned from the board.
But having achieved its information security objective – to protect the value of its equity – the company made a major blunder that, Turner said, is a casebook illustration of how an astute CFE could have saved the day.
“Ordinarily, this investigation would’ve been considered a success,” he said. But after the board member left, HP issued a press release indicating he had resigned to pursue other interests – as is often said when someone leaves. Unfortunately for HP, when the former board member saw the release, he publicly contested it, saying he had left because he was forced out. This embarrassing revelation brought the company negative publicity and attracted the attention of governmental investigators. Ultimately, the CEO and other senior executives lost their jobs, and HP was subject to lengthy regulatory scrutiny.
“Instead of admitting to the world that a board member had not lived up to the ethical standards HP required, and that therefore he had been asked to leave, the company unnecessarily harmed itself by writing a generic, inaccurate press release,” Turner said.
A perceptive CFE who had the ear of top managers could have advised them on how to craft an accurate press release that disclosed the ethics violation and the company’s necessary investigation of it, without risking a suit by the board member.
“But a CFE who didn’t understand and acknowledge the chief legal counsel’s primary responsibility – to protect the company against liability – couldn’t have persuaded managers to reveal the actual reason the board member resigned,” Turner said. “Too often, CFEs want to present just the facts. And based on those facts, they expect colleagues or clients to take actions the CFEs deem necessary. But some CFEs don’t take the time to find out what else these people have on their plate.”
GET READY
Barton said companies will often contact him seeking his advice on how to set up a proper emergency plan.
“It’s common for companies to call me and say they have emergency plans for losing their lease, complete failure of their IT systems, and the sudden death of senior executives – but they don’t have a fraud response plan,” Barton said. “When I help them design an appropriate plan, I emphasize that the plan is worthless unless they follow it – with necessary adjustments for each situation.”
An important part of the fraud response plan is preparing appropriate messages to each affected internal and external audience. But Barton says when time is short and pressure is great, the fraud response team needs to test-drive its draft messages.
“A CFE can add value to the process by recommending the rapid convening of employee and customer focus groups,” Barton said.
He provided an example for internal communications. “A multinational corporation could ask its top manager in each of several countries to invite several employees in key sales offices to a Web-based conference that same day. This session would quickly obtain essential feedback on the effectiveness of the message and guide any necessary adjustments that would help achieve its objective,” Barton said.
You can adapt this process to customers and other external audiences, Barton added, but he acknowledged it’s more difficult and less predictable.
BREAK BARRIERS
When you’re drafting a fraud report for the company, Turner suggests you keep it concise and focused.
“Typically, fraud reports are massive tomes full of complex minutiae no one cares about,” Turner said. “CFEs should aim to provide not one large report, but rather a group of reports, each aimed at a specific audience.”
For example, communications to internal auditors should tell them what the fraud was, how it was perpetrated, and what indicators could have been detected.
Turner said communications to audit committees should specify how prevalent this kind of fraud is, how likely it is to recur, what the potential financial risks are, the likelihood investigators will find it, and the problems with internal controls that allowed this to go undetected, or the strengths that enabled investigators to find it.
“We don’t want to tell the employees exactly how the fraud was committed, or else they’ll do it,” Turner said. “Neither do we want to reveal how we detect fraud. Instead, we want to communicate to employees that this fraud occurred, that we detected it, that we look for such violations, and take action when we find them. Further, we want to instruct employees what to do if they think they see fraud. It’s the most effective anti-fraud mechanism we have.”
All versions of the fraud report should cover the same set of facts, but each should be customized for its respective audience. Turner believes the average fraud investigation doesn’t require many versions.
“In fact,” he said, “I’m aware of no more than 12 constituencies; in most organizations, there are two or three.”
BOTTOM LINE
Under their Code of Ethics, CFEs must advise clients to disclose – not cover up – a breach.
“Companies that admit a fraud took place, that emphasize the importance they attach to it, and say what they’re doing about it will also end up with a more ethical workforce than companies that pretend it didn’t happen,” Turner said. “And CFEs whom senior managers perceive as open-minded, strategic thinkers will get the best opportunities to influence and improve the organization’s anti-fraud capabilities.”
Bob Tie is a New York business writer and contributing editor at the AICPA’s Journal of Accountancy.
The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.fraud-magazine.com or www.ACFE.com. ACFE follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced. Requests for reprinting an article in any form must be e-mailed to: FraudMagazine@ACFE.com.