Building a Robust Fraud Prevention Program

Fraud Magazine Interview with Martin Biegelman, CFE, ACFE Fellow, Director of Microsoft's Financial Integrity Unit

By Dick Carozza


Microsoft, of course, is huge. That computer on your desk probably contains at least one Microsoft product. The firm has almost 80,000 full-time employees with offices in more than 100 countries and thousands of vendors. Like many burgeoning global corporations, it has to seek staffers with integrity. But even with the best hiring practices, no entity can ignore the possibility of fraud in its ranks. 

Five years ago, Microsoft began its Financial Integrity Unit with Martin Biegelman, CFE, ACFE Fellow, at its helm. Biegelman initially sent members of his Washington-state team around the globe to conduct investigations. But soon he realized that he needed to hire nationals who would understand the specific cultures, social mores, and country laws. 

The approach is paying off. With 11 team members (and growing) throughout the world, the FIU has been able to tackle cases that have helped protect Microsoft's assets and reputation while providing anti-fraud education for management and employees. "By creating this 'perception of detection,' we are able to proactively reduce the risk of potential opportunities to commit fraud," Biegelman says. 

Biegelman says that the FIU exists not just to conduct fraud examinations but to foster a 'culture of compliance," enhance the company's internal controls, and build a robust fraud prevention program. Prevention and deterrence aren't just cliches, Biegelman says; they're the lifeblood of the FIU. 

Biegelman spoke to Fraud Magazine from his office in Redmond, Wash. 

What is Microsoft's Financial Integrity Unit? 

The global business environment is continuously changing and demanding more from us as a company and as employees. Not only does the world expect us to deliver the best products and services, it expects us also to conduct ourselves ethically and responsibly. 

Consequently, in September 2002, Microsoft formed its Financial Integrity Unit (FIU), an internal corporate investigation resource based within the Internal Audit Department. The FIU is designed to address internal and external integrity matters including financial frauds and reported concerns related to possible violations of Microsoft's Standards of Business Conduct. The FIU also plays a role in enhancing the integrity of the internal control environment through recommended process and policy improvements. It has a global charter with people in Microsoft offices in the United States (Redmond, Wash.) in Asia (Singapore, China, and India) and in Europe (France and Russia). These offices are staffed with FIU members who are Certified Fraud Examiners, former law enforcement professionals, CPAs, forensic accountants, and other fraud-detection professionals. The FIU works closely with Microsoft's executive leadership, the Office of Legal Compliance, the Internal Audit Department, and others in protecting Microsoft from financial and reputational risk. 

How was Microsoft's Financial Integrity Unit formed? 

Microsoft has long made corporate compliance and proactive fraud prevention a top priority. In 2001, prior to Enron, WorldCom, Adelphia and other corporate scandals, our then-CFO, in consultation with the Internal Audit Department and the Office of Legal Compliance, determined that Microsoft needed increased protection from potential financial fraud and abuse issues. The company decided to construct a dedicated unit staffed with professional investigators focused on both a proactive and reactive approach. 

After an in-depth analysis, Microsoft determined the key elements needed for an effective fraud prevention unit. Some of those are: a clear charter or mission, a comprehensive fraud risk management strategy, written policies and procedures, sufficiently experienced personnel, sound internal organizational structure, executive sponsorship, investigative priorities aligned with fraud risk and Microsoft business objectives and strategy, effective and timely response, essential array of technology tools, case management system, and key performance measurements. 

Microsoft then needed to find a leader for this new unit. They wanted someone with significant experience conducting financial fraud investigations in both the government and private sectors. They wanted a person with management experience along with other leadership qualifications. Microsoft understood the value of the Certified Fraud Examiner certification and made this a qualification requirement for the position. 

In March 2002, I was asked to be a speaker at the ACFE Middle Tennessee Chapter's Annual Fraud Conference. I have been involved with the ACFE and a CFE since 1995. I have had many roles at the ACFE including adjunct instructor, Regent Emeritus, and Fellow. At the conference I met Odell Guyton, Microsoft's director of compliance, who was also a speaker. Odell was a former federal prosecutor and I was a former federal agent and we shared our experiences and stories. He mentioned that Microsoft was about to start a newly created fraud prevention unit and they were looking for someone to lead it. He asked if I was interested in this challenge. I was excited about this unique opportunity and, of course, I said yes. As a result, he recommended me for the role and the rest is history. 

Why label it an FIU rather than the more common name, Special Investigation Unit? 

Given the company's focus on preserving integrity, process improvements and prevention rather than just reactive investigations, Financial Integrity Unit was a natural name reflecting our team's important focus beyond just an investigative response. We place less emphasis on the word fraud because our focus on compliance is all about integrity and the expected behaviors from employees and others. 

Financial stewardship, responsibility, and integrity are key tenets of Microsoft's Standards of Business Conduct. We wanted to emphasize to our employees, our shareholders, our partners, and our customers that preserving the financial integrity of our company was paramount. Creating and enhancing shareholder value is absolutely critical for our company's performance now and in the future. Fraud and issue resolution, reduction, prevention and recovery of defrauded assets add to the bottom line. We also wanted to reemphasize to our employees that the FIU was there to protect them by mitigating their financial and reputational risk and working with management and the legal and human resources departments. 

How does your FIU differ from a traditional SIU? 

I think the traditional SIU has undergone many changes so more and more of them are looking like our FIU. From the beginning, we built fraud detection and prevention along with recovery of defrauded assets into the FIU program. We hired people with strong financial analysis skills and data-mining expertise, CPAs, forensic accountants, and, of course, CFEs. We hired former federal agents such as Postal Inspectors and FBI Special Agents just as traditional SIUs do. Removing the profit motive from those who commit fraud through civil and criminal restitution has been part of our program from the beginning. In addition, being based in the Internal Audit Department has provided us with a great interaction with and sharing of audit findings and red flags for further investigation. At times, our investigators have participated in audits to gain a greater understanding of the audit process and identify areas of risk. As a result, our investigators have greater and more productive interactions with the internal auditors. This cross-group collaboration has been critical to the success of the FIU. 

What was your strategy when constructing the FIU? 

Our goal from the beginning was to build a world-class fraud prevention program at Microsoft. We employed a number of strategies to accomplish this and we're not done yet. It began and continues with the power of people. I learned early in my career that anything is possible when you have passionate, motivated, and dedicated people on your team. Our company's success springs from identifying, hiring, and retaining the best possible people. 

So, in addition to hiring the best fraud detection and prevention professionals, our strategy has been a combination of integration of the fraud prevention program into the company, developing policies and procedures, creating a case management system, building a global coverage model, developing employee and management fraud awareness and training programs, implementing fraud detection tools and technology to detect and prevent fraud, and sharing red flags of fraud and improvements in internal controls to reduce fraud and abuse. 

The FIU has built a predictable response to allegations of fraud to provide thorough and timely results for management, business, and employment decisions as well as possible referral for criminal prosecution and restitution. There is also a focus on driving continuous improvement in policies, procedures, internal controls, customer satisfaction, and compliance with Sarbanes-Oxley Act certifications and whistle-blower provisions. Priority is given to high-risk/high-profile matters affecting the company. 

Our strategy also involves a close interaction and cross-group collaboration with the various other investigative groups at Microsoft that have different but interrelated roles and charters. These groups include corporate security, the employee relations investigation team (within HR), network security, anti-piracy, and Internet safety. 

What is the FIU organizational structure? 

The FIU, based in the Internal Audit Department, reports to Alain Peracca, the corporate vice president of internal audit, who reports to Chris Liddell, our CFO. Strong executive support has been a hallmark of the compliance program at Microsoft and a critical factor for the FIU's success. Mr. Liddell has told me that Microsoft recognizes that a culture of compliance anchored by a world-class fraud detection, investigation, and prevention program significantly contributes to shareholder value. 

The FIU has a strong dotted line to the Office of Legal Compliance (OLC) which is part of the Office of the General Counsel. The OLC's mission is to provide supervision and oversight in the establishment, implementation and maintenance of effective and collaborative compliance and governance programs. The OLC closely oversees and counsels the FIU in all its investigations. 

Why do you find the FIU system better than other departmental anti-fraud solutions? 

First, let me say that in the last few years I have seen a huge improvement in the anti-fraud programs of organizations everywhere. There is greater attention to fraud risk than at any time I have seen in my career in fraud examination. Just look at the huge growth that the ACFE has experienced worldwide. As for the FIU program, the strength of our program is that we have tried to incorporate the best practices of other great companies as well as coming up with many of our own. We want to be cutting-edge and innovate while incorporating the best that Microsoft technology and software has to offer. 

We have seen great progress in building robust fraud prevention programs at companies worldwide especially since the enactment of Sarbanes-Oxley. Cross-group collaboration and benchmarking with a number of other great companies from technology and other industries have helped us in sharing and adopting best practices. For example, we hold benchmarking sessions with our counterparts from technology, financial services, manufacturing, and other industries in group sessions and one-on-one meetings. A number of companies both from the United States and Europe have wanted to learn how we built and continue to grow our program. We learn just as much from them as they do from us. 

How do you emphasize the need for FIU employees to "think globally"? 

Being a global organization, it is critical that the FIU build a highly diverse team with different backgrounds, cultures, and viewpoints. Microsoft does business in almost 200 countries. Everyone in the FIU has traveled internationally on investigations and for conducting fraud awareness presentations to employees, and many members of the team speak at least two languages. In fact, collectively our team members speak 11 different languages, which is extremely helpful when dealing with complex issues in our international subsidiary offices. 

For regional FIU locations, the team's goal is to identify highly qualified candidates from that area in the world. Their experiences, knowledge of culture, contacts and qualifications, are an invaluable asset in conducting fraud investigations. These regional investigators, along with those from the United States, commonly provide proactive fraud awareness presentations via "road shows" to subsidiaries. This allows the team to meet management, and potential stakeholders in future investigations, in a positive setting that allows for building of close relationships outside the parameters of an investigation. 

You've said that the FIU is both reactive and proactive. Can you explain that? 

The FIU not only conducts highly sensitive fraud investigations but it exists to ensure a culture of compliance and enhance the company's internal controls. Once an investigation is completed, we conduct numerous steps to help mitigate the risk in other organizations by meeting with key business stakeholders, including the Finance Department and Internal Audit Department. 

The FIU helps reduce fraud risk by conducting internal and external fraud awareness presentations. By creating this "perception of detection," we are able to proactively reduce the risk of potential opportunities to commit fraud. Additionally, we have invested significant resources in Technology Enabled Continuous Auditing (TECA), which allows us to strategically identify occurrences of fraud, waste or abuse. 

TECA is a blend of technology and statistical evaluation techniques that combine disparate sets of data with targeted queries set to detect outliers that are "red flags" of fraud or violations of policy. TECA seeks to leverage technology to expand the scope and coverage of audit and investigative activities over larger and sometimes seemingly disparate data sets. The system is flexible, with new queries regularly being added to the queue. This helps the team proactively identify additional situations of abuse in a short period of time based upon recent cases. Investigators then review these cases for follow-up. The use of TECA ensures that matters such as expense reporting and claims management, purchase orders, contracts, and other activities are in compliance with the corporate guidelines worldwide. Considering the diversity and complexity in the nature of operations across geographical barriers, TECA is a FIU tool that will play a key role in further reducing fraud risk to the company. 

The FIU has also prepared in-depth white papers on various issues such as expense reporting and business funding with an eye on recommended improvements to policies. We have prepared case studies based on our investigations that are used as scenarios in our annual Standards of Business Conduct training for all employees. This year, the team worked with our procurement department to develop a training video on purchasing best practices. 

How have the FIU and Microsoft benefited from its relationship with the ACFE? 

From the beginning of the FIU, I made it a requirement that my team members would be CFEs. I have seen the growth of the ACFE worldwide and how the CFE certification has become the gold standard for fraud detection and prevention professionals. CFEs are now known the world over as fraud-fighting experts. CFEs, through their education, training, and experience, provide an added value to any organization, public or private, large or small, foreign or domestic. It just makes good business sense to have as many CFEs on my team as possible. 

We support everyone on the team becoming a member of the ACFE and actively participating in the organization. We currently have a worldwide team of 11 and seven of us are CFEs. Three are in the process of studying for their CFE certification. We are recruiting for a new position in Russia and that team member will also be a CFE. The goal is for everyone on the team to be a CFE. 

How do you encourage your staff to develop professionally through the ACFE and other continuing education sources? 

Ongoing training and education is the foundation of professionalism. That's especially true for fraud investigators. No one but the ACFE provides the depth and breadth of anti-fraud training. The ACFE courses focus on the type of work that we do. Just as importantly, ACFE professional training gives us a window into the future for fraud. The FIU has a requirement of a minimum of 40 CPE hours a year and ACFE training helps us accomplish that. I normally send several team members to the Annual ACFE Fraud Conference. I have had team members attend every conference since the formation of the FIU. This year, seven team members attended the conference in Orlando. 

We also encourage the professional development of our team by speaking at ACFE events including chapter conferences, the annual fraud conference, and international conferences. In the past year, four team members spoke at various ACFE training events including a joint ACFE/Institute of Internal Auditors conference in Vancouver, B.C., the Dallas Chapter Annual Conference, the Spokane Chapter Annual Conference, and the annual fraud conference. 

I also encourage leadership roles in the ACFE for further professional development. For example, our investigations senior manager based in Paris is the secretary/treasurer and a founding member of the new ACFE France Chapter. And I serve on the ACFE Foundation Board of Directors. 

How do internal fraud cases come to the FIU? 

Employees and others concerned about questionable accounting or auditing matter can submit their concerns confidentially or anonymously by using the Web Allegation Tool at, sending a letter or fax to the director of compliance, or by calling our hot line, the Business Conduct Line. The Business Conduct Line is a dedicated, toll-free phone line that is available to employees 24 hours a day, 7 days a week, 365 days a year. It is operated by an external third-party vendor that has trained professionals to take calls, in confidence, and report concerns to the Microsoft director of compliance for appropriate action. Issues come to us from employees, managers, HR, legal, exit interviews when employees leave the company, through internal audits, as well as through our hot line. 

What kinds of investigative approaches do you use for different types of cases? 

Microsoft is a unique company, with offices in more than 100 countries, doing business in almost 200 countries, with about 80,000 full-time employees and a substantial number of contract and vendor employees. Additionally, there are always new technologies being "dogfooded" --  employees are beta testing our new products. Teams might have employees located all around the world, which means the majority of conversations among employees is handled via e-mail. These dynamics influence the investigative techniques each team uses. Each country has a different set of laws and regulations governing corporate investigations. What is legal and allowable in one country might be a criminal violation in another. 

The FIU recognizes these issues during the preparation of the investigative plan. The team seeks guidance from the legal department, and possibly outside counsel, to determine the steps that would be appropriate in a given situation in a particular country. In fact, as I've said, all our investigations are conducted under the guidance of legal counsel. When a matter is identified as high-risk, or complex, a second team member will often be called in to assist regardless of the issue's geographical location. We employ both Microsoft technologies and other fraud-detection tools. After conducting the core investigative techniques, each case necessitates a different approach. Often times, after reviewing the data, the team will identify subject matter experts within the business and learn the standard process for an organization. Investigators obtain guidance on all of these techniques from the legal department prior to deployment. 

The interview is the culmination of the investigative process. Typically, the investigator will interview witnesses and the potential subject after developing a good understanding of the process and evidence. The FIU team members conduct interviews in a professional and courteous manner. An independent human resources person is always in the interview, and when possible, a second FIU team member is present to assist. 

We require investigators to respect all interviewees and be objective and fair when searching for facts. Investigative techniques that might be quite legal and commonly used by law enforcement are not employed at Microsoft. No deception of any kind is used in either our investigations or our interviews. Proving that an allegation is unfounded is just as important as finding that it is. 

In this post-SOX era, how can management create a culture of compliance? 

Outstanding companies view Sarbanes-Oxley, the United States' Federal Sentencing Guidelines, and other worldwide compliance enhancements as opportunities for improved corporate compliance and governance. They understand and embrace the importance of implementing a strong fraud prevention program and internal control system. Companies that embrace a culture of compliance gain a competitive advantage. Business leaders, employees, and shareholders have learned firsthand what fraud examiners have long known. Fraud and abuse can happen anywhere, and the damaging impact goes far beyond the financial loss. The loss of reputation can be long lasting and often fatal. Warren Buffett, the billionaire investor and CEO of Berkshire Hathaway, has said, "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." Management that take Buffett's comments to heart will make a culture of compliance that much easier. 

There are many things that executives and managers can do to create a culture of compliance. The ACFE's Fraud Prevention Check-Up is an excellent guide to determine how vulnerable your company is to fraud. The Check-Up includes questions about the organization's fraud risk, risk tolerance, risk assessment, antifraud controls, and fraud detection. By taking this simple, yet effective test of your company's fraud prevention health, you can determine if you have adequate controls in place to prevent it. 

"Tone at the top" is another important element for a culture of compliance. It is leading by example. Chief executives, directors and other leaders set an important tone with their every word and action. Their accountability and integrity and how they consistently convey that message to every employee may be the most important aspect in building a compliant culture. 

I also recommend the use of the "Management Antifraud Programs and Controls: A Guidance to Prevent and Deter Fraud," that is an exhibit to SAS 99. This document provides organizations a detailed road map in creating a culture of honesty and high ethics, evaluating antifraud processes and controls, and developing an appropriate oversight process. Included in the guidance is the importance of setting and maintaining tone at the top, the role of the audit committee, effective internal audit, truly independent external auditors, and the value of having Certified Fraud Examiners as part of an anti-fraud program. 

We always hear about encouraging the tone at the top. Practically, how do you do it? 

Senior management largely guides an organization's culture. The leadership sets the tone for the rest of the organization, and the culture reflects these actions, whether positively or negatively. Employees pay careful attention, whether consciously or not, to their leadership and their actions. We try to build the tone at the top through our professional compliance department and the FIU, ongoing and mandatory training in our code of conduct, a highly skilled and effective internal audit function, a strong and independent board of directors, and the support of executive leadership. 

Communicating the importance of compliance is another way to demonstrate tone at the top and encourage ethical conduct. Microsoft's Office of Legal Compliance publishes the Compliance & Ethics Quarterly Report that is distributed to all employees around the world and serves to highlight Microsoft's policies, investigations, and trainings. It includes details on upcoming training, answers compliance questions posed by employees, provides contact information for reporting compliance concerns and questions, and recent compliance investigations. 

A company's code of conduct is a further reinforcement of tone at the top. Our Standards of Business Conduct states, "As responsible business leaders, it is not enough to do things rights, we must also do them in the right way. That means making business decisions and taking appropriate actions that are ethical and in compliance with applicable legal requirements." The company leadership also encourages people to speak up and ask for guidance on a particular business practice or compliance issue or to report a possible violation. 

From the ACFE's inception, Chairman Wells has emphasized prevention and deterrence. How does the FIU stress those components among Microsoft employees? 

In his seminal book on corporate fraud, "Corporate Fraud Handbook: Prevention and Detection," Joe Wells emphasized the importance of deterrence and employee education when he stated, "The fraud-educated workforce is the fraud examiner's best weapon--by far." In employee and management training sessions, FIU team members share examples of compliance failures and how to make sure they are not repeated in their groups. We contribute case studies to the Compliance & Ethics Quarterly Report to provide further awareness and prevention. The Office of Legal Compliance and human resources also provide ongoing training in our policies and procedures. 

Can you talk a bit more about the company's codes of conduct? 

As part of its operations, Microsoft investigates suspected illegal activities that might harm the corporation and its customers, such as spamming, hacking, piracy, malware, and fraud. On occasion and upon request, the company might also assist law enforcement agencies in the investigation of suspected criminal activity. Microsoft also conducts internal investigations of alleged employee misconduct including violations of law and Microsoft policies. In all aspects of its investigative work, the company seeks to uphold the highest ethical and legal standards, as outlined in the company's Investigations Code of Professional Conduct and Standards of Business Conduct. 

Microsoft strives for the most professional level of investigators and to lessen non-compliance issues to avoid liability for failure to comply with appropriate investigative procedures. All Microsoft employees involved in investigations, including investigators and attorney or non-attorney managers overseeing investigations and the work of investigators, as well as outside vendors retained for investigative work, will acknowledge and certify their compliance with the Investigations Code of Professional Conduct on an annual basis. 

The company's code states that investigators: 
  • Will conduct investigations in an unbiased, diligent, and professional manner
  • Will conduct their investigations with honesty and integrity and will use only those investigative techniques that comport with the highest ethical standards
  • Will gather and handle information and other evidence in a manner that respects the privacy rights of customers, partners and subjects of investigations, and protects the integrity of that evidence
  • Will comply with all applicable laws, regulatory requirements, Microsoft policies, and this Code of Conduct 
Microsoft's code of conduct for its employees worldwide, the Standards of Business Conduct, summarizes and is supported by the principles and policies that govern our global businesses in several important areas: legal and regulatory compliance; trust and respect of consumers; partners and shareholders; protection and management of Microsoft assets; sustainability of a cooperative, diverse and productive work environment; and our commitment to citizenship. These standards provide information, education, and resources to help employees make good, informed business decisions and to act on them with integrity. 

Microsoft is a global company, and our business operations are subject to the laws of many different countries. Employees doing business internationally must comply with applicable laws and regulations and uphold the Standards of Business Conduct at all times. Cultural differences or local laws and customs might require a different interpretation of our standards. If this situation arises, we encourage our employees to always consult their manager, the law and corporate affairs departments, or the director of compliance before taking any action. 

How has your experience as a U.S. Postal Inspector and director of litigation and investigative services in the fraud investigation practice at BDO Seidman LLP prepared you for this position? 

My years investigating fraud as a U.S. Postal Inspector and then later as an investigative consultant positioned me well for my role at Microsoft. As a federal agent, I saw firsthand the government's enforcement and prosecution role in protecting individuals and businesses. In my investigations, I learned how personal and business failures contributed to the many asset misappropriation, financial accounting, and corruption cases I investigated. In my career, I arrested hundreds of fraudsters. But no matter how many I successfully investigated and prosecuted, others quickly surfaced to take their places. Prosecutions didn't return the financial losses to businesses. Few cases ever resulted in full restitution to victims. It was even harder to restore lost reputations to organizations crippled by fraud. I grasped the need to do more than just react when a compliance failure was discovered. 

Later, as a consultant in litigation and investigative services, my clients included public and private companies, both foreign and domestic. I saw how compliance worked, but more often than not, how and why it didn't. I was shocked at the number of companies of all types and sizes that had either no compliance programs or poorly conceived ones. My clients never thought they would be victims of fraud or involved in committing a fraud. The compliance failures they encountered were wake-up calls for them. My experience in both government and consulting has given me great insight into the fraud and compliance issues that organizations of all types face as well as best practices and strategies for success in preventing them.  

Dick Carozza is editor in chief of Fraud Magazine.  

FIU Team Expands Globally 
The Microsoft FIU continues to expand throughout the world. Jerry Bamel, CFE, based in Singapore, is group manager of the APAC Team, and Kimberly Phoon, based in Beijing, China, is investigations senior manager for the APAC Team. 

Microsoft FIU Concentrates on Diversity in Hiring
Diversity is a popular business buzzword, but Martin Biegelman sees it as a method, not a rule, in developing the Financial Integrity Unit. "Our team's diversity permits us to leverage our experiences and skills to enhance our creativity and innovation, and ultimately, to produce better overall results," Biegelman says. 

"When people of different backgrounds and experiences work together as a team, they become more effective at achieving our goals," he says. "We become better individuals and thinkers, communicators, and problem solvers." The FIU's team members are from China, India, Singapore, the United States, and soon Russia. The team has former Postal Inspectors and FBI agents, CPAs, lawyers, forensic accountants, and financial analysts. All are, or are studying to become, Certified Fraud Examiners. 

The FIU's Americas Team, based in Redmond, Wash., covers the United States, Canada, and Latin America. The Asia Pacific team, APAC, has FIU members in Singapore, Beijing, and Delhi. EMEA, or the Europe, Middle East, and Africa team, has a member in Paris and another soon in Moscow. 

"The physical presence of our team members in non-U.S. locations provides a valuable resource to our international colleagues, which we believe contributes to higher levels of accountability and compliance all over the world," Biegelman says. 

The Microsoft FIU team is comprised of: Martin Biegelman, CFE, ACFE Fellow, director of the FIU, Redmond; Bob Morgan, CFE, group manager, Americas Team; Shannon Grayer, CFE, CBM, investigations senior manager, Americas Team; Brock Phillips, CFE, CPA, forensic accounting senior manager, Americas Team; Heather Yu, CPA, senior investigative analyst, Americas Team; Susan Pai, J.D., investigations senior manager, Americas Team; Cindy Prudnick, paralegal, Americas Team; Jerry Bamel, CFE, group manager, APAC Team, Singapore; Kimberly Phoon, investigations senior manager, APAC Team, Beijing, China; Gaurav Ajmani, LLB, CFE, investigations manager, APAC Team, Delhi, India; and Stuart Sturm, CFE, CPA, investigations senior manager, EMEA Team, Paris, France.

The Association of Certified Fraud Examiners assumes sole copyright of any article published on or ACFE follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced. Requests for reprinting an article in any form must be e-mailed to: .