You have identified a fraud or corruption event in your organisation. What next?

You have identified a fraud or corruption event in your organisation. What next? 

by: Phillip Hoskin

In my experience as an investigator, both in the private and public sectors, for most employees the discovery of a suspected fraud or corrupt activity within any organisation is not an everyday occurrence and initial reactions may include shock and surprise. If the organisation is unprepared, the hours or days following the discovery of a potential fraud or suspected corruption event can be very confusing and stressful.

The absence of a pre-existing structured Fraud and Corruption Response Plan, the amount of time and effort it takes for management to respond, particularly in the initial weeks, is excessive and severely impacts the normal business activity of the organisation.

Moreover, my experience is that managers may handle the same problem in different ways, sometimes with disastrous consequences such as:

  • destroying evidentiary value of information by inappropriate handling processes;
  • inadvertently tipping off the suspect;
  • enabling the suspect to destroy incriminating evidence (or somehow obscuring it even further) having been made aware that their actions have been uncovered;
  • failing to keep the matter confidential, and
  • taking inappropriate action caused by having insufficient information.

A Fraud and Corruption Response Plan (FCRP) ensures that incidents are handled in a systematic and efficient manner, not only to conclude a successful investigation, but also to show that the organisation acted in a prudent and lawful manner.

The FCRP should outline protocols with parameters on how far an individual line manager should go in collecting initial information before invoking the FCRP. The key is to provide the line manager with an effective framework to resolve concerns, rather than leave such resolution to individual unfettered initiative.

Initial Action

It is important to remember that when fraud is first suspected, the matter may well be more serious and pervasive than it may initially appear. This is because people committing fraud or undertaking corrupt activities rarely restrict their activities to only one modus operandi or method. Therefore, where possible, every effort should be made to obtain as much information as possible before anyone is questioned, confronted or interviewed. This is particularly important in organisations or business units with a close working environment, where there may be a strong temptation to question an employee as soon as suspicion is raised.

It is also important to be aware that larger scale frauds or corrupt activity are often international in nature. Therefore, a FCRP must include consideration and measures for taking legal and investigative action across jurisdictions.

In addition, most fraud and corruption involve the use of an electronic device at some stage in the planning or execution of the deception. This is particularly evident in today’s environment, where business is conducted on multiple electronic devices and correspondence is through the widespread use of corporate e-mail or chat room. The pervasive involvement of multiple electronic devices into most facets of corporate life means that electronic information is often vital to investigating corporate fraud. Obtaining that electronic piece of evidence is a specialist skill which should be discussed with a forensic specialist.

Initial actions are crucial to the eventual outcome of an investigation and, if a proper strategy is put in place and adhered to, the extent of fraudulent and corrupt activity can usually be assessed, and action taken to successfully resolve the matter. This usually means collecting sufficient evidence to bring disciplinary action against errant staff and to commence civil and/or criminal proceedings against those concerned in the fraud, or claims against insurers, if so desired.

Initial responsibility designation

Fraud and corruption investigations are, by necessity, a confidential task and is a sensitive matter for the vast majority of organisations. It is vital that all allegations of fraud or corruption are treated seriously and that responsibility for handling these incidents is assigned to an experienced practitioner/s. In many organisations, that responsibility is handed to a corporate security advisor, internal audit manager or risk management director. In other organisations, the responsibility is shared between members of senior management or an audit committee and the organisation’s human resources personnel and corporate lawyers are involved from a very early point. Some organisations may find they do not have the capability or expertise internally to investigate fraud and corruption events and it might be necessary to engage an external forensic investigation and evidence collection specialist.  Fraud and corruption incident management responsibility is an important role and those chosen to administer the role must come from the appropriate legal and management level to authorise investigative actions and to co-ordinate the organisation’s overall response to fraud incidents.

Fraud and Corruption Triage

What’s needed is a layered approach to fraud and corruption response management similar to the triage system used in our hospital casualty departments – in other words, some frauds and corrupt activities have impacts far beyond the remit of the investigation. The FCRP should cater for these eventualities such as when the organisation’s liquidity is threatened.

A triage approach provides an avenue for forensic specialist to be engaged as and when required whilst allowing the organisation to maintain an “in control” approach to mitigating the fraud and corruption risk control.  The benefits of this on demand service include access to an independent diverse set of skills, which is essential in ensuring the ability to respond to all allegations reported. These skills include external experts in forensic investigation, cyber forensic, digital forensic, fraud and corruption risk management and forensic data analytics. Outsourced and co-sourced capabilities allow for greater agility and flexibility and access to the latest methodologies, global better practice and tools.

Receipt and initial assessment of suspicion, allegation or ‘tip off’

Fraud and corruption investigations are often initiated after an allegation or a tip-off (often anonymous) is received and often sourced from inside the organisation. Many fraud incidents are initially discovered by accident, perhaps as a result of an audit, job change or resignation. Very few frauds or corruption events are discovered as part of a deliberate attempt to uncover deception, as very few organisations implement a proactive fraud detection program.

At the conclusion of this stage, a decision must be made as to whether the allegation or suspicion warrants investigation, is vexatious or there is insufficient evidence to warrant further investigation. However, this decision must be made carefully. If an allegation is not quickly dismissed as false or doubtful, further action should be taken to provide the organisation some comfort that nothing untoward has occurred.

A FCRP is a key part of the governance framework for any organisation. Fraud and corruption are key risks which can impact on the ability of an organisation to achieve its corporate goals. An effective FCRP will assist management effectively respond to allegations of fraud and corruption, ensuring evidence is not mishandled, and fraud investigations are effectively conducted to resolve any allegations which may arise.

For further information concerning the issues discussed in this article, please contact CurbyMcLintock on +61 2 8387 0389 or


About CurbyMcLintock and the Author

CurbyMcLintock is a boutique forensic services firm that helps organisations respond to misconduct matters quickly and efficiently. They can assist with the preparation of incident response plans including your FCRP and can implement preventative measures to help keep an organisation safe and mitigate against incidents occurring in the first place.  This includes the implementation and management of whistleblower hotlines.  

Phillip Hoskin is a Senior Consultant with CurbyMcLintock and has over 30 years of forensic experience in the private and public sector conducting investigations into allegations of fraud and corruption.

Phillip has developed FCRP’s for the Australian Government, Corporations and private businesses.  


Linkedin – You have identified a fraud or corruption event in your organisation. What next?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.