Workplace investigations are common for any HR or facilities manager, but when a probe focuses on insider-enabled fraud or theft by staff, it can expose the company to an unexpected reality - that internal fraud isn't just someone else's problem, says Mark Walker.
1 July 2014
Common private sector investigations focus on the internal theft of products, equipment and resources, serious misuse of company vehicles, running a second business alongside that of the employer's business, financial fraud, data theft and procurement fraud, to name but a few.
The Annual Fraud Indicator* (2013) was published in January 2014 as a result of a commissioned research project through the GfK NOP research agency to identify the prevalence and nature of fraud against UK-based businesses. The 66-page report highlighted some striking data.
Private sector fraud in 2013 was estimated at £15.9 billion a year, with fraud losses as a proportion of turnover estimated at 0.54 per cent, with 0.18 per cent lost to hidden or detected fraud and 0.36 per cent lost to hidden or undetected fraud.
This data does not include financial and insurance activities data, which is estimated to be £5.4 billion.
Case study - the building manager
As a result of a recent investigation it was discovered that a building manager was not only signing off work undertaken by contractors for a 'kickback' - without actually having inspected the work, but he was also privately disposing of resources such as used and over-ordered copper cabling for personal gain without the permission or knowledge of the facilities manager.
Who needs to know?
It can sometimes be difficult to decide who should be informed or involved in the investigation internally. Best practice is to limit the involvement to as few people as possible, for example the FM, head of HR, and the head of the department under which the investigation is taking place. Where there are many departments affected there may be a larger involvement. The golden rule is "need to know" - involve as few people as possible to avoid compromising the investigation.
Internal or external investigation?
Internal investigations involving insider fraud are often conducted using external investigators owing to the complicated nature of fraud and the requirement for specialist equipment or skills in areas such as cyber forensics, covert surveillance and tracking. It is important that investigations are conducted professionally to help legal or employment cases, and to avoid counter-claims or tribunal action. An external investigator will champion neutrality and provide a defence of impartiality.
Choosing an investigator
There is no legal requirement for an investigator to be licensed and registered, so where do you look? Ideally, through a strong referral from a business acquaintance, although internal fraud is not openly discussed for obvious reasons, and this may prove difficult.
A search on the internet for a company that holds certification to British Standard 102000: 2013 Code of Practice for the Provision of Investigative Services to ensure compliance and measured competency in business practice and moral values is another option. Alternatively, the Association of British Investigators (www.theabi.org.uk/) is endorsed by the Law Society of England and Wales, and the Law Society of Scotland.
Upon instruction, the business should confirm explicitly with the investigator the nature of the investigation, the course of action it intends to take if the collated evidence confirms suspicions, and agree a budget. The instruction should be clearly documented and form an agreement, and essentially, an out-of-hours point of contact made available to both parties in case a critical piece of information is acquired or an emergency arises.
There may be a requirement for the FM to arrange or authorise access to buildings, vehicles, or IT equipment for analysis or the installation of covert specialist equipment to gain evidence. The investigator will request the minimum amount of information possible to gather evidence and only that which is relevant to the subject and the investigation to ensure compliance with the Data Protection Act.
Case study - the moonlighter
During a recent investigation a property maintenance employee who worked at a number of sites was found to be using his employer's vehicle, fuel and tools to undertake work for his own personal gain in his own time and during working hours.
Once the investigation is over the investigator should provide a written report accompanied by photos or video recordings, surveillance logs or forensic reports. The review of this material should be conducted with the minimum of people present and a course of action decided in view of the evidence provided. Interestingly, many cases result only in dismissal because of the perception that legal action and police involvement may damage a brand's reputation.
In rare cases a conclusion may not be reached, and a meeting may be required to discuss the extension or cancellation of the investigation because of insufficient evidence or budget.
*Annual Fraud Indicator June 2013, published by the National Fraud Authority, ISBN: 978-1-78246-144-9
Mark Walker, project director at Ashridge Security Management Ltd