3 Nov 2016 08:30am

The danger of relying on technology

No company wants to find itself subject to a fraud or corruption investigation. Yet, as businesses continue to venture into unfamiliar markets that bring new suppliers, partners and clients as well as operating environments, this naturally increases the risk of scrutiny. The reliance on technology and the massive data volumes produced and stored by organisations presents challenges if not properly mapped and managed. It has the potential to significantly expose a business and lead to messy, complicated and expensive investigations

Caption: Why massive data volumes produced by organisations present a huge challenge

At the outset of an investigation, we are almost always presented with a huge amount of data. Not just unstructured data such as emails and documents, but also database information such as accounting and banking records, communication recordings and social media interactions. As the amount of data produced by a business continues to grow, these are typically stored in a variety of locations and formats, including the cloud.

But when it comes to a fraud or corruption case, this makes it more difficult to quickly identify the issues. It can also be costly, both in monetary and reputational terms. When a fraud is uncovered, swiftly finding its source and addressing any vulnerability in the company’s processes and systems is essential to stem losses. When it comes to shutting down a fraud, time really is money. The data explosion has had considerable implications for the roles of lawyers, digital forensics analysts and forensic accountants.

Know where your information is held, and by whom, and ensure good data mapping and accounting practices

Huge data volumes often make it difficult, time-consuming and expensive to identify the evidence required to commence legal or disciplinary proceedings. Data analytical tools enable experts to identify and focus on the transactions, correspondence or other evidence that shows what occurred. Forensic accountants can also identify any weaknesses or vulnerabilities in internal systems and controls that allowed the fraud or other misconduct to take place.

Legal advice is also vital to ensure the investigation is handled correctly to ensure evidential integrity. With data protection and privacy rules varying from country to country, it can sometimes be a criminal offence to move data beyond its borders or recover information from employees’ devices without a court order. The new legal framework, the EU General Data Protection Regulation (GDPR), is due to come into effect on the 25 May 2018.

However, Brexit may mean that all businesses will need to review and reconsider their legal standing. Once Britain leaves the EU, it will still be necessary for international businesses to consider and prepare for both GDPR and the UK Data Protection Act in order to do business digitally. And so any compliance or regulatory investigation process involving data also has to be baked-in to these review processes.

It does pay to be prepared and ensure that any future investigations can be conducted efficiently, limiting both professional costs as well as reputational and regulatory implications.

Know where your information is held, and by whom, and ensure good data mapping and accounting practices. This includes knowing how and where new data is generated and how historical data is handled. For example, using Excel spreadsheets to document employee expenses is a frequent vulnerability when it comes to corruption prosecution.

Have clear policies on how employees store data and what they can and can’t do with their devices. It is not only important that these policies are in place, but that employees are aware of them and have consciously agreed to them. For multinational businesses, these policies need to comply with the data protection, privacy and employment laws of each of the jurisdictions in which they operate and in many cases need to cover the use of personal devices for business.

By treating information governance and data hygiene as a potential crisis management issue, the reputational and financial damage of fraud and corruption can be considerably reduced.

A happy side effect of keeping on top of your data is that good information governance will significantly reduce your exposure to fraud.

Ching Liu is director of forensics at Control Risks


Related articles

The impact of new technology on the profession

FinTech threatening traditional financial firms

Audit insights: The power of information

Automation threatens 600,000 manufacturing jobs