By Super User on Friday, 04 August 2017
Category: Articles

Investigation Tips for Anonymous (Whistleblower) Reports

Whistleblowers have reported more than 40 percent of employees' misconduct, according to the 2014 annual report of Association of Certified Fraud Examiners. They either keep their name anonymous - 80 percent of whistleblowers are anonymous, or leave their actual names in the reports with contact information (including email address) – which enables us to contact the whistleblower and ask questions in the course of the investigation. However, it is hard to carry out an investigation if the whistleblower remains anonymous. Therefore, the audit team may not conduct an investigation in a proper manner, or may consider the whistleblower's information misleading, resulting in possible negative effects on the engagement company ("company"). 

Most of the whistleblower reports that I have encountered in my 16 years of investigations of possible illegal activities were anonymous reports, as a whistleblower takes risks to report a company's misconduct, including exposure of himself / herself, the possible defamation of the subject person, and the possibility of calumny. The internal audit team should not ignore whistleblowers' reports. Even though it is an anonymous whistleblower's report, we have to investigate as thoroughly as we could to identify any wrongdoing.

If a whistleblower reports that a person who is in charge of a company's purchasing business receives bribes from the company's supplier, and does not include detailed and specific information, it will be difficult to conduct the investigation. We recommend the following methods to verify the whistleblower reports.

First, identify the fraud type and fraud scheme, which the whistleblower may mention in the report. In addition, it is important to check the company domain, financial reports and accounting data, evaluation reports, third parties (customers and suppliers), and master information (vendor and material database and human resources database). 

We should identify key persons or senior managers who are involved in any improper transaction to collect and identify information related to fraud scheme, and review information pertaining to their activities, including company credit card payment records, attendance records, office log data, correspondence information (phone records and email database), data stored on alleged persons' computers, information devices and other relevant persons' devices. These types of information determine the investigation scope.

Second, find clues and red flags that may indicate there is a fraud scheme. The red flags are helpful to detect fraud schemes and are the most important part of the fraud investigation. We can brainstorm in various perspectives and discuss with employees who have relevant experience to identify red flags.

For example, a fraud clue in a real estate transaction might be where no lot number has been shown until the transaction is closed. The lot number of the land helps us find the land location and satellite images of the land shape through internet map search. A fraudster who sells fake land without a lot number may ask a buyer to pay some money (down payment) before an on-site visit. Once the buyer has paid, the fraudster will run away with the money.

If a whistleblower reported a team leader who embezzled company money through fake transactions, we can check the company's accounts payable. To mitigate accounting risks, a company segregates the employee duty – only a team leader can approve the transactions and another one of the team records the accounts payable. If the team leader decides to embezzle money, he has to create fake records for accounts payable himself in the company accounting system (or ERP). We may identify the alleged fraudster(s) through the IP address deficiencies. 

If we identify a few red flags in a fraud case, we can see the fraud scheme has occurred. After the audit team identifies the red flags related to the whistleblower report, it should be able to verify the fraud in the investigation. To verify clues and red flags, it is usually necessary to analyze large amounts of financial records with database analysis techniques and IT forensic tools.

If a purchaser receives money from a supplier repeatedly, to verify the fraud clues in the whistleblower report, the audit team should investigate the following things in the investigation.

1. Identify whether there are suppliers who are suspected of bribing the purchaser, by looking for:


2. Identify former sales and accounting staff who might have worked for the suspected supplier for the past one or two years. They may know confidential information, including transactions with the supplier.

3. Identify any supplier who is in a disadvantaged stage in transactions with the company, including:


4. Identify employees who:


5. Interview with the alleged person's predecessors:


6. Identify general information about the alleged person:


7. Identify the traveling routes and destinations of the alleged person:


8. Examine if the alleged person has the following signs while he/she is at work:


9. Perform IT forensic investigation of all digital information devices provided by the company:


10. When the alleged person receives money from corruption, the typical clues are listed in the following: 


It is very difficult to detect fraudulent activities for conspiracy unless it is reported. The latency period is usually more than three years. The alleged persons could cause a huge loss to the company, ranging from hundreds of thousands to several hundreds of millions of dollars. The audit team should comprehensively compare, examine, analyze and investigate the above information even if it is from a whistleblower, whose efforts and courage should not be in vain.

Mason Kim, Ausus Advisory Seoul