Fraud Investigation & Corrective Action: Groundwork for Ethical Investigations

fraud investigation, two men going through documents and information on a tablet, in discussion

By Ali Wagner, MACCT, CFE, REDW Financial Forensics & Litigation Services Analyst

To kill a weed, you must address the root. Let’s say, despite your best efforts, your organization is now facing allegations of fraud. What’s next?

Look to the root. Holistic and effective fraud risk management (FRM) programs include established mechanisms to conduct thorough forensic fraud investigations that address the root causes of fraud, and implement corrective actions to rectify those root causes.

In our Internal Audit Awareness Month series, we’re addressing core principles of fraud risk management to help you discover, assess and strategize methods to stay ahead of the fraud game in your organization. Get caught up on:

Part 1 – Establishing a Fraud Risk Management Program

Part 2 – Fraud Risk Assessment: Discover What You Don’t Know

Part 3 – Fraud Control Activities: Using Data to Uncover Fraud

Laying the Groundwork for Ethical Fraud Investigations

Proper investigative foundations are embedded with tools and mechanisms to evaluate, communicate, and remediate both instances of potential fraud and the control deficiencies that lead to fraud.

A strong foundation will empower your organization to prioritize, assign, and monitor risk and reported fraud to mitigate it effectively. Below are key elements to lay groundwork for investigations and encourage communication.

Arrow flow chart: Investigation & Response Protocols, Effective Reporting Mechanisms, Communication Channels & Procedures, Performance Assessment


  1. Establish organization-wide fraud investigation and response protocols. Protocols should align with your established FRM governance structure, as they are important inputs to your overall fraud response plan. These protocols should define roles and responsibilities across the investigative process and include:
    • Updating a central repository for allegations and complaints
    • Maintaining anonymity or confidentiality of involved individuals, except as is necessary to investigate
    • Initially evaluating allegations to determine if an investigation is warranted and appropriate degrees of urgency
    • Notifying employees regarding document preservation and securing data systems
    • Engaging independent counsel and forensic accounting support, if necessary
    • Conducting the investigation while controlling and safeguarding evidence
    • Reporting results
    • Following policies regarding retention of reports, documents, work papers, and other information
    • Assessing root causes and initiating mitigating processes and controls
  2. Assess effective reporting mechanisms. Vital to ensuring efficacy of reporting mechanisms, supporting open communication and tips (such as hotlines, emails, online intake forms, etc.) is a key element in building an anti-fraud culture. Assess current mechanisms to determine if they are adequately communicated and operating effectively, and consider additional mechanisms.

Example: Ensure communication of reporting mechanisms is to internal and external parties, and that you have established a whistleblower protection program.

  1. Establish communication channels and procedures. Following the conclusion of an investigation, you should have a clear path for disseminating the results of investigations, as necessary, in line with your established fraud risk management governance structure. Communication procedures should cover such items as closing the feedback loop with the reporting party (as applicable) and reporting lessons learned to relevant stakeholders to improve controls and processes.
  2. Establish mechanisms to assess investigation performance to ensure implementation of corrective action following a fraud investigation and to ensure closing identified control gaps.

Factors to Consider:

  • Defined engagement scope—The scope is sufficient to develop a full understanding of the facts surrounding the allegation and provides reasonable assurance that there are no other similar instances of fraud.
  • Time-sensitivity—Investigations may need to be conducted in a timely manner due to legal requirements.
  • Notification—Certain events may require timely notification to regulators, law enforcement, external auditors, insurers, or legislative oversight committees.
  • Confidentiality—Information gathered is kept confidential and distribution is limited to those with an established need to know.
  • Legal privileges—Involving legal counsel helps safeguard work product and attorney-client communications.
  • Compliance—The investigation team complies with all applicable laws and rules regarding gathering information and interviewing witnesses.
  • Secure evidence—The team protects the chain of custody of evidence.
  • Goals—Specific issues or concerns appropriately influence the focus, scope and timing of the investigation.

Conducting Ethical Fraud Investigations

Investigations are a critical component of uncovering not only fraud within your organization, but also a range of associated corporate crimes, such as money laundering, corruption, and bribery.

Investigations also act as an effective fraud deterrence practice, showcasing the organization’s commitment to high ethical standards and creating the perception of detection.

Components and Factors to consider while conducting investigations are as follows:

Components: Evidence Gathering, Computer Forensics, Develop & Test Hypothesis, Gather External Controls, Witness Interviewing, Data Analysis. Factors: Time Sensitivity, Confidentiality, Legal Privileges, Objectivity, Integrity


The following outlines high-level steps needed to conduct an investigation, which should align with established investigation and response protocols.

  • Develop the investigation work plan. Define and assign each investigative task to the appropriate team member.
  • Implement the investigative work plan. As the work plan proceeds, consider changes based on the unique circumstances of the investigation. During this stage, the investigative team will gather, review and categorize evidence, perform analysis, conduct interviews, etc. The team will need to document information related to steps taken and information collected, including:
    • Privileged or confidential items
    • Requests for documents, electronic data, and other information
    • Memoranda of interviews conducted
    • Analyses of documents, data, and interviews and conclusions drawn
  • Communicate the results, leveraging established communication channels and procedures. Reports generally include the following elements:
    • Executive summary
    • Background investigation on the matter under investigation
    • Investigation procedures performed
    • Findings and recommendations, which may include remediation
    • Appendices or exhibits

Be sure to obtain the advice of legal counsel prior to making public statements or other communications regarding an investigation.

  • Take corrective actions and monitor implementation, leveraging established monitoring mechanisms to ensure effective implementation of corrective action following a fraud investigation. Examples of corrective actions include:
    • Internal control remediation
    • Business process remediation
    • Disciplinary action
    • Training
    • Insurance claims
    • Extended investigation (you may conduct a root cause analysis to help identify similar misconduct occurring elsewhere in your organization)
    • Civil and/or criminal action

Ensure that your response to an investigation is strong, clear, and consistent, and that it embodies the values of your organization and good corporate conduct.

  • Evaluate investigative performance for performance evaluation to solicit objective feedback.

Consider applying the following performance metrics:

  • Resolution time
  • Investigation cost
  • Repeat incidents
  • Incident location
  • Value of losses recovered and future losses prevented
  • Corrective actions

Because they are a critical component of the fraud risk management program, all investigations should be conducted with integrity and objectivity. As the saying goes at REDW, Integrity Counts®.

How REDW Can Help

For questions or assistance in laying groundwork for ethical fraud investigations in your organization or  implementing an ethical fraud investigation, or if you have concerns that a fraud has occurred, please contact REDW Financial Forensics & Litigation Services Analyst Ali Wagner, or REDW Principals Ed Street or Jessica Bundy.

Our professional team maintains specialized training and credentials in the area of fraud examination and maintains considerable experience performing thorough analyses of indicators and allegations of fraud for both private and government organizations. We respect client concerns and conduct examinations in a discreet manner to minimize any disruption of operations.

Learn more about our commitment to integrity and objectivity in performing a fraud examination.

Stay tuned for Part 5 – Fraud Risk Management: Monitoring & Reporting Your Progress

Follow our LinkedIn hashtag to keep up with #FraudPreventionFridays


Sources of Information:

ACFE 2020 Report to the Nations. Copyright 2020 by the Association of Certified Fraud Examiners, Inc.

ACFE The Anti-Fraud Playbook: The Best Defense Is a Good Offense. Copyright 2020 by the Association of Certified Fraud Examiners, Inc.

Fraud Risk Management Guide Executive Summary. Copyright 2016 by the Committee of Sponsoring Organizations of the Treadway Commission and the Association of Certified Fraud Examiners, Inc.

Cyber-attacks are increasing. How is your firm managing business risk? Participate in our Risk Management Survey.