Wipfli logo
Back to Articles

How to respond to fraud

Marc Courey
Marc W. Courey
Jul 09, 2019
5 min read

Fraud can be a very emotional and confusing experience for organizations — especially employee fraud. If a trusted, long-time employee has been double-dipping on expense reports or writing checks out to fictitious vendors, it’s hard to come to terms with how they could have done this to your business, or how you could have missed it. 

Because gut reactions can cause you to overlook critical details in your investigation, developing a fraud response plan ahead of time is critical to your organization’s response time and recovery.

Confirm the predication of fraud

Because of the concerns around unsubstantiated claims of fraud and the legal implications of acting against an alleged perpetrator without evidence, the first step on your list will be confirming that sufficient signs of wrongdoing exist to believe a fraud is occurring, will occur or has indeed occurred. 

This happens even before you do an in-depth investigation that involves steps like conducting interviews or analyzing records. Consider: How specific is the allegation? What does the allegation implicate: Cash? Equipment? Other assets? Is the report consistent with itself and your organization as to timing, description, type of activity, etc.?

Some allegations are easier to vet than others. If a witness says they saw someone at the company loading dock at 2 a.m. moving equipment into an unmarked truck and driving away, that’s easier to vet by verifying the business was closed during that time and then checking security records (e.g., logs from electronic key fobs or security cameras that prove access consistent with what was reported). 

Other allegations are more challenging to predicate, which is why firms like Wipfli offer predication services in addition to fraud investigation services. Many times, a business owner will come to us because they have a sense of something being off. Maybe revenue isn’t matching the level of business they’ve been experiencing. We help them determine whether to do an investigation, what in their internal control environment may enable fraud and what their next steps should be.

Engage legal counsel

Speaking of next steps, we always recommend engaging legal counsel at the first sign or allegation of fraud. There are several reasons why:

  • Investigations can see twists and turns that have different ramifications than you may have expected, so you want legal involved from the beginning for their expertise and advice.
  • If legal is the one who involves a third-party fraud investigation team like Wipfli, that work is covered by the attorney-client and attorney work product privileges, which helps control the flow of information and better protect the organization (a great concern especially for regulated industries such as health care and financial services). 
  • If you have a whistleblower, counsel should be involved because that person could become a target, and you could receive a retaliation claim.
  • If you want to terminate an employee’s employment or take other adverse action, legal should be involved because wrongdoers can make allegations of discrimination or harassment.

Note that if the business is the one to bring Wipfli in and then involves counsel later on, Wipfli’s work may not fall under attorney-client privilege. 

Activate your fraud response team

And that’s why it’s so important to have a response plan. Knowing what steps to take, who should be involved and when helps prevent knee-jerk decisions like immediately terminating employment before a thorough investigation. 

A response plan could outline that your organization will place the suspect on administrative leave (whether paid or un-paid), take away their physical access to the building and take away their access to business technology applications so that an investigation can be performed, and evidence gathered. It can outline what resources you have internally who should be involved in the investigation, and where you need a third-party’s help.

All instances of fraud are different and depend on the allegation, so having different scenarios that provide adequate coverage is also a good idea.

And don’t forget to look at the insurance you have and where you may have gaps when it comes to fraud. Do you have cybersecurity insurance that covers deleted data? What about employee theft coverage? Or, do you have coverage for the retention of experts to quantify the loss?

Communicate effectively

Say you’re a financial institution. If an employee downloads customer personally identifying information and sells it on the dark web, how you manage communicating this data breach is key to your survival as a business. 

In fact, this reputational damage can be greater and longer-lasting than a monetary loss, which makes communication key to fraud response. Gossip circulates through your organization, social media spreads news, and vendors and customers can find out about the fraud or breach before you’ve put out the appropriate communication. Consider how and when you should communicate to your employees about an instance of fraud, as well as how and when to communicate to customers, vendors and other stakeholders. 

Secure information

Lastly, identify relevant information and secure it. It’s not unusual for wrongdoers to shred paper documents and delete electronic information in an attempt to cover their tracks. 

Consider where all the relevant information of a fraud occurrence may be and work to secure it before the employee becomes aware that you’re investigating fraud or that they’re a suspect. This may be video and keycard access logs, audit logs and trails, shared files, and information on the cloud as well as a personal computer. In this age of mobile devices, don’t overlook tablets or phones, including company-issued and personally owned devices.

Think about where backups may be kept and for how long. And consider how quickly you can revoke access to applications such as Google Docs or Dropbox. Including these processes in your response plan can help you act quickly and effectively in response to fraud. 

Get started on your fraud response plan 

Don’t wait until you suspect fraud to determine how your organization needs to respond. 

At Wipfli, our fraud response specialists help you with not only response planning but also internal control assessments and fraud risk assessments so you can understand where your vulnerabilities are and how to mitigate risk. We also perform fraud predication, digital forensic investigations and full fraud investigations. Contact us to get started on your fraud response plan. 

Author(s)

Marc Courey
Marc W. Courey
CPA/CFF, JD, LLM, CFE, CICA, CCEP, CIA, Director, Wipfli Advisory LLC
View Profile

See how we can help improve your risk operations and compliance: 

Securing your data
How we helped one organization undertake both HITRUST and SOC audits successfully.
See their story

TOP PICKS

Marc Courey
Marc W. Courey 10/21/2025
Risk Roundtable - Fraud front lines: Navigating external threats to financial institutions
Watch now
Heidemann_Danielle
Danielle M. Damon 10/17/2024
Wipfli’s Risk Roundtable October 2024
Watch now
Robert Zondag
Robert H. Zondag 06/24/2024
Podcast: Navigating the digital identity landscape
Listen now