15.9 Lessons Learned
Although no smoking gun was found in this investigation, enough evidence was discovered (e.g., key electronic documents, e-mail, spreadsheets, PowerPoint presentations) that, when put together, identified how key executives had committed the fraud and had communicated about their activities. In this particular case, however, all of the information that we uncovered with computer forensics would have to fall into the category of circumstantial evidence. All of it was critical to allowing our team to complete the investigation. However, none of it contained the smoking gun that our computer forensic technicians were hoping for. Fortunately for the investigative team (and the company involved), a whistle-blower and other company employees were willing to talk with the investigating team and provide information that was helpful in uncovering the details of the fraud.
For the sake of fairness, it must be stated that the investigation did exonerate certain of the suspects. And this is a major part of the role of computer forensic professionals. We are charged not only with presenting evidence that an incident did in fact occur, but also with presenting evidence suggesting that the incident did not occur, if that is indeed the case.
After the investigation was completed, the lead attorneys from the investigative team provided the complete report to the audit committee. The report outlined specifically which company employeesmainly executiveswere involved in the fraud, without attempting to evaluate their culpability. (Lawyers have more leeway in assessing guilt than we do.) The report also contained information about internal control deficiencies that permitted the fraud to occur and ways to mitigate the risk of this type of fraud in the future.
The audit committee took swift and decisive action, firing all of the executives that were involved in the fraud and recommending significant changes to the company's internal financial reporting and control environment.