chevron-down Created with Sketch Beta.
May 13, 2021 Practice Points

Tips on Using Management Information Systems to Create Clarity and Context for Investigators

How to effectively identify, extract and analyze the structured data from these highly structured databases.

By Robert Bird, Brad Lohmeyer, and Patricia Rodriguez

Identifying key players and reviewing their communications is paramount to any fraud investigation.

Traditionally, many litigators and internal departments begin the investigative process by trying to unravel threads of emails and chat communications. This process can be messy, expensive, and time-consuming. Savvy investigators can use another parallel path. Whether the investigation pertains to conflicts of interest or accounting adjustments, most companies will have sophisticated software platforms to track every approval, login, and update being made. This means an effective alternative is to analyze data extracted directly from the corporation’s management information systems (MIS).

MIS are often described by the business problem they are trying to solve, such as customer relationship management (CRM), enterprise resource planning (ERP), and human capital management (HCM) systems. Their user interfaces are built on top of highly structured databases that store financial, accounting, sales, HR, and other critical business data. Common examples include SAP (an ERP), Salesforce (a CRM), or Workday (an HCM and ERP). These systems are designed to provide a direct, clear view of company data and the underlying business processes.

Consider an email from a party-of-interest that includes a report derived from one of these systems. Email review alone may not be able to assess the veracity of that report. However, directly viewing data from the original source can “pull back the curtain” and illustrate things that lie behind those corporate communications. This approach allows investigative teams to move in a rapid and cost-effective manner, with the added benefit of telling a more complete and objective story. Although extracting and interpreting MIS data can be difficult at times, its effectiveness at locating necessary data and related documents may far outweigh any inherent challenges.

Here are tips on how to effectively identify, extract and analyze the structured data from these systems.

Gather Background on Process and Systems

Before moving forward with a data collection, it is important to work through the business process under investigation. Next, repeat this exercise by thinking through it from a fraud perspective. Helpful questions to consider include:

  • What individuals are involved in this process?
  • What software or systems are used to execute the process?
  • What kinds of activity would be considered deviations?
  • What internal controls are in place?

The first step of a structured data collection is to gather these background details and then map the business processes to the related systems.

Once the correct processes and systems are identified, the next step to consider is how the legal/investigative team plans to review the information.

Review and Analyze the Data

Reviewing a series of daily reports works in the same way as “back of the envelope” math. It can be a quick and elementary way to get a sense of the issues, but it quickly breaks down if the volume of data is large or requires sophisticated analysis. For example, daily snapshots will not show monthly trends or cumulative calculations over a longer period.

The more sophisticated a fraud scheme, the more resources the investigation will require. For instance, a detailed analysis of financial processes and process owners would require substantially more effort than a straightforward review of communications within a database.

Extract the Data

Extracting data from these systems often appears to be as simple as downloading a PDF or Excel report directly through the user interface. While pulling reports in this manner is often fastest, reports can lack requisite detail or access permissions. An alternate option involves making a copy or backup of the database and restoring it in a separate environment to analyze directly.

The latter approach, while marginally more time-consuming upfront, provides much more flexibility and granularity for investigation. It also preserves the system data as of the time of the investigation, which serves as an additional protection in the event subsequent system access is not possible. For most complex fraud investigations, this backup and restore process is critical to finding the truth.

Databases as an Underutilized Path to Truth

Structured databases supporting corporate MIS systems provide context to communications, and vice versa. Reports derived from these systems often go through additional analysis or manipulation by employees prior to communication via email. In some instances, this is where the potential fraud exists; in others, employees add insights based on interpretation of the data in the ERP report. In both cases, direct access to the source system allows investigators to compare what is being said to what has been done.

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.

Robert Bird


Robert Bird is a managing director with Ankura in Boston, Massachusetts.

Brad Lohmeyer


Brad Lohmeyer is a managing director with Ankura in Chicago, Illinois.

Patricia Diaz-Rodriguez is an e-discovery consultant/senior director with Ankura in New York City, New York.

Ankura is the Litigation Advisory Services Sponsor of the ABA Litigation Section. This article should not be construed as an endorsement by the ABA or ABA Entities.

Copyright © 2021, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Litigation Section, this committee, or the employer(s) of the author(s).