Consider an email from a party-of-interest that includes a report derived from one of these systems. Email review alone may not be able to assess the veracity of that report. However, directly viewing data from the original source can “pull back the curtain” and illustrate things that lie behind those corporate communications. This approach allows investigative teams to move in a rapid and cost-effective manner, with the added benefit of telling a more complete and objective story. Although extracting and interpreting MIS data can be difficult at times, its effectiveness at locating necessary data and related documents may far outweigh any inherent challenges.
Here are tips on how to effectively identify, extract and analyze the structured data from these systems.
Gather Background on Process and Systems
Before moving forward with a data collection, it is important to work through the business process under investigation. Next, repeat this exercise by thinking through it from a fraud perspective. Helpful questions to consider include:
- What individuals are involved in this process?
- What software or systems are used to execute the process?
- What kinds of activity would be considered deviations?
- What internal controls are in place?
The first step of a structured data collection is to gather these background details and then map the business processes to the related systems.
Once the correct processes and systems are identified, the next step to consider is how the legal/investigative team plans to review the information.
Review and Analyze the Data
Reviewing a series of daily reports works in the same way as “back of the envelope” math. It can be a quick and elementary way to get a sense of the issues, but it quickly breaks down if the volume of data is large or requires sophisticated analysis. For example, daily snapshots will not show monthly trends or cumulative calculations over a longer period.
The more sophisticated a fraud scheme, the more resources the investigation will require. For instance, a detailed analysis of financial processes and process owners would require substantially more effort than a straightforward review of communications within a database.
Extract the Data
Extracting data from these systems often appears to be as simple as downloading a PDF or Excel report directly through the user interface. While pulling reports in this manner is often fastest, reports can lack requisite detail or access permissions. An alternate option involves making a copy or backup of the database and restoring it in a separate environment to analyze directly.
The latter approach, while marginally more time-consuming upfront, provides much more flexibility and granularity for investigation. It also preserves the system data as of the time of the investigation, which serves as an additional protection in the event subsequent system access is not possible. For most complex fraud investigations, this backup and restore process is critical to finding the truth.
Databases as an Underutilized Path to Truth
Structured databases supporting corporate MIS systems provide context to communications, and vice versa. Reports derived from these systems often go through additional analysis or manipulation by employees prior to communication via email. In some instances, this is where the potential fraud exists; in others, employees add insights based on interpretation of the data in the ERP report. In both cases, direct access to the source system allows investigators to compare what is being said to what has been done.