Concerned about possible bribery?, Internal investigations - Written by on Tuesday, June 14, 2011 23:36 - 0 Comments

6) Investigating a possible bribe: Let’s get forensic.

Print Friendly

By Chris Wheeler, Forensic Accountant, Pinsent Masons

So you’re investigating bribery.

Our top tips on where to look:

(i)    The company’s financial and accounting records.

(ii)    IT hardware.

(iii)    Work-stations.

(iv)    The public domain.

(i) The company’s financial and accounting records.

The bread and butter of any forensic review.  Financial and accounting records can identify the opportunity to divert funds and the mechanism itself.

What should you look out for?  Here are some examples:

Purchase ledger standing data –false suppliers and false invoices are a classic way of diverting company funds which are then used to finance bribery.  There are some tell tale signs on what to look for on a fake invoice – we’ll put up another post on this in due course.

Authorization limits – Have authorization limits been circumvented either by processing payments “just under” authorised limits or by part paying invoices?

Supplier spend profiles – Does the scale of the supplier’s operation warrant the level of company spend?

Processed invoices – Are the supplier’s services sufficiently identified? Descriptions such as “consultancy charge”, “special services” “market reviews” and other similar non specific narratives can mask a more sinister purpose.  If in doubt ask to see the underlying materials – what you get back, if anything, can be enlightening.  If you find yourself asking the question “Why would anyone pay anything for that?” – You probably have your answer…

Purchase orders – Have purchasing protocols, for example procurement and tendering processes been followed or is there evidence of “favouritism”?

Reimbursed expenses – Who has been entertained?  Where is time being spent “off-site”?

Returns and complaints – Does there appear to be continued use of a supplier that has a poor track record of performance?  Why?

Telephone logs and mobile phone bills – Who is being called/ sent texts?  Are there any calls out of hours or on the weekend?

(ii) IT hardware.

One day we will take a look at the hard drive of a computer and not find anything…’s a numbers game and it’s got to happen at some point…

Many employees (which will include those at the centre of suspicion and those who work with them or for them) will have access to a computer.

Time and time again we discover evidence which an employee believed they had erased from their machines.

Deleted emails, websites and web-based mail can still be recovered from today’s computer hard drive memories.  In one example we discovered evidence of fraudulent invoices on a computer.  Those invoices had been created elsewhere and stored on a memory stick.  However, much to the surprise of the employee in question, when those invoices were printed out using the office printer, the hard-drive retained the image even though it had not been created, amended or stored on that machine.


The same applies to mobile telephones, smart phones, memory devices, PDA’s and even photocopiers and printers themselves.  If the IT hardware has a memory then the electronic footprints can be followed.

Investigating bribery?  I.T. is your friend – but do not forget to maintain the integrity of the data.

Don’t switch on and start hunting around for the data.  Instead it will be key to ensure that the data is recovered in a way that the integrity of it is maintained. Why? because, *ahem*, the flip side is lawyers will have a field day casting doubt on the integrity of data if the integrity of the data is compromised – and will argue it has been compromised if it has been reopened or looked at…

The best way of maintaining the integrity of the data – use a third party supplier (we routinely use them) to image and analyse the data. The Association of Chief Police Officers (ACPO) publishes useful guidance.

When you’ve done that time will need to be spent coming up with key words to interrogate the data on the machine – this is an industry in itself.  In fact we might even ask Chris Dale and Howard Sklar to write something about this for this series in investigating a bribe because it is so important…

(iii) The work-station.

From the high tech wizardry in (ii) this is, in contrast, old school.  Think Columbo instead of Quincy.

Generally the desk space is where employees spend the majority of their time.

Is there any evidence in supplier files (e.g manuscript notes or post-its?).  Is there a desktop diary, contacts notebook or business cards available?  Are there any memory devices which ought to be secured and forensically reviewed?  Is there anything else about the office environment which may fuel further suspicion (such as brochures, photographs or calendar notes?).

(iv) Information which exists in the public domain.

And finally more technology.  The internet provides a vast repository of information and other threads to follow.

We have used information which exists within the public domain to discover:

  • Third party suppliers closely connected to a suspect (via Companies House, trade directories, Facebook, Friends Reunited and Twitter).
  • Ownership of off-shore companies (via press reports and overseas registries).
  • Evidence of stolen items being sold (via eBay and Amazon).
  • Pseudonyms and related email address (via press reports and blogs).

Happy hunting.

Share Button

Comments are closed.

Brought to you by...

Barry Vitou &
Richard Kovalevsky Q.C.

The views expressed on this website are those of Barry Vitou & Richard Kovalevsky QC and/or our guest authors from time to time. Please see our terms of use