Powerpoint Chapter 7 Theft Act Investigations


Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Powerpoint Chapter 7 Theft Act Investigations

  1. 1. Chapter 7 – Theft Act Investigations Sjaan Mear
  2. 2. Red flags – change in lifestyle, no segregation of duties, reluctant to take leave Tips or complaints – from customers, employees. Proactively searching for fraud – spot checking, review of internal controls When do we investigate?
  3. 3. Strength of predication Cost of investigation Message sent to organisation Nature of the theft Public exposure Should we investigate?
  4. 4. Concealment – document examination, audit Conversion – public records, online resources Theft investigative method Surveillance and covert operations Invigilation Obtaining physical evidence Gathering electronic evidence Let’s investigate – but what method?
  5. 5. Common situation in New Zealand • Gather evidence of fraud. Aware not to raise suspicion – involve as few people as possible. • Contact private investigator/forensic accountant to quantify. • Consider most appropriate way forward.
  6. 6. Action taken concerning major fraud incidents
  7. 7. Vulnerability chart – co-ordinates various elements of possible fraud. Developing theory What Who How Symptoms Pressures Rationalisations Key internal controls
  8. 8. Stationary or fixed point Moving or tailing Electronic surveillance What needs to be considered? - Privacy Act 1993 - Policies - Fair procedure Surveillance & Covert Operations
  9. 9. NZ cases – Surveillance Logan v Hagal Company Ltd Cash theft Employer installed cameras without notifying staff Employee caught four times Argued breach of privacy ERA held the cameras were set up as a result of genuine concern – no breach of privacy Puts v Foodstuffs (Wellington) Co-operative Society Ltd Stock theft Action taken based on employers conclusion from footage Footage was poor quality Decision – no fair and reasonable employer would conclude that it was theft based on evidence provided
  10. 10. Suspect is temporarily supervised so closely that fraud is basically impossible to commit. The element of opportunity is temporarily taken away. Before/during/after examination results are analysed Invigilation
  11. 11. Form of physical evidence that is increasing in use Termed “computer forensics” Most fraud cases would involve this Includes, computers, phones etc Electronic evidence
  12. 12. “Tracing email, webpage downloads, documents and data is a piece of cake. Watt [forensic examiner] can even recover Word documents that were never saved but just printed, plus the originals of letters and important documents that have subsequently been fraudulently altered or forged.” “..if a hard-drive has been reformatted or the operating system reinstalled…the files can still be recovered.” (Allan Watt, 2005) Electronic evidence – what can we find?
  13. 13. Step 1: Secure the device and perform initial tasks Legal right to seize - ie Anton Piller order - allows the party’s solicitor and a neutral solicitor to search and seize without prior warning Use professionals – experts relied on to; - Maintain a chain of custody - Ensure evidential integrity - Recreate series of events using electronic devices Take pictures of seizure site and have neutral witnesses Steps for gathering evidence
  14. 14. Step 2 – Clone the device and calculate a CRC checksum Copy data Store the original. No work to be undertaken on the original or its use in court will be jeopardised. If working with a clone you will not alter original evidence “Cyclic Redundancy Check (CRC) is a calculation based on the contents of a disk or file. Small changes in data will produce significantly different check sum amount.” Steps for gathering evidence
  15. 15. Step 3 – Search the device manually Common areas to search - Computer logs ie web activity - Documents, pictures, videos folders - Recycle bin - USB, CD’s in or around the device - Recently loaded files – evident in “File” menu - Chat logs/email history Steps for gathering evidence
  16. 16. Step 4 – Search the device using automated procedures Search using keyword and other automated searches Forensic software packages – lead investigator through entire process Email systems – involved in almost every search Steps for gathering evidence
  17. 17. Ensure the investigation is carried out following a correct and thorough procedure. Ensure that activities undertaken are not in breach of legal rights ie privacy Enlist the help of professionals in vital areas such as the seizure and searching of electronic evidence to ensure that all is admissible evidence Key points with theft act investigations
  18. 18. Albrecht, W.S., Albrecht, C.O., Albrecht, C.C. & Zimbelman, M.F. (2012). Fraud examination (4th ed.). Mason, OH., USA: South Western Cullen Employment Law Firm. (2011) . Social technology in the workplace [presentation summary]. Wellington, New Zealand: Wellington Town Hall Dearing, M. (2012, June). Why employees steal from their employers. NZB, 62. Fraud Buster. (2005, February). NZB, p. 10. KPMG. (2013, February). A survey of fraud, bribery and corruption in Australia & New Zealand 2012. Ministry of Business, Innovation & Employment. (2005) . Big brother goes to work: video surveillance in the workplace. Retrieved from http://www.dol.govt.nz/we/services/law/case/themes/2005-10-video-surveillance.asp Reference List