Ron Box
Ron Box

Why Would You Ever Need a Forensic Accountant?

Start with your trusted employees.

July 7, 2011
by Ron Box, CPA, CFF

Many CFOs and other corporate finance executives view forensic accounting as a branch of accounting that is rarely used unless a serious crime has been committed. Cases for CSI — Accounting. Advances in forensic technology have broadened the scope of forensic accounting, particularly in fraud prevention, so that you should be aware of the numerous applications available to your organization. Forensic accounting has become a very popular specialty for many CPAs; so popular that the AICPA created the Certified in Financial Forensics (CFF) credential for users of forensic services emphasizing the need for a clear skill-set and an existing body of knowledge. So what can forensic accounting do for you and your organization?

A basic use of forensic accounting skills can enable an organization to take the proper first steps in the event of a suspected fraud. You should also have a clear idea regarding the appropriate time to engage a forensic accounting specialist to preserve evidence for law enforcement. Fraud is a possibility in almost any company and a prudent executive will ensure that fundamental early planning is performed so that a pre-arranged sequence of events goes into effect when a possible fraudulent event has occurred.

A Major Forensic Accounting Issue: Employee Fraud

The motivation for fraud is often explained by the “fraud triangle” or three pieces that are usually in place when fraud occurs:

  1. Pressure. The employee has encountered financial pressure from some source. This source could be medical bills, a drug problem, a gambling addiction or many other scenarios causing significant financial difficulty. The employee often views their theft as a loan that will be paid back as soon as the financial crisis is over.
  2. Rationalization. Here the employee dredges up some real or imagined past wrong justifying their action. The employee could believe he or she was cheated in some way when a promotion or a raise was given to some other person.
  3. Opportunity. This is the only element which you, as the financial executive can control and where the knowledge of how internal systems work and how those systems can be bypassed, come into play. Good internal control is one way to mitigate the opportunity to steal. Proper segregation of duties, no management overrides of the control system, dual-employee interaction at critical control points (counting cash, bank reconciliation preparation and review, etc.) are examples of how internal control can reduce the opportunity to commit fraud.

Insider Fraud Scenario: Basic Steps

Let’s consider suspected fraud by an employee. This is a very common form of fraud, often committed by the very employee that has been given considerable trust over the years. Such an employee usually knows which parts of the control system are vulnerable and can, therefore, exploit those vulnerabilities. When a fraud is suspected, assume that the employee could have evidence on his or her computer. Separate the employee from the computer immediately and do not shut down the computer. Instead, pull the plug from the back of the computer. During the shutdown process, many files are changed. A talented litigator can make the case for tainted evidence if these simple issues are not performed in the correct order. If the suspect’s computer is running, it is best to leave the computer on until a forensic accountant can be brought in to assess the problem. Try to photograph the screen to document the programs running at the time.

Technology is a great enabler of fraud, so be sure that your forensic accountant is skilled not only in overall forensic theory, but also in the technology of fraud. It is critical to maintain evidence of the suspected crime and very easy to obliterate it by taking the wrong steps with a computer system. The chain of evidence is very important. Make sure that all evidence that can be used at trial is handled without any tampering. If the employee has a company-provided cell phone, confiscate it immediately before data can be removed. Today’s smartphones are capable of enormous data storage, so consider the cell phone to be as much a source of evidence as a desktop or laptop computer.

Forensic Accounting: Beyond the Basics

Consider how much data is stored electronically in your organization. How do you track and organize the data so that it can be recovered in a meaningful way? Data even exists on your systems about your data (this type of information is called metadata). In many corporate environments, data exists not only on one employee’s personal computer (PC), but on a server (or multiple servers). Advances in cloud technology, with data stored at offsite locations across town or across the world, can serve to complicate forensic efforts necessary to retrieve relevant information, such as files with critical information that log access attempts, file modifications, deleted files and more are stored on both local PCs and on servers. Forensic accountants use this type of data to investigate deeper into the transactions performed constantly within a company’s systems. Retrieval of specific information over a far flung array of computers, smartphones and servers can be a daunting task, especially when knowledge of accounting theory is required to determine data relevance.

A forensic accountant will usually ask to see the corporate data-retention policy so that he or she can be aware of the limitations of any data inquiries. Information should be stored in accordance with a corporate data-retention policy. The life span for categories of documents should reflect the overarching legal requirements to which the business is subjected. If you do not have a data retention policy, there are many resources available to assist you in the preparation of a well-constructed document. The National Institute of Standards and Technology (NIST) Document 800–86 (PDF) contains one example of a sample policy guide.

When to Call a Forensic Accountant — Case Study

Suppose you discover that approximately $175,000 more is owed on a line of credit than what you had expected. The line is attached to an operating account with a sweep feature that can be accessed by wiring funds to the recipient. Any deficit balance from the operating account is swept from the line. The bookkeeper, a veteran of over 25 year’s loyal service, reconciles this account. The bookkeeper’s spouse has had serious health problems over the past year, but you are unaware of any personal financial issues. Over the years you have conveyed a high level of trust in your bookkeeper’s integrity, not requiring full segregation of duties due to mandatory staff reductions. The bookkeeper does not have authorization to borrow against the line.

This scenario could warrant engaging a forensic accountant. Although this one situation could possibly be resolved by confronting the employee, you have no idea how long the potential embezzlement has been occurring or how much could have been stolen. A prudent approach would be to determine the total extent of the loss. The forensic accountant can map entire transaction histories, look for multiple theft schemes, preserve evidence for future prosecution and possibly recover unspent funds. Corporate Finance Insider readers should seriously consider having a significant amount of employee crime coverage on your general business policy to cover such losses. The coverage is usually relatively inexpensive and can offset significant losses.


Knowing when to engage a skilled professional to resolve matters involving significant loss of money can be a critical decision. Often, the obvious loss is only the tip of an iceberg. Depending on how long a potential embezzlement may have occurred, enough funds could have been stolen to bankrupt a company. Prompt action in employing a properly credentialed forensic accounting professional can save thousands of dollars, often much more than you would pay for the professional service.

Rate this article 5 (excellent) to 1 (poor). Send your responses here.

Ron Box, CPA.CITP, CFF, CISSP, is the chief financial officer and chief information officer for Joe Money Machinery, a Birmingham, AL.-based regional heavy construction distributor with operations in Georgia and Florida. Box also serves as chair for the 2010 AICPA Top Technology Task Force and is a member of the AICPA Certified Information Technology Professional (CITP) Credential Committee.