Planning and Conducting a Fraud Examination Investigation
3.118
Fraud Examiners Manual: 2022 Edition
Contacting the Insurance Providers
When evidence of fraud arises, it is generally impossible to know whether the incident will
result in an insurance claim, but even so, many insurance policies require timely notice of
potential claims. Therefore, an organization should consider putting its insurer on notice to
preserve a potential insurance claim.
Addressing Immediate Concerns
Also, when evidence of fraud arises, management and the response team should address
immediate concerns, which might include:
• Preserving relevant documents
• Identifying who should be informed
Preserving Relevant Documents
When evidence of fraud arises, management should seek to preserve all relevant documents,
especially those that an employee might want to hide or destroy. In a fraud investigation
context, the term documents typically refers to, but is not limited to, contracts, invoices,
correspondence, memoranda, weekly reports, presentations, telephone messages, emails,
reports, performance reviews, performance improvement plans, medical records, and other
written or recorded material.
When evidence is misplaced, lost, or destroyed, it becomes more difficult to conduct an
investigation. Thus, the response team and management must take action to preserve evidence
as soon as the decision to investigate is made. There are a number of steps that management
should take to preserve relevant documents. For one thing, management should work with legal
counsel to issue a litigation hold to notify employees to suspend the destruction of potentially
relevant records. Furthermore, management should temporarily suspend the organization’s
record retention policy to avoid evidence accidentally being destroyed.
Also, management could restrict access to emails or digital files that employees might want to
conceal or destroy. Digital information can be found in virtually any type of media, and it is
more fragile than tangible evidence. Therefore, employees can destroy this type of
information if it is not protected properly. Often, when fraudsters become aware of an
investigation, they try to destroy evidence in their computers or sabotage other evidence that
could be used against them. Accordingly, it is generally a good idea to have IT personnel
involved in this process each time the organization decides to conduct an investigation.