contemporary security management chapter 13 managing investigations cjfs 4848chapter 13 - managing...

Chapter 13 - Managing Investigations 1

Contemporary Security Management

Chapter 13

Managing Investigations

CJFS 4848


Case Management

• Investigation cases are managed by the CSO and the task involves several responsibilities.

• Infrastructure:1. Defining the mission of the investigations department

2. Writing policy, rules, and procedures that set parameters and provide performance guidance.

3. Establishing a “chain of command” within the investigations department.

4. Granting authority and delegating responsibilities.

5. Acquiring physical resources such as vehicles, cameras, video recorders, weapons and confidential funds for meeting “off-the-book” expenses.

201

CJFS 4848


Case Management

6. Acquiring human resources, specifically investigators with skills that align with the department’s mission.

7. Providing opportunities for investigators to improve their skills and acquire new skills.

8. Linking the department with other company departments such as the auditing department for identifying fraud and the legal department for obtaining legal guidance.

9. Linking the department with external organizations such as law enforcement departments and prosecuting agencies.

201

CJFS 4848


Investigation Types

• Two categories of investigation:– Constructive investigations are covert in nature.• These types of investigations might be in process while

the suspected activity is taking place or is anticipated.– For example: investigating complaints again management

– Reconstructive investigations are those that are conducted and must be recreated after the fact.

204

CJFS 4848


Preventive or Pre-Emptive Investigations

• Economic or industrial espionage– Larceny, burglary, bribery, extortion, and

blackmail.– Unethical forms of espionage include:• Moles, searching trash, sympathizing with disgruntled

employees, and tricking researchers to reveal sensitive information in speeches or scientific papers or during a false job interview.

204

CJFS 4848


Due Diligence Investigations

• Due diligence refers to the care a reasonable party takes before entering into an agreement with another party. It is essentially a way of preventing unnecessary harm to either party.

• It includes:– An examination by a company's investment bank and

accountants of the company's management, operations, financial condition, competitive position, performance, and business objectives and plan, as well as information regarding the company's labor force, suppliers, customers, and industry.

– This is under taken prior to signing a contract

CJFS 4848

204


Due Diligence Investigations

• Have any of the corporate officers been indicted or convicted of a crime?

• Does the company have a litigation history?• Is there a lawsuit pending or on the horizon?• Is the company claiming assets that do not

exist?• Does the company have a hidden agenda?

CJFS 4848

205


Documents Needed In Due Diligence

1. A management organization chart and biographical information of corporate officers.

2. Copies of pleadings or correspondence for pending or prior lawsuits.

3. Summaries of disputes with suppliers, competitors, or customers.

4. Correspondence regarding threatened or pending litigation, assessment, or claims.

5. Decrees, orders, or judgments of courts or governmental agencies.

CJFS 4848

205



6. Reports made to regulatory groups such as OSHA and EPA.

7. Summaries of labor disputes.

8. Correspondence, memoranda, or notes concerning pending or threatened labor stoppage.

9. Consulting agreements, loan agreements, and documents relating to outside transactions involving corporate officers, directors, key employee, and related parties.

CJFS 4848

205



10. Compensation schedules of corporate officers, directors, and key employees showing salary, bonuses, and noncash compensation (e.g., use of cars and property).

11. Summaries of management incentive or bonus plans.

12. Confidentiality agreements. • The investigative techniques used in a due diligence

inquiry consist mainly of checking records, verifying references, and interviewing knowledgeable persons.

CJFS 4848


Administrative Inquiries

• This is a fact-finding investigation that may be used to determine matters of interest or incidents that may harm an organization:– In the inquiry stage, factual information is gathered and

expeditiously reviewed to determine if an investigation of the charge is warranted.

– An inquiry is not a formal hearing or an in-depth analysis of the allegation; it is a process to determine whether there is enough evidence of misconduct to have an investigation.

– As soon as sufficient information is obtained that indicates an investigation is warranted, the inquiry process terminates, and an inquiry report is prepared.

CJFS 4848

206


Internal Theft Investigations

• Employee theft is the most frequently investigated of incidents:– Three imperatives apply:• Decide that internal theft is unacceptable.• Do something about it.• Involve employees in bringing it to an end.

CJFS 4848

206


Internal Theft Investigations

• Employee theft generally fall into the following: – 25% of employees is consistently honest – 25% are outright thieves– The honesty of the remaining 50% is up to

management. This half can go either way depending on opportunity.

–Note: the cost of crime to businesses is in excess of $40 billion per year.

– Cost of crime to the U.S. is 3.2 trillion dollars a year

CJFS 4848


Causes of Internal Theft

1. Employees choose not to report internal theft.

2. Some employees are not aware of theft around them.

3. Some employees will take action only after theft reaches a particular level.

4. Some employers know about theft yet choose to do nothing about it. It is sometimes a form of restitution.

5. Some employers and employees believe that theft is a normal way of life.

6. Many employees have never been told not to seal or that sealing has consequences.

7. Low-pay employees justify theft

8. White-collar crime

9. New employees are more likely to steal than long-time employeesCJFS 4848

207


Signal of Theft by Employees

• Gambling• Borrowing• Living above apparent income level• Writing bad checks• Indebtedness• Drug and alcohol abuse

CJFS 4848

208


Typical Type of Crimes Committed

• Cash such as receipts in a cash register.• Merchandise such as items sold directly con consumers.• Materials in production, storage, or transit.• Desktop equipment such as PCs, fax machines, printers,

and scanners. • Furniture• Supplies• Sensitive information• Misuse of company assets: computers, fax machines,

running a side business etc.

CJFS 4848


Other Crimes Committed

• Fraud Investigations• Medical Fraud• Bid Rigging• False Billing• Workers’ Compensation• Bribery

CJFS 4848


Compliance Investigations

• A compliance investigation is launched when an organization learns that its officers or other senior managers have engaged in misconduct that may expose the organization to criminal or civil liability or administrative sanction. – The overall goal of the investigation is to gather

information for the purpose of reducing punishment of responsible individuals or fines imposed on the company.

CJFS 4848

213


Undercover Investigations

• This should be considered when a criminal activity is affecting a business but the details are unknown and proof is needed to bring it to an end. – Hire the operative under various pretenses– Operative’s job is to ascertain the who, what,

where, when, why and how.– Operative’s job is to befriend a member of the

criminal group – Avoid entrapment: i.e., working with the police.

CJFS 4848

214


Physical Evidence

• Evidence is anything that tends to prove or disprove a fact.

• Three categories of physical evidence:1. Movable evidence

2. Fixed or immovable evidence

3. Fragile is an item that is easily lost, destroyed, contaminated, or subject to degradation.

• All evidence needs to be protected

CJFS 4848


Evidence Collection

• Identification Markings–Mark all evidence as soon as discovered.

• Evidence Tag– Tags are attached to evidence at the time the

evidence is acquired.

• Chain of Custody– A written recorded of all the people who have

handle the evidence.

CJFS 4848

217


Qualitative and Quantitative Analysis

• Qualitative analysis– Establishes what the sample is

• Quantitative analysis–Measures how much

CJFS 4848

218


• Read pages 218 to 228 on your own– Markings– DNA Samples– Arson Debris Samples – Blood Samples– Deceased Person Samples– Tissue Samples– Fingerprint Samples– Drug Samples– Ballistics Examinations– Firearm Examinations

• Shotgun Examinations• Gunshot Residue

Examinations• Tool Mark Examinations• Standards and Exemplars• Requested Standards• Collected Standards• Forged Writings• Torn Paper Examinations• Polygraph Testing

CJFS 4848


The Deposition

• A deposition is an out-of-court proceeding conducted for the purpose of preserving the testimony of the investigator-witness for later us in court.

• Those present– Investigator– Lawyers for both parties– A court reporter

CJFS 4848

227


The Deposition

• A deposition is the taking of an oral statement of a witness under oath, before trial.

• It has two purposes: – 1) To find out what the witness knows, and

2) to preserve that witness' testimony.

• The intent is to allow the parties to learn all of the facts before the trial, so that no one is surprised at trial.

• Contrary to what you see in the movies, springing a surprise witness at the eleventh hour of a trial is regarded as unfair.

• By the time a trial begins, the parties should know who all of the witnesses will be and what they will say during testimony.

CJFS 4848

227


Discovery

• Discovery, in the law of the United States, is the pre-trial phase in a lawsuit in which each party, through the law of civil procedure, can obtain evidence from the opposing party by means of discovery devices including requests for:– answers to interrogatories, requests for production of

documents, requests for admissions and depositions.

• Discovery can be obtained from non-parties using subpoenas.

• When discovery requests are objected to, the requesting party may seek the assistance of the court by filing a motion to compel discovery.

CJFS 4848

227


Common Discoverable Items

• Reports• Photos• Medical images, • Drawings• Reconstructed video• Video and audio tapes• Email• Fax• Archives• Etc.

CJFS 4848


Common Discoverable Items

• Servers• Had drives• PCs• Laptops• USB flash sticks• iPods and similar devices• Any material that appears to have been deleted from a

hard drive but can be captured by computer forensic specialists

• Internet sites such as YouTube, Facebook, and MySpace

CJFS 4848


Rapport

• Physical and dress appearance • Body Language• Speech

CJFS 4848

228