Download - Lessons From Hp
-
7/29/2019 Lessons From Hp
1/37
Lessons From HP:
Legal and Ethical Implications
for Investigating Suspected
Fraud
Presented by:
Fred Cantz, CPA CFE
U.S. Postal Inspection Service1979- 2004 Team Leader, Financial Crimes and Money
Laundering, U.S. Postal Inspection Service,Philadelphia Division (Retired)
Supervised Hundreds of Internal EmployeeCriminal Investigations in 26 Year Career
Certified Public Accountant
Certified Fraud Examiner
-
7/29/2019 Lessons From Hp
2/37
Director, Corporate Compliance,
AlliedBarton Security Services 2004-2006
Largest American Owned Private Security Services
Provider 48,000 employees $ 1.2 Billion Revenues
Licensing & Regulatory Affairs
Internal Corporate Investigations
Sarbanes-Oxley Compliance
Monitored Compliance with Corporate Code of
Ethics
Administered Whistleblower Hotline
SMART Business Advisory and Consulting,Philadelphia, PA, Senior Manager, Forensic
Accounting and Litigation Support
CPA, CFE, Licensed Private Investigator
Specializing in: Fraud Examination
White Collar Investigation
Corporate Compliance Issues
Whistleblower Hotline Advisory Services
Financial Litigation Support
-
7/29/2019 Lessons From Hp
3/37
Sr. Manager, Department of Internal Audit
Stratford, NJ Campus
President of Philadelphia Chapter ACFE
2007 ACFE Chapter of the Year
Adjunct Professor of Accounting La Salle University, Schoolof Graduate Studies
Presentation contains my views-not that of UMDNJ
Overview
The HP Way
Board Turmoil
Discovery that Confidential Info Was Leaked
Why it Was of Great Concern
Who Was Hired to Investigate
Tactics Used to Identify Leaks
Outing the Source
Importance of Executive Oversight (Tone at the Top)
Civil & Criminal Action
-
7/29/2019 Lessons From Hp
4/37
Key Areas to be Explored
Acceptable Investigative Techniques
Whats in Public Domain
Record Ownership Issues
Expectations of Privacy in Workplace
Employee Ethics and Code of Conduct
Importance of Continual Monitoring of
Outsourced Investigations
The HP Way
Founded by Bill Hewlett and David Packard January 1, 1939
A Core Ideology that Includes Corporate Culture with: A deep respect for the individual
A dedication to affordable quality and reliability
A commitment to community responsibility
A view that the company exists to make technical contributions for theadvancement and welfare of humanity
Contrast with everyones current corporate goals: Increased Earnings, Reduce Costs, Pump up Stock Price,
Currently # 11 on Fortune 500 - $ 87 Billion in Revenues for2006
One of 30 stocks comprising the Dow Jones Industrial Average
-
7/29/2019 Lessons From Hp
5/37
Inner Turmoil at HP
Carly Fiorina appointed CEO -1999
May 2002 HP merged with Compaq Computer
Heirs Walter Hewlitt and David Packard strongly opposedmerger and subsequently left board
Stock price stagnant $ 18-$22/share for three years after merger
Carly Fioina fired as Chairman & CEO in February 2005
Patricia Dunn replaced Fiorina as Chairman
HP DIRECTORS and COMPENSATIONFOR FISCAL 2005
Name
Patricia C. Dunn, Chairman of the Board . . . . . . . . . . . . . . . . . . . . . ..$ 236,399
Lawrence T. Babbio, Jr, Vice Chairman & President Verizon Communications . . . .....(Director ARAMARK) . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . $ 246,000
Richard A. Hackborn, EVP & General Manager, Nokia Corp. . . . . . . . . . . . . . . . . . . . . .(Retired HP Chairman of Board) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ 220,399
George A. Keyworth II, Chairman & Sr. Fellow Progress & Freedom Foundation . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . .. .$ 251,991
Thomas J. Perkins General Partner, Kleiner, Perkins Investment Partnership . . . . . . .(Director, News Corporation) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ 212,192
Robert L. Ryan, Retired SVP & CFO, Medtronic, Inc. Medical Technology . . . . . . . . . . . . . . .. . .(Director, United Health Group). . . . . . . . . . . . . . . . . . . . . . . . . $ 253,000Lucille S. Salhany President & CFO, JH Media Consulting. . . . . . . . . . . . . . . . . . .
.(Director, American Media, Inc.) . . . . . . . . . . . . . . . . . . . . . . . .$ 216,000
-
7/29/2019 Lessons From Hp
6/37
3 Separate Board Divisions
Identified Guidance Group - What do we need to compete
with Dell, IBM and other major competitors
Compliance Group - Focused on Sarbanes-OxleyCompliance, Social Responsibility and RegulatoryIssues
Technological Champions - Firmly understoodtechnological goals and obstacles in marketplace.Dunn wanted to eliminate.
Tom Perkins View of Board
three women, two minority members and
three technology geeks.
ZDNet News 2/27/07
The Maltese Falcon
-
7/29/2019 Lessons From Hp
7/37
What Happened at HP?
2004-2005- Confidential information only discussed inboardroom was revealed to several tech-industry publicationsand published
Info so confidential, it could only have come from a boardmember
Boardroom Leaks were Suspected by Patricia Dunn, Chairmanof Board
Dunn Ordered Investigation to Determine Source of Leaks Code Name: Kona (Location of Dunns Vacation Home)
How it Began-2005
Carly Fiorina outed as CEO and Chair in January2005
Confidential board discussions regarding Fiorinasouster were reported and published by several newsorganizations - CNET. COM & Wall StreetJournal
Investigation Launched by Dunn Furious withLeaks
Code Named Kona (Location of Dunns VacationHome)
-
7/29/2019 Lessons From Hp
8/37
Initial Targets- Board Members
Thomas J. Perkins
George A. (Jay) Keyworth
Robert Knowling
Carly Fiorina
Initial Attempts to Identify Leaker-
Unsuccessful
Kona II Continued In January2006
Suspects: Perkins
Perkins Wife
Lucille Salhany
Richard Hackborn
Shane Robison (HP Chief Technology Officer)
Patricia Dunn
-
7/29/2019 Lessons From Hp
9/37
Other Suspects
Nine Journalists (CNET WSJ)
Two additional HP employees
Larry Sonsini - H-Ps outside law firm
Wilson Sonsini Goodrich & Rosati
Note of Interest:
Ann Baskins, the
general counsel of H-P
at the time of the
investigation, is
married to Thomas
DeFilipps a partner at
Wilson Sonsini
Goodrich & Rosati
-
7/29/2019 Lessons From Hp
10/37
The Investigation
Security Outsourcing Solutions, Boston, MAoperated by Ron DeLia was hired by Anthony R.Gentilucci, Manager of Global Investigations forHP
Action Research Group FL- Joseph and Matt DePante was hired by DeLia to gather information(Personal Indentifier Information)
Bryan Wagner NE- hired by De Pante to obtainprivate phone records
Investigative Techniques
PretextingImpersonating another
individual in order to obtain personal
information
Contractors hired by HP posed as various
members of the board and contacted wireless
carriers to request their telephone records
-
7/29/2019 Lessons From Hp
11/37
Personal Data Compromised
24 Individuals, including Board members,
HP employees & Journalists
Records Compiled Included:1,750 phone calls made on 157 cellular phones and 413
landlines.
Pretexting- Legal or Illegal?
Gramm-Leach-Biley Act of 1999 makes it illegal to
obtain someone elses customer information using
false, fictitious or fraudulent statements
Federal Trade Commission Act provides FTC the
authority to generally prohibit pretexting for
sensitive consumer information
Violation of 18 USC 1028, Identity Theft
-
7/29/2019 Lessons From Hp
12/37
January 30, 2006 e-mail
From: Kevin Hunsaker (Chief Ethics Officer)
To: Anthony Gentilucci (Manager, Global Investigations)
KH: How does Ron (De Lia) get cell and home
phone records? Is it all above board?
AG: (De Lias investigators)call operators under
some ruseI think it is on the edge, but above
board. We use pretext interviews on a number of
investigations to extract informationin a sense, all
undercover operations.
KH: I shouldnt have asked.
Vince Nyes Concern
I have serious reservations about what we are
doing, Nye wrote to his boss, Tony Gentilucci, and
HPs chief ethics officer, Kevin Hunsaker. ...It
leaves me with the opinion that it is very unethical
at the least and probably illegal.
"I think we need to refocus our strategy and proceed
on the high ground course" (Feb 7)
-
7/29/2019 Lessons From Hp
13/37
Things You Should Not Say in an
e-Mail: We just received word that we will be hit with a
subpoena next week, so please clean up your filesbefore then
Can we push the numbers here?
(Insert CEOs name here) is such a (insertunfavorable description here)
I should never have put that in an e-mail
Does anyone know of any good file deletionsoftware?
Things You Should Keep in MindAbout e-Mails Like diamondse-mails are forever, especially if you are on a
network
A good computer forensics specialist can probably recover anydeleted e-mails and other private files from your non-networkedhard drive
What are the legal, ethical, personal implications to sending thise-mail
Assume it will be identified and discoverable at a later time
Think..before you hit the Send button
-
7/29/2019 Lessons From Hp
14/37
Ownership of Records
How is Ownership Determined?
Phone Purchased by Company, Provided to
Employee for Official Use and Company Pays
Monthly Bill No Expectation of Privacy
Generally Phone Records are Property of
Company There Could be Exceptions
Ownership of Records
Phone Purchased by Individual, Who Submits Bill forReimbursement Generally Reasonable Expectation ofPrivacy Pretexting Would Not Be Permitted
Records Owned by Owner of Phone
Need for Clear Corporate Policy and Procedures andAcknowledgment by Employee OK for Policy to
Require Itemized Receipts
-
7/29/2019 Lessons From Hp
15/37
Acceptable Investigative
Tools/Techniques Reviewing/Cataloguing Print & Internet
Media Postings
Physical Surveillance (Public Property)
Conducting Background Investigations
Using Public Information
Dumpster Diving (At curbside)
Great Sources
Zoominfo.com, zabasearch.com
Archive.org
Sec.gov 10-Q & 10-K Reports
Company Web Pages
Choicepoint
Lexis/Nexis
Pacer County Clerk of Court Public Information
-
7/29/2019 Lessons From Hp
16/37
Other Good Investigative Sources
on a Computer E-mail reviews are an integral part of any internal
investigation
Temporary Internet Files
Cookies
Favorites
History
Unallocated Space
OLK Directory
Outlook PST Files
Registry Activity
Dubious Techniques Used
Placing tracer software in e-mail addressed
to a reporter to identify who he
communicated with
Forensic examination of a computer reported
stolen by Board Member George Keyworth.
This computer mysteriously was recovered
and analyzed with approval of HP
-
7/29/2019 Lessons From Hp
17/37
Social Engineering
The Human Element
The Weakest Link in Information Security
Using Deceptive and Manipulative Tactics on
Individuals to Gain Unauthorized Access to
Information
Examples of Social Engineering Attacks
Closing time bank transaction on a Friday, presented bad
check for cashingcould not locate drivers licensejust
received traffic ticket
Pretexting- Bryan Wagner posed as multiple individuals
under investigation. Contacted cell phone carriers.
Caller posing as credit card investigator in effort to obtain
personal identifier information
Caller posing as employee from same company from
another city
Phishing Schemes
Auditing procedures should be testing for social
engineering attacks
-
7/29/2019 Lessons From Hp
18/37
Expectations of Privacy
Important to have Corporate Policy and Procedures
Addressing Privacy Issues:
Comprehensive IT Policy
E-mail, voice mail, internet usage, ownership of
computer files and company owned computer and
cell phone access
Expectations of Privacy of Personal Property
brought on Company Property
Potential of Video Surveillance in Public Areas
Policy Example
An employee shall be responsible for all
Firm equipment and property assigned to or
requisitioned by, or in his or her custody and
care. The Firm reserves the right to inspect,
on occasion and without permission, the
work area of all employees.
-
7/29/2019 Lessons From Hp
19/37
Code of Ethics
Importance of Employee Handbook DetailingCorporate Policies
Initial and Periodic Annual Ethics Training
Policy of Disclosure of Employee Financial Conflicts
Acknowledgment of Receipt and Understanding of Codeof Ethics
Importance of Whistleblower Hotline
Tone at the Top Must be Supported by SeniorManagement
Issues of Importance Sarbanes Oxley - U.S. SentencingCommission Sentencing Guidelines
-
7/29/2019 Lessons From Hp
20/372
New York Times Report
September 20, 2006 HP conducted feasibility studies on planting
spies in San Francisco news bureaus of twomajor publications: CNET
The Wall Street Journal
Included possibility of placing investigatorsacting as clerical employees or officecleaners
House of RepresentativesSubcommittee Hearing
September 28, 2006
Ann Baskins HPs General Counsel resigned
prior to testifying
Exercised Fifth Amendment Rights Against Self-
Incrimination at Hearing
Received $ 3.7 Million Severance Pkg.
Worked at HP 24 Years Was not charged
-
7/29/2019 Lessons From Hp
21/372
Total Cost of Investigation
$ 325,000
Who Did It ?
George Keyworth
If someone had simplyasked, I would have told
them I was the leaker.
-
7/29/2019 Lessons From Hp
22/372
Tom Perkins
Keyworths Key Ally
Furious with tactics employed, furious with Dunn
and furious with direction the company was going,
especially stock price
Perkins learned that his phone information had been
provided by AT&T without his authority and
assumed the role asA Whistleblower
Perkins
Resigned from the board in May after learning
about the tactics used by HP's investigators.
Pressured the company to publicly disclose the
reason for his departure, leading to the regulatory
filing that revealed the investigators' use of
pretexting
Received an undisclosed financial settlement
-
7/29/2019 Lessons From Hp
23/372
Down Payment
Indictments to Date
Chairwoman - Patricia Dunn
Chief Ethics Officer- Kevin Hunsaker
Investigator - Ron Delia
Investigator Matthew De Pante
Investigator Bryan Wagner
-
7/29/2019 Lessons From Hp
24/372
Charges
Use of False or Fraudulent Pretenses toObtain Confidential Information from aPublic Utility
Unauthorized Access to Computer Data;
Identity Theft
Conspiracy
Settlement Agreement
Payment of $ 14.5 Million
Creation of Privacy and Piracy Fund for Law
Enforcement Activities Related to Privacy and
Intellectual Property Rights
Implementation of Corporate Governance Reforms
at HP to Ensure Compliance with Ethical & Legal
Standards
-
7/29/2019 Lessons From Hp
25/372
Criminal Progress to Date
Patricia Dunn All charges dropped. Diagnosed with Cancer inPoor Health
Felony Charges Dropped after Completion of 96 Hours CommunityService & Restitution- Plea of No Contest (Misdemeanor)
Kevin Hunsaker (Ethics Officer)
Ron De Lia Private Investigator
Matt De Pante Private Investigator
Bryan Wagner Pled Guilty to Identity Theft yet to besentenced Faces Mandatory 2 years Imprisonment
More Directly and Actively Involved in Pretexting than Dunn
No charges filed against Baskins
Civil Settlements Feb 2008
John Markoff
Peter Burrows, Ben Elgin and Roger Crockett
-
7/29/2019 Lessons From Hp
26/372
Five Additional Lawsuits Pending
HP Current Financial Status
Stock trading in low $ 20s
Stock now trading in low $40s
Mark Hurd CEO made great progress in
turning HP around
-
7/29/2019 Lessons From Hp
27/372
HP DIRECTORS Then & Now
Patricia C. Dunn, Chairman of the Board RESIGNED 09/2006
Lawrence T. Babbio, Jr.
Richard A. Hackborn
George A. Keyworth II RESIGNED 09/2006
Thomas J. Perkins - RESIGNED 05/2006
Robert Knowling RESIGNED 09/2005
Robert L. Ryan
Lucille S. Salhany
Four New Directors Appointed
Mark Hurd Chairman & CEO
Thomas Nolan- Hunsakers Attorney:
All these people acted in good faith. They
believed that what they were doing was right
and legal.
Was it ethical????
-
7/29/2019 Lessons From Hp
28/372
Ongoing Federal Investigation
Investigation is Continuing
No comment by Feds
Federal Laws Relating to Pretexting and
Identity Theft are Generally More Specific
than California State Law
SEC Recently Announced They Ended Their
Investigation
Know Your Investigator
Are they Licensed?
Obtain their Bio and CV
Obtain a List of References
Vet their Qualifications and Experience
Civil Actions
Continually Monitor their Progress andPerformance
-
7/29/2019 Lessons From Hp
29/372
Lessons Learned from HP
www.philacfe.com/whats new
SOS Newsletter July 1999
-
7/29/2019 Lessons From Hp
30/373
PRACTICAL EXERCISE
Hotline Call: Allegation Accuses CurrentExecutive of Misconduct
Executive Purchased a Capital Asset
Asset Subsequently Provided to Client
Client Billed by Executives Employer
Employer Did Not Know Asset Was Owned
by their Own Executive
Asset Provided by Limited LiabilityCompany Authorized Vendor
-
7/29/2019 Lessons From Hp
31/373
Access to Records
Identified Vendor as LLC
W-9 Form Request for Taxpayer ID
Cross Matched TIN (SSN) to an Existing Employee
Secretary of State Corporate Formation Documents Executive was Identified as President of the LLC
Reviewed Official Personnel Folder of Executive
Reviewed Corporate Code of Conduct & EmployeesAcknowledgment
Payment History
Scheduled Out Payment History to Vendor and
Compared to Other Vendors Supplying Similar
Assets
Executive Personally Approved Payments to LLC
under their control
Payments Were Substantially Higher Than Market
and Continued Much Longer Than Asset Was
Actually Needed
-
7/29/2019 Lessons From Hp
32/373
Investigative Steps
LLC address was P.O. Box Can I Obtain BoxApplication?
Pulled Copies of Cancelled Checks from Co.
All Checks Were Deposited to Same Bank Account
Personnel Folder Contained Executives Bankingand Direct Deposit Account Information SameAccount as LLC
Access to Executives Banking Info?
E-mail Review
Executive Had Computer Assigned by Company Can I Review Hard Drive?
IT Policy Published Policy States: All e-mails areSubject to Monitoring- Can I Review e-mails?
Some e-mails Were Sent From Corporate Account toAol Account Can I Review AOL e-mails?
Executive Has Cell Phone Personally Purchased Submitted Allowance on Expense Report Can I
Review Calls Records Traced to this Phone?
-
7/29/2019 Lessons From Hp
33/373
Surveillance
Can I Follow in a Public Place?
Can I Photograph?
Install Covert Recording Equipment in Office?
Pretexting?
Nonconsensual Electronic Surveillance-Including:Recording Telephone Calls, Conversations w/oConsent of Party Recorded ----DONT DO IT !!!
Additional Steps for CriminalInvestigation
Use of Law Enforcement Databases- Motor
Vehicle & Criminal History Databases
Forensic Laboratories
Court-Ordered Electronic Surveillance
Grand Jury Subpoenas
Search Warrants
-
7/29/2019 Lessons From Hp
34/373
Presentation to Law Enforcement
Agencies/Prosecutors
What is Company Policy?
Is Company Willing to Prosecute?
Company Policy
Desire to Publicize
Recovery of Loss
Reimbursement of Investigation
Reporting Identification of Internal Control
Deficiencies and Corrective Action Taken
-
7/29/2019 Lessons From Hp
35/37
-
7/29/2019 Lessons From Hp
36/373
Conclusion
Cost to HPs Reputation Far Greater to thatpaid to Investigators
Deep Price Paid for Loss in CorporateReputation, Employee Morale, Ability toAttract and Retain Leadership
Dont Do Anything Illegal to Tarnish YourProfessional Reputation and That of YourClient
All investigations should be conductedlegally and ethically
-
7/29/2019 Lessons From Hp
37/37
QUESTIONS/COMMENTS ?
Fred Cantz, CPA, CFE
Sr. Manager, Department of Internal Audit
University of Medicine and Dentistry of New
Jersey