5 Helpful Internal Investigation Tips

5 Helpful Internal Investigation Tips

Being able to conduct an effective internal investigation is essential for the day-to-day operation of your organisation. A well-conducted internal investigation helps ensure that those who have engaged in improper conduct are identified as having done so, and are dealt with appropriately. It can also ensure that those who have been wrongly suspected or accused of having engaged in improper conduct have their circumstances claried and the suspicion removed.

An effective internal investigation helps reinforce better workplaces and protects the company from large fines, damages, negative publicity, etc.

Benefits of Internal Investigations include:

  • Prevents similar issues from occurring 
  • Sends a positive message to stakeholders
  • Establishes good corporate governance
  • Identifies problems in current policies

However, internal investigations must be conducted with special care. This must be done without compromising the relationship with employees or unnecessarily damaging anyone’s reputation. This requires good planning, consistent execution, analytical skill, and an understanding of the legalities involved.

We will provide Internal Investigation Tips by breaking the topic into several parts:

  • What are Internal Investigations
  • Key Components of an Effective Internal Investigation
  • Necessary considerations when conducting Internal Investigations
  • 5 Internal Investigation Tips


What are Internal Investigations?

An internal investigation helps determine whether laws, regulations, or internal policies have been violated. The goal of any internal investigation is to obtain a straightforward view of what happened, when it happened, who was responsible, who may have been harmed, and what further actions may be necessary to prevent the alleged wrongdoing from reoccurring. 

An internal investigation generally consists of:

  • agreeing on the scope of the workplace investigation
  • interviewing the complainant in detail initially
  • drafting allegations
  • informing the respondent about the allegations and subsequent investigation
  • interviewing any witnesses for a detailed account
  • considering the evidence
  • informing the respondent of any evidence you’ve identified, and provide them with the opportunity to respond, and finally officially informing the respondent of any final findings

Internal investigations are an integral part of an effective compliance program as they remove the cause of the reported problem.


Key Components of an Effective Internal Investigation

Here are key components of an effective Investigation process:


The allegation, and purpose and scope of the Investigation must be clearly defined.


An Investigator must be unassociated with parties who are associated with the case in order to maintain neutrality and impartiality. The Investigation must be allowed to proceed without pressure from other interests that would have an interest in affecting the outcome.


The Investigation should approach the matter from a neutral position; the purpose should not be to establish that a violation has occurred or has not occurred. It is particularly important that the investigation not be undertaken from the position of an advocate seeking to defend the company or particular individuals within the company.


Investigations must be completed as quickly as possible for a number of reasons such as:

  • A fast Investigation may stop wrongdoing from continuing and mitigate any damages caused
  • Over time memories fade and evidence may be difficult to find
  • Prompt Investigations tend to be far more efficient.
  • All parties with an interest in an Investigation deserve a timely resolution.


An Investigation must exhaust all reasonable sources of information. The extent of a thorough Investigation will depend upon a variety of factors, including the complexity of the matter, as well as whether wrongdoing or other “red flags” have been uncovered during the course of the Investigation.


It is imperative that the independence and objectivity of a particular investigator, as well as the particular findings and conclusions of the Investigation, be independently verifiable to the extent possible from the investigative report itself.


Necessary considerations to make when conducting Internal Investigations

There are important considerations to make when embarking on an Internal Investigation. This includes determining:

  • When should a matter be investigated?
  • What laws should an employer/investigator be aware of?
  • What are my duties as an employer/investigator?


When should a matter be investigated?

 In deciding whether an incident, or prolonged conduct, should be ‘investigated’ a manager should assess the following:

  • Whether the conduct creates a risk to the health and safety of other employees or other people who work or visit the workplace
  • Whether the conduct actually relates to the workplace: i.e. out of hours conduct may not be within the scope of employment
  • Whether an allegation is frivolous: An employer is not required to investigate all incidents
  • Whether an allegation is calculated to harm another without merit: This may not always be obvious until investigated.
  • Whether the conduct is continuing or a single act.
  • Whether there may be some requirement to report the conduct to authorities: i.e. criminal offences. 


What laws should an employer/investigator be aware of?

In the case of vicarious liability under the Equal Opportunity Act in Victoria, employers may face action where an employee has engaged in conduct that offends anti-discrimination law. This will often throw into question whether the employer had acted reasonable or had taken reasonable steps in preventing the occurrence of the offending conduct.

One way a ‘reasonable prevention’ defence can be established is via proof of adherence to an internal investigation procedure which incorporates appropriate company discrimination, harassment and bullying policies. Conversely, where a company policy does not expressly prohibit offending conduct, a court may be more ready to infer that no reasonable preventative measures had been in place.

Furthermore, an employer must respect employees’ privacy rights when conducting internal investigations in response to a claim or allegation. Although laws such as the Electronic Communications Privacy Act (ECPA) in the United States permit an employer to monitor activities on a computer that is company property, unwarranted or unreasonable invasions of privacy may be prohibited in states such as California.

In the U.K., if an employer uses monitoring software to collect information such as how long they have sat in front of their screen, or spent on the internet, they must comply with the GDPR. The same applies to companies who handle information from people from the EU, even if the company is not located in the EU.

In Australia, organizations are required to follow relevant state laws in respect to employee’s rights to privacy. NSW and ACT have specific surveillance laws that apply specifically to workplace surveillance. Victoria limits the use by employers of surveillance devices in certain parts of the workplace (e.g. washrooms).

To avoid invading an employee’s privacy or violating wiretapping laws, the company should let employees know, in writing, that their calls are going to be monitored. Additionally, if surveillance is going to be conducted, any surveillance must be conducted in a reasonable manner. Surveillance is usually permissible when the employer can prove that there is a business related reason for the investigation. 

If an employer is going to search work areas, files, or computers, It is best practice to specify this in the company policy.  All employees should understand and be aware of the company policy which allows the employer to conduct reasonable searches of desks, files, computers and other personal work areas when an employee is suspected of theft or other misconduct.


What are my duties as an employer/investigator?


Duty of Confidentiality

Keeping the identity of the source confidential

The identity of the person or people who provide information should be kept confidential. Do not release any information that might reveal, or tend to reveal, the identity of the source. Doing so can have detrimental effects on the source, and may reduce the trust that people have in you and your investigation. Discuss with the source any fears they may have if their identity was revealed.

Even if the source consents to his or her identity being revealed, only disclose their identity when it is necessary to do so. This will help protect the integrity of your investigation, protect the source, and contribute to a general understanding within the workplace that the identity of a source will be kept confidential.


Confidentiality of the subject and those involved

Wherever possible, the subject matter of the investigation and the identity of the subject of the investigation and that of any other people involved should be kept confidential. Your investigation is not complete until a report is prepared. The report is the appropriate place to discuss the details of your investigation and the conduct of particular individuals.

If anyone requests information from you about an investigation, ask yourself the question: “Does the person need to know the information?”. If the answer to this question is “no”, you may wish to deal with questions about the investigation by neither confirming nor denying that an investigation is planned or under way 


Confidentiality of information

As an investigator, probably the most important weapon you have in your armoury is confidentiality of the information you have gathered. As your body of investigation information builds, you are able to assess the reliability of fresh information by assessing how it contrasts with information you have already obtained and considering the implications of this. You may speak to a witness whose account contrasts with other highly reliable information.

In these circumstances, you may attach less credit to this new information, unless the divergence can be explained. You may speak to another witness whose account conforms with other information, even information that the witness could not have known or anticipated would be available to you. In such circumstances, you may attach greater credit to such information.

When questioning people, avoid statements that unnecessarily reveal the identity of the source such as “X says that she saw you at…” “X tells me that you spoke to…” “X alleges that you are…”, Rather, ask direct questions, such as: “Where were you…?” “Who did you speak to…?”.

Additionally, a person’s identity might be revealed in more ways than just releasing a name, address or contact number. Be careful not to release any information that might tend to identify the person, such as physical descriptions, locations or personal knowledge that is unique to that person.

Throughout the investigation, here are some things you should avoid in order to protect confidentiality:

  • putting information on an unsecured computer
  • leaving documents on a photocopier or a printer
  • leaving incoming or outgoing faxes on a fax machine
  • interviewing people in places where they can be seen or heard
  • giving confidential information to others to copy, type, address or send
  • not blacking out names, addresses or phone numbers on some documents
  • leaving messages on desks or phone services
  • sending sensitive material by mail

However, in some cases  you may not be able to keep the identity of a person a complete secret. Some information may need to be revealed in order to properly conduct the investigation. In this case, take into account the person’s concerns and make efforts to conceal the information whenever possible.



No matter how impartial they might feel, HR staff have relationships and experiences with others in the office which can play a role in an investigation – even on a subconscious level. And even if an employee doesn’t have a direct role in the allegations, they may feel anxious about being asked to make a statement and feel like they’re taking sides. Make sure an impartial individual leads the investigation to ensure fairness. This may involve hiring a third party to conduct the investigation.


Criminal or Regulatory Considerations

Some investigations may overlap with regulatory or criminal considerations. Organisations should consider whether they are under any obligations to alert police or report the matter to any other regulatory body. 


Internal Investigation Tips


1. Conduct interviews in a private place

Conduct the interview in the office of the witness or in a neutral conference room rather than the office of a supervisor or superior. Make sure there are no other distractions or possibility of someone overhearing the conversation. 


2. Ask open-ended questions

Asking questions that require a narrative response will encourage the witness to expound and thereby provide additional information.


3. Ask follow up questions

Be sure to ask questions such as who, what, when, where, why, and how.These simple questions frequently unearth additional information.


4. Maintain confidentiality whenever possible

​​In discussions of the investigation, do not disclose the name of the witness except to those few individuals who have a need to know. Be aware of inflated, vindictive, or false leads.


5. Document and File Preservation

An investigator should preserve any evidence, documents and electronic files (including email, databases, spreadsheets, and graphics) that may contain information relevant to the subject matter being investigated. Special care should be taken to record the source and file from which the documents were obtained and the date they are obtained.

Inaccurate information could change the outcome of the investigation and investigators could face serious consequences. To avoid additional legal costs and inconvenience for the company and parties involved, it is necessary to maintain accurate records and to practice good document preservation practices.

Read Documenting a Workplace Investigation: 3 Things to Know to learn more about documentation practices including:

  • Key Documents to Record
  • Relevant Laws for Investigation Documentation
  • Benefits of proper documentation and record keeping

This will bring understanding and clarity around the idea of documenting workplace investigations.


How Polonious can Help

Polonious Case Management Software provides a consistent process that is procedurally fair for all parties, while recording all actions and decisions to ensure all evidence of the process is documented and auditable alongside any evidence gathered regarding the incident or investigation. Everything recorded in Polonious is then available in detailed reporting for identifying trends and problem areas. 


Documents of internal investigations often contain sensitive materials. Investigators and HR teams have a duty to preserve documents and/or electronically stored information (ESI) while also protecting security and anonymity. The Polonious Case Management Software can help you handle sensitive information by ensuring your evidence and case files are secure and anonymous, depending on the level of anonymity requested.

5 helpful internal investigation tips

Internal investigations are hard and can be contentious, but they are important to protect your organisation from risk.

It is important to maintain confidentiality in internal investigations, not just for the privacy of involved parties, but because it will help you compare stories without them influencing each other.

It is important to maintain confidentiality in internal investigations, not just for the privacy of involved parties, but because it will help you compare stories without them influencing each other.

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

The Importance of Supply Chain Ethics and Compliance and Top 6 Best Practice Tips for Every Company

The Importance of Supply Chain Ethics and Compliance and Top 6 Best Practice Tips for Every Company

A Deloitte study shows that customers are increasingly expecting businesses to operate at the highest possible standards. With growing recognition of social, ethical and environmental issues, many governments have passed laws aimed to drive responsible business practices and greater supply chain transparency.

Human rights, child labour, environmental impacts and health and safety practices are just some of the ethical issues that organisations must consider when building their supply chains, especially when they extend beyond their own borders and into emerging markets. If they execute bad judgment in just one aspect, their reputation and financial future could be promptly shattered.

With the potential damage to reputation and finances, companies must act to ensure their supply chain processes are ethical at every touch point. 

Due to the rise in ethical compliance expectations, ever-increasing legislations and information being readily available online, it is important now more than ever to evaluate vendors, suppliers and any other points of contact when running risk assessments to ensure your supply chain processes are ethical at every point.

This blog will address:

  • Definition of Supply Chain Ethics
  • Relevant Laws in Australia, United Kingdom and the United States
  • 6 Ways to Build Ethical and Sustainable Supply Chains
  • 3 Strategies to Minimize supply chain risk

Definition of Supply Chain Ethics

As sourcing has become more global, instances of exploitation and malpractice have come to light, raising questions about how ethical corners may be cut to produce goods cheaply.

When talking about ethics in the supply chain, experts generally focus on:

  • Freedom of employment and association
  • The eradication of child labour
  • Safe and hygienic working conditions
  • Appropriate pay and working hours
  • Humane and non-discriminatory treatment
  • Anti-bribery and corruption
  • Environmental awareness

Bribery and corruption is of particular concern to every industry due to ever-increasing fraud schemes. Learn more about workplace fraud in Workplace Fraud: 7 Types of Corruption as well the Importance of Corporate Governance for Fraud Prevention.

Relevant Laws in Australia, United Kingdom and the United States

Modern Slavery

According to Australia’s Department of Home Affairs, Modern slavery describes situations where offenders use coercion, threats or deception to exploit victims and undermine their freedom.

Practices that constitute modern slavery can include:

  • human trafficking
  • slavery
  • servitude
  • forced labour
  • debt bondage
  • forced marriage, and
  • the worst forms of child labour

Modern slavery can occur in every industry and sector and has severe consequences for victims. Modern slavery also distorts global markets, undercuts responsible business and can pose significant legal and reputational risks to entities.

Entities have a responsibility to respect human rights in their operations and supply chains, as outlined in the United Nations Guiding Principles on Business and Human Rights. This includes taking steps to assess and address modern slavery risks.

Taking action to combat modern slavery also makes good business sense. Entities that take action to combat modern slavery in their operations and supply chains can protect against possible business harm and improve the integrity and quality of their supply chains.

They can also increase profitability, investor confidence and access to financing opportunities. Many countries have imposed regulations in order to combat modern slavery.


In Australia, the Modern Slavery Act 2018 requires businesses with over $100 million in revenue to report annually on the risks of modern slavery in their operations and supply chains, and actions to address those risks.

In addition, in August 2021, a proposed amendment to the Customs Act 1901 passed the first stage in the process of becoming law. This amendment aims to include an import ban on any goods produced or made using forced labour, during any stage of the production.

The Australian Senate passed the bill, and it will now go to the House of Representatives for a final stage of approval. Although there isn’t yet a confirmed date for the House of Representatives to discuss the bill, this demonstrates increased government involvement in ethical compliance in supply chains.

United Kingdom

In line with the Modern Slavery Act 2015, every organisation carrying on a business in the UK with a total annual turnover of £36m or more is required to produce a slavery and human trafficking statement for each financial year of the organisation.

The U.K. Government outlines many benefits tackling modern slavery can bring to companies including:

  • protecting and enhancing an organisation’s reputation and brand
  • protecting and growing the organisation’s customer base as more consumers seek out businesses with higher ethical standards
  • improved investor confidence
  • greater staff retention and loyalty based on values and respect
  • developing more responsive, stable and innovative supply chains.

According to the U.K. government, if a business fails to produce a statement for a particular financial year, the Secretary of State may seek an injunction through the High Court (or, in Scotland civil proceedings for specific performance of a statutory duty under section 45 of the Court of Session Act 1988) requiring the organisation to comply. If the organisation fails to comply with the injunction, they will be in contempt of a court order, which is punishable by an unlimited fine.

United States

In the U.S., some jurisdictions have enacted laws that require certain types of companies to investigate their supply chains and to take efforts to combat human trafficking and forced labor. For example, the California Transparency in Supply Chains Act, effective January 1, 2012, requires covered companies to disclose on their websites their efforts to combat human trafficking and forced labor in their supply chains. The law applies to retailers and manufacturers with annual worldwide gross sales over $100 million that do business in California.

Companies subject to the Transparency in Supply Chains Act must disclose the extent of their efforts in five areas: verification, audits, certification, internal accountability, and training. Specifically, in its supply chains disclosure, a company must disclose to what extent, if any, it:

  1. Engages in verification of product supply chains to evaluate and address risks of human trafficking and slavery. The disclosure shall specify if the verification was not conducted by a third party.
  2. Conducts audits of suppliers to evaluate supplier compliance with company standards for trafficking and slavery in supply chains. The disclosure shall specify if the verification was not an independent, unannounced audit.
  3. Requires direct suppliers to certify that materials incorporated into the product comply with the laws regarding slavery and human trafficking of the country or countries in which they are doing business.
  4. Maintains internal accountability standards and procedures for employees or contractors failing to meet company standards regarding slavery and trafficking.
  5. Provides company employees and management, who have direct responsibility for supply chain management, training on human trafficking and slavery, particularly with respect to mitigating risks within the supply chains of products.


In June 2021 the German parliament passed the new Supply Chain Due Diligence Act that will require large companies to conduct supply chain due diligence. They must take steps to identify, prevent and address human rights and environmental issues in their own activities and in their direct suppliers’ operations.

The new law will enter into force on 1 January 2023 and will take effect immediately for companies with 3,000 or more employees, and on 1 January 2024 for companies with 1,000 or more employees. The law will only apply to companies whose head office, principal establishment, center of administration or registered office is in Germany.

Companies affected by the Act should take action as soon as possible in order to ensure that they will comply with the Act as of 1 January 2023. In addition to liability risks in civil law, there may also be a risk of significant fines and penalties, as well as exclusion from tender procedures for public contracts. But smaller companies should also take heed: companies which are directly affected by the Act will (have to) try to obligate their suppliers to comply with their own requirements, so that due diligence requirements might get in “through the back door.”

Environmental Regulations

According to the United States Environmental Protection Agency (EPA), organizations’ supply chains often account for more than 90 percent of their greenhouse gas (GHG) emissions, when taking into account their overall climate impacts. Over the last decade, many legislations have been introduced across the globe in order to address this issue.


The Australian Government has a range of environmental policies to minimise the impact of government operations on the environment.

There are also agency measures and targets for carbon emissions, energy, waste and resource use, as well as set mandatory environmental standards for incorporating sustainability into government procurements.

According to the Australian Government, legislation and policies that are relevant for suppliers, products and materials selection include:

  • Environment Protection and Biodiversity Conservation Act 1999 (Cth)
  • Product Stewardship Act 2011 (Cth)
  • National Waste Policy: Less Waste, More Resources – Strategy 2 (sustainable procurement)
  • Energy Efficiency in Government Operations Policy (2006)
  • Australian Government ICT Sustainability Plan (ICTSP) 2010-2015
  • Australian Packaging Covenant – Action Plan 2010-2015
  • National Environment Protection Measures (NEPM)
  • Commonwealth Procurement Policy Framework and Guidelines
  • State Government Environment Protection Legislation and Regulations, such as the Protection of Environment Operations Act 1997 (NSW)

United Kingdom

The UK Government recently announced that it is developing legislation that would make it illegal for large businesses operating in the UK to use certain commodities that have not been produced in line with local laws, and require in-scope companies to conduct due diligence to ensure that their supply chains are free from illegal deforestation and ecosystem change. A failure to comply could result in significant fines (the precise levels of fines are yet to be determined).

The legislation has the potential to impose market restrictions and extensive supply chain due diligence obligations, but it appears that it will be limited to certain “forest risk” commodities —  including those embedded within products — whose rapid expansion is associated with deforestation. The UK Government is currently consulting on the potential law. The UK Government anticipates that the law will particularly impact supermarkets and fashion houses, meat and dairy producers and businesses using palm oil and other natural ingredients; and has suggested that legislating might offer legal certainty and clear obligations for businesses.

United States

In the U.S., there are a few major federal laws that companies must abide by. 

The Comprehensive Environmental Response, Compensation, and Liability Act – otherwise known as CERCLA or Superfund — was passed in 1980. This provides a Federal “Superfund” to clean up uncontrolled or abandoned hazardous-waste sites as well as accidents, spills, and other emergency releases of pollutants and contaminants into the environment. Through CERCLA, EPA was given power to seek out those parties responsible for any release and assure their cooperation in the cleanup.

The Pollution Prevention Act, passed in 1990, includes provisions aimed at reducing the amount of pollution in the environment by making changes in production, operation, and use of raw materials by both private industry and the government. In other words, the Act is proactively focused on source reduction of pollution, rather than reactively focusing upon how to deal with pollution once it has entered the environment. An area of the Pollution Prevention Act which has had a dramatic and recognizable impact on the general public is the push towards recycling and reuse of materials.

The Occupational Safety & Health Act (OSHA) was passed in 1970 due to concerns with the increasing lack of worker and workplace safety . The main thrust of OSHA is to require employers to provide their workers with a safe workplace. While some OSHA requirements do not directly affect the environment (such as the requirements concerning safety for workers on elevated sites), other provisions specifically address environmental issues (such as the use of toxic or hazardous substances in the workplace).

OSHA is one of the few federal laws that relate to the environment that is not controlled by the EPA. Instead, OSHA is enforced by the U.S. Department of Labor in concert with the National Institute for Occupational Safety and Health (NIOSH), which was specifically created to deal with OSHA issues. In addition, many states have their own workplace safety and health acts. The state acts must have provisions in place which meet, if not exceed, the federal OSHA requirements.

6 Ways to Build Ethical and Sustainable Supply Chains

Manage Supplier Communities

Ethical practices need to be managed in a continuous manner, and companies must think about how they can improve day-to-day collaboration within their supply chains to achieve this. Effective collaboration with trading partners helps to drive greater adoption and adherence to ethical sourcing practices.

Companies should ensure they have up-to-date contact details for each participant in the supply chain. Collaboration platforms can help to encourage this. After all, it’s difficult to collaborate with suppliers if key contact details such as e-mail addresses or phone numbers are missing. By regularly surveying supplier communities, companies can uncover interesting insights into how the supply chain is performing, and what level of ethical practices is being achieved.

Gather Ethical Insights

For many organizations, monitoring the performance of trading partners and truly understanding the ethical “pulse” of supply chains remains a key challenge. To this end, advanced analytics, artificial intelligence and machine learning tools offer a helpful solution, providing a wealth of insights into day-to-day processes. In fact, AI stands to transform future operations, providing a means of ensuring that supply chains meet ethical standards, and applying measurable outcomes that can be applied to every trading partner across the chain. 

Through the use of advanced AI dashboards, organizations will be able to consistently monitor the ethical performance of trading partners. They’ll use the information to make strategic business decisions such as renewing supply contracts with high-performing suppliers, or terminating those with underperformers

Secure Trading-Partner Relationships

Once a supplier has been selected, it’s important to secure the supplier’s interaction with your organization. This helps to increase trust and minimize risk across trading-partner relationships. It can be done using an identity and access management platform for assigning a digital identity to trading partners across the business ecosystem.

In the process, you can ensure that external suppliers, business partners and contractors have secure access to the internal systems they need based on their roles within the ecosystem, including logistics, warehouse management, inventory and enterprise systems, as well as data.

Digitize Your Supply Chain

Upon securing the desired trading partners, companies must then connect them electronically to business operations, in order to establish a digital supply chain.

Ideally, this would take place in a cloud-based, data-integration environment, which allows the supply chain platform to scale in line with changing consumer demands and fluctuating market conditions. Embracing a digital supply chain also helps to prevent the falsification of manual, paper-based supply-chain documents, and therefore indirectly reduces the amount of counterfeit parts entering the supply chain, especially in the aftermarket sector.

Monitor Shipment Provenance

The key to building trust and protecting the reputation of an organization is knowing the source of all the parts that make up a product. Leveraging the internet of things (IoT), organizations can improve supply-chain visibility by tracking both the movement and condition of shipments. IoT sensors measure the temperature of frozen or perishable goods, shock levels as fragile goods are moved, and the location of expensive items via the global positioning system (GPS). In doing so, shippers can help to ensure against spoilage, damage and theft.

While IoT on its own can bring a slew of benefits to organizations, combining it with other advanced technologies such as blockchain can take it a step further. With blockchain, organizations can ensure greater traceability by capturing the source and retaining the provenance of goods as they flow through the supply chain.

For example, if a fire breaks out in a vehicle and the source is found to be the wire harness, a potential government-mandated recall might require the identity of all suppliers who were involved with its manufacture. If poor-quality gold was used in the connectors fitted to the wire harness, evidence in the blockchain can immediately identify where the gold came from — even the mine from which it originated.

While blockchain stands to transform ethical sourcing practices, organizations are still at the early stages of learning about the technology and how it can impact the way they do business. It will be a few years before blockchain finds its way into every business process.

Identify Trustworthy Suppliers

Before embarking on an ethical-supply chain strategy, organizations must first locate trading partners who share the same ethical practices. They can search for potential partners based on specific criteria — for example, whether the business in question maintains sustainable working practices, uses conflict-free minerals in its products, or engages in fair labor practices. It’s imperative that companies be able to trust the partners they work with, to ensure ethical working practices across the end-to-end supply chain.

3 Strategies to Minimize Supply Chain Risk

Aim for end-to-end supply chain visibility

The supply chain involves many different operational stages, and each stage faces its own risks and challenges. If something were to go wrong in one of these stages, the last thing you want is to only find out about issues later down the production line, or even worse at the last minute before the final product or service is delivered to the buyer. 

The sooner you’re aware of any issues, the sooner you can deal with them and prevent them from disrupting or delaying the supply chain, or affecting the quality of final products or services. Therefore, supply chain visibility is extremely important in risk prevention.

Supply chain visibility is about knowing where inventory is on its journey through your supply chain, and if any issues are going to affect the delivery timeline. This information might be exclusively available for supply chain management to see, or customers may be able to see this information too. With this visibility, you can track the progress of orders and ensure quick responses to any changes.

Another form of visibility that can help you reduce supply chain risks is visibility into the financial stability of your suppliers. Acquiring financial reports during the procurement process can help you choose financially stable suppliers, reducing the risk of corruption, bribery, and financial issues affecting production processes. 

Share responsibility by including partners in Risk Planning 

When planning how to mitigate supply chain risks, it’s a good idea to include suppliers and partners in the process. They may have unique insights into the risks your supply chain faces and can help create effective solutions. You will also need to ensure your suppliers’ risk management and business continuity strategies align with yours. 

By including partners throughout the risk management process, you can make sure you’re all on the same page, aware of the risks that need to be managed, and the control measures that should be implemented.

Review Supply chain risks periodically

Your risk management strategies will only be effective if they’re up to date and relevant to your supply chain and business operations. So carrying out a risk assessment once simply won’t cut it. You need to regularly review supply chain risks and ensure control measures and planned responses to different scenarios are still relevant. 

You should review your supply chain risks at least once a year or whenever changes are made to your supply chain and production processes. For example, if you start working with a new supplier, or changes are made to the manufacturing or delivery processes, you’ll need to assess any new hazards. 

How Polonious can Help

Implementing the Polonious Case Management System can help you  improve communication throughout the supply chain. Reports can be filed to draw attention to defective shipments and other supplier issues requiring corrective and preventive action. With improved communication throughout the supply chain, all parties would be aware of the faulty product and be held accountable for taking corrective action.

Once an investigation is complete, suppliers submit a report requesting approval of the corrective action taken. This allows managers to review the actions taken and the measures established to prevent the action from happening again.


It is critical that an organisation implements relevant structures and processes to effectively manage and monitor the compliance processes.

It is critical that an organisation implements relevant structures and processes to effectively manage and monitor the compliance processes.

The risks that may stem from noncompliance with key legislative requirements can be very costly and damaging to an organisation.

The risks that may stem from noncompliance with key legislative requirements can be very costly and damaging to an organisation. 

The consequences of noncompliance range from penalties and fines, to imprisonment, withdrawal of licenses, litigation and reputational risk.

The consequences of noncompliance range from penalties and fines, to imprisonment, withdrawal of licenses, litigation and reputational risk.

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

Fraud Recovery Statistics in Australia, US, and UK and Top 6 Fraud Prevention Tips for Companies

Fraud Recovery Statistics in Australia, US, and UK and Top 6 Fraud Prevention Tips for Companies

 The Australian Commonwealth, defines fraud as a crime where someone dishonestly obtains a benefit or causes a loss by means such as deception. 

Fraud may also involve activities such as:

  • theft
  • accounting fraud (e.g. false invoices, misappropriation)
  • misuse of credit cards
  • unlawful use of, or unlawful obtaining of, property, equipment, material or services
  • causing a loss, or avoiding and/or creating a liability
  • providing false or misleading information to the Commonwealth, or failing to provide information when there is an obligation to do so
  • misuse of assets, equipment or facilities
  • cartel conduct
  • making, or using, false, forged or falsified documents
  • wrongfully using information or intellectual property.

Fraudsters are increasingly finding direct methods to dishonestly benefit from a company’s clients, causing financial and reputational losses to companies across industries. For instance, in banking, fraudsters are increasingly using digital platforms and phishing websites to target victims directly, avoiding banks’ security measures. As such, fraud recovery is often-times, an extremely complicated and time-consuming process. CommBank reports that digital fraud has been on the rise. The most common types of digital fraud seen by the CommBank Digital Fraud team includes:

  • Phishing (aims to manipulate victim into things such as revealing personal information or/or transfer money)
  • Malware (viruses, software, or attachments designed to target online banking on computers or mobile devices to redirect transactions without victims knowledge)
  • Porting (transfer of victims mobile phone number from one service provider to another. Once the fraudster has access to victims messages, they can retrieve one time passwords and make payments via their online banking account)
  • Identity take-over (action of taking over victims identity to access current banking or create new bank accounts and loans. This usually involves obtaining a full name, date of birth, and address and passing identity verification over the phone to update online banking login details)

According to the PwC’s Global Economic Crime and Fraud Survey, the average company experienced 6 incidents of fraud over the past 24 months. This is the second highest reported level of incidents in the past 20 years. This is largely due to the changing business patterns, working styles and ever changing technology. 

The negative effects of fraud can trickle down to customers and clients, leading to reputational damage on top of financial repercussions. As such, it is important for companies to set measures to tackle and protect from fraud, now more than it ever was.

Fraud has a corrosive and far-reaching impact as it continues to affect millions of individuals, companies and their clients across industries. However, fraud can take many forms, and come from both inside and outside a company’s walls, and can be difficult to predict. Reading our 4-part series on Workplace Fraud can help you uncover, investigate and prevent workplace incidents and misconduct:

This blog will primarily focus on fighting against external threats which are ever-increasing in numbers and complexity. This blog will break the topic down into the following sections:

  • What makes Fraud a Challenging problem?
  • Fraud Recovery Statistics in Australia, US and UK
  • Top 6 Fraud Prevention Tips for Companies

What makes Fraud a challenging problem?

According to the Attorney-General’s Department of Australia, here are some of the key reasons why fraud is such a challenging problem.

Fraud is common

According to the Australian Institute of Criminology, there are tens of thousands of instances of reported fraud and corruption against the Commonwealth each year. The prevalence of fraud makes it a challenging and a costly problem for governments to deal with.

Increasing Complexity

Criminals and scammers are adopting new technology and more advanced methods to commit fraud. 

Fraudsters are diverse, creative and adapt quickly

Those who commit fraud are diverse, creative and adapt quickly

They range from people taking advantage of opportunities to those who actively look to exploit government programs. Fraud is a profession for some. Their job and expertise is to examine government programs and find creative ways to exploit those programs.

Serious and Organized Crime is Involved

Criminals use advanced approaches and schemes with professionals, such as accountants, to exploit multiple government programs.

Fraud Recovery Statistics in Australia, US and UK

According to PwC’s Global Economic Crime and Fraud Survey, there is a clear link between investment made upfront, from technology such as anti-fraud programs and capabilities, to resources and programs, and reduced cost when fraud strikes. For instance, globally, companies with dedicated fraud programs reportedly spent 42 percent less on response and 17 percent less on remediation than those with no program in place. 

Fraud Statistics in Australia

According to a PwC research, of the Australian respondents who had been impacted by fraud in the past two years, some 60% said the experience had helped them to streamline their operations, 50% to embrace new technology, and 43% to ensure incidents were reduced subsequently.

Less positively, when it comes to implementing or upgrading technology to combat fraud, Australian companies still find it more difficult than those elsewhere to make the business case for such investments. When asked what factors were preventing them from implementing technology to prevent fraud, over one in four (26%) of the Australian respondents identified cost as the biggest barrier into implementing it – in line with 27% globally. The resulting relatively low level of investment in anti-fraud measures, programs and technology emerges repeatedly in PwC’s research.

Fraud Recovery Statistics in Australia

Between March and June 2020, the Attorney-General’s Department’s Commonwealth Fraud Prevention Centre and the Australian Federal Police (AFP) established a temporary Commonwealth COVID-19 Counter Fraud Taskforce under Operation Ashiba. The taskforce included a range of entities across the Commonwealth such as:

  • Australian Criminal Intelligence Commission (ACIC)
  • Australian Securities and Investments Commission (ASIC)
  • Australian Transaction Reports and Analysis Centre (AUSTRAC)
  • Department of Agriculture   Department of Defence   Department of Education, Skills and Employment
  • Department of Health
  • Department of Social Services
  • National Disability and Insurance Agency
  • Services Australia

The taskforce works in partnership with other agencies including:

  • Australian Competition and Consumer Commission (ACCC)
  • Australian Taxation Office
  • State and territory law enforcement

The taskforce aimed to tackle fraud against COVID-19 economic stimulus measures. It aims to:

  • Provide advice and guidance to Australian Government entities to build in countermeasures in policy, program and system design to counter fraud risks for the new COVID-19 economic stimulus measure and intelligence sharing across the Commonwealth and internationally to enable detection and disruption of fraud
  • Equipped Australian Government entities with deterrence messaging to help build fraud awareness and prevention in government communications, and to explain the consequences of committing fraud into their communications.

According to the Australian Institute of Criminology, the total amount of money recovered increased from $631,800 in 2018 to $879,463 in 2019. This increase was also reflected in the mean (up from $817 in 2018, to $1,217 in 2019), although the median amount recovered remained the same ($200).

The total of amounts recovered in 2019 for the most serious occasion of personal information misuse in the last 12 months was $803,367, 41 percent more than 2018 ($569,342; see Table 16). The mean amount of money recovered in 2019 also increased ($1,035 in 2019 vs $730 in 2018). However, the median amount recovered remained the same at $200.   

Fraud Statistics in the United States

Findings show that customer fraud, cybercrime, and accounting fraud are the top 3 types of fraud reported. The most significant increases were seen in customer fraud (from 28% in 2018 to 39% this year); accounting fraud (21% to 30%); and bribery and corruption (16% to 22%).

It seems self-evident, but the best way to avoid getting embroiled in a new fraud is to investigate and learn from the last one. Yet, according to PwC, 50% of US companies did not conduct an investigation after the last major fraud. And barely one third reported it to their board. Regulators—and, increasingly, the public—are demanding more. Reacting too slowly can not only result in more immediate damage, it can also cascade into a broader crisis.

Similarly to Australia, data shows a clear link between investments made in fraud prevention on the front end, and the cost savings gained on the back end. Companies that have a dedicated program for their most disruptive type of fraud spent less overall than those who do not have a dedicated program in place. 

Sometimes the ROI of fraud preparedness is measured less tangibly—but no less importantly—in terms of positive outcomes. Nearly half (45%) of all global respondents who have experienced an economic crime say they emerged in a better place—citing attributes such as an enhanced control environment, streamlined operations, fewer losses, and improved employee morale.

Fraud Recovery Statistics in the United States

The Department of Justice reported total recoveries of $2.2 billion for the fiscal year ending September 2020.  These recoveries represent the lowest reported DOJ recoveries since 2008.

While it is the decline in recoveries that stands out, the 2020 DOJ fraud statistics do share some things in common with prior years.  First, whistleblowers were again critical to DOJ’s recoveries.  Of the $2.2 billion recovered, nearly $1.7 billion – 76% — was recovered in cases initiated by whistleblowers under the False Claims Act.

This percentage represents an increase from prior years, demonstrating the continued importance of whistleblowers.  Second, as in prior years, healthcare fraud accounted for the majority of funds recovered: of the $2.2 billion recovered, nearly $1.9 billion – 83% – was attributed to healthcare fraud.

Fraud Statistics in the United Kingdom

Economic crime has reached its highest level in the past 24 months with 56% of UK businesses surveyed stating that they were impacted by fraud, corruption or other economic crime. This figure is the highest in the history of the 20 year PwC research and well above the global average of 47%. 

The top 5 types of frauds according to UK respondents were:

  • Cybercrime
  • Customer Fraud
  • Accounting Fraud
  • Bribery and Corruption
  • Human Resources Fraud

Looking across the evolving landscape of fraud, what is causing the most disruption to organisations? In the UK findings of PwC’s studies, cybercrime was stated to be the most disruptive by 28% of respondents, up from 25% in 2018. Accounting fraud almost doubled from 8% to 15%, and customer fraud held onto third spot at 13%.

The same findings show that companies that have a dedicated fraud program in place generally spend less, relative to revenue, on response, remediation and fines. However, setting up such a program is just the start. Once the program is in place, periodic assessment and continuous evolution are key. 

According to KPMG, the number of alleged fraud cases being heard in UK courts in the first half of 2021 has almost doubled compared to the same time in 2020, as UK courts saw continued recovery in the system following COVID-19 lockdowns.

Businesses are now also being increasingly targeted due to their larger financial transactions and the greater potential profits for fraudsters. Aside from the financial costs, being a victim of fraud can cause serious reputational damage for businesses. Concern about adverse publicity probably contributes to under-reporting.

The National Economic Crime Centre (NECC) 2017 Annual Fraud Indicator estimates fraud losses to the UK at around £190 billion every year, with the private sector hit hardest losing around £140 billion. The public sector may be losing more than £40 billion and individuals around £7 billion. 

Remote banking fraud losses are organised into three categories: internet banking, telephone banking and mobile banking. It occurs when a criminal gains access to an individual’s bank account through one of the three remote banking channels and makes an unauthorised transfer of money from the account. VALUE £150.7m -1% VOLUME 43,906 +38% Total remote banking fraud totalled £150.7 million in 2019, one percent lower than compared to 2018. 

Fraud Recovery Statistics in the UK

The number of cases of remote banking fraud increased by 38 percent to 43,906. This reflects the greater number of people now regularly using internet, telephone and mobile banking, and attempts by fraudsters to take advantage of this. In 2019, 81 per cent of the adult population used at least one form of remote banking.

According to UK Finance, a total of £268.8 million of attempted remote banking fraud was stopped by bank security systems during 2019. This is equivalent to £6.41 in every £10 of fraud attempted being prevented. In addition, 17 percent (£25.8 million) of the losses across all remote banking channels were recovered after the incident. In 2021, 15 percent (£30.2 million) of the losses across all remote banking channels were recovered after the incident.  In addition, 16 percent (£25.3 million) of the losses across the internet banking channel were recovered after the incident. 

Here are some of the actions the finance industry can take to combat fraud:

  • Continuously investing in advanced security systems, including sophisticated ways of authenticating customers, such as using biometrics and customer behavior analysis.
  • Providing customers with free security software, which many banks offer.
  • Investing in the Take Five to Stop Fraud campaign to educate customers on how they can protect themselves from fraud and scams.
  • Sharing intelligence and information on this type of fraud so that security systems can be adapted to stop the latest threats.
  • Working with law enforcement, the government, the telecommunications industry and others to further improve security and to identify and prosecute the criminals responsible.

6 Recommendations for Companies to Tackle Fraud

Identify all your risks and address on a prioritised basis

The Attorney-General’s Department of Australia defines a fraud risk assessment as a process to help better understand your company’s fraud exposure, the associated risks and the strength of your existing countermeasures. Companies should perform robust risk assessments, gathering internal input from stakeholders across the organisations and geographies, to identify risks and assess mitigating factors.

These assessments should also incorporate external elements. There is a wealth of information available in the public domain, and ignoring it could potentially result in a big mistake. Risks should be assessed at regular intervals – not via a “once-and-done” approach. These are the common areas where fraud risks can emerge:

  • Policy and program development and delivery.
  • Revenue collection and administering payments to the public.
  • Service delivery to the public, including program management.
  • Provision of grants and funding arrangements.
  • Exercising regulatory authority.
  • Corporate financial transactions.
  • Procurement and contract management.
  • Payroll administration.
  • Changes in the activities or functions of an entity.
  • Issuing or using identity information.

Use the right technology

When it comes to fighting fraud, there’s no one size-fits-all tool. It can be too easy to spend on the wrong things and too hard to understand the value proposition of the right things. But there is a Goldilocks solution for every organization—including yours. Find it by focusing on matching the real risks you face with proven, effective solutions to them.

Using our investigation and automation expertise, Polonious provides cutting-edge investigation management solutions across industries. Our flexible and adaptable software can work across various industries and find creative solutions for every kind of fraud and investigation.

Often, a mix of technologies works well in a solution, with each playing the part best suited to it, rather than attempting to make one piece of software do everything. For example, Polonious often integrates with analytics/detection tool, where the analytics tool finds potential fraud, which is then loaded into Polonious to manage the investigation.

To get the most from these technologies, here are a few questions you might ask yourself:

  • Are they collecting the right data with the right rules and requirements?
  • Have they considered the use of machine learning to reduce false positives, or anomaly detection to identify emerging fraud patterns?
  • Are they feeding findings from investigations back into their fraud prevention program to make it more robust?

Back-up your technology with the right governance, expertise, and monitoring

Recognise that one tool won’t address all frauds and technology alone won’t keep you protected. Technology often is only as good as the expert resources and regular monitoring dedicated to it. Polonious will continue to meet the demands of the ever-changing laws, regulations and standards as well as ensure a seamless onboarding process. However, you must ensure that this is supported by the people managing the program.

Escalate, triage and respond

The ability to react to a fraud once identified is an important capability and element of an effective fraud program. The ability to quickly mobilise the right combination of people, processes and technology can limit the potential damage. ln some cases, a disruptive fraud may be an opportunity – or a strategic inflection point – to trigger broader organisational transformation for brand protection. 

Look for risk markers

Are you seeing an uptick in red flags in your activity monitoring? Are hotline calls up or down? Have enforcement patterns in your industry or geographies changed recently? The Polonious Case Management System has a suite of reporting tools to help you identify trends and prevent future misconduct. This way, you’ll have an opportunity to emerge stronger, clearer, and better prepared than your competitors for the inevitable next incident.

Know how to respond

When your organisation is hit by fraud, you need to know how to respond, and quickly. A consistent approach across global operations is key. For example, conducting investigations, making the right disclosures and taking appropriate disciplinary actions. There’s still more to be done in responding in the right way. Having adequate measures in place can help you respond efficiently during critical moments and even strengthen your organisation’s defences when the next fraud comes along.

There are simple steps that can be taken to help protect customers falling prey to unscrupulous fraudsters. For example, encouraging online platforms to carry warnings, share data on known fraudsters and take down their profiles in order to prevent romance fraud scams. Solicitors and other professionals involved with transfers of customers’ money must ensure their own systems are not vulnerable to being hacked and warn customers that lastminute changes to payment accounts are likely to mean fraud is being attempted. 

How Polonious can Help

When organisations have been impacted by fraud, many find they are able to use the incident as a significant driver of positive change across the business. According to a PwC research, of the Australian respondents who had been impacted by fraud in the past two years, some 60% said the experience had helped them to streamline their operations, 50% to embrace new technology, and 43% to ensure incidents were reduced subsequently.

Means by which fraud can be detected include:

  • Routine internal audit
  • Suspicious activity monitoring
  • External Audit
  • Document examination
  • Corporate security (IT and physical)
  • Fraud risk management

As investigation experts ourselves, we know what it takes to help investigators to their jobs best.

Polonious offers case management solutions designed to help with process management, productivity, automation, and analytics. Our investigation software is a trusted solution from investigation teams worldwide and can help you with risk prevention and detection and ultimately help prove your case to recover more from fraud.

The increasing prevalence and complexity of fraud is a major challenge to global companies across industries.

The increasing prevalence and complexity of fraud is a major challenge to global companies across industries.

Holistic risk assessments and using the right technology can help with prevention and detection of fraud.

Fraud Recovery can be extremely complicated and time-consuming. Holistic risk assessments and using the right technology can help with prevention and detection of fraud.

Book a Demo Now

Learn more about how Polonious can help you implement better risk prevention and detection measures

Importance of Corporate Governance for Fraud Prevention

Importance of Corporate Governance for Fraud Prevention

As the fraud environment becomes increasingly complex, especially with the COVID-19 pandemic, it is now more important than ever that businesses develop robust fraud prevention programs. One method of doing so is ensuring effective corporate governance. 

Corporate governance is the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations. The key players involved in corporate governance include the board of directors, audit committee, firm management, internal auditors, and fraud risk assessment. 

While it may be impossible to stop all cases of fraud within a business, fraud can be more easily identified, reported, and its outcomes minimised with strong internal systems and a management culture that encourages employees to speak out about their concerns.  

The Role of the Board

The board of directors of a company is an elected group of individuals that represent the company’s shareholders. They have many roles within the company, but overall the board will “oversee” rather than “do”. In contrast, management is the group responsible for the actual running of the business. 

Some responsibilities of the board of directors include:

    • Maintaining oversight of fraud risk assessment
    • Monitoring management fraud and control-related activities
    • Implementing an effective business ethics program
    • Hiring management, setting their compensation and evaluating their performance
    • Setting the appropriate tone at the top

In Australia, directors are subject to 2 different sources of law. The Corporations Act 2001 (Cth) is the primary piece of legislation that governs the board of directors. Some of the key duties this Act imposes are:

    • Act with care and diligence: There is an obligation to ensure a basic understanding of the company’s activities, size, distribution of functions and financial position.
    • Act in good faith in the interests of the company and for a proper purpose.
    • Not use their position to gain advantage for themself or another or to cause detriment to the company.
    • Not use information to gain advantage for themselves or another to cause detriment to the company

    Failure to comply with these regulations will result in significant financial penalties for the director involved.

    Besides the duties under legislation, the board of directors must also act as fiduciaries under general law. A fiduciary is a person that acts on behalf of another person or persons, putting their clients’ interests before their own. Their duties are similar to those under the Corporations Act, and include duties to:

      • Act in good faith and in the best interests of the company
      • Exercise their powers for a proper purpose
      • Not fetter their future discretion – i.e. not bind themselves to a particular future decision
      • Avoid conflicts of interest and duty

    Remedies exist in the event of a fiduciary breach, such as injunctions, claims for damages or compensation, and recissions of any contracts improperly entered into by the director. 

    The board of directors owe a duty towards the shareholders of their company, with serious penalties in place if they breach this duty. Not only does this prevent the board from engaging in fraudulent activities themselves, it also encourages them to look out for and prevent instances of fraud within their company.


    What Can the Board Do About Fraud?

    Whistleblower Hotline

    The board should engage in corporate governance via an effective whistleblower hotline in place so that employees can easily report any suspicious activity they see. This will lead to more positive outcomes for the company, since companies will be better off relying on their employees for internal information rather than facing the uncertainty associated with inquiries from government agencies like ASIC. 

    Some of the most important features for a whistleblower hotline include:

      • Have a variety of communication channels
      • Implement different metrics
      • Complaints should have a means of follow up by investigators 
      • Employees should remain anonymous unless otherwise stated
      • Its existence should be made known to all employees, vendors, and other stakeholders

    Aside from the fact that whistleblower hotlines will effectively collect valuable information from employees, it will also deter potential perpetrators from engaging in fraud, and promote a culture of compliance.

    Ethical Culture 

    Without a strong ethical culture within an organisation, fraud is almost an inevitability. The guiding principles of a company are what all employees will be led by.

    If employees see that the company has taken a strong stance against all forms of fraud, they will be less likely to engage in this kind of behaviour. A company’s core principles will be set by the board of directors and be a strong indicator of the company’s strategic direction. 

    The board should therefore implement a code of ethics or conduct as a form of corporate governance. This will deter any wrongdoing and promote honest and ethical conduct by their employees.

    Additionally, such a code will clearly outline the activities that the company deems as appropriate and inappropriate, and the consequences for violation. 

    Directors, trustees, and staff should all be familiar with the code, and regularly be educated as to the importance of compliance. Written acknowledgement of adherence to the code should also be obtained on an annual basis. 

    Risk Management

    As mentioned above, one of the roles of the board is to oversee the management of risk, which includes the risk of fraud. Fraudsters are constantly looking for new ways to exploit companies, so the board must be agile in their fraud risk management. 

    Corporate governance can take place through the implementation of a board committee, such as the audit committee, to focus on the oversight of risk management. This is particularly useful if the committee currently lacks capacity or does not consist of the optimal board members for risk oversight. The board will also have the opportunity to periodically review the committee’s effectiveness of fraud risk management processes and controls. 

    Next, the board can conduct a comprehensive fraud assessment. This involves creating an exhaustive list of potential risks that the company is exposed to. There are a number of methods of identifying such risks, which include:

      • Employee fraud awareness surveys
      • Hiring a cyber security firm to detect hacking vulnerabilities
      • Monitoring social media
      • Conducting exit interviews

    The board should also include any measures that are currently in place to manage each risk, such as metrics, reports, insurance and contingencies. 

    Once the risk areas have been recognised, they should each be reviewed to determine whether they involve a vulnerability to fraud. These may include the movement or retention of funds, company records or confidential information, or system interfaces with vendors and customers. Providing a risk rating for each area will be an effective way to periodically assess the strength of anti-fraud control measures. 

    Polonious’ risk management software may be the perfect solution for you. Not only is it ISO compliant, this software is easy to navigate, reduces administration time, and can easily export reports. You can find out more here


    What should the board do if a fraud has occurred? For lower level fraud in a large company, it may be sufficient to let it be handled by a manager or human resources.

    However, for a significant fraud or a small company, the board must investigate how the fraud occurred and if/how it might have been prevented, or at least oversee and review a report on the investigation. Key considerations when conducting an investigation include:

      • Categorising issues
      • Confirming the validity of the allegation
      • Defining the severity of the allegation
      • Escalating the issue or investigation when appropriate
      • Conducting the investigation and fact-finding
      • Resolving or closing the investigation
      • Managing and retaining documents and information

    Finally, the board should consider using outside resources, since internal resources may already be compromised. 

    Polonious’ investigation case management software can do all this work for you. The system is incredibly flexible and adaptable to your needs. It allows you to access everything you need in one convenient place, and can be easily implemented into your current IT resources. More information can be found here.


    Governance Systems

    Governance systems are an important preventative measure of corporate governance because they ensure oversight and minimise the ways fraud can occur.

    For example, effective policies and procedures around procurement and tender processes help to ensure that choice of suppliers are not influenced by bribery or corruption. These policies may include:

      • Introducing additional approval processes for orders over a certain amount
      • Assigning someone to identify and regulate vulnerabilities in your processes
      • Conducting background checks on potential employees including reviewing expenditure habits

    Additionally, while they may be implemented by the board, effective governance systems operate independently and can help to prevent fraud at the board level. These systems will provide the overall framework that the organisation is expected to operate within, so the board must appoint the right managers to oversee them.

    Additionally, independent, third party auditing, as part of the governance system, also helps to prevent fraud that may occur within the board itself.


    Corporate governance plays an invaluable role in identifying and putting a stop to all kinds of fraud within their organisation. Some activities that the board of directors should engage in include implementing a whistleblower program, developing a code of ethics, engaging in risk management, and investing in governance systems. By doing so, the board will send a clear message to potential perpetrators of fraud that they will not tolerate this sort of behavior in their company.

    Corporate Governance

    The board of directors are required to act in good faith.

    Corporate Governance

    The board must investigate how fraud has occurred and if/how it might have been prevented.

    Book a Demo Now

    Learn more about how Polonious can help you investigate and respond to fraud.

    5 ways to dig deeper than a Web search for better investigation

    5 ways to dig deeper than a Web search for better investigation

    Whenever an investigation begins it is only natural to jump on the Internet and do a Web search for any relevant material that is publicly available.

    The Web is an ideal starting point, but there are many more data sources available to intrepid investigators. In this blog we will look at five ways to garner more information for an investigation, and how the results will help you deliver a more comprehensive result.

    1. Specialist Web search engines

    When people search the Internet they think of Google, but there are many more specialist search engines which focus on certain niches, or verticals.

    These include alternative general search engines and forums and portals which focus on specific topics. Your investigation might relate to the aviation sector, so log onto aviation forums and look (and ask) for information which might be helpful.

    There are also many localised search engines which focus on particular geographies, which could help your investigation if there are elements relating to non-English speaking regions.

    2. Social networks

    Your investigative work is made easier if the people you are investigating are happy to share their private live with the world.

    A person’s profile can be reviewed and information can be gathered from it, and from there it will depend on how it fits into the wider case and whether it can be used to bolster the investigative process.

    Like search engines, the Web is awash with social networks of all shapes and sizes. Facebook won the war for the most popular social network, but again there are plenty of niche options to include in your investigative work.

    Take the time to look at any niche social networks which might give new light to the investigation.

    Some OSINT providers will perform detailed social media searches for you, and Polonious integrates with a number of leading providers.

    3. Government databases

    In addition to open data sources like search engines and social networks, there are more shielded information repositories, such as government-controlled databases which can be used during an investigation.

    These databases house public records, but often require some form of application or payment to be searched.

    Examples include company records; births, deaths and marriages; estates and wills; and other regulated industry data. If the case involves a criminal or civil court matter, then there will be records available for searching.

    Such data can give your investigation the boost it needs by revealing interests and relationships not contained in public repositories.

    4. Associates

    The person you are investigating might be very private, but their associates might not be.

    Today’s connected Web can reveal a lot about a person, even if they didn’t consent to having the information about them shared.

    By using a combination of search, social and other data sources your investigation can easily reveal a lot about a person, or organisation, by proxy.

    Including relations and associates is now an important factor in getting the most amount of information available.

    5. Work history

    Another source of information for your investigation is work history. Like government data, this might not be immediately available for free, but can be sourced specialist sources such as financial records.

    LinkedIn is the go-to social network for professionals and from there someone’s work history can be investigated.

    While looking into work history, don’t forget co-workers. People who have worked together know a lot about each other and this information can be readily shared online.

    The amount of open source information available to investigation teams extends well beyond a regular Google search. Look at the numerous free and paid-for data sources which might give your investigation the edge.

    There are also support services available which focus on the many different databases containing personal information.

    Web search is useful but basic search engines like Google do not cover all bases for investigations
    Virtual Fraud in Financial Services Forum

    Virtual Fraud in Financial Services Forum

    On 9 December 2021, Polonious will be attending and speaking at the Virtual Fraud in Financial Services Forum run by Transform Finance. This event connects the entire financial services industry across the Asia Pacific region in an exclusive online environment. 

    At this event, you will get to hear about the ever-changing global fraud landscape from industry experts. The latest topics currently transforming the fraud industry will be covered, such as:

    • Cybercrime Challenges
    • Global Perspectives and Regulatory Insights
    • Disruptive and Emerging Technologies
    • Application and First Party Fraud, Synthetic Identity and Transaction Fraud

    You will also have the opportunity to network with more than 200 C-suite, VP and Director level executives across a range of fraud prevention, detection, and investigation roles. These include roles in Financial Crime, Risk, Compliance, Legal, AI, and Data Analytics. 

    The organisations in attendance are also diverse in nature, covering financial services industries such as Banking, Fintech, Insurance, Securities, and of course Polonious will be representing the Case Management industry. 

    Polonious will be manning a virtual booth at this event, speaking on why you need an investigation management system, and where it sits in your anti-fraud program. This booth will be run by Polonious’ Senior Systems Configurer and ISO Systems Manager, Nicholas Fisher. Nicholas has worked with clients across banking, insurance, investigation firms, education and child protection. He knows exactly what key pain points companies experience in their fraud prevention and detection, and how Polonious can step in and help. 

    Nicholas will be able to give you a crash course on why you need an investigation management system. He will cover what investigation management systems are, how they can be implemented, and their benefits to you. You will no doubt leave this event with a better understanding of why investigation management systems are more attractive than other alternatives.

    If you work for a bank, fintech, payments, insurance company or the wider financial services, this event is perfect for you! Learn from live case studies, Q&As, and panel discussions at the most important event for digital innovation and fraud prevention this year. 

    You can find out more about the event, including the agenda, speakers, and more general information here

    We look forward to seeing you there!

    Fraud in Financial Services virtual event - 9th December 2021

    Thinking about attending?

    You can claim a free VIP pass to the event using this link