"There is always a clue."
- Gil Grissom, CSI: Crime Scene Investigation
Just as the forensic investigators on "CSI" usually catch the criminal, forensic accountants can help resolve business disputes and cases of fraud. But both of those activities take place after the fact, when the damage has been done.
The rapidly evolving practice of forensic testing, on the other hand, helps to identify-and prevent-fraud, rogue trading or security failures before they become serious.
At its most basic, forensic testing involves activities intended to identify abnormal or problematic patterns in transactions; errors or violations; exceptions that signal deficient internal controls; and deliberately concealed behavior, especially that involving fraud or attempts to circumvent laws or regulations. It seeks to establish whether the results of operations and investment activities conform to industry standards or expectations.
Forensic testing goes further than routine spot checks of control effectiveness or day-to-day assessments, taking an approach that is rigorously investigative and that looks at data in new ways. Forensic testing is prospective, unlike forensic accounting, which is retrospective. It can help identify patterns that are common in fraud or in rogue trading, spotlighting areas for deeper scrutiny.
The growing interest in forensic testing in the investment management industry is being driven by both market forces and regulatory activity. For example, the rise of multi-strategy advisors puts a premium on protecting information, ensuring fairness between the handling of client and proprietary accounts and managing the conflicts that can be caused by these account relationships. Forensic testing helps address such potential risks.
Forensic testing can also help funds and advisors fulfill the legal and fiduciary responsibilities they retain when they outsource servicing functions, allowing the efficiencies of outsourcing without compromising oversight.
Testing also can address the risks created by the growing use of digital networks and electronic records. With identity thieves attempting to steal personal data such as account numbers, birth dates and Social Security numbers, sound privacy practices are increasingly important. Forensic testing can help implement a data risk management program that protects sensitive client information.
Particularly since the SEC adopted its compliance program rules in 2003-Rule 38a-1 (for funds) and Rule 206(4)-7 (for advisors)-forensic testing has emerged as a key tool for managers and advisors alike to use in maintaining effective internal controls, risk management and compliance programs. In fact, forensic testing is now one of the things that SEC examiners routinely look for when evaluating funds' annual compliance review processes.
Standards are developing for which kinds of analyses meet the requirements for a sound forensic testing program. The best programs include four elements. First, they identify compliance areas where the analysis of data can identify high-risk areas and enable the testers to set priorities.
Second, the forensic testing team needs to gather and analyze data that will generate significant results for use in enhancing compliance controls.
Third, they include a rigorous review of the analytical results, with line staff acting to address any issues that are identified.
Finally, they include the implementation of an ongoing routine of follow-up reviews and analyses to measure key metrics and monitor progress.
Forensic testing is most effective when it is employed within an existing internal control framework focused on compliance and risk management. When it is used to monitor controls designed to help compliance with securities laws, forensic testing can help fund managers or advisors assess the design and operation of the controls and identify weaknesses.
Curiosity as a State of Mind
In the end, forensic testing is less about inflexible definitions and characteristics than it is about making curiosity a state of mind, putting aside conventional thinking to look at things in new ways. This attitude can help to identify discrepancies and unusual patterns of behavior that might not be obvious at first glance. As in the well-known Sherlock Holmes story, it sometimes can be the dog that didn't bark in the night which should arouse suspicion.
In the future, forensic testing is likely to become even more common in the investment industry, particularly following the highly publicized rogue trading incidents that have damaged the finances and tarnished the reputations of some of the world's largest banks and other institutions. Aggressive forensic testing might have detected some of those schemes far earlier, potentially saving millions or even billions of dollars.
Advances in technology will help to extend the range and effectiveness of forensic testing by allowing the review of third-party data. For instance, the Securities and Exchange Commission's interactive data filing and disclosure platform, which will use eXtensible Business Reporting Language (XBRL), will provide simple access to the data included in regulatory filings. In addition, the constraints imposed by structured data will fade away as newer technologies permit the transcription and analysis of voice and text communications.
In the courtroom, forensic testing can identify the guilty and protect the innocent.
In investment management, forensic testing can protect the investor.
In fact, an ongoing, well-publicized program of forensic testing is like a cop walking the beat: Knowing that he is on the job can serve as an effective deterrent to wrongdoing. For that reason, forensic testing is an important part of the compliance toolkit for any fund or investment advisor, enabling them to identify potential problems and improve internal controls. In an increasingly risky and complex world, foresight is the best protection of all.
(c) 2008 Money Management Executive and SourceMedia, Inc. All Rights Reserved.