How Internal Auditors Can Think Like a Prosecutor and Lay the Foundation for Justice

How Internal Auditors Can Think Like a Prosecutor and Lay the Foundation for Justice

In the 23 years that I have been a prosecutor, I’ve learned that you can rob more money with a pen and a checkbook — or a mouse and computer screen — than you can with a gun and a ski mask. Sadly, the vast majority of these crimes go unreported and unpunished. Internal auditors play a key role in bringing these individuals to justice and are often our expert witnesses. This article outlines how internal auditors can identify crimes happening within their organization and shares best practices for collecting information to lay a foundation for a district attorney to conduct a successful criminal prosecution.

Why White-Collar Crimes Go Unreported

There are many reasons why victims of white-collar crimes frequently do not report them: Shame, embarrassment, the belief that they are unlikely to receive restitution, and concerns about a countersuit from the accused are among them. Involving a prosecutor reduces — and potentially eliminates — many of these concerns. Only prosecutors can send people to prison, and clients are more likely to get restitution in a criminal case. Plus, prosecutors cannot be sued. The average embezzler is a 46-year-old white male of privilege, and 90% of these crimes don’t reach the courtroom. I want auditors and prosecutors to work together to show these white-collar criminals that crime doesn’t pay.

Fraud Profile: What to Watch for

An organization is only as secure as its least secure employee. Recent data shows that approximately half of the fraud crimes that companies are subject to come from within — insider crimes including payroll scams, skimming, invoice and tax fraud, and more. Internal auditors can help educate about fraud and design controls around common fraud red flags for employees gone rogue, including:

1.   Unexpectedly Fails a Background Screening

Doing criminal background checks is fundamental. On top of that, organizations should be sure to check in with prior clients and embed those checks into hiring practices.

2. Change in Behavior

A coworker behaving oddly or out of character could signal not only a shift in their life but also possible misbehavior at work.

3. Living Beyond Their Means

After a crime is discovered, coworkers often look back and realize they saw signs from the suspect beforehand. A colleague taking expensive vacations or buying a flashy car they seemingly can’t afford could be a sign that something illegal is taking place.

4. Knows Information They Shouldn’t

If a team member has privileged information, they could be secretly accessing files or emails or working with an inside source to get details that aren’t specific to their line of business. It’s a red flag if someone knows information they shouldn’t have clearance for.

5. Brags to Coworkers About Hacking Skills

If watercooler conversation includes how good someone is at accessing software, it stands to reason they may be doing this in their own backyard.

6. Switches Computer Screens Quickly When Approached

Although this is less applicable in a virtual environment, suspicious in-office behavior is when a co-worker is rapidly closing windows or switching their activities when someone approaches their desk.

7. Works Late on the Weekends, Yet Refuses to Take Vacations

Many people who are managing a secret in the office don’t want to leave for fear of discovery. It’s a huge red flag if employees aren’t taking vacations. Relatedly, if people are reluctant to cross-train in their role, that’s a sign that they are holding onto something. No one person should hold all of a department’s information.

8. Leaves the Company Disgruntled

Access management is always a good practice, but if an employee leaves on bad terms, it’s especially important to change passwords, conference call dial-in codes, and other means of getting privileged information to avoid retaliation.

Internal auditors can help design internal controls that prevent or detect instances of fraud, such as multi-step transaction procedures for cash. For example, cash transactions should have a minimum three-step process: one employee to record a receipt, one to get a deposit slip, and the third to do the actual deposit. The more people involved in a process, the more difficult it is to keep a secret and maintain a conspiracy. Strong internal controls — which auditors are great at — are an excellent way to prevent fraud.

Fraud Detection Next Steps

In addition to your organization’s fraud reporting policies and procedures, here are some additional considerations that can ensure that sufficient evidence is collected to support a criminal prosecution. If you’ve detected a pattern or found a secret account, do not confront the individual. It’s a natural instinct to go right to the source to confront them about what you’ve uncovered, but you will lose the element of surprise. Instead, follow the money.

● Determine the reach of the conspiracy. Are there multiple people involved?

●  Working within your organization’s policies, consider whether a computer can be accessed. Prosecutors know that employees do not have an expectation of privacy with a company-provided computer, and no search warrant is needed to access it. At a minimum, a thorough digital footprint and 30 days of activity will provide a solid assessment of that employee’s life and their behavior.

●  Again, within your organization’s policies, consider working with a prosecutor before talking to the subject. When confronted, many of these criminals go into damage control. A prosecutor can set you up to record audio and video of their reaction. Someone might admit to taking $80K and offer the auditor $40K to make the problem go away, for instance. Now we have them on tape with both a confession and attempted bribery. 

Please keep in mind that $100K is the magic number. If we can show thefts of $100K or more — and that number can be aggregated from multiple areas — then we reach the category of a Class C felony, which is considered more serious than a bank robbery or armed robbery. If we can prove a Class C felony — even for a first-time offender — they will get a minimum of five years and thousands in restitution back to the corporate client. The statutes of limitation will vary by district, and some districts have no statute of limitations on a felony, which is another reason why it’s valuable to hit that $100K threshold.

2024 Focus on the Future Report

How Auditors Can Help Prosecutors Bring White-Collar Crime to Justice

When speaking to a prosecutor, there are ways to approach them to better ensure that they will pursue your case. First, realize that prosecutors are afraid of math — that’s why we went to law school! Try to explain to us as simply as possible how the fraud took place.

Secondly, prosecutors know that foreign defendants like to leave town and can be expensive to extradite. Bringing your information to a prosecutor can catch a criminal before they flee or go on to commit similar crimes against others.

The top piece of advice from prosecutors to auditors is to be thorough, which comes naturally to auditors. Explain to prosecutors how this conspiracy really worked and get us above that $100K threshold for a Class C felony.

White-collar crimes are the most underreported crimes and cause great economic harm. We live in a time when the criminal justice system is looking to hold everyone accountable, and make sure that equal protection means that all people are treated equally regardless of other factors. It’s time for auditors and prosecutors to work closely together to lay the hammer down on white-collar crime and achieve justice.

This material is provided for informational purposes only and is not intended to be advice or a recommendation to take any particular action.


Ben David has served as district attorney of New Hanover and Pender Counties since 2004. He prosecutes all manner of cases and has served as an international speaker on the topic of internal audit. Ben resides in Wilmington, NC. Learn more at