In Depth

5 Things About Corporate Investigations That Won't Change...

...As a Result of the Hewlett-Packard Pretexting Scandal

By Sarah D. Scalet

Page 4

investigators, who themselves may outsource some investigations work.

If the execution of the HP investigation was an outlier, it was also an extremely unusual operation from

the get-go. After all, an investigation involving board members is not an everyday job even for the most

seasoned internal fraud examiner or loss prevention specialist. In fact, it's the very kind of specialized

task that probably ought to be outsourced.

"Third-party investigators are an important part of the process that corporate America and retailers

use," says Joe LaRocca, VP of loss prevention for the National Retail Federation, a lobbying group in

Washington, D.C. If you want to find out if a potential hire has a criminal history, for instance, you

might hire a firm with expertise in researching public records. "You're going to go to a third party

because they're the experts in getting the information."

"I don't think of it as outsourcing," says Regis Becker, director of global security and compliance at PPG

Industries, the Pittsburgh-based industrial manufacturer. "We use what we call

'stringers'"—highly competent retired agents from the military, FBI and Secret Service who set up

small investigative shops. "They have the training, they understand the law and they don't have to be

briefed on every detail. Everybody is working from the same page."

Most often, this large stable of seasoned investigators available for contract work makes the use of

third-party investigators simply a good business practice.

If HP had had only its internal investigators working the case, rather than turning to third parties,

people would be questioning that decision, too.

"A good outside law firm would say, Why do you have your loss-prevention and anti-piracy guys doing

this? What do they know about it?" says David Caruso, founder of the Dominion Advisory Group, who

was brought in as executive vice president of compliance and security at Riggs Bank after the Augusto

Pinochet money laundering scandal in 2003.

Of course, people in the security world have always known that sometimes this method is used to keep

less savory investigative techniques at arm's length. Just think back to the infamous P&G Dumpster

diving case in 2001. The consumer goods company paid Unilever $10 million after being caught hiring

a competitive intelligence firm to conduct an investigation that involved going through its rival's

trash.

It's up to CSOs to make sure that their companies choose firms carefully and monitor them well. "If you

have to hire a contractor to run investigations," Caruso warns, "you have to actively manage what you're

doing." But that's nothing new, either.

Reality check: Companies should monitor their third-party investigators, but it would take a lot more

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors