Jim Ratley and ACFE: Going Broad on Fraud

Five years post-Enron, corporate fraud and white-collar crime continue to make headlines. Jim Ratley of the Association of Certified Fraud Examiners checks in to talk about corporate fraud and effective investigations.

Fraud examination may be considered a niche of corporate security, but it's a broad niche. Jim Ratley, CFE and president of the Association of Certified Fraud Examiners (ACFE), says today's CFEs are often required to have skills in areas like accounting, legal, investigation, interviewing and—increasingly—computer forensics. "There are so many aspects to it," says Ratley.

Over the past five years, since the Enron scandal broke, CFEs have also found themselves in a more central role in American business. Recently, fraud and corporate investigations were back in the headlines when an executive assistant at Coca-Cola allegedly tried to sell trade secrets to PepsiCo and when the pretexting scandal rocked Hewlett-Packard. In a broad-ranging interview with CSO, Ratley spoke about the latest scandals, the keys to successful fraud investigations and how

television's versions of corporate investigations miss reality by a mile.

CSO: What do you think when you see the news coming out about alleged pretexting at Hewlett-Packard, in which phone records of board members and journalists were accessed?Jim Ratley: Anytime you're involved in a fraud investigation, it's an adversarial relationship. People are going to be looking at you to make sure you upheld the standards you should.

[Judging by] what's reported in the paper here, they went beyond that, and when you do that you put yourself at the same level as the person who potentially perpetrated the fraud. It's very important we

stick to ethical standards and rules. When you don't, you open yourself up for attack.

Is the HP case typical to a fraud examiner, or atypical?

It's really common to be investigating the release of proprietary information. It's a valuable commodity that companies have. With the onset of the electronic age, it's becoming even more common. You just had it with Coca-Cola and Pepsi. Pepsi handled it the way that it should be handled. They stepped forward and they were transparent.Pretexting is entering mainstream conversation, and people are surprised by its use.

Pretexting is a tool that every investigator has used. In its place, it is a valuable tool. But it goes back to knowing how to use it, and knowing when it's time to pretext and when it's not. At this point it sounds like it was definitely abused in [the HP] case.

The HP and Coca-Cola cases are insider cases. We often hear the insider threat is far more serious than

the outsider threat. Is that still true?

1 2 Page 1
Page 1 of 2
7 hot cybersecurity trends (and 2 going cold)