Hiring Your Discovery Consultant For Fraud Investigations

The Editor interviews Patrick Grobbel, Certified Fraud Examiner and Director, iDiscovery Solutions, Inc.

Patrick Grobbel is a Director with iDiscovery Solutions (“iDS”) in Washington, DC. He brings over 15 years of expertise in legal advisory, engagement management, and business development experience from financial advisory firms and discovery services providers. A Certified Fraud Examiner (CFE), he is proficient in all phases of the Electronic Discovery Reference Model (EDRM) lifecycle, including a broad range of experience in initial evidence assessment, preservation and analysis through data review. 

About iDiscovery Solutions

iDiscovery Solutions (iDS) is a legal technology expert services firm that provides computer forensics, consulting, data analytics, ESI processing and hosting, and expert services in the areas of electronic discovery, digital forensics and enterprise applications. iDS also provides subject-matter experts who testify as to how technology works generally, and also specifically within the context of litigation, investigations and government inquiries. iDS works side-by-side with our clients to preserve and analyze data, develop proactive process improvements and create cutting-edge strategies for both law firm and corporate clients.

Please email the interviewee at pgrobbel@idiscoverysolutions.com with questions about this interview.


iDiscovery Solutions



Editor: Please start our discussion by telling us how iDiscovery Solutions (iDS) evolved from its roots in expert testimony and strategic consulting into the realm of information governance and e-discovery technology and processes.

Grobbel: This evolution was driven by clients who demanded the same level of care, custody and control of their data that iDiscovery Solutions demonstrated in serving as a Rule 30(b)(6) witness, as subject-matter experts and as opinion experts.

We made a strategic decision to expand into the right side of the EDRM – into traditional e-discovery services – and we viewed it as a low-risk move in light of the demand. We acquired the best industry talent and technologies to fulfill our clients’ needs, which included digital forensics, professional enterprise security consulting, structured data analytics and traditional e-discovery services, such as processing and hosting.

We approach each matter, whether it’s processing, hosting or a forensics collection, always with the possibility of expert testimony in mind. The goal of this transition was not to become an end-to-end service provider but rather to meet clients’ needs while preserving our established reputation and brand in the expert witness arena.

Editor: Can you expand on what it means to be a 30(b)(6) witness?

Grobbel: Yes, Rule 30(b)(6) of the FRCP allows for an entire corporation to speak through one agent. The events are as follows: a notice of deposition made pursuant to Rule 30(b)(6) requires a corporation to produce one or more individuals to testify with respect to matters set out in the deposition notice or a subpoena. The corporation must designate a person to testify and prepare the person to give knowledgeable answers on behalf of the corporation as to their information management systems, such as their IT infrastructure and accounting systems.

An example in the context of e-discovery is a witness called to testify on the steps the corporation took to find and produce responsive documents to ensure good faith discovery.

Editor: What are the typical triggers for fraud investigations by the U.S. government?

Grobbel: The three triggers that we typically see involve whistleblowers, internal review/risk assessment and regulatory/congressional inquiry. Starting with the first, in 2002 Sarbanes-Oxley legislation provided protection for whistleblowers and incentives for non-retaliation by employers, and in 2010, the Dodd-Frank Act strengthened protections via the SEC Whistleblower Program. Essentially, there’s no negative repercussion – and great incentive – for individuals within an organization who alert the government to wrongdoings. In 2007, for example, an American banker named Bradley Birkenfeld gave information of a fraud to the IRS and the U.S. Department of Justice (DOJ), which led to a massive investigation and fines against UBS.

Internal review is involved with risk assessment. It’s a postmortem look-back that could include a review of operations; of risk-assessment areas, such as high-risk reputation factors within an M&A deal; of due diligence performed; and of transactions, including their constituent elements, the books and records and the reconciliation of transactional costs. Any of these items could trigger different violations. An example here is the Hewlett Packard acquisition of Autonomy, after which HP did an audit postmortem and determined that the value of Autonomy had been overstated – resulting in a write-down by HP of over $5 billion.

Regulatory or congressional inquiries can be based on a consumer complaint or financial reporting irregularities. Recently, the newspapers reported congressional investigations into FCPA (Foreign Corrupt Practices Act) violations by Walmart with respect to business practices in Mexico, and the emails and memos that were made public really offered a glimpse into the company’s internal communications. Last month, Walmart reported over $157 million of professional fees in what remains an ongoing investigation, and they expect to pay millions more – all before any damages or penalties are paid to the U.S. government.

A point of common concern in all these situations is that the stakes are high, and some risks can be avoided or at least substantially mitigated. For instance, Walmart might have actually avoided these costs by taking internal steps to implement and adhere to a FCPA compliance program, rather than addressing these issues after the fact in the context of a regulatory investigation.

Editor: To what extent do government agencies cooperate with one another in their investigative and enforcement efforts?

Grobbel: During the financial crisis of 2007/2008, we started to see cooperation among agencies in efforts to mitigate systematic risk and to keep important financial institutions viable and solvent. Further, most agencies don’t have prosecutorial power, so they have to collaborate with the SEC, FTC, IRS and the DOJ for civil and/or criminal actions.

There is agency cooperation within certain industries, for example in housing, with the FHFA and HUD and pertaining to issues such as foreclosures or ownership rights. Also, within the financial services industry there’s a tremendous amount of coordination between the Federal Reserve, Treasury, FDIC and the OCC. So agencies are generally moving in that direction. 

Editor: How does your expertise in digital forensics and testimony services harmonize with e-discovery services within a fraud investigation?

Grobbel: As I mentioned, we take the same approach in e-discovery and in the handling of data as we would with an expert engagement. Issues such as intellectual property, recovery of deleted information, suspicious activities, and computer security breaches are all critical components of fraud investigations, and we apply the same forensically sound methodologies and evidence preservation techniques to both the discovery process and the reporting of these activities.

Remember, the whole idea of forensics is to dig very deeply into the evidence and uncover hidden information and evidence; thus, it is naturally well suited to discovery needs. I might add that the term “digital forensics” updates its predecessor, “computer forensics,” to include today’s mobile devices and social media sources that are increasingly coming into play during investigations and litigation. 

For instance, we have to provide a detailed log for the chain of custody and show how we preserved, handled and protected the evidence. In our experience, a higher level of expertise is required for evidence within a fraud investigation as opposed to general litigation. For investigations, we typically are asked to make a forensically sound image, i.e., a byte-by-byte image, whereas in general litigation we may be asked only to perform what’s called “logical collection,” which involves pulling “live” information from a data source such as a laptop/desktop or server. Finally, investigations quite often require additional efforts to analyze information and/or recover deleted files. So it is very much like the TV show "CSI."

Editor: Please talk about the discovery process within a fraud investigation.

Grobbel: There are three components that together lead to fraud; it’s called the Fraud Triangle. These three events are pressure, rationalization and opportunity. In a fraud investigation, our goal is to understand the full picture and identify the influences within an organization, which involves performing data analysis and determining the relationships between individuals or potential co-conspirators. By implementing tools like data analytics, we can tie the data back into the organization within the timelines of alleged activities.

As part of that investigation, we’re taking raw data and transforming it into actionable information; we’re gaining intelligence and preserving/analyzing data from various sources. These include structured data within CRM systems; databases such as accounts receivables, financial statements, general ledger or sales and customer information. They also include unstructured data sources we use every day in the workplace: email, text messaging systems, social media, and business documents (Word, Excel, PowerPoint). Using technology and leveraging our expertise in fraud matters, we collect all this data and piece together the discovery picture in the investigation context.

Editor: Can you please expand on the idea of turning data into actionable information?

Grobbel: This refers to helping clients parse through information in an efficient manner and with the goal of moving the investigation along. We take a consultative approach by utilizing technologies, offering specific fraud expertise to identify the essential data. We then deliver it into the right hands – a forensic accountant, internal auditor, outside counsel or in-house counsel – to help them take action and gain an understanding of the merits of a given matter.

Editor: Please take us through a case study.

Grobbel: In a recent engagement that involved the use of digital forensics analysis, our client was concerned about a recent trend involving the loss of key accounts to a competitor, so they launched an internal investigation and hired outside counsel who, in turn, contacted iDS. The client suspected that intellectual property was lost and that sensitive client information was stolen, so the investigation focused on a small number of employees in the sales and contracting department who had left the company.

We were asked to forensically image the laptops and desktops of these former employees, which were still under the control of the client’s IT systems, and we collected department-specific emails from network servers. Our team of forensic consultants analyzed these evidence sources and determined that a significant number of devices contained files and email activity that were deleted during a specific period of time. We performed a link analysis which, along with further use of forensics tools, helped us to identify deleted spreadsheets, financial information and customer information.

With the help of outside counsel, the client was able to file a lawsuit against the competitor and obtain a favorable settlement. Here, our role consisted of performing the sensible forensics preservation, recovery and analysis of deleted evidence, which we presented in a findings report to counsel.

Editor: In addition to the obvious benefits of engaging qualified fraud experts, what synergies can companies achieve by hiring discovery consultants for fraud investigations?

Grobbel: Fraud experts can assist in developing proactive risk-management strategies and information governance programs. Discovery experts can leverage technologies such as machine learning tools such as text mining, social network analysis, timeline analysis and link analysis to assist the stakeholders – i.e., general counsel, internal audit and compliance – in evaluating the financial conditions and risk of the corporate client.

Often times the discovery consultant is called only after litigation or investigation matter arises, not as part of the proactive risk assessment team. Thus there are synergies to enjoy in placing both experts on the same team in mitigating risk and potential losses – such as reputation, consumer confidence and financial loss.

Editor: Please close our discussion with some thoughts about iDS’s consultative role in broad context. How can our readers learn more?

Grobbel: Serving as a discovery consultant, and not an eDiscovery vendor, our job is to listen and to understand complex issues in their entirety. Our mission is problem solving achieved by paying attention to detail in order to meet our client needs by providing high-level proficiency in forensic, investigative and discovery methodologies. Our consultative approach involves creativity and a customized approach to each matter. As a result, we can break down complex issues into different actionable items and provide work plans and solutions to achieve our clients’ goals, which not incidentally may develop as the matter progresses. I invite your readers to visit our website at http://idiscoverysolutions.com/.

Other Topics: