Internal Investigations as a Business Defense Tool: How to Detect Corporate Fraud?

Volodymyr Adonin, Attorney

Source: The Page

In today’s business environment, where reputation is as vital as financial performance, Ukrainian companies increasingly find themselves at a point where an internal investigation becomes inevitable. For many owners, this is still associated with corporate conflicts or “the search for the guilty.”

However, in the practice of Ilyashev & Partners, we see a different reality: a professional internal investigation is, above all, a tool for asset protection and the retention of individuals who truly share the company’s values.

Forensic as Strategic Risk Management

Today, “forensics” has finally evolved far beyond the classic audit of reports. It is now a form of strategic risk management. During periods of geopolitical instability, it is specifically internal threats—management abuses, hidden schemes, and conflicts of interest – that become the primary cause of capital loss.

Any organization, regardless of its size or field of activity, may face various problems: from petty theft of goods and forgery of documents to serious breaches of corporate ethics, fraud, or conflicts of interest. In such situations, a company must not only react to the incident but also gain a deep understanding of its root causes and consequences.

Why are Internal Investigations Essential for Business?

• Elimination of Systemic “Gaps.” Often, individual cases of violations are just the tip of the iceberg, indicating deeper problems in business processes, controls, or even corporate culture. An investigation helps identify weak spots and develop measures to strengthen them. According to the results of 2026 investigations, average business losses in developing countries amount to 30–50% of annual revenue, while in developed countries, they represent 5–15%.
• Reputational Resilience. A swift reaction to incidents strengthens the trust of regulators, investors, and foreign partners.
• Legal Security. Untimely or improper response to violations can lead to significant financial losses, lawsuits, fines, and other legal consequences. A professional investigation minimizes the risks of lawsuits and fines by creating an evidentiary base to protect the company’s interests.

The most common motive is not external pressure, but an internal conviction of impunity that arises where control exists only “on paper.”

Profile of a Corporate Fraudster

KPMG’s “Global Profiles of the Fraudster” research shows that a modern corporate fraudster is often not an outsider, but a person who enjoys the highest level of trust. Often, these are experienced, respected employees with many years of service who enjoy high trust.

Thus, a typical fraudster is a male aged 36 to 55 (37% of cases) who has been working in the company for over 6 years (65% of cases).

The majority of fraudsters are men (81%), often middle or top managers (30% – top managers, 24% – middle managers), which emphasizes the importance of proper control at all levels of management.

The main motives for fraud are financial gain and greed, opportunism (“because I can”), personal financial difficulties, or the desire to meet planned targets. It is important to note that only a small fraction of fraudsters resort to deception due to a desire to avoid regulatory control or to hinder the company’s activities.

This indicates that the most common motive is not external pressure, but an internal conviction of impunity that arises in an environment with weak controls.

Algorithm for an Effective Internal Investigation

Conducting an internal investigation is a multi-stage process that requires a clear methodology and an impartial approach. Here are the key stages:

• Receipt of a message about a possible violation. This could be an anonymous tip, an employee complaint, or the discovery of financial discrepancies during an audit or monitoring of business processes. It is important to assess the seriousness of the information received regarding a possible violation to determine the expediency of initiating an investigation.
• Formation of a group – depending on the nature of the incident, various specialists may be involved in the investigation (the company’s security service, compliance department, HR representatives, lawyers, financiers, IT specialists). Each participant in the group has clearly defined roles and responsibilities.
• Collection and analysis of information: all relevant documents are analyzed – from contractual documentation and financial reports to internal policies and protocols; correspondence, electronic files, and data from monitoring systems are examined; interviews are conducted with employees who may have information regarding the incident.

It is important to ensure confidentiality and protect those who provide testimony. Depending on the complexity of the case, external experts may be brought in to conduct technical, financial, or other types of expert examinations.

All actions, collected facts, testimonies, and conclusions are recorded in official protocols and reports. This serves as the evidentiary base for making informed decisions.

• Recording and verdict: drafting a final report, based on which decisions are made – from disciplinary actions to the transfer of materials to law enforcement agencies.

Cases are not uncommon where a company’s internal security service is in collusion with a corporate fraudster or successfully creates an illusion of control for the owner or manager. Therefore, ideally, businesses can be offered periodic, for example, annual audits by external consultants.

Tips for Conducting an Internal Investigation in a Company

The effectiveness of an internal investigation directly depends on compliance with certain principles.

Principle of Impartiality and Objectivity. Involve employees from different departments in the investigation to avoid conflicts of interest. In complex cases, consider the possibility of involving external consultants.

Principle of Transparency. Clearly define internal policies regarding the conduct of investigations, and provide employees with information on where and how they can report violations.

Principle of Confidentiality. Limit access to information only to those directly involved in the investigation; use secure systems for data storage.

Principle of Proportionality. Applied measures must correspond to the severity of the violation. For a minor procedural violation, it may be sufficient to conduct an explanatory conversation and additional training, rather than immediate dismissal or a report to law enforcement.

Principle of “Do No Harm.” Hasty and unfounded actions can harm not only individual employees but also the reputation of the company as a whole, leading to lawsuits and financial losses. Therefore, before making any decisions, carefully evaluate potential consequences and risks.

Cooperation between external consultants and the security service. These two “structures” should work in close interaction, using common monitoring technologies, digital platforms for data collection and analysis, as well as coordinated investigation protocols.

In general, the following business tips can be highlighted:

• develop detailed policies and procedures regulating the order of investigations, distribution of roles, responsibilities, and mechanisms of interaction between different units (compliance, security, HR, legal department);
• use modern business process monitoring systems, tools for data analysis, and tracking anomalies. This speeds up the process of detecting violations and increases the accuracy of analysis;
• develop soft skills in specialists involved in investigations – from ethical awareness and communication skills in sensitive situations to a deep understanding of the law. This includes training in detecting signs of fraud and familiarity with typical schemes;
• clearly define who cannot participate in the investigation if they have personal relationships with its participants, and involve independent specialists to verify critical moments in the investigation. This could be an external lawyer or auditor;
• regularly check the effectiveness of internal investigations using case-based training or external audits;
• in complex cases that may have legal consequences or require high objectivity, turn to law firms or forensic experts specializing in internal investigations. This helps to avoid mistakes, build the process with maximum legal precision, and protect the company’s interests.

Summarizing the above, internal investigations are not just a tool for reacting to problems, but an important component of a company’s managerial maturity. They allow not only for the detection of violations but also for the formation of a culture of transparency, responsibility, and preventive thinking. This, in turn, strengthens the organization’s resilience to internal threats, increases stakeholder trust, and contributes to the long-term success of the business.