Featured Article

Case management software: The key to optimal investigative teamwork, part two

Please sign in to save this to your favorites.
Written by: Robert Tie, CFE
Date: September 1, 2013
read time: 16 mins
Fraud Investigation and Examination Technology

This is the second article in a two-part series that provides an overview of case management software, which helps fraud examiners manage their workloads and digital information. The series includes basic information on 15 products in this genre. Part 1 introduced three members of the ACFE faculty, who offered strategic and tactical tips on selecting and using a CMS. Separately, the first article presented brief descriptions of products that seven software vendors offer. Part 2 presents further commentary by these CFEs and separate descriptions of CMSs that eight additional vendors produce.

In the fraud examination profession, case management consists of two complementary but different types of activity:

  • Reactive tasks pertain to the investigation of alleged or confirmed fraud.
  • Proactive activities relate to the identification of trends in fraud, its perpetrators and victims.

Numerous case management systems are available to help fraud examiners perform these functions better and more easily. Some specialize in reactive functions, while others focus on proactive tasks; several do both. However, because of space limitations, this series discusses only case management systems that perform reactive, investigation-related functions. For the same reason, the series doesn’t provide pricing information for any of the systems it covers.

Disclaimer — This two-part series is a product of the author’s good-faith efforts to provide an unbiased overview of case management systems for fraud examiners. Neither the coverage nor any gaps in its scope and depth necessarily reflect the author’s views or those of the Association of Certified Fraud Examiners. (Also, the ACFE, its executives, Board of Regents and employees don’t necessarily endorse these products.) The software program descriptions in this series are based on material the vendors provided. Because neither the author nor the ACFE tested these products, neither he nor it provides any explicit or implied warranty of the accuracy and completeness of the product descriptions in either article in this series.

In part 1, three CMS-savvy CFEs explained what functionality to seek — and deficiencies to notice and avoid — when selecting a CMS for your team. Those practitioners, in this concluding article, present additional criteria for choosing the CMS that best meets your team’s needs. They also clarify how to configure your CMS for maximum efficiency, safeguard its sensitive information and satisfy important legal and regulatory requirements.

FOR YOUR EYES ONLY

“Inside your CMS is the organization’s most confidential information,” says Ryan Hubbs, CFE, forensic audit manager at Halliburton in Houston, Texas, and a member of the ACFE faculty.

So it goes without saying that a CMS must be secure. But how do you know whether yours is?

 jim-butterworth-80x80 
Jim Butterworth, CFE
Chief Security Officer,
HBGary Inc. 
 ryan-hubbs-80x80 
Ryan Hubbs,
CFE, CCSA, CIA
Forensic Audit Manager,
Halliburton
 
 leah-lane-80x80 
Leah Lane, CFE
Global Investigations
Manager,
Texas Instruments 

“Some investigators mistakenly assume their CMS and its data are safe simply because they reside on the company network,” Hubbs says. “But that’s a risky assumption to make. If overall system security isn’t up to snuff, an intruder or disgruntled employee could break into your CMS and steal, change or delete important information. The employees and managers entrusted with conducting sensitive investigations have to take primary responsibility for safeguarding the CMS instead of assuming IT will take care of that.”

Investigators needn’t become systems security experts, Hubbs says. But they should familiarize themselves with CMS characteristics, functionality and installation options well enough to make informed choices when choosing a CMS and deciding how they want the vendor and/or IT to set up and configure it.

“You’ll live with the consequences of those choices, so don’t rush through them,” says Jim Butterworth, CFE, chief security officer at HBGary, Inc., a cyber-security consultancy in Sacramento, Calif., and a member of the ACFE faculty.

It’s likely that choosing sometimes won’t be easy. You might, for example, come across an application that has all the features you want but runs only in stand-alone mode on individual computers. Such a CMS might seem to meet your requirements — until you want to collaborate with a colleague.

“Say you’re investigating a series of inventory thefts and have infrared camera footage you want a video analyst to eyeball,” Butterworth says. “If that evidence is stored in a stand-alone CMS, you’ll have to install that app and load the video on the specialist’s PC before he can perform the analysis you need. Imagine doing that with every additional colleague you might want to bring into this or any other case.”

You’ll be better off, Butterworth says, if you can find a CMS that has the analytical, reporting and other features you want and makes it easy to share them securely with other investigators and analysts.

“With a Web-centric CMS, nothing is installed on your PC,” he notes. “Instead, you log onto a Web portal that supports multiple simultaneous CMS log-ins to accommodate the entire investigative team and anyone its members collaborate with. You also could install a CMS on your intranet or corporate network. But if you have a global workforce, putting it on your Web server would increase its potential availability to colleagues, no matter where they are. Either way, a CMS in a central location — on the Web or on a company network — is easier to maintain, to secure and to share.”

For example, if you had a Web-based CMS instead of a stand-alone, you could simply have your CMS administrator create a secure, temporary account for the video analyst. You’d then email the analyst a Web link to the CMS along with log-in credentials that — for a given period — enable him or her to view the video and provide interpretive commentary but not do anything else.

“It’s safe, precise and easy to manage,” Butterworth says. “Getting those issues under control lets you focus more on your primary objective — nailing that inventory thief.”

NEED-TO-KNOW BASIS

“It’d better be good,” says Leah Lane, CFE, global investigations manager at Texas Instruments in Dallas, Texas.

She’s talking about any reason why you might grant CMS access to someone not on your investigation team. “Information on potential, pending or closed cases is highly confidential,” Lane explains. “Of course, numerous investigations make it necessary to seek assistance from other parts of the organization. So make sure you pick a CMS that lets you modify user rights in a variety of ways. Then you’ll be able to maintain security while granting non-investigators only as much access as they need to provide what you want.”

The administrator of a flexible CMS can limit access according to, for example, a user’s identity, physical location, job description or business unit, Lane says. Or the administrator instead can control access to a particular system function, data storage location or investigation. Less robust systems might fall short in this respect, perhaps forcing an administrator to grant more or less access than good security or the task at hand might require. To illustrate, Lane describes a hypothetical but typical situation when full administrative flexibility is essential.

In her example, Lane is the administrator of a versatile CMS that enables her to assign an “access level” to everyone permitted to use the system. The CMS also permits Lane to assign an access level to each case.

The access levels range from 1 (the narrowest) to 5 (the broadest) and include the ability to see what other users at or below — but not above — your level see or do in the CMS. Thus, a 1 can see only what other 1’s see and do, while a 5 can see everything. Senior investigators are 5, mid-level investigators are 4 and auditors, analysts and other professionals are 3. All other personnel with potential CMS access, such as security guards, are 2 and 1.

“Assume further that I’m a senior investigator based in the U.S. and that I get an anonymous tip that a certain employee is falsifying his travel and expense reports,” Lane says. “So I open a fraud investigation on this individual, who frequently travels from the U.S. to Korea on company business. When I import his expense reports into the CMS and examine them, I’m not surprised to see that most of the documentation consists of receipts written in Korean, which I can’t read. I therefore consult a colleague, an internal auditor in Seoul, who’s fluent in that language and can translate the receipts so I can determine whether they support the subject’s claimed expenses. At this point, I have to decide exactly how I’ll grant the internal auditor access to that information in the CMS.”

Lane has two options. She can control viewing of the receipts by changing the access level needed to view the case they relate to or by changing the internal auditor’s access level. Because the tip alleged a significant fraud, Lane had made the case a 5, to which only her senior investigators have access. Therefore, Lane must choose between lowering the receipts from 5 to 3 or raising the auditor from 3 to 5.

“The choice is easy, if you think about it,” Lane says. “Lowering the access level on the case is more precise and targeted than changing the auditor’s access level. It would be dangerous and unnecessary to raise the auditor to a 5. That would give him access to all our cases, undermine security and give the auditor more access than he needs to do what I asked of him. The safe and prudent choice would be to temporarily lower the case to 3. That would enable the auditor to see and translate them for me. And when he was done, I’d change the case back to 5, ending his access to them. Standard security levels would then resume, permitting only me and my senior investigators to see this and all our other cases. Make sure the CMS you select has this kind of flexibility; you’ll need it.”

ANTICIPATE AND PREPARE

Vendor and product information chart“A good CMS will enable you to establish and maintain a balance among too many access restrictions and too few,” Hubbs says. “As part of your needs assessment for the CMS, you’ll have to determine how many people and which departments will use the system, now and in the foreseeable future. They won’t all have the same roles and needs, so you’ll want to fine-tune their access rights.”
 
Hubbs therefore recommends choosing a CMS that lets you assign several levels of viewing, editing and reporting capability. Investigations routinely involve multiple participants, including subject matter experts from non-investigative units, who often work on only narrow aspects of a case. You might want to give such individuals the ability to upload information about particular cases into the CMS, he says, but not to see or modify cases that don’t pertain to them.
 
“Anticipate and prepare for surprises,” Hubbs says. “Suppose, for instance, that one of your senior investigators is the friend of a former employee the company terminated for cause.”
 
In Hubbs’ example, the investigator, to give his friend the advantage in a wrongful discharge suit, accesses CMS records containing key evidence of the former employee’s wrongdoing and either deletes it or divulges the details to his friend, who uses that information to refine and strengthen his suit against the company.
 
“You can’t completely eliminate the risk of such acts,” Hubbs says. “But you can detect and deter them by permitting only an administrator or specially designated user to change or delete CMS data and by ensuring that a CMS activity log records every action by every user, even if it’s nothing more than viewing information. Be sure to choose a CMS with these capabilities and make full use of them.”
 
Hubbs also believes it’s wise to link the CMS to the organization’s HR system. If an investigator transfers to a non-investigative unit or leaves the company, his or her access should be automatically reduced or eliminated as appropriate when the HR system notifies the CMS of the investigator’s new employment status.
 
“Last, but certainly not least, schedule regularly recurring audits of the CMS administrator position,” Hubbs advises. “Find out who conducts the audit and pay close attention to its findings. They can provide a valuable alternative perspective on how well your CMS is managed and performs.”
 
BE PRUDENT
 
“Organizations about to buy a CMS should think carefully when drawing up and prioritizing their wish lists,” Butterworth says. “It would be nice, for example, to have your legacy data moved into the new system. But that cost might prevent you from getting something else you need even more. So divide your list into ‘must-haves’ and ‘nice-to-haves’ before you finalize anything with the vendor.”
 
PLANNING FOR EMERGENCIES
 
Hubbs strongly recommends having a contingency plan in case something goes wrong after the vendor installs your new CMS.
 
“What if it crashes during litigation?” he asks. “Your investigations and interviews can’t wait while a lethargic vendor gets its act together. So before you buy, carefully examine the sales contract’s provisions for vendor emergency assistance if such problems arise. Be sure you understand what priority the vendor will give to supporting you and fixing the problem and what kind of additional charges might be involved in quickly getting your CMS up and running again.”
 
NEGOTIATING WITH VENDORS
 
“Most clients expect to meet with a vendor several times before deciding whether to buy,” Hubbs says. “But few think to insist on at least one meeting without the vendor’s sales staff. It’s a good way to ensure that all your concerns are addressed and not deflected by smooth talkers.”
 
So schedule a meeting between the vendor’s software developers and your investigators and anyone else who will use the CMS day in and day out, he advises.
 
LOOK BEFORE YOU LEAP
 
“CMS buyers should adopt what amounts to a KYV (Know Your Vendor) program,” Butterworth says. “Perform thorough due diligence, just as you advise your own clients to do.”
 
Butterworth notes, however, that many reputable software companies are relatively new to the market. Nevertheless, he says, they should have stable financials, a sterling reputation, be willing to customize their product to meet your needs and want a long-term relationship with your organization.
 
“Don’t skimp on vendor due diligence,” he says. “It’s well worth the expense and effort.”
 
Robert Tie, CFE, CFP, is a contributing editor at Fraud Magazine and a New York business writer. 
 
List of CMS systems

Vendor
LexisNexis

CMS
CaseMap

What You Need to Know
CaseMap is available in two versions: stand-alone and client-server for use on local area networks (LANs, which serve one location, such as an office) or wide-area networks (WANs, which connect multiple locations).

Both versions require the installation of program files on each user’s PC. The entire stand-alone version resides on the user’s PC and doesn’t communicate with other CaseMap users. The client-server network version consists of program files on each user’s PC (the client) and also on the LAN or WAN server; it allows users to simultaneously share files and collaborate and requires installation of Microsoft SQL Server.

The CaseMap Software Suite comprises CaseMap fact- and issue-management software; TextMap transcript management software; TimeMap, a timeline graphing tool, and NoteMap, an outlining tool. These modules enable you to capture and organize information about people, facts, documents, issues and laws, assemble witness lists, master fact chronologies and document indexes, deposition summaries and other key material. Through these features,CaseMap facilitates early assessments that help highlight your case’s strengths and weaknesses.

Vendor
NAVEXGlobal

CMS
EthicsPoint Case Management

What You Need to Know
EthicsPoint Case Management is a web-based, investigation-tracking application whose developers have striven to make its workflows and processes easily linkable to other EthicsPoint modules and client corporate systems.

The CMS enables investigators to search, analyze and view their cases in various formats, such as a quickly customizable “drag-and-drop” tabular interface, by priority, resolution status, investigator and other criteria.

Large and multinational organizations will want to consider EthicsPoint’s optional
add-ons. One, the Data Privacy module, includes a country-specific database of data privacy regulations in various jurisdictions. This makes it easier to ensure you maintain CMS data at each locality’s required level of confidentiality, while freeing investigators to concentrate on solving cases. Another, a web-services application program interface (API), facilitates integration of the CMS with HR databases, ethics hotlines and other enterprise systems for easier data exchange and synchronization.

Vendor
NICE Actimize

CMS
Enterprise Risk Case Manager

What You Need to Know
Users of this CMS, many of whom are financial institutions, can have either Actimize or a third-party system integrator install it on their servers, which enables investigators and their colleagues to share information across the enterprise.

This CMS — based on its analysis of information about customers, accounts, employees and products — reduces the investigative workload by producing fewer, higher-quality alerts. Built-in auditing, archiving and export capabilities help manage risk and support data retention policies.

The Visual Link Analysis tool graphically represents entity relationship networks and their corresponding transactions, which allows investigators to more effectively identify risks among customers, accounts, beneficiaries and devices. Ad-hoc querying of transactions and unstructured data from any accessible source fosters accurate results, rapid responses to time-sensitive investigations and uncovers relationships among multiple parties. The Detection and Research Tool supports investigations with interactive research, which provides immediate feedback on suspicious entities. 
Vendor
PPM 2000

CMS
Perspective

What You Need to Know
Licensing for Perspective is available in three forms. Clients can buy the CMS and set it up on their own server, subscribe to the CMS as a service they access from PPM 2000’s server, or buy the CMS and access it on PPM 2000’s server.

The design reflects PPM 2000’s efforts to make it easy to learn and use. When launched, Perspective opens to the Dashboard screen, whose graphs present various statistical analyses of the CMS’s current case inventory, along with a tally of each investigator’s assignments and their status.

The CMS offers multiple configuration options, which enable administrators to fine tune access for a variety of user types and their respective roles in investigations.
Several optional add-ons are available, including a module for mobile devices, which allows investigators in the field to add information to the CMS or query it in real-time. Another optional add-on module transforms data into visual elements for easier analysis and interpretation. 
Vendor
Trinus Technologies

CMS
eSolve

What You Need to Know
eSolve is available as 1) a stand-alone application installed on a laptop, desktop or tablet with no connection to other users; 2) a client-server application installed on a server on your organization’s network so multiple users can access it; and 3) hosted on Trinus Technologies’ secure servers for access by multiple users anywhere an Internet connection is available.

If you prefer to have the CMS reside on your system, you can obtain the installation files and instructions from Trinus Technologies or engage it to perform the installation.
You can use eSolve to categorize and link all aspects of each case by person, organization, physical or online location, communication mode, transportation mode, physical object, concept and activity.

Its management reports track individual investigator efforts by case type, priority, status and other criteria and analyze key data relationships in any investigation. And a mapping tool plots events and subject movements by date, time and location to highlight temporal and geographical relationships. 
 
Vendor
Vantos

CMS
V-Flex Investigation Lifecycle Management

What You Need to Know
You can access V-Flex over the web as a subscription service from Vantos or, if you prefer to keep CMS data on your own servers, Vantos or your IT staff — with Vantos’ guidance — can install the CMS there.

V-Flex lets you monitor the progress of investigations, direct tasks and quickly deploy people, resources and processes. For all types of investigations, V-Flex provides workflow templates that you can customize as your processes and procedures evolve. Collaborative task and work queues engage appropriate staff in each investigation, and “playbooks” capture essential practices that any team member can follow to conduct investigations in a consistent, auditable and defensible manner.

Data acquisition tools capture information and evidence in any data type, including media files, and internal and external reporting templates make it easy to map data elements into report formats. An Evidence Locker preserves the chain of custody for all the information you gather in an investigation. A related Vantos application, Infosec Incident Response, facilitates the timely escalation of incidents for investigation. 
 
Vendor
Virtual Advantage

CMS
Scout

What You Need to Know
Virtual Advantage offers Scout as a subscription service that it hosts on third-party web servers. Alternatively, Virtual Advantage can install Scout on your organization’s server for considerably higher maintenance and support fees.

Scout’s flexibility enables it to meet the needs of investigators in corporations, financial institutions, private investigation firms and government agencies, including law enforcement.

Scout helps you manage and expedite investigations of all matters, from whistleblower allegations to internal fraud charges, threats to brand and intellectual property, counterfeiting and more.

Scout also gives you the option of customizing its data entry forms to capture whatever investigative information you need.

Its ability to integrate with the organization’s corporate systems relieves you of having to rekey data into the CMS when other company units refer cases to your investigators. And Scout’s access controls enforce data security while helping managers, investigators and auditors communicate and collaborate.
 
Vendor
Xanalys

CMS
PowerCase and Xanalys Incident Management

What You Need to Know
PowerCase resides on your server. Xanalys typically doesn’t perform the installation, but it can assist your IT staff when necessary.

PowerCase manages all aspects of your team’s activities during an investigation from the initial report of an incident to assigning staff to investigate it to assembling a brief for presentation of your completed case in court. It integrates with Xanalys Link Explorer, which creates visual representations of large datasets so you can more clearly communicate your findings.

PowerCase automatically compares information from new cases with prior history to detect and highlight any commonalities or associations for your review, and its document workflow helps ensure that you examine all available evidence.

PowerCase’s range of search features give you access to all facets of the investigative data, and the CMS automatically generates its own audit trail. 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.  

Ad

Begin Your Free 30-Day Trial

Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.

Learn More Already a member? Sign In

You May Also Like