You’re probably thinking that this blog doesn’t apply to you.  After all, we hire IT guys to keep our systems running, and they have everything under control.  And internal controls are a vague business concept that the accountants have mastered, right?!

Wrong.  If you aren’t aware of your company’s internal controls, they are probably lacking, and you’re setting yourself up for loss.  Employee theft of assets, financial records, proprietary documents and client confidential information are real concerns that face real companies.   

Today, we’re going to talk about a specific type of internal control: terminated employees.  When an employee takes another position or is terminated for any reason, there is a serious risk that the employee could take proprietary information with them.  Basic devices and software coupled with access to your network and servers make their departing theft a piece of cake if appropriate controls aren’t implemented. 

There are many enticing reasons for a departing employee to consider taking confidential information:

  • Perhaps she is starting her own company and is in need of legal documents to start and run it.
  • Maybe she would like to take your customers with her, and could use their contact information and past documents.
  • What if she knows the high price tag competitors would pay for the company’s guarded secrets?

Information is a highly valuable asset that must be protected.  Owners and HR directors (not just accountants) must understand and implement appropriate controls leading up to and throughout the termination of an employee.  Immediately upon the employee’s departure, companies should engage a professional computer forensic technician to examine the employee’s personal computer to verify that information has not been compromised.

Case Study:

A large client in the medical industry contacted us with concerns about declining profits and customers migrating to an unknown competitor.   They thought a former employee had something to do with the turn of events, but needed to be able to prove it to have any legal recourse.  We were engaged to evaluate internal controls and perform computer forensic examination to locate evidence. 

Our client was fortunate.  While it took several months before they contacted us, our computer forensics team was only able to prove the former employee’s theft of company information because the employee’s laptop had not been assigned to another employee.  Our experts were able to see exactly what the employee was up to on her last days with the company.  We could document that she installed and ran clean-up software on her computer, and prove that she brazenly came in after hours and took every last client document, financial record, and proprietary company file home with her on an external drive by making a copy of the company server. 

Any number of internal controls could have prevented or lessened the damage of one single departing employee, but instead, our client will rely on the legal system to remedy its financial distress and exposure to the risk of compromised confidential information.

Industry Best Practice:  

First and foremost, research and implement controls to prevent terminated employees from wreaking havoc on your system. 

Second, immediately quarantine every departing employee’s computer, and contact a forensic specialist to clue you in on any unusual activity prior to their departure.  Whether it is time spent on websites in violation of company policy, emails to outsiders, or theft of information, it is in your best interest to gain confidence that your exiting employee will not come back to haunt you.

Michael Hathaway and Jennifer Hathaway

Michael & Jennifer Hathaway
Certified Fraud & Forensic Investigations