Forensic Investigation Textbook

Open Rubric
CONTENTS I
PREFACE ____________________________________________________________ ii
INTRODUCTION _____________________________________________________ iv
LEARNING UNIT 1: ____________________________________________________ 1
FINANCIAL TRANSACTIONS AND FRAUD SCHEMES ____________________________________________ 1

SECTION 1: ACCOUNTING CONCEPTS _____________________________________________________________ 1
SECTION 2: FINANCIAL STATEMENTS ______________________________________________________________ 8
SECTION 3: FINANCIAL STATEMENT FRAUD _______________________________________________________ 13
SECTION 4: FRAUD RISK GOVERNANCE ___________________________________________________________ 18
LEARNING UNIT 2: ___________________________________________________ 25
THEORY ON CORRUPTION AND FRAUD ____________________________________________________ 25

SECTION 1: FRAUD ___________________________________________________________________________ 25
SECTION 2: CORRUPTION ______________________________________________________________________ 55
LEARNING UNIT 3: ___________________________________________________ 91
CREDIT CARD AND CHEQUE FRAUD _______________________________________________________ 91

SECTION 1: CREDIT CARD FRAUD ________________________________________________________________ 91
SECTION 2: CHEQUE FRAUD ___________________________________________________________________ 101
LEARNING UNIT 4: __________________________________________________ 111
OVERVIEW OF THE LEGAL SYSTEM _______________________________________________________ 111

SECTION 1: CRIMINAL AND CIVIL LEGAL SYSTEM __________________________________________________ 111
SECTION 2: BASIC PRINCIPLES OF EVIDENCE ______________________________________________________ 141
LEARNING UNIT 5: __________________________________________________ 157
LEGAL TESTIMONY AND INVESTIGATION PROCESS __________________________________________ 157

SECTION 1: TESTIMONIAL EVIDENCE ___________________________________________________________ 157
SECTION 2: PLANNING AND CONDUCTING AN INVESTIGATION ______________________________________ 184
i
PREFACE
The functions of the public and corporate forensic investigator or examiner are part of an
honourable profession. Like police officials, forensic and corporate investigators serve and
protect. But unlike police officials, they are more involved in people’s personal lives and in
the internal operations within public and private institutions.
Without forensic investigators, society would be weaker and more susceptible to crimes,
transgressions, and irregularities. Due to the specialised nature of forensic investigations
and number of criminal cases, transgressions or irregularities that are reported lately,
forensic investigators and examiners cannot deal with this aspect of forensic investigation
and need proper training to be public and corporate forensic investigators. This suggests
that not every person can be mandated to investigate. Therefore, supervisors in the field of
forensic investigation mandate this important function to qualified forensic investigators. The
skills and knowledge needed to investigate selected crimes, transgressions or irregularities
in an organisation or company will be the emphasis of this module.
Investigation of Selected Crimes and Transgressions: Module A (FOR3703) is aimed at

those who are responsible for investigating selected crimes, transgressions, or irregularities
on a full-time basis, as well as supervisors and managers who oversee the processes of
forensic investigation.
There is an unacceptably high level of economic crimes, transgressions, or irregularities,

with devastating financial losses in the business and public sector. Therefore, there is a
need for forensic investigators and examiners to apply effective strategies for managing
crime risks to maintain the required standard. Corporate forensic investigators should assist
the South African Police Service as the arm of investigation to cope with extremely high
numbers of serious criminal investigations.
The one main strategy that the public and corporate sector must apply is to build a strong
forensic investigative capacity that investigates economic crimes, transgressions or
irregularities related to financial losses to recover the losses and prosecute transgressors.
ii
After you have worked through this module, you should be able to conduct investigations of
crimes, transgressions, and irregularities in corporate and public entities. However, this
module cannot turn you into a competent forensic investigator; it should rather be considered
as a means to an end.
This module is not fully inclusive and needs to be complemented by additional reading,
coupled with practical experience and ongoing study which you may gain in the workplace.
We trust that you will find this module interesting, informative, and practically relevant to
your task as a corporate investigator, supervisor, or manager. By mastering the knowledge
and skills set out in this module, you will be able to add value to your corporation, assist
SAPS in its task and contribute to a more secure society.
Your lecturer and the team in the Department of Police Practice at Unisa wish you all the
best with your successful completion of this module.
iii
INTRODUCTION
Welcome to the Investigation of Selected Crimes and Transgressions: Module A
(FOR3703). The module is presented by the Department of Police Practice, School of
Criminal Justice, College of Law at Unisa, and was developed in 2016 for the programme
Bachelor’s Degree of Forensic Science and Technology.
The principles of outcomes-based assessment in higher education and open and distance
learning were used as the foundation to develop this module. At third-year level the idea is
to create an opportunity for critical thinking where you can reflect on your own views. This
will ensure that we cater to your specific needs by applying adult learning principles.
Complete each activity and reflect on your own viewpoints as well as your personal,
functional and occupational experiences in the field of corporate investigation in your
assignment and during the examination. This will enable you to assess your ability to
integrate theory and practice. Before you start this study guide, please read the assessment
plan for this module, which will serve as orientation and will also prepare you for your
assessment.
All the questions asked in the assignments and in the examination are based on information
in the study guide and questions asked under Discussions in the navigation pane on the
left-hand side of your screen. Because this is an online module, you are required to use
myUnisa to access the discussion forums so that you can do the self-reflective and self-
assessment activities for this course. You will need to visit the module-specific web pages
for FOR3703 on myUnisa regularly.
An online module means that study material will be available only on the myUnisa and
myExams platforms (tutorial letters, etc.). Go to https://my.unisa.ac.za and sign in using your
student number and password. You will see the module web page FOR3703-2023-S1 or
FOR3703-2023-S2 in the list of modules in the orange blocks arranged across the top of the
web page. Remember to check under the More tab if you can’t see your module in one of
the orange blocks. Click on the module you want to open.
iv
It is extremely important that you register on myUnisa and myExams to access the module
page regularly. You must be registered on myUnisa to access the module information and
various learning resources, to submit your assignments, “chat” to your lecturer or teaching
assistant – as well as your fellow students about your studies. As a registered Unisa student,
you must access the myUnisa portal from which you can access various online resources
that will be of help with your studies. The portal will give you the opportunity to discuss any
challenges that you are experiencing and allows you to take part in online discussion forums.
Please consult the Study @ Unisa publication for further information on how to activate your
myLife email address and access the myUnisa module site. Tutorial Letter 101 contains
important information on the work plan, resources and assignments for this module. This
tutorial letter also contains your assignments for the semester as well as instructions for their
preparation and submission.
I have also included some general and administrative information about this module in
Tutorial Letter 101. Study this part of the tutorial letter carefully. I must point out right from
the start that you must immediately and carefully read every tutorial letter that you receive
and that is available online.
LEARNING OUTCOMES
After completing this module, you should be able to

• apply well-rounded and systematic knowledge in forensic investigation specialising
in the investigation of selected crimes, transgressions or irregularities
• conduct post-investigation risk assessment to identify the source of the risk exposure
and mitigate the risk in each investigation scenario
• identify and address non-compliance in the public and corporate investigation
environment to facilitate the recovery of losses
• apply multi-disciplinary approaches through effective investigations in the private and
public investigation environment to prevent a recurrence of risk
PRESCRIBED MATERIAL FOR THIS MODULE
There are no prescribed manuals or textbooks for this module.
v
vi
LEARNING UNIT 1:
FINANCIAL
TRANSACTIONS AND
FRAUD SCHEMES
SECTION 1: ACCOUNTING CONCEPTS
After completing this section of the learning unit, you should be able
to
• explain basic accounting concepts that are used by forensic

Key learning investigators and examiners in investigating economic/financial
outcomes crime
• discuss the purposes of financial statements and goals because
they are often the vehicle through which economic crimes and
transgressions are committed
1.1.1 INTRODUCTION TO FINANCIAL TRANSACTIONS AND

FRAUD SCHEMES
The acts of economic crimes, transgressions and irregularities are usually of a
financial nature. The investigation of public and corporate corruption and fraud
cases is a priority in the South African Police Service (SAPS) Commercial Crime
Unit as well as auditing firms. As a result, it is essential for forensic investigators
and examiners to know and understand the forensic accounting concepts for the
proper investigation of fraudulent offences. In addition, economic crime
1
investigators must have knowledge of financial terminology and accounting
theory.
The purpose of this learning unit is to introduce you to some fundamental

concepts that will show you how money moves through an organisation and how
financial transactions are recorded. It is important to note that although we refer
to “public and corporate entities”, much of the discussion also applies to non-
profit organisations, governmental bodies and other entities.
1.1.2 BASIC FORENSIC ACCOUNTING CONCEPTS

While financial fraud includes the increasing problem of identity theft and other
non-traditional crimes, our focus here is on the use of accounting systems and
circumventing controls to achieve financial gain. No forensic investigation can be
undertaken without some knowledge of accounting principles. Currently, there is
media coverage of recent events involving fraudulent crimes and the
manipulation of financial results. The financial crimes were perpetrated in public
and corporate entities, as evidenced by the South African Auditor Reports. These
crimes include fraudulent disbursements, where funds are disbursed through
false invoices and forging company cheques; skimming, where cash as well as
payments are stolen before they are recorded; and cash larceny, where cash and
payments are stolen after they are recorded. If you are not responsible for
investigating a company’s books and records yourself, you may need to know
how an accounting system works to understand their language.
In response to the growing importance of accounting investigative skills within

law enforcement agencies, the South African government established the
Directorate of Special Operations (DSO), commonly known as the Scorpions. It
was a specialised unit of the National Prosecuting Authority (NPA) of South
Africa, tasked with investigating and prosecuting high-level and priority crimes
including organised crime and corruption. It was disbanded in 2008. The Hawks,
which is the popular name for South Africa’s Directorate for Priority Crime
Investigation (DPCI), was established in 2008 to fight, prevent and investigate
national priority crimes, including commercial crimes and corruption. Both public
and corporate forensic investigators for the DPCI and audit firms require
2
knowledge of forensic accounting to be able to prevent and investigate national
priority crimes as well as corruption and commercial crimes.
Therefore, accounting investigative skills within law enforcement agencies are

essential for forensic investigators in public and corporate entities. Basic
accounting concepts refer to the basic assumptions, rules and principles which
work as the basis of recording public and private transactions to prepare their
financial accounts. These concepts maintain uniformity and consistency in
preparing and maintaining books of accounts, as well as certain rules and
principles to be used in public and corporate sectors. They explain how public
and corporate entities record, organise and report their transactions to regulators
and other relevant parties. They help to translate the workings of public and
corporate sectors’ reports for the process of tracking assets, liabilities, expenses,
income and equity. Basic knowledge of accounting is important to understand the
financial environment to ensure that economic crimes are investigated
accurately.
Scott (2022) describes accounting as a process of consolidating financial

information to make it clear and understandable for
all stakeholders and shareholders. The main goal of accounting is to record and
report a company’s financial transactions, financial performance, and cash flows.
The three components of accounting systems are identification, measurement,
and financial reporting. These three basic elements of all accounting systems
support a standardised framework for recording and conveying information:
• Record keeping: The system of record keeping of financial transactions

requires the use of a standard set of accounting policies, practices and
procedures. It is concerned with recording transactions in an orderly way,
soon after their occurrence, in proper books of accounts.
• Tracking of financial transactions: In the public and private sectors,
various transactions are entered, and the collection and analysing of each
transaction need separate accounting procedures.
• Financial reporting: Several reporting frameworks, most notably Generally
Accepted Accounting Principles (GAAP), International Financial Reporting
Standards (IFRS), etc., mandate a specific way in which the financial
3
transactions of an organisation must be reported and aggregated in the
financial statements. This results in the preparation of the statement of profit
and loss (income statement), statement of financial position (balance
sheet), statement of cash flows, along with the supporting disclosures.
1.1.3 FORENSIC BASIC ACCOUNTING EQUATION AND THE

DOUBLE-ENTRY SYSTEM
The basic accounting equation is simply the statement of financial position
(balance sheet) of an entity. The statement of financial position represents the
financial health of the entity at a point in time, usually at the end of the financial
year, but it can also be used at the end of the quarter or half-year. This data is
measured and recorded by keeping a balance of the accounting equation. The
accounting equation, as shown below, is the basis for all double-entry accounting:
Assets = Liabilities + Owner’s Equity
• Assets consist of the net resources owned by an entity. Examples of assets

include cash, receivables, inventory, property and equipment, as well as
intangible items of value such as patents, licences and trademarks. To
qualify as an asset, an item must be owned by the entity and provide future
economic benefit by generating cash inflows or decreasing cash outflows.
• Liabilities are the obligations of an entity or outsider’s claims against a
company’s assets. Liabilities usually arise from the acquisition of assets or
the incurring of operational expenses. Examples of liabilities include
accounts payable, notes payable, interest payable and long-term debt.
• Owner’s equity represents the investment of a company’s owners plus
accumulated profits (revenue less expenses). Owner’s equity is equal to
assets minus liabilities.
This equation has been the cornerstone of accounting since Luca Piccioli
developed it in 1494. Balance is the key to this equation. If a company borrows
from a bank, cash (an asset) and notes payable (a liability) increase to show the
4
receipt of cash and an obligation owed by the company. Since both assets and
liabilities increase by the same amount, the equation stays in balance.
1.1.4 FORENSIC ACCOUNTING RULES FOR RECORDING

TRANSACTIONS
Now that we have explained the accounting equation and the double-entry
system, you need to remember and apply the following accounting rules:
• The principle of double entry is that each transaction debit has a

corresponding credit.
• The accounting equation is always in balance, regardless of the nature of
the financial transaction.
• Transactions are recorded/recognised in accordance with the accounting
policies derived from the reporting framework.
• Transactions are categorised in accordance with the Standard Chart of
Accounts and coding structures in the Basic Accounting System or the
relevant accounting system used.
• All account balances should agree to supporting documentation and/or sub-
systems and any differences should be reconciled.
1.1.5 FORENSIC ACCOUNTS AND THE ACCOUNTING CYCLE

The major components of the accounting equation consist of numerous detail
accounts. An account is nothing more than a specific accounting record that
provides an efficient way to categorise similar transactions. All transactions are
recorded in accounts that are categorised as asset accounts, liability accounts,
owner’s equity accounts, revenue accounts and expense accounts. There are
different formats of accounts. The simplest format is a large letter T, often referred
to as a T account. The accounting equation, in the form of T accounts, looks like
this:
5
Figure 1: T accounts
The entries on the left side of an account are debits (dr), and entries on the right
side of an account are credits (cr). Debits increase asset and expense accounts,
whereas credits decrease them. Conversely, credits increase liability, owner’s
equity and revenue accounts; debits decrease them. Every transaction recorded
in the accounting records has both a debit and a credit – therefore we call it
double-entry accounting. The debit side of an entry always equals the credit side
so that the accounting equation remains in balance.
Fraud investigation often requires an understanding of the debit and credit

process. For example, a fraud examiner who is investigating the disappearance
of R5 000 in cash finds a debit in the legal expense account and a corresponding
credit in the cash account for R5 000 but cannot find genuine documentation for
the charge. The fraud examiner can then reasonably suspect that a perpetrator
might have attempted to conceal the theft by labelling the misappropriated R5
000 as a legal expense.
Discovering concealment efforts through a review of accounting records is one of

the easier methods of detecting internal fraud. Do you know any other methods?
The investigator needs to look for weaknesses in the various steps of the
accounting cycle. Legitimate transactions leave an audit trail. The accounting
cycle starts with a source document such as an invoice, cheque, receipt, or
receiving report. These source documents become the basis for journal entries,
which are chronological listings of transactions with their debit and credit
amounts. Entries are made in various accounting journals. These entries are then
6
posted to the appropriate individual general ledger accounts. The summarised
account amounts become the basis for a particular period’s financial statements.
ACTIVITY 1
List and discuss the accounting equation basis for all double-entry
accounting.
FEEDBACK
In your answer, you should have listed the equation basis formula for all double-entry
accounting to understand any business financial position. The equation is as follows:
Assets = Liabilities + Owner’s equity
Assets consist of the net resources owned by an entity. Examples of assets include cash,
receivables, inventory, property and equipment, as well as intangible items of value such
as patents, licences and trademarks. To qualify as an asset, an item must be owned by
the entity and provide future economic benefit by generating cash inflows or decreasing
cash outflows.
Liabilities are the obligations of an entity or outsider’s claims against a company’s assets.
Liabilities usually arise from the acquisition of assets or the incurring of operational
expenses. Examples of liabilities include accounts payable, notes payable, interest
payable and long-term debt.
Owner’s equity represents the investment of a company’s owners plus accumulated profits
(revenue less expenses). Owner’s equity is equal to assets minus liabilities.
This equation has been the cornerstone of accounting since Luca Pacioli developed it in
1494. Balance is the key to this equation. If a company borrows from a bank, cash (an
asset) and notes payable (a liability) increase to show the receipt of cash and an obligation
owed by the company. Since both assets and liabilities increase by the same amount, the
equation stays in balance.
7
SECTION 2: FINANCIAL STATEMENTS
After completing this section of the learning unit, you should be able to
Key • define financial statements and types of financial statements

learning • explain the general techniques for financial statement analysis in
outcomes forensic investigation
• describe the basis of accounting in forensic investigation
1.2.1 INTRODUCTION
Financial statement analysis is a great tool to identify fraudulent cases, if used
properly. Comparative financial statements contain information about both
current and past accounting periods. The translation of these numbers into ratios
and percentages enables forensic investigators and examiners to read
transactions in the financial statements to evaluate and analyse them based on
their relationship to each other. In addition, financial statement analysis makes it
easier for forensic investigators and stakeholders to equate current performance
with past performance.
In this module, financial statements are defined as written records that convey
the public and corporate entities’ activities and financial performance. These
financial statements are often audited by government agencies, accountants,
firms, auditors, etc. to ensure accuracy and for tax, financing and investing
purposes. These financial statements include the following:
• Statement of financial position (balance sheet): This conveys the

financial position of the business at one point in time (e.g., at the company’s
year-end), listing the company’s assets and liabilities, together with the
company’s equity. The basis of the balance sheet is the accounting
equation—the fact that assets always equal liabilities plus equity. Luca
Piccioli, who developed the accounting process in the late 15th century,
believed that one should not sleep until the debits equalled the credits.
• Statement of profit and loss (income statement): This reports the entity’s
revenues and expenses for the reporting period. While the level of detail
8
will vary, every income statement must include certain elements, such as
gross sales, cost of sales (or cost of goods sold, if either is applicable), gross
margin or gross profit, operating costs and net income or loss (total revenue
less total expenses). The income statement identifies whether the entity was
profitable for the period.
• Cash flow statement: This identifies all the sources and uses of funds
during the reporting period. Many forensic accountants and fraud examiners
are of the opinion that the entity’s cash flows are the best indicator of the
health of the reporting entity as well as the potential for fraudulent activity.
The cash activity is broken down into three primary areas: operations,
financing and investments.
Figure 2: Relationship between balance sheet, income statement and cash flow
statement
1.2.2 GENERAL TECHNIQUES FOR FINANCIAL STATEMENT

ANALYSIS
Determining the reasons for the relationship and changes in amounts can be
relevant in identifying and investigating fraudulent cases. These determinations
are red flags which point the forensic investigator or examiner in the direction of
potential fraud. If it is large enough, a fraudulent misstatement can influence the
financial statements in such a way that the relationship between the numbers
becomes questionable. Many strategies are identified because financial
statements do not make sense when closely studied and audited. There are three
ways of analysing financial statements:
9
• Ratio analysis: This tool helps explore the relationship between financial
statement line items. For instance, a forensic investigator or examiner might
divide current assets by current liabilities for each reporting period to come
up with a ratio that suggests that current assets such as accounts receivable
or cash have been manipulated.
• Vertical analysis: Also referred to as common sizing, this method involves
dividing each line item by net sales to arrive at a percentage. For example,
if net sales equal R900 000, a forensic investigator or examiner must divide
the company’s rental expense of R117 000 by that number to arrive at 13%.
If rental expense has increased significantly but sales have not, this
indicates that the company is inflating its costs to minimise taxable income.
• Horizontal analysis: Here, a forensic investigator or examiner reviews
percentage changes in line items over time. Determining the percentage
change from one year to the next involves applying the following formula:
Year 2 minus year 1 divided by year 1. So, if rental expense equals R117
000 in year 1 and R198 000 in year 2, the percentage change is (R198 000
– R117 000)/R117 000, or 69.2%.
1.2.3 BASIS OF ACCOUNTING

The basis of accounting refers to the method of accounting for recognising and
measuring transactions and balances, namely the accrual basis or cash basis of
accounting. The distinctions between the two are the timing of when transactions
are recorded in the financial records of the entity and the extent to which
transactions are recognised. The accrual basis of accounting includes all
transactions, whereas the cash basis of accounting is limited to transactions that
give rise to cash flow. These are discussed in greater detail below.
1.2.3.1 Cash basis accounting
The transaction is recorded at the time that money changes hands, i.e. when
money is paid or received. In the cash system of accounting, expenditure is
referred to as “payments” because the expenditure is only recorded when the
payment is made. Revenue is referred to as “receipts” because the receipt is only
10
recorded when the actual money is received and not when the goods and
services are provided.
Suppose a construction company secures a major contract but will only receive
compensation when the project has been completed. Using cash basis
accounting, the company is only able to recognise the revenue when the project
is completed, which is when cash is received. However, during the project, it
records the project’s expenses as they are being paid. If the project’s time span
is longer than one year, the company's income statements will appear
misleading, because they will show the company incurring large losses one year,
followed by great gains the next.
When applying the cash basis of accounting, transactions are only reflected in
the general ledger when cash changes hands. This means that there is no
indication of cash that must still be paid to suppliers or of revenue that is due to
be received. Therefore, the general ledger does not provide a realistic view of the
financial position of the organisation.
The advantages of the cash basis of accounting are that it is easy to understand,
quick to prepare and less subjective than accrual accounting. Disadvantages of
the cash basis of accounting are that it ignores future cash flows and does not
allow for the assessment of the management of assets and liabilities.
1.2.3.2 Accrual basis accounting
In terms of the accrual basis of accounting, transactions are recorded in the

general ledger at the time that they happen, regardless of whether cash
exchanges hands. This means that the general ledger reflects money that the
business must pay to suppliers (creditors) and money due to the business
(debtors).
The advantages of the accrual basis of accounting are that it provides better
management information, and it makes it easier to assess the performance and
position of the business. The disadvantages of accrual accounting are that it is
complex, costly and more subjective than cash accounting.
11
For example, Technix Limited, a software company, has total monthly sales of
R10 000. It uses accrual accounting, so it records a sale as soon as it sends an
invoice to a customer. About 60% of its sales are in cash, and the rest is on credit.
Under accrual accounting, accountants treat the credit transactions as sales; the
profit these sales generate includes both cash and credit sales, both of which
deduct expenses and the cost of goods sold.
ACTIVITY 2
List and discuss ways of analysing financial statements of forensic

investigation.
FEEDBACK
In your answer, you should have listed three ways of analysing financial statements that
investigators can use. The basic ways of analysing financial statements are as follows:
• Ratio analysis: This tool helps explore the relationship between financial statement
line items. For instance, a forensic investigator or examiner might divide current
assets by current liabilities for each reporting period to come up with a ratio that
suggests that current assets such as accounts receivable or cash have been
manipulated.
• Vertical analysis: Also referred to as common sizing, this method involves dividing
each line item by net sales to arrive at a percentage. For example, if net sales equal
R900 000, a forensic investigator or examiner must divide the company’s rental
expense of R117 000 by that number to arrive at 13%. If rental expense has
increased significantly but sales have not, this indicates that the company is
inflating its costs to minimise taxable income.
• Horizontal analysis: Here, a forensic investigator or examiner reviews percentage
changes in line items over time. Determining the percentage change from one year
to the next involves applying the following formula: Year 2 minus year 1 divided by
year 1. So, if rental expense equals R117 000 in year 1 and R198 000 in year 2,
the percentage change is (R198 000 – R117 000)/
R117 000, or 69.2%.
12
SECTION 3: FINANCIAL STATEMENT
FRAUD
Key • list the types of financial statement fraud

learning • explain the reasons for committing financial fraud
outcomes • identify financial statement red flags
• explain the method of detecting financial statement fraud
1.3.1 INTRODUCTION
The main problem with fraud risk governance and fraud accounting during the
investigation of financial statement analysis in public and corporate entities is
glaring ineffectiveness of forensic investigators in detecting financial statement
fraud. Financial fraud is a methodical misrepresentation, misstatement and
omission of financial statement information. The Association of Certified Fraud
Examiners (ACFE) (2019:2.201) defines accounting fraud as "deception and
misrepresentation that an individual or entity makes knowing that the
misrepresentation could result in some unauthorized benefit to the individual or
to the entity or some other party". The simplest way to describe it is that the
financial statement fraud occurs when a company alters the figures on its financial
statements to make it appear more profitable than it is. The aim of financial
statement fraud is to
• deceive the interested parties for whom the financial statements are
prepared and who have a vested interest in the statements
• get public and corporate entities to invest in and fund the organisation’s
efforts
• convince banks to grant organisation credit to an operating business and
strengthen their current income streams to establish new ones
• manipulate the statements to justify the paying of bonuses to business
leaders and executives to increase their salaries
13
• meet the expectations of shareholders deceptively by overstating
organisation performance
• hide corruption by not disclosing related entities’ transactions and conflicts
of interest involving executives as well as board members
According to the ACFE (2019:1.203), financial statement fraud is the least

common type of fraud in the corporate world, accounting for only 10% of detected
cases. But when it does occur, it is the costliest type of crime. This type of fraud
is among the major threats that contribute to white-collar crime. Law enforcement
agencies around the world state that financial statement fraud cases involve
accounting schemes where share prices, financial data and
other valuation methods are manipulated to make a public company appear more
profitable.
1.3.2 TYPES OF FINANCIAL STATEMENT FRAUD

There are various types of financial statement fraud:
• overstating revenues by recording future expected sales

• inflating an asset’s net worth by knowingly failing to apply an
appropriate depreciation schedule
• hiding obligations and/or liabilities from a company's balance sheet
• incorrectly disclosing related party transactions and structured finance deals
• understating revenues in one accounting period and maintaining them as a
reserve for future periods with worse performances, in a broader effort to
counter the appearance of volatility – this is sometimes called cookie-jar
accounting
1.3.3 REASONS FOR COMMITTING FINANCIAL STATEMENT

FRAUD
There are several reasons why individuals commit financial statement fraud. Most
commonly, it is used to make a company’s earnings appear better on paper. It
occurs through a variety of methods, such as valuation judgements and
manipulating the timing of transaction recording. These more subtle types of fraud
are often dismissed as either mistakes or errors in judgement and estimation.
14
Some of the more common reasons why people commit financial statement fraud
are to
• encourage investment through the sale of stock

• demonstrate increased earnings per share or partnership profits interest,
thus allowing increased dividend/distribution payouts
• cover inability to generate cash flow
• avoid negative market perceptions
• obtain financing, or to obtain more favourable terms on existing financing
• receive higher purchase prices for acquisitions
• demonstrate compliance with financing covenants
• meet company goals and objectives
• receive performance-related bonuses
This limited list of reasons shows that the motivation for financial statement fraud
does not always involve direct personal financial gain. Sometimes, fraudulent
financial reporting is done through a combination of situational pressures on
either the company or the manager, the opportunity to commit the fraud with a
perceived minimal likelihood of being detected and the ability to rationalise
fraudulent behaviour to justify the crime in an acceptable way.
1.3.4 FINANCIAL STATEMENT FRAUD RED FLAGS

Financial statement red flags can signal potentially fraudulent practices. The
most common warning signs include
• accounting anomalies, such as growing revenues without a corresponding

growth in cash flows
• consistent sales growth while competitors are struggling
• a significant surge in a company's performance within the final reporting
period of a fiscal year
• depreciation methods and estimates of assets' useful life that do not
correspond to those of the overall industry
• weak internal corporate governance, which increases the likelihood of
financial statement fraud occurring unchecked
15
• excessive frequency of complex third-party transactions, many of which do
not add tangible value, and can be used to conceal balance sheet debt
• the sudden replacement of an auditor, resulting in missing paperwork
• a disproportionate amount of management compensation from
bonuses based on short-term targets, which incentivises fraud
1.3.5 FINANCIAL STATEMENT FRAUD DETECTION METHODS

While spotting red flags is difficult, vertical and horizontal financial statement
analysis is a straightforward approach to fraud detection. Vertical
analysis involves taking every item in the income statement as a percentage of
revenue and comparing the annual trends that could be a potential cause of
concern. A similar approach can also be applied to the balance sheet, using total
assets as the comparison benchmark, to monitor significant deviations from
normal activity. Horizontal analysis implements a similar approach: instead of an
account as the point of reference, financial information is represented as a
percentage of the base year’s figures.
Comparative ratio analysis also helps analysts and forensic investigators to spot
accounting irregularities. By analysing ratios, information on days’ sales in
receivables, leverage multiples and other vital metrics can be determined and
analysed for inconsistencies.
A mathematical approach known as the Beneish Model evaluates eight ratios to

determine the likelihood of earnings manipulation, including asset quality,
depreciation, gross margin and leverage. After combining the variables into the
model, an M-score is calculated. A value greater than -2.22 warrants further
investigation, but an M-score less than -2.22 suggests that the company is not a
manipulator.
The South African government has put laws in place for law enforcement
agencies to make sure that public and corporate entities report their financials
truthfully while protecting the best interests of investors. But while there is
protection in place, it also helps that investors know what they need to look out
for when reviewing an organisation’s financial statements. Knowing the red flags
16
can help individuals detect unscrupulous accounting practices and stay one step
ahead of fraudsters attempting to hide losses, launder money, or otherwise
defraud unsuspecting investors.
ACTIVITY 3
Using your prior knowledge of financial statement fraud in the public and
corporate sector, state in your own words what you understand by the
term financial statement fraud.
FEEDBACK
You may have listed several ideas. As mentioned in the study guide, financial statement
fraud is the deliberate overstatement or understatement of financial statement
balances, in many cases to make a company appear to be in better financial condition
than it really is, to deceive a financial statement user.
17
SECTION 4: FRAUD RISK GOVERNANCE
Key After completing this section of the learning unit, you should be able to
learning list and discuss the principles of effective fraud risk management for an
outcome organisation.
1.4.1 INTRODUCTION
Fraud risk governance starts with a fraud risk assessment. Most organisations
have a digital channel and may be exposed to fraud or potential fraud at some
point in their operations. These days, online fraudsters are seemingly one step
ahead of the best fraud detection models using tools such as synthetic identities.
Therefore, various organisations are building a holistic approach to their fraud
and risk governance strategies.
Fraud risk governance is described as a process of assessing fraud risks within

the organisation and developing an anti-fraud programme that stops any
fraudulent activity before it happens. It involves identifying potential and inherent
fraud risks and developing a programme that works to detect and prevent
suspected fraud, both internal and external to the business.
1.4.2 EFFECTIVE FRAUD RISK MANAGEMENT

There are five principles of effective fraud risk management for any organisation
to assess risk and implement a detailed programme for preventing possible fraud:
• assessment
• governance
• prevention
• fraud risk detection
• monitoring and reporting
18
1.4.2.1 Fraud risk assessment
The first step to preventing fraud is understanding the areas where the
organisation is vulnerable. Conducting an in-depth risk assessment will help the
company analyse the risks it faces based on its unique complexity, scale,
products, and market exposure. Risk assessment looks at all types of risk, how
likely they are to happen, and the cost involved with each one.
Assessment begins with employees. There needs to be a holistic understanding

of how they interact with company resources every day. The benefits and
opportunities provided by the organisation can often become the cause of internal
fraud. Communication tactics and system implementation need to be assessed.
Lastly, it is important to note that risk also occurs externally, especially if an
organisation deals with big data or complex networks.
From there, a risk tolerance limit is used to create a cost-effective framework. A

risk tolerance limit is the maximum amount an organisation is willing to lose. This
limit is useful because it makes risk assessment quantifiable and offers a base
for building strategy. More focus can be put toward risks that are above the limit
and therefore most damaging to the organisation.
1.4.2.2 Fraud risk governance
Once risk is assessed by an internal forensic investigator and any other relevant
team members, fraud risk management becomes an integral part of the company
culture. Stakeholders must be open to adopting new procedures and
understanding the serious nature of fraud risk. A solid fraud management strategy
solution will likely include
• a clear strategy for top management and a fraud risk manager to educate
and enforce requirements
• delegated responsibilities with specific role descriptions
• well-written whistle-blower and reporting procedures
• quality assurance and internal audit measures
• a description of the investigation process and any corrective actions
• fraud awareness techniques and tools
19
• research and analysis of market fraud prevention and mitigation
technologies
Additionally, these should be documented, shared and easily accessible to all

team members. The best strategy for effective governance is to assign one
designated leader for the entire fraud risk management programme. All
communications go through this person or team. This governing body will also
oversee training, monitoring and making some adjustments as required.
1.4.2.3 Fraud risk prevention
One of today’s most effective fraud risk prevention strategies is to implement

fraud detection tools and stop it at the very beginning stage. This fraud risk
prevention strategy can also be utilised for a customer interacting with the
business and signing up for an account, or a new employee/vendor doing so on
behalf of someone else. Verifying a person is who they say they are can be done
by conducting thorough background checks with multifactor authentication
technology that offers increased assurance. Fraud can be stopped before it is
embedded in an organisation and creates losses.
The main goal of fraud risk management is to prevent fraud before it happens.
To achieve this, risk assessments must be done frequently, especially since risk
environments are constantly changing. There need to be clear internal
controls. Over time, organisations might adjust their programme for better
prevention. A risk can be avoided entirely by choosing not to participate in the
activity anymore – it can be transferred to another party, for example by
purchasing insurance.
In between assessments, it is critical that an organisation, from top to bottom,

understand the entire scope of the strategy. If management is diligent about
enforcing and modelling the new policies, employees are more likely to follow
them. The visibility of detection mechanisms alone can inspire stakeholders to
act in a way that will prevent fraud before it happens.
20
1.4.2.4 Fraud risk detection
The controls and reporting used to prevent fraud can also help detect it. Controls
are tools that alert employees about potential fraud. They can be installed across
several layers of the organisation, from network settings to internal
communication software. Employees must be aware of exactly how these
controls work and when to assess them.
Reports are one of the pillars of fraud detection. When used correctly, they can
detect variances and indicate fraudulent behaviour. Reports must include all
relevant information, including date and time stamps, and should be stored
efficiently.
If fraud is detected, employees need to be able to have a streamlined way to flag

it. A fraud procedure should be included that will appropriately flag fraud while
protecting important consumer information that could be sensitive.
1.4.2.5 Monitoring and reporting
Fraud risk management is an evolving process. The first four principles must be
constantly monitored and reported on. The only way a fraud management
solution will work is if it is assessed on successes, blind spots, and areas for
improvements regularly.
Outcomes of the current strategy must be measured, and the results

communicated transparently to relevant stakeholders. Teams must be informed
when assessments will occur and exactly what will be monitored. Additionally,
legal rights should be reviewed frequently to ensure compliance with the
applicable law.
ACTIVITY 4
Reflect on the material you have covered so far and discuss five
principles of effective fraud risk management that enable any
organisation to assess risk and implement a detailed programme for
preventing possible fraud.
21
FEEDBACK
You may have listed several ideas. You probably outlined and discussed five principles
of an effective fraud risk management strategy:
• assessment
• governance
• prevention
• fraud risk detection
• monitoring and reporting
These principles enable any organisation to assess risk and implement a detailed
programme for preventing possible fraud.
1.4.3 SUMMARY
In this unit, we dealt with the applied basic concepts, financial statements and
financial fraud statement, which forensic investigators and examiners must
understand in forensic and financial investigation. These principles are the rules
that forensic investigators and examiners must apply when investigating
economic crimes in South Africa. Several basic accounting principles have been
developed through common usage. They form the basis for the accounting
standards that have been built. We have given you the necessary information
and some skills to investigate economic crime and transgressions. You should
now be able to define the concepts, read through financial statements and identify
financial flaws.
1.4.4 SELF-ASSESSMENT
Now that you have completed this unit, determine whether you have achieved the
key learning outcomes stated at the beginning of each section. Read through the
outcomes again before attempting to answer the self-assessment activity.
There are three ways of analysing financial statements. Discuss in detail these
three ways to identify fraudulent activities in the public and corporate sectors.
_______________________________________________________________
_______________________________________________________________
22
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
______________________________________________________
23
24
LEARNING UNIT 2:
THEORY ON CORRUPTION
AND FRAUD
SECTION 1: FRAUD
• define the terms fraud, bribery, kickbacks and corruption and give
practical examples of each
• highlight the differences between bribery, kickbacks and
corruption
• highlight and list the fraud triangle and types of fraud.
• identify the red flags of bribery and corruption schemes
Key learning
• identify the red flags of corrupt employees and third parties
outcomes
• highlight the internal controls that may raise red flags of
corruption in the organisation
• describe the methods of proving fraud payments during the
forensic investigation
• identify basic information about the size, structure, sales, and
employees of an organisation
2.1.1 INTRODUCTION
As you study this section, bear in mind that fraud has been regarded as a fast-
growing economic crime in South Africa since 2011 (PWC 2014, 2015). In
25
addition, there are frequently media report allegations of public and corporate
sector officials soliciting bribes, which result in corruption activities. The high level
of these economic crimes in the country undermines the state’s effort to fight
crime. Therefore, it is the prerogative of the state and private institutions to
increase the fight against crimes such as fraud and corruption and prosecute the
culprits and deter others from committing these crimes.
Fraud, especially in procurement systems, is one of the major contributors of

annual losses within public and corporate entities. Since the introduction of
computerised procurement systems, also known as e-procurement, the
occurrence of fraud has increased substantially as individuals familiarise
themselves with the system. The South African government can save a huge
amount of money if fraud and corruption are prevented and limited. These funds
could be put to better use and result in better service delivery. The government
has developed policies and strategies to try to combat and prevent corruption in
procurement both in the public and corporate sectors.
2.1.2 DIFFERENCE BETWEEN FRAUD AND CORRUPTION

Different authors often use the term fraud as a generic concept to include other
acts of dishonesty, such as corruption. For instance, Koornhof and Du Plessis
(2000:6) state that management fraud could include issues such as conflict of
interest, or bribery and corruption. Corruption and fraud are in fact different
offences. The essential element of fraud is a form of misrepresentation which
causes actual prejudice, or which is potentially prejudicial to another party
(Snyman 2002:520). Generally, corruption is aimed at the unlawful giving or
receiving of some benefit with the intention that the receiver should do or omit to
do some act, or to reward the receiver for doing or omitting to do some act
(Snyman 2002:376). Both fraud and corruption are ethical issues and constitute
dishonest conduct. It is, however, important to note the difference, because when
legislation refers to fraud, it does not include the offence of corruption.
26
2.1.3 CONSTITUTIONAL & LEGISLATIVE FRAMEWORK
AGAINST FRAUD AND CORRUPTION
Informed by the constitutional framework, its international commitments and the
country’s domestic realities, South Africa has established a sound anti-corruption
and ethics framework, including comprehensive and robust policy documents and
legislative instruments. A range of domestic legislation, policies, strategies and
regulations expand upon these requirements and direct a broad range of role
players on how to develop and implement appropriate measures to limit and
address corrupt practices. The legislation and policy guidelines will be listed as
anti-corruption fraud measures to addressing the problem of fraud and corruption
cases. However, it should be noted that for the purposes of this section, the
following legislative principles are relevant, but the investigation of corrupt and
fraud activities is not merely restricted to the legislation that will be listed below.
• Republic of South Africa Constitution 106 of 1996

• The Preferential Procurement Policy Framework Act 5 of 2000
• The Public Finance Management Act 29 of 1999
• National Treasury Regulations, 2002
• Prevention and Combating of Corrupt Activities Act 12 of 2004
• Protected Disclosure Act of 2000
• Promotion of Administrative Justice Act 3 of 2000
• Promotion of Access to Information Act 2 of 2000
• Public Service Act 103 of 1994
Unfortunately, the implementation of policies and laws has not always been
consistent. Therefore, it is crucial for forensic investigators and examiners to
improve the enforcement of this laws and policies to imposition sanctions,
whether criminal or otherwise, against those involved in corruption that will lead
to increased public confidence.
Policies and Strategies
• Public Service Anti-corruption Strategy

• Supply Chain Management - A guide for Accounting Officers / Authorities
27
• Policy to Guide uniformity in Procurement Reform Processes in
Government
• Western Cape Government Anti-corruption Strategy
• Provincial Treasury Fraud Prevention Plan
• Provincial Treasury Risk Management Policy
International commitments and obligations
The Constitution of the Republic of South Africa, 1996, mandates compliance

with international law and requires the country to comply with its international
obligations. South Africa has ratified several international conventions and
treaties and participates in forums that require the country to implement
measures to prevent and combat corrupt activities. These include:
• The United Nations Convention against Corruption (UNCAC), which

promotes the prevention and criminalisation of corruption. UNCAC also
highlights the need for international cooperation in the fight against
corruption and the return of assets associated with corrupt activities.
• The Organisation for Economic Cooperation and Development Convention
(OECD) on Combating Bribery of Foreign Public Officials in International
Business Transactions.
• The African Union’s Convention on Preventing and Combating Corruption.
• The SADC Protocol Against Corruption.
• The Financial Action Task Force (FATF).
• The Group of 20 (G20) Anti-Corruption Working Group, where South Africa
participates and regularly provides its accountability report.
In addition to the above, South Africa subscribes to several other international

legal instruments and actively participates in global initiatives and forums that
have a direct and indirect bearing on fighting corruption. These relate to the
prevention of organised crime, mutual legal assistance, asset recovery, money
laundering, beneficial ownership, transparency and open government. Global
initiatives also promote business integrity that contributes towards fighting fraud
and corruption at domestic level. There are also regional instruments that deal
28
with specific aspects of corruption fraud, such as money laundering and asset
recovery.
2.1.4 FRAUD
In recent years, fraud has attracted considerable attention due to the incalculable
collateral damage that could drain the long-term success of public and corporate
entities. Fraud and related problems have caused instability in the economy,
resulting in a high mortality rate of public and corporate entities consequently
losing revenue. Many organisations are subjected to fraud risks. It results in
challenges that the leadership in the public and corporate entities must eliminate.
However, implementation of the principles to address fraud will increase the
likelihood of preventing and detecting the crime and will create a strong fraud
deterrence effect.
2.1.4.1 Definition of fraud concept
Radzinowicz and Wolfgang (1997) classify fraud together with white-collar crime
and define them as “illegal acts characterized by guilt, deceit and concealment
and not dependent upon the application of physical force or violence or threats
thereof”. Using similar terms, Adekanya (1986), Ojo and Adewunmi (1986),
Ojigbede (1986) and Sydney (1986) agree that fraud is an action which involves
the use of deceit and tricks to alter the truth to deprive a person of something
which is theirs or something to which they might be entitled.
In South Africa fraud is defined as “the unlawful and intentional making of a

misrepresentation that causes actual and potential prejudice to another” (National
Treasury, 2013). The use of the term is in its widest possible meaning and is
intended to include all aspects of economic crime and acts of dishonesty. In other
words, fraud can be described as any conduct or behaviour of which a dishonest
representation and/or appropriation forms an element.
According to the above definition, the following elements must be proven to

sustain a case of fraud under common law:
• misrepresentation
29
• unlawfulness
• actual or potential prejudice
• international
2.1.4.2 Understanding the fraud triangle
The following conditions must occur for fraud to take place and the institution’s
fraud prevention mechanisms must take them into consideration:
Figure 3: Fraud triangle (Wells, 2005)
Pressures
• financial pressures
• personal habits (gambling, drugs, alcohol)
• work-related factors (overworked, underpaid, not promoted)
• achieve financial results (bonus, compensation)
• high debt level
Opportunities
• poor internal control

• low fraud awareness
• treat fraudster with leniency
• rapid turnover of employees
• use of many banks
• weak subordinate personnel
• absence of mandatory vacations
30
Rationalisation
• I am only borrowing the money and will pay it back.

• Nobody will get hurt.
• The institution treats me unfairly and owes me.
• It is for a good purpose.
• It is only temporary, until operations improve.
2.1.4.3 Various types of fraud
According to the ACFE (2019:2.201), fraud (also known as white-collar crime)

can be perpetrated in different ways; some of these will include
• employee fraud
• embezzlement
• larceny
• defalcation
• management fraud
• kickbacks
• fraudulent misrepresentations
• bribery
• illegal gratuity
• economic extortion
• conflicts of interest
• forgery
• theft of money or property
• breach of contract
• breach of fiduciary duty
• gross negligence
• conspiracy
• obstruction of justice
• Employee fraud
The term employee fraud may have a different meaning, depending on who is
asked. While an employee may think it is perfectly acceptable to take home a
31
couple of elastic bands or paper clips, others may realise that this is employee
theft, which is a form of employee fraud. Employee fraud is when an employee
knowingly lies, deceives or steals from a company with the intent to obtain
benefits or compensation of some type.
Similarly, Sydney (1986) prefers to group fraud according to the perpetrators.
• Embezzlement
Embezzlement is the act of withholding assets for the purpose of conversion of

these assets, by one or more persons to whom the assets were entrusted, either
to be held or to be used for specific purposes. Embezzlement is a type of financial
fraud. For example, lawyers might embezzle funds from the trust accounts of their
clients; a financial advisor might embezzle the funds of investors; a husband or a
wife might embezzle funds from a bank account jointly held with the spouse.
The term embezzlement is often used in informal speech to mean theft of money,
usually from an organisation or company such as an employer. Embezzlement is
usually a premeditated crime, performed methodically, with precautions that
conceal the criminal conversion of the property, which occurs without the
knowledge or consent of the affected person. Often it involves the trusted
individual embezzling only a small proportion of the total of the funds or resources
they receive or control, to minimise the risk of the detection of the misallocation
of the funds or resources. When successful, embezzlement may continue for
many years without detection.
• Larceny
Larceny is a crime related to common law. In many countries, larceny is known

as fraud by trick or false pretences. The ACFE (2019:2.204) refers to larceny as
theft, and defines it as wrongfully depriving someone of their possessions with
the intent to steal. If the taking is by stealth or force, the act is larceny. If the taking
is by guile or deception, false representation, or concealment of crucial
information, the act is fraud, false pretences, or larceny by trick. The deception
may be designed to cause others to act or may be part of concealing one’s own
32
actions. It is the illegal taking of the property of another with intent to deprive the
owner thereof.
• Defalcation
The term defalcation refers primarily to an act committed by professionals who

oversee handling money or other resources. This typically entails the theft,
misuse, or misappropriation of money or funds held by an official trustee, or other
senior-level fiduciary. As such, it is considered a form of embezzlement, either
through the misallocation of funds, or the failure to account for received funds.
• Management fraud
Management fraud may involve falsifying financial information, such as

transactions, trades and accounting entries to benefit the perpetrator of the
crime. Insider trading, bribes, backdating of stock options and misuse of company
property for personal gain are also fraudulent.
Organisations within the public and corporate sectors must look out for signs of
fraud. Signs can include someone living beyond their means and changes in their
behaviour. Those that commit management fraud are often very self-centred,
attribute success to money and believe that they are above being held
accountable. Those with debts from gambling or drug habits, or those that have
lost a lot of money in stocks and shares are also at risk of fraudulent behaviour
to recoup their finances.
Fraud red flags refer to undesirable situations and conditions that consistently
contribute to fraud, waste, and abuse of resources. When a forensic investigator
or examiner is reviewing a financial statement, certain undesirable characteristics
may stand out as fraud red flags – contributors to fraud or circumstances that
may indicate the presence of fraud.
• Kickbacks
Kickbacks are one of the most common forms of government and business
corruption. In some cases, it takes the form of a cut of the action and can be so
33
well known as to be common knowledge and even become part of a nation’s
culture. The term kickback describes the way a recipient of illegal gain “kicks
back” a portion of it to another person for that person’s assistance in obtaining it.
Have you ever paid any kickbacks? Or know someone who did?
Kenton (2021) describes a kickback as an illegal payment intended as

compensation for preferential treatment or any other type of improper service
received. The kickback may be money, a gift, credit, or anything of value. Paying
or receiving kickbacks is a corrupt practice that interferes with an employee’s or
a public official’s ability to make unbiased decisions. Kickbacks are often referred
to as a type of bribery.
The ACFE (2019:1.601) further defines kickback in two ways:

“In the government setting, kickback is referring to giving or receiving of anything
of value to obtain or reward favourable treatment in relation to a government
contract. In the corporate sector, kickback is referring to the giving or receiving of
anything of value to influence a business decision without the employer’s
knowledge and consent”.
Kenton (2021) mentions some common warning signs for forensic investigators
to be alert to kickbacks. These signs do not necessarily mean that anything bad
is going on, but the more warning signs are observed, the greater chance of
kickbacks taking place.
• There is no competitive bidding process (or lower bids are ignored).

• There is a lack of appropriate supervision during the purchasing process.
• Higher-than-average prices are charged for goods or services.
• Recommendations are made to use a vendor that others shun.
• The vendor has frequent legal or regulatory problems.
• Employees are too friendly with vendors.
• Management pressures staff to use a particular vendor.
• Vendors are in an industry where kickbacks are common.
• Employees continue to use vendors that provide poor products or services.
• Delivery dates are repeatedly missed.
34
Bribes and kickbacks are among the most common and damaging of economic
crimes, especially in development projects. They can lead to the selection of
unqualified suppliers, increased prices, unnecessary purchases and lower quality
goods and services, and facilitate other frauds, particularly bid rigging, and
inflated invoices. These offences are widely considered to be very difficult, if not
impossible, to prove, by NGOs and other private sector organisations that lack
law enforcement powers. However, with adequate experience and careful
planning, these cases can be proven with reasonable effort and many have been.
• Fraudulent misrepresentations
Fraudulent misrepresentation of material facts is most often thought of when the

term fraud is used. The misrepresentation cases can be prosecuted criminally
and civilly in a court. The offence entails the deliberate making of false statements
to induce the intended victim to part with money or property. Ramphal (2018:20)
explains that when exploring the element of fault in relation to fraudulent
misrepresentation of facts, an illustration of fraud is a deliberate and intentional
lie.
Hayes (2021) explains that a misrepresentation is a false statement of a material

fact made by one party which affects the other party's decision in agreeing to a
contract. If the misrepresentation is discovered, the contract can be declared void
and, depending on the situation, the adversely impacted party may seek
damages. In this type of contract dispute, the party that is accused of making the
misrepresentation is the defendant, and the party making the claim is the plaintiff.
Ramphal (2018:21) and Hayes (2021) identify three main types of

misrepresentation:
• Innocent misrepresentation is a false statement of material fact by the

defendant, who was unaware at the time of contract signing that the
statement was untrue. The remedy in this situation is usually rescission or
cancellation of the contract.
• Negligent misrepresentation is a statement that the defendant did not
attempt to verify was true before executing a contract. This is a violation of
the concept of reasonable care that a party must undertake before entering
35
an agreement. The remedy for negligent misrepresentation is contract
rescission and possibly damages.
• Fraudulent misrepresentation is a statement that the defendant made
knowing it was false or that the defendant made recklessly to induce the
other party to enter a contract. The injured party can seek to void the
contract and to recover damages from the defendant.
• Bribery
South African legislation does not define bribery, but it does describe corruption
in such a way that it includes bribery as a form of corruption. Corruption is defined
as an act of accepting or offering any gratification from any other person whether
for the benefit of that person or any other person to influence the other person to
act in a manner that is illegal, dishonest, unauthorised, incomplete, biased or in
a manner that results in the misuse or selling of information. This is applicable to
both public officials and private individuals. Bribery involving a public or private
person/entity is therefore criminalised in South Africa. In addition, both active
and passive bribery are encapsulated in the South African legislative
understanding of corruption. For this reason, both the act of offering a bribe and
accepting a bribe are criminal offences.
• The ACFE (2019:2.205) refers to bribery as a form of corruption that may

be defined as the offering, giving, receiving, or soliciting of anything of value
to influence an act or a decision. The Prevention and Combating of Corrupt
Activities Act 12 of 2004 primarily regulates bribery and corruption
committed by public officials. However, extensive legislation and regulations
deal with various industry-specific forms of corruption and fraud in section 4
of the Act.
Different types of bribery include the following:
• Kickbacks: A kickback is a form of bribe paid to a person of influence within

an organisation, in return for them securing benefit from their organisation
for the person paying the bribe. Commonly, kickbacks are paid by
companies seeking to secure profitable contracts or contracts on favourable
terms. In return for their assistance, part of the benefit from the contract is
36
paid (or “kicked back”) to a decision-maker within the organisation granting
the contract. The organisation granting the contract is not aware of the
payment to its official.
• Secret commissions: Companies often use agents to enter contracts on
their behalf, for example to make sales in an overseas market. Secret
commissions are a form of bribery where an agent requests or accepts a
payment to influence these contracts for the benefit of the payer, without the
knowledge or consent of their principal. This may be to secure a contract,
to gain favourable terms, or even to prevent a contract from being entered
into with a competitor.
• Facilitation payments: Facilitation payments are made by a business to a
government official in order to encourage or ensure that the official performs
their normal duties. For example, a company makes a payment to a customs
official to avoid unnecessary delays on clearing a shipment of goods.
Facilitation payments are made in order to influence the behaviour of an
official, but in many countries these particular payments are not illegal;
therefore tax examiners and auditors should familiarise themselves with
their own country’s treatment of these payments.
• Influence peddling: Also known as trading or trafficking in influence,
influence peddling occurs where an official gets payment in return for using
their influence to secure an undue advantage or favour for the payer. The
term is also used where it is the payer who solicits an official to use their
influence to secure an undue advantage or favour in return for payment.
Influence peddling is most often seen in politics but does also occur in
business.
• Electoral bribery: In some countries it is a crime to donate for the purpose
of promoting a candidate or a political party, where the intention is to
influence that candidate or party.
ACTIVITY 5
How do you define fraud?

What are the types of fraud found in the public and corporate sectors?
37
FEEDBACK
You should have had no trouble answering these two questions.
Fraud can be defined as an intentionally deceptive action designed to provide the

perpetrator with an unlawful gain or to deny a right to a victim.
There are various types of fraud:
• employee fraud
• embezzlement
• larceny
• defalcation
• management fraud
• kickbacks
• fraudulent misrepresentations
• bribery
• illegal gratuity
• economic extortion
• conflicts of interest
• forgery
• theft of money or property
• breach of contract
• breach of fiduciary duty
• gross negligence
• conspiracy
• obstruction of justice
2.1.5 RED FLAG WARNINGS OF FRAUD

There are several red flags that forensic investigators and examiners must look
out for in the identification of fraud:
• Inventory shrinkage
Although it is normal to lose a few items of inventory when moving items,

excessive inventory shrinkage may be an indicator of ongoing fraud. An auditor
38
can detect inventory shrinkage by looking at the balance sheet, the number of
products in stock and those sold, and then comparing them with previous records
and projections. In certain circumstances, the auditor may do unplanned
stocktaking on random days to detect any unusual inventory characteristics.
• Missing documents
An organisation may experience frequent cases of reported missing documents

that relate to critical departments. When the frequency of occurrence becomes
too high, it may be a sign of ongoing fraud within the organisation. Missing
documents that are fraud red flags include registration of motor vehicles, lists of
sales and purchases, chequebooks and inventory reports. When these records
disappear, it may point to an undesirable situation that may lead to loss of certain
assets or money.
• Multiple payments
There are cases when a company’s accounting department may erroneously

process duplicate payments to a vendor or service provider. If the mistake was
genuine, the forensic investigators ought to identify and report these errors so
that urgent action can be taken. However, there can be cases where individual
employees endorse duplicate payments to both genuine and fake companies.
Some employees may even process payments to non-existent companies with
the intention of defrauding their employer. To prevent this, all payments should
be monitored and verified that they are going to the intended parties.
• Spikes in invoice volume
A business in its growing phase may experience huge spikes in the number of
invoices as it tries to grow its share in the market. However, the high number of
invoices creates room for fraudulent behaviours, as specific internal and external
parties may try to profit from the rapid growth of the business. For example, there
can be cases of unrecorded payments, or if they are recorded, they are
understated in volume and amount. The organisation should know when spikes
occur and ensure that all orders made by customers are recorded and fulfilled on
a timely basis.
39
• Frequent complaints
Frequent complaints about certain personnel or processes may be an indicator

of fraud. When an organisation receives repeated complaints about a senior
executive, it should not assume that it is just ordinary complaining. Instead, it
should conduct investigations to identify the cause of the complaints, effects and
any action it should take to make sure there are no more complaints. Also,
customers may report frequent under-packing of products, where the products
delivered to them are less than they ordered. The organisation should investigate
whether this is a deliberate action by the sales department or a problem with the
packaging department.
• Excessive number of adjusting entries
Some accounting offices may make excessive adjusting entries in the books of
accounts as a way of covering money misappropriated in the past. For example,
some of these adjustments may include customer adjustments that significantly
affect the financial results during a specific period. Making excessive adjustments
without reasons points to cases of employee fraud with the intention of hiding
certain transactions. Any adjusting entries in the financial accounts should be
accompanied by corresponding notes explaining the reasons for the adjustments.
2.1.6 EMPLOYEE FRAUD RED FLAGS

A large proportion of fraud affecting organisations comes from within the
organisation itself, mainly from employees. Some of the behavioural signs of
employee fraud include the following:
• Lifestyle changes
Employees ought to live within their means, by buying assets and services that
are within their income. However, some employees may change their lifestyle
abruptly by spending more than their salary allows. The purchases can be
expensive cars, houses, or luxury goods. Sometimes, the employee’s lifestyle
may exceed that of their supervisor.
40
Any abrupt improvements in an employee’s lifestyle without a proportionate
increase in their income should be investigated to see if the individual could be
involved in fraud.
• History of debts
During the hiring process, an organisation should conduct background checks to

see if potential employees have a history of debts. When a company hires
employees with debt problems, there is a likelihood that they will find
opportunities to get extra income above their salary to pay debts. It may mean
engaging in opportunistic fraud with the intention of obtaining money that they are
not entitled to.
• Excessive gambling
Some employees may continuously engage in gambling as a way of getting quick

cash to meet some of their needs. Due to the addictive nature of gambling, the
employees’ income may be insufficient to finance their gambling activities and
they may feel forced to do anything to earn extra income. This may mean
engaging in fraudulent activities such as stealing the organisation’s assets,
manipulating inventory, making extraordinary claims, etc. Identifying employees
involved in gambling and helping them get out of the behaviour can help a
company reduce incidences of fraud.
2.1.7 KEY TAKEAWAYS FROM FRAUD RED FLAGS

Every organisation, including those with the most stringent rules, are at risk for
fraud. To prevent fraud from happening, organisations must first acknowledge
that fraud exists and create awareness among the stakeholders. Organisations
should start by training their employees on how to detect fraud at work. They
should also implement policies and procedures that will help them close the
loopholes used by fraudsters to conduct their activities.
41
2.1.8 FRAUD PREVENTION AND DETECTION
There are many fraud prevention and detection strategies that can be utilised to
reduce the chances of fraud from occurring. As in today’s technological era, fraud
has become very complex and even more difficult to prevent and detect; the
techniques used to deal with it must therefore be sophisticated.
2.1.8.1 Procedures to prevent fraud
The following are examples of procedures and mechanisms that are specifically
designed to detect and prevent fraud:
• Increasing the perception of detection
Most experts agree that it is much easier to prevent fraud than to detect it. To
prevent fraud, investigators should understand something about the potential
perpetrator’s mindset. Increasing the perception of detection might be the most
effective fraud prevention method. Controls, for example, do little good in
preventing theft and fraud if those at risk do not know of the presence of possible
detection. In the audit profession, this means letting employees, managers and
executives know that auditors are actively looking for information concerning
internal theft. This can be done in several ways, such as through proactive audit
policies, employee anti-fraud education, enforcement of mandatory vacation and
job rotation policies, strong management oversight and effective reporting
programmes.
• Proactive audit procedures
Implementing proactive audit procedures demonstrates management’s intention

to aggressively look for possible fraudulent conduct instead of waiting for
instances to come to management’s attention. These techniques include
analytical reviews, fraud assessment questioning and surprise audits where
possible.
42
• Use of analytical review procedures
Some internal fraud is discovered because of analytical review procedures

performed during a financial statement audit. To uncover fraud using these
techniques, however, the fraud scheme must materially impact the financial
statements.
Forensic investigators and examiners should particularly look out for the following
trends:
o increasing expenses
o increasing cost of sales
o increasing receivables/decreasing cash
o increasing inventories
o increasing sales/decreasing cash
o increasing returns and allowances
o increasing sales discounts
• Fraud assessment questioning
Fraud assessment questioning is a non-accusatory interview technique used as

part of a normal investigation. It operates on the theory that employees’ attitudes
are a good indicator of potential problems and that one of the most effective ways
to assess potential fraud is to ask about it.
Below are some suggested questions that can be asked as part of the normal
audit. Note that the questions here begin with the general and proceed to the
specific.
• Do you think fraud is a problem for business in general?

• Do you think this company has any problem with fraud?
• Has anyone ever asked you to do anything that you felt was illegal or
unethical?
• If you felt that there was a problem in the company with respect to fraud,
what would you do?
• Do you have any indication that there is fraud occurring in the company
now?
43
(See the Investigation section of the ACFE manual for further details on fraud
assessment questioning.)
• Surprise audits where possible
In addition to regularly scheduled fraud audits, surprise fraud audits of business

functions in which fraud is most likely to occur can be effective both in increasing
employees’ perception of detection and in uncovering actual fraud that has been
perpetrated. The surprise element must be present for this control to be effective;
predictability allows perpetrators the time to conceal their acts by altering,
destroying, or misplacing records and other evidence.
• Employee anti-fraud education
Each entity should have a policy for educating managers, executives and
employees about fraud. This education can be provided through memoranda,
organisation-wide emails and voicemails, formal training programmes and other
intercompany communication methods. Any education efforts should be positive
and non-accusatory.
• Employee awareness training programme
Every employee within the organisation should be required to participate in the

fraud awareness training programme. No individuals—regardless of their position
within the organisation—should be exempted from receiving an initial orientation
and ongoing anti-fraud education.
2.1.8.2 Fraud prevention strategy
The fraud prevention strategy is a detailed plan on how public and corporate
sectors can implement measures to address risk of fraud and corruption.
Organisations must review the strategy annually to address the emerging fraud
risks. The strategy must include detailed information on the following:
44
• Identification and assessment of vulnerable areas: To develop and
implement a fraud prevention strategy, an organisation needs to identify
where exposures to fraud exist within its current operating systems and
procedures. Only once these exposures have been identified will it be
possible to implement action to counter the exposures and, wherever
possible, prevent or reduce the incidence of fraud in the future.
• Ownership of fraud risk: All employees are responsible for the
management of fraud risk to some extent, but the forensic accounting officer
has the ultimate responsibility. The accounting officer can delegate the
responsibility to line managers in specific areas of the organisation and
along with the flow of activities from strategic to operational level.
• Response plan: As part of the response plan, the organisation should
develop clear procedures on how to address a lack of controls. It should
develop clear lines of reporting fraud. Fraud reporting should be part of the
response plan and investigation policy. The response plan should also
outline the activities and the personnel responsible for specific response
activities.
• Legal framework: The legislation that is relevant to address civil and
criminal acts against the organisation should be outlined and clearly
interpreted. It should be clear what constitutes an act of fraud and/or
corruption.
• Anti-fraud culture: The accounting officer should put structures in place to
promote and educate the stakeholders about the organisation’s culture on
fraud and corruption. Management can be charged with the responsibility of
training other employees under their supervision, on fraud and corruption,
as part of an anti-fraud programme.
2.1.9 KEY PILLARS OF FRAUD PREVENTION
2.1.9.1 Prevention
Fraud prevention is a primary control which should lower the likelihood of fraud
occurring. Prevention efforts should focus on identifying controls to prevent all
three conditions (i.e. opportunity, rationalisation and pressure) that must occur
45
for fraud to take place. The following are potential controls that can be
implemented:
• anti-fraud programmes
• code of ethics
• internal control and compliance
• risk identification and assessment
• creation of anti-fraud culture or behaviour
• training and awareness
• lessons learnt and communication process
2.1.9.2 Detection
The following tools can assist with detecting fraud when it occurs:
• tip-offs
• line management
• whistleblowing
• fraud audit programme
• internal reporting
• computer imaging, analysis, and data mining tools
Every key fraud and corruption risk in each part of the organisation should be
included in a structured and systematic process of risk management. The fraud
and corruption risk management processes should be embedded in the
organisation’s systems and processes, ensuring that the responses to fraud and
corruption risk remain current and dynamic. All fraud and corruption risk
management efforts should be focused on supporting the organisation’s
objectives. Stakeholders’ expectations are focused on how the organisation
performs. An organisation’s reputation could be damaged significantly if these
expectations are not met. Exposure to fraud can be identified by conducting a
series of workshops with management and employees involved in the operations
at the “coal face”. These are the individuals who work daily either enforcing
controls or adhering to them during their duties. It is these individuals who
become aware of which controls are in place and which are effective. Their input
is invaluable in assessing the effectiveness of controls.
46
2.1.9.3 Investigation process
The investigation process follows the actual fraud that has been committed or
there is a suspicion that fraud has occurred. The following are types of
investigations that can be undertaken:
• security and audit investigations

• forensic investigation
• human resource management and disciplinary procedures
• fraud investigation principles
• internal audit and security
• security and internal audit regulations
In September 2003, the South African Cabinet approved a proposal to establish

minimum anti-corruption capacity in all departments and organisational
components of the public service. The approved proposal in the Cabinet
Memorandum 46 of 2003 entails
• minimum anti-corruption capacity for departments and public entities under

the jurisdiction of departments
• guidelines on structures to accommodate minimum anti-corruption capacity
• national functions about coordination and reporting on corruption in
departments
• implementation plan and implementation support
It is therefore highly recommended that organisations develop a policy and a set

of procedures to give direction to these anti-corruption units and regulate the way
investigations are handled. This will allow transparency and consistency in
processes followed when incidents are reported.
2.1.9.4 Resolution
The investigation policy/procedure should focus on the following:
• The way in which incidents should be reported

There must be structures in place to allow employees to report incidents of
fraud and corruption, e.g. a fraud hot line.
47
• Roles and responsibilities in the process
Policy and procedure should be clear on who is responsible for what, e.g.
preliminary investigations are to be carried out by line managers or the risk
management unit.
• Procedure in carrying out preliminary investigations
Because every incident must be investigated, preliminary investigation will
help to establish reasonable grounds on whether investigation is justified or
not.
• Procedure in taking resolutions after preliminary findings
There must be a procedure on who decides whether to escalate cases to internal

and/or external investigating units. It is important that other law enforcement
agencies be involved as early as possible. In deciding to involve these other
agencies, the organisation can consider
• the nature of fraudulent act (criminal or misconduct)

• internal capacity
• amounts involved (potential loss)
• likelihood of asset forfeiture
• likelihood of criminal prosecution
• involvement of other law enforcements
Depending on the facts of the incidents, investigations can immediately be

referred to internal and/or external investigating units.
2.1.9.5 Resolution
This stage focuses on post-investigation activities which can include the

following:
• Disciplinary actions: The disciplinary actions will be a result of the findings

from internal investigations. There is no legislation on decisions made, but
precedent is important for future reference.
• Civil recovery: It is important for the organisation to recover losses suffered
during fraudulent, corrupt and/or misconduct acts.
48
• Decision on controls to be developed/reviewed: This requires
involvement of other functions in the organisation to avoid recurrence.
• Awareness and communication: As a preventive measure and for
transparency purposes, all incidents reported and investigated must be
communicated to all employees.
• Lesson learnt: This is part of ensuring that the organisation does not suffer
one fraud scheme more than once.
• Updating incidents database for future reference: This database is used
for future reference. All the information about the incident must be recorded
and kept, i.e. nature of the incident, how it was investigated and the
resolutions that were taken.
• Reporting: Information about cases investigated and finalised by the
organisation may be required by other bodies, e.g. National Treasury, DPSA
and Auditor-General.
• Developing a fraud prevention implementation plan: The strategy
should include the detailed processes to be adopted by the organisation in
identifying exposure to fraud and corruption. Once exposure to fraud and
corruption has been identified, it will be necessary to evaluate the
effectiveness of existing controls and countermeasures. Where additional
or new controls and procedures are necessary, responsibility for their
development and application must be allocated to individual management
personnel. Every stakeholder takes ultimate responsibility for applying anti-
fraud controls and procedures.
• Monitoring: Monitoring the application of controls and procedures and
ensuring adequate supervision and dynamism of the controls and
procedures will be the responsibility of the risk management committee.
The following steps need to be taken when developing a fraud prevention

implementation plan:
• Determine the fraud risk management activities to be performed considering

the fraud risk profile and related costs versus the benefits.
• Determine the resourcing requirements. This element describes the
capacity and competence of personnel and the strategy to address capacity
49
gaps. It also addresses the technology and funding requirements needed to
implement the fraud risk management strategy.
• Determine the sequence of activities and the target implementation dates,
assign ownership for and communicate fraud risk management activities,
agree on frequency and format of reporting and obtain consensus on the
frequency, content and responsibility for reporting.
• The size of the organisation and the extent of fraud and corruption can be
used to decide whether to have a separate oversight committee for fraud
risk management and to use the risk management committee as an
oversight body.
• The fraud prevention strategy and implementation plan should ideally be
developed together to ensure connectivity and continuity. Both documents
should be approved by the accounting officer/authority and reviewed
annually.
Anti-Fraud Ethical Policies and Training and Risk

Programmes Culture Procedures Awareness Management
Disciplinary Action Prevention Internal Audit
Civil Recovery Fraud Strategy Detection Automated Alerts

Resolution
Improved Controls Whistleblowing

Investigation
Incidents Database Forensic Analysis
Policy/procedure
Awareness/Lessons
Learnt/Communication Disciplinary Action/Internal
Preliminary
Investigation
investigations
Reporting
Resolution on Preliminary Other Law Enforcement
Findings Agencies (SAPS, SIU, AFU)
Figure 4: Fraud prevention processes that can be linked to key pillars
50
The structure illustrated in figure 4 above provides guidelines for a fraud
prevention plan. Organisations can be flexible in developing a plan suitable for
their circumstances. The guidelines are more about understanding the principles
and are not blueprints.
ACTIVITY 6
After you read through the section on the red flags warning of fraud,
prevention, and detection, answer the questions below.
1. What are behavioural red flags warning of fraud?
2. Discuss the prevention and detection of fraud.
FEEDBACK
Compare your answer with the responses below:
1. The most common behavioural red flags are the following:

• people living beyond their means
• financial difficulties
• unusually close association with a vendor or customer
• excessive control issues or unwillingness to share duties
• recent divorce or family problems
• a general “wheeler-dealer” attitude involving shrewd or unscrupulous behaviour
While the presence of these red flags does not imply that fraud is being
committed, understanding, and recognising them can help organisations detect fraud and
mitigate losses.
2. Prevention and detection of fraud

The following are examples of procedures and mechanisms that are specifically designed
to detect and prevent fraud:
• Increasing the perception of detection

It is much easier to prevent fraud than to detect it. To prevent fraud, investigators should
understand the potential perpetrator’s mindset. Increasing the perception of detection
51
might be the most effective fraud prevention method. Controls, for example, do little good
in preventing theft and fraud if those at risk do not know of the presence of possible
detection. In the audit profession, this means letting employees, managers and executives
know that auditors are actively looking for information concerning internal theft. This can
be done in several ways, such as through proactive audit policies, employee anti-fraud
education, enforcement of mandatory vacation and job rotation policies, strong
management oversight and effective reporting programmes.
• Proactive audit procedures

Implementing proactive audit procedures demonstrates management’s intention to
aggressively look for possible fraudulent conduct instead of waiting for instances to come
to management’s attention. These techniques include analytical reviews, fraud
assessment questioning and surprise audits where possible.
• Use of analytical review procedures

Some internal fraud is discovered because of analytical review procedures performed
during a financial statement audit. To uncover fraud using these techniques, however, the
fraud scheme must materially impact the financial statements.
Forensic investigators and examiners should particularly look out for the following trends:
• increasing expenses
• increasing cost of sales
• increasing receivables/decreasing cash
• increasing inventories
• increasing sales/decreasing cash
• increasing returns and allowances
• increasing sales discounts
• Fraud assessment questioning
Fraud assessment questioning is a non-accusatory interview technique used as a part of

a normal investigation. It operates on the theory that employees’ attitudes are a good
indicator of potential problems and that one of the most effective ways to assess potential
fraud is to ask about it.
52
Below are some suggested questions that can be asked as part of the normal audit.
• Do you think fraud is a problem for business in general?
• Do you think this company has any problem with fraud?
• Has anyone ever asked you to do anything that you felt was illegal or unethical?
• If you felt that there was a problem in the company with respect to fraud, what would
you do?
• Do you have any indication that there is fraud occurring in the company now?
• Surprise audits where possible
In addition to regularly scheduled fraud audits, surprise fraud audits of business functions
in which fraud is most likely to occur can be effective both in increasing employees’
perception of detection and in uncovering actual fraud that has been perpetrated. The
surprise element must be present for this control to be effective; predictability allows
perpetrators the time to conceal their acts by altering, destroying, or misplacing records
and other evidence.
• Employee anti-fraud education

Each entity should have a policy for educating managers, executives and employees
about fraud. This education can be provided through memoranda, organisation-wide
emails and voicemails, formal training programmes and other intercompany
communication methods. Any education efforts should be positive and non-accusatory.
• Employee awareness training programme

Every employee within the organisation should be required to participate in the fraud
awareness training programme. No individuals—regardless of their position within the
organisation—should be exempted from receiving an initial orientation and ongoing anti-
fraud education.
2.1.10 SUMMARY
Fraud in procurement systems is one of the major contributors of annual losses
within public and corporate entities. In this section, we discussed the differences
between fraud and corruption and various types of fraud. Also, we highlighted
several red flags and processes forensic investigators, and examiners must look
53
out for in the investigation of fraud. Preventing fraud and other economic crimes
is a complex challenge, complicated by an even further volatile risk landscape.
Forensic investigators and examiners must act quickly to navigate change before
fraudsters exploit the potentially widening cracks in fraud defences.
List and discuss the key pillars of fraud prevention strategies that lower the
likelihood of the occurrence of fraud in an organisation.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
____________________
54
SECTION 2: CORRUPTION
• define the term corruption and give practical examples

• highlight the scale of corruption
Key • identify different types of corruption and corruption schemes
learning
• identify the red flags of corrupt employees and third parties
outcomes
• highlight the internal controls that may cause red flags of
corruption in the organisation
• explain the consequences of public and private sector corruption
• discuss the methods of proving corruption payments during the
forensic investigation
2.2.1 INTRODUCTION
Corruption is one of the main obstacles to sustainable economic, political and
social development for developing, emerging and developed economies such as
South Africa. According to Write (2021), South Africans think corruption is getting
worse despite the government positioning itself as against corruption. The survey
conducted by Afrobarometer in 2021 shows that South Africans perceive
corruption as increasing due to seeing large numbers of civil servants and
businesses involved in corrupt activities (Write 2021). It is therefore not surprising
that there is growing worldwide concern over the phenomenon of corruption, and
in response, the United Nations (UN) in 2003 adopted the Convention Against
Corruption (CAC), thereby effectively obliging its 148 signatories to adopt anti-
corruption measures (Soliman & Cable 2011). Corruption erodes trust, weakens
democracy, hampers economic development and further exacerbates inequality,
poverty, social division and the environmental crisis. Exposing corruption and
holding the corrupt to account can only happen if we understand how corruption
works and the systems that enable us to correct it.
55
2.2.2 DEFINING THE CONCEPT OF CORRUPTION
Corruption has been defined in different ways, each lacking in some respect.
A few years ago, a great deal of time was spent in conferences and meetings on
the question of the definition of corruption because of the various ways in which
people can perpetrate unethical acts of corruption. Corruption is a very difficult
concept. In simple terms, corruption can be defined as the abuse of public office
for private gain. It usually involves an activity in which both the public and
corporate sector participate, and, in most instances, it is based on greed and not
on need. How would you define corruption in your own words?
The Prevention and Combating of Corrupt Activities Act of 2004, section 2(3)(a)
and (b) provides us in South Africa with the only legal definition of corruption:
“anybody who (a) accepts any gratification from anybody else, or (b) offers or
gives any gratification (benefit) to anybody else in order to influence the receiver
to conduct herself or himself or itself in a way which amounts to the unlawful or
irregular exercise of any duties, commits corruption” (Republic of South Africa,
2004).
The term corruption is derived from the Latin word corruptus, meaning broken
object; it signifies a departure from ethics, morality, tradition, law, and civic virtue.
This definition is sometimes understood differently by various scholars and

practitioners in the field of governance:
• Abuse could be defined as including some or all of the following: a crime,

an administrative violation, the infringement of a political standard, or an
ethical lapse.
• Public power could be defined as the authority of any arm of the state,
including executive bodies, the legislature and the judiciary — and any
agent of these branches. More expansively, it could include any
organisation or activity that is funded or supervised by the state (e.g., a
public foundation or a bank), or perhaps any structure in which decision-
making power over policies and resources is exercised by some
representative, delegate, or fiduciary (e.g. a corporation or labour union).
56
• Lastly, private gain simply refers to personal, kin, partisan, or other narrow
interests that benefit that person instead of the relevant public (or that
benefit at the public’s expense).
2.2.3 SCALE OF CORRUPTION

Corruption is a broad concept that covers a wide range of practices and
transactions. In examining the operation of organisations, it is important to be
aware of the range of possible corrupt transactions that could occur and that each
form of corruption may have different causes and consequences (Ruhiiga, 2009).
Transactions that are considered corrupt in some societies may be considered

normal in others, depending on local traditions and values. However, most agree
that the following types of behaviour are corrupt:
• Bribery: This involves informal payments or gifts demanded by, or offered

to, public officials. These could be demanded for services that public
officials are supposed to provide, for licences, or in exchange for choosing
a contractor (kickbacks) or arranging favourable privatisation deals. When
bribery takes place in the context of getting hired or promoted, it is probably
better described as patronage. In many languages, the word for corruption
is synonymous with bribery. Bribery is the core concept for corruption and
the other categories frequently overlap with it.
• Extortion: This is the threat of the use of force or other forms of intimidation
to extract payments; for example, a regulator who threatens to shut a factory
down based on the violation of some standard if a payment is not made.
Because threats can be implicit, the distinction between extortion and bribes
is not always clear.
• Misappropriation: This is the theft or private use of public funds or
equipment. This can vary from relatively innocuous practices like a
government official asking their official driver to pick up their children from
school, to sinister ones like the theft and dilution of vaccines that lead to the
proliferation of resistant strains of diseases. At high levels of government,
theft can take place directly from Treasury and involve large amounts of
money.
57
• Self-dealing: This refers to the practice of hiring one’s own firm — or a firm
belonging to close relatives or friends — to provide public services. The
definition can be extended to selecting such a firm as the purchaser of a
privatised company.
• Patronage: This refers to hiring one’s own friends and relatives, even when
they are not the most qualified, or accepting bribes in exchange for
government jobs. The sale of jobs, which is related to shirking, appears to
be a widespread practice in some countries. Offering government jobs in
exchange for political support is also a questionable practice, but there is
some debate about whether it is a form of corruption.
• Shirking: Shirking is a widespread practice in the public sectors of many
developing and transitional countries, where public officials routinely come
late to work, leave early, are routinely absent from work, or perhaps never
come to work at all. Sometimes these workers purchased their jobs and
never intended to work (and those who hired them were aware of this). In
some cases, they may have other jobs, so that the government “job” is
simply an income supplement financed by the taxpayer
2.2.4 CORRUPTION AND DEMOCRACY

Well-established democracies have lower levels of corruption compared to
authoritarian regimes or young democracies (Montinola & Jackman 2002; Warren
2004). However, if a regime is democratic, this alone does not guarantee a lack
of corruption (Kramer 2018; Kubbe 2017). For instance, democracies may
experience corruption when they lack transparency in political and campaign
financing, have outdated laws on freedom of information, provide insufficient
protection to whistleblowers or have unreliable media. According to Ruhiiga
(2009), corruption, or the perception thereof, tends to increase as countries begin
to develop democratic processes. Pring and Vushi (2019) argue that “countries
which recently transitioned to democratic governance often did not develop
effective anti-corruption and integrity mechanisms, and now find themselves
stuck in a cycle of high corruption and low-performing democratic institutions”.
Using a panel of 103 countries over 5 years, Sung (2004) found that as countries
become more democratic, levels of corruption first decrease, then increase, then
58
decrease again. This is a combination of rising economic opportunities in the form
of rents to be captured (Menes 2006) and the inability of government institutions
to establish appropriate control and oversight mechanisms over these new
opportunities (Schneider 2007). Andvig (2006) further explains that corruption
grows in places experiencing “fast change”, such as in rapidly developing
economies, post-communist countries, or those transitioning from authoritarian
to democratic government – where institutional needs are changing rapidly and
situation-specific incentives include increased uncertainty. Over time, as
governments develop their institutions and capacities, corruption tends to
diminish. However, this is not inevitable, and studies show that corruption exists
even in the most stable and successful democracies (Pring & Vushi 2019).
Thus, even if democracy is viewed as a preferable system for tackling corruption,

it is not democracy in general, but rather specific political institutions, actors and
processes that have an anti-corruption effect by serving as checks and balances,
including the role played by different political parties. There are various types of
democratic systems across the world, from liberal democracy to democratic
socialism as well as direct and indirect democracy. The different democratic
systems could experience different forms and levels of corruption. Nevertheless,
as discussed in further detail below, corruption risks are generally higher in
authoritarian systems (or autocracies), which tend to be characterised by
informally defined executive power, limited political pluralism, media control,
human rights violations and military reinforcement of the regime. These features
of autocracies make social mobilisation – a key aspect of the fight against
corruption – more challenging.
2.2.4.1 Horizontal and vertical accountability
According to institutionalism (the study of politics through a focus on formal

institutions of government), the factors that have the strongest inhibiting effect on
a country’s level of corruption are the character, design and transparency of the
political system and its institutions. To better understand this, a distinction is
made between horizontal and vertical accountability. Horizontal accountability is
associated with the formal mechanisms in government to monitor sound
governance and provide checks and balances. These mechanisms are often
59
appointed or funded by the government and, as such, they may not provide the
best incentives or build the best capacity for addressing corruption in the
government.
Vertical accountability refers to the accountability of governments towards their

citizens, which is mostly achieved through elections. Since democracies and
hybrid regimes give their citizens a role in choosing their political leaders, elected
officials who have been proven to be corrupt can be “punished” for their actions
by being voted out of office in the next election (Abed & Gupta 2002; Bågenholm
& Charron 2015). However, we must not overlook the fact that “democratic”
elections can be rigged or adversely affected by oppressive regimes. In addition,
there are a variety of subtler forms of influencing democratic elections, according
to Stockemer (2018).
The separation of powers includes checks and balances, electoral competition,

free and fair elections and judicial control – all of which limit and decrease the
opportunities for people to engage in dishonest actions (Dahlström, Lapuente &
Teorell 2012; Holmberg & Rothstein 2015). At the same time, the relationship
between corruption, institutions, political systems, culture and gender is highly
complex (Debski, Jetter, Mosley & Stadelman, 2018).
2.2.4.2 Voters: ignorance, inconsistency and trade-offs
Despite the safeguards that democratic and hybrid systems provide against
corruption, citizens often do not fully exploit their rights, and do not use elections
to express general discontent and “punish” corrupt politicians when they vote.
The “punish” in this context is distinct from legal, administrative and civil
consequences associated with criminalising corruption (for more information, see
the 2015 UNODC working paper on the use of civil and administrative
proceedings against corruption). Rather, it implies trying to actively vote out or
remove from office. On the one hand, citizens mostly express a clear rejection of
corruption and negatively evaluate politicians involved in corruption. On the other
hand, some citizens tend to prioritise competent representatives over honest
representatives. As such, the electoral ability to vote out corrupt politicians is
limited and depends on many factors.
60
There are different explanations for voters' ignorance, apathy and decisions not
to actively vote out a corrupt politician or party. These explanations range from
low levels of citizens’ political awareness, to lack of transparency and information
about wrongdoings, as well as partisanship, weak institutions, voters’ inability to
effectively monitor and question politicians’ actions and the emerging problems
of information saturation or overload. In the following paragraphs we discuss
different hypotheses that attempt to explain voter behaviour in electing corruption
officials. The discussion is informed by general empirical findings. Therefore, be
careful in how you apply the findings and avoid generalisations about voters and
corruption.
Besides the inconsistency hypothesis, which implies that citizens are not always
consistent in their voting patterns at different levels of elections, the information
hypothesis is one of the main explanations why voters do not necessarily vote
out corrupt politicians. It suggests that when voters lack information about a
candidate’s involvement in corruption, they support corrupt politicians. There is a
fair amount of corruption in politics across the world and South Africa is no
exception. In South Africa, winning elections can be lucrative for local politicians.
A study conducted at Copenhagen Business School in Denmark indicates that
while South African voters want to punish corrupt candidates, they are more
forgiving when those politicians offer certain benefits in return for their vote (IOL
2019). This indicates that the more politically aware the 0 are, the less likely they
are to support corrupt politicians. At the same time, partisanship could mitigate
the difference between the low- and high-awareness voters, as the highly aware
tend to be more partisan and, as such, they may be more willing to forgive corrupt
politicians.
This phenomenon is also in line with the parties-candidates hypothesis which

suggests that voters usually differentiate between parties and candidates. It
means that they do not only consider candidates’ individual skills and
performances, but that the party for which the candidates are running might be
the more important consideration for their voting decision. The idea here is that
citizens may be more likely to vote for a politician that is corrupt but otherwise
61
perceived as competent than for an honest but incompetent politician. In other
words, citizens perceive a “trade-off” between anti-corruption reforms and other
desirable goals, such as increasing local welfare or attracting local investment or
security.
Another explanation for voters’ ignorance is the loyalty hypothesis, which is

associated with the finding that “right-wing voters are more loyal and faithful than
left-wing voters” (Jiménez & García 2018). Finally, it is worth considering in this
context how corruption is being exploited as a theme to win elections, including
by corrupt leaders who get elected by promising to fight corruption. Voters feel
they are voting out a corrupt government, when in fact the new government is
corrupt.
2.2.5 FORMS AND MANIFESTATIONS OF PUBLIC SECTOR

CORRUPTION
All the forms of corruption we mentioned above occur in the public sector,
including bribery, embezzlement, illicit enrichment, trading in influence and abuse
of functions (which can involve favouritism and nepotism). The precise legal
definition of corruption offences is complex. For example, Article 15 of UNCAC
defines bribery in the public sector as “the promise, offering or giving, to a public
official, directly or indirectly, of an undue advantage, for the official himself or
herself or another person or entity, in order that the official act or refrain from
acting in the exercise of his or her official duties”. While this definition can be
difficult to understand, the essence of the crime – money or anything else of value
exchanged for benefits from political or economic actors – is not difficult to
understand. Nor is it difficult to understand the effect of the crime – avoiding lawful
procedures by auctioning off political or economic power to the highest bidder.
The same goes for embezzlement and misappropriation of property, defined in

UNCAC Article 17. Someone entrusted with something valuable (such as
property, funds, or investments) has taken it for themselves or routed it to some
third party at the expense of others. It is, essentially, a combination of betrayal
and theft. UNCAC Article 19 defines the offence of abuse of functions. This
offence could apply to situations such as patronage (the use of state resources
62
to reward individuals for their electoral support), nepotism (preferential treatment
of relatives), cronyism (awarding jobs and other advantages to friends or trusted
colleagues) and sextortion (the demand for sexual favour as a form of payment)
– all of which undermine independent or democratically representative decision-
making, and fair and competitive processes in the formation or staffing of
governments. Like the crimes of bribery and embezzlement, these forms of
corruption destroy transparency, accountability and the rule of law. That is not
only their effect; it is also their object and purpose.
Corruption manifests differently in different areas of the public sector. For

example, corruption schemes in the areas of security and defence may include
patronage and bribes to secure the purchase of military equipment from a
particular company. In the health sector it may refer to kickbacks that patients
have to pay to their doctors, or abuse of healthcare funds by public officials and
doctors. Common corruption schemes in the police and the judiciary include the
manipulation of cases and evidence by the police, court judgments given to
satisfy a favoured party and corruption in judicial procurement. All these schemes
lead to people’s frustration, disengagement, polarisation and even conflict. When
these corruption offences occur in the areas of the public sector that are
responsible for providing justice and enforcing the law, such as the judiciary and
the police, they are not only offences, but they also obstruct the course of justice
and undermine the rule of law and human rights in the most direct and
fundamental way.
2.2.6 CONSEQUENCES OF PUBLIC SECTOR CORRUPTION

Public sector corruption adds substantially to the costs of public goods and
services, leads to the misallocation of public resources, weakens policy-making
and implementation and destroys public confidence in the government.
Corruption in the police or judiciary can be especially detrimental to the rule of
law and human rights in a country. Corruption in the defence sector and the health
system can have equally devastating impacts. Corruption in the military, for
example, can impede the government's ability to protect the population from
security threats, and corruption in hospitals can result in health crises and
unnecessary deaths.
63
Corruption in public works and infrastructure has the obvious potential for harm
to the public, and ranges from non-existent, inappropriately located and poorly
functioning public services, to services that physically injure or kill members of
the public. Corruption in infrastructure often determines what is built where, rather
than the amount spent on building or connecting the infrastructure (Kenny
2006:18). Locatelli, Mariani, Sainati & Greco (2017) show how corruption in Italian
high-speed railways worsens both cost and time performance. The authors also
use this case study to examine the impact of corruption on megaprojects (high-
value, complex projects with long-lasting impact on the economy, environment
and society). Some procurement corruption cases lead to death and injury.
“The case of Giyani Water Project and the problems of BIG infrastructure where
R502m grew to R2.7bn in a year.” That was the headline of the April 2016 City
Press report which revealed that Former President Zuma had ordered the SIU to
probe the award of contracts for emergency works to supply water to Giyani. Two
years later, with the department in financial crisis, the Auditor-General’s office
told Parliament that there had been R2.2 billion of irregular expenditure on the
project because contracts had been awarded irregularly. Meanwhile, the
Department of Water and Sanitation (DWS) indicated that the project would cost
R10 billion to complete and bring water to all the people in this small town and its
90+ surrounding villages. The Chairperson of Parliament’s Standing Committee
on Public Accounts (SCOPA) called for a full parliamentary inquiry and for
criminal charges to be opened, saying that the DWS had suffered a complete
collapse. But the case shows how one small incident of corruption before the
Chairperson arrived on the scene escalated into a monster once an enabling
environment had been created. Subsequently, this small incident of tender fraud
triggered a frenzy of mismanagement and major corruption involving billions of
rand. Both the DWS and Lepelle Water have been deeply damaged, weakening
their ability to discharge their functions. Local municipalities have been left with a
dysfunctional system that they cannot afford to operate. Giyani’s households
suffered and one unanswered question is where did all the money go.
The impact of corruption in the public sector is determined by its frequency and
extent. Public sector corruption may be episodic (a single act of corruption) or
64
systemic (a pervasive pattern of corrupt activities and practices over time), and
its effects can range from isolated to far-ranging in nature. For example, a public
servant stealing office stationery to sell outside of work may have limited adverse
effects, particularly if it is an isolated incident. In contrast, a pervasive pattern of
corruption such as state capture has far-reaching and potentially devastating
political and economic effects. However, there are also serious moral implications
to any act of corruption. Furthermore, even episodic corruption cases can
eventually lead to an unethical organisational culture, which can escalate to
systemic corruption.
Systemic corruption in the public sector erodes public trust in government

institutions, damages policy integrity and distorts public sector outcomes. It also
has a very negative impact on the public sector in that it leads to a self-
perpetuating organisational culture of corruption. The vested interests of the
different actors in the system make systemic corruption very difficult to fight. It
thus becomes necessary to base anti-corruption efforts, as much as possible, on
both intrinsic elements in the public sector and on external controls (including
laws and regulations), as well as on broad public participation.
2.2.7 CAUSES OF PUBLIC SECTOR CORRUPTION

There are a variety of factors at country level that have an impact on how
governments and their services function, which in turn influences the existence
and extent of public sector corruption. Some of these factors include the following:
• Country size
Research shows that countries that are geographically large and have a low
population density can be more prone to corruption because of the increased
difficulties in monitoring public officials in dispersed locations (Goel & Nelson
2010).
• Country age
Newly independent countries, or those that have recently transitioned from

authoritarian regimes to democracies, may face more corruption owing to, for
65
example, underdeveloped governance systems or rent-seeking opportunities
created by the privatisation of state assets (Goel & Nelson 2010). In the context
of corruption, rent-seeking means increasing one's share of existing wealth using
public resources without creating new wealth for the state.
• Resource curse
The public sector has a monopoly over the distribution and allocation of natural
resources rights. This allows economic opportunities to be exploited for corrupt
purposes. The Natural Resource Governance Institute (2019) stresses that
"given their highly concentrated and highly profitable nature, the oil, gas and
mining industries can generate the kind of political and private incentives that
favor rent-seeking and institutional (or state) capture". Indeed, data shows that
many resource-rich countries suffer from poor governance and systemic
corruption.
• Political instability
Political stability is associated with low corruption levels, whereas the probability
of corruption is higher in politically unstable environments (Lederman, Loayza &
Soares 2005). Lack of stability in transitions to a newly elected government is
particularly associated with public sector corruption. Notably, partisan
administration can be the cause of corruption in certain countries.
• Wages
Low wages and the resulting poverty in the public sector are also believed to
contribute to corruption in some countries (Tanzi 1998).
• Lack of rule of law
Lawlessness and poor rule of law is an important government-level contributor to

corruption. The probability of corruption occurring might increase where the legal
system is unable to provide sanctions for officials that engage in corruption
(LaPorta et al 1999). In addition, corruption risks are higher in countries with less
66
secure property rights, as corrupt means are used to ensure the security of these
rights, where the legal system is unable to do so (Dong & Tongler, 2011).
• Failure of governance
Shah (2006) argues that public sector corruption results from a failure of
governance. Poor governance can arise from low-quality public sector
management, a lack of accountability, poor relations between the government
and citizens, a weak legal framework, a lack of transparency regarding public
sector processes and poor dissemination of information. A lack of competence
and capacity due to inadequate training also contributes to failure of governance.
• Size of government
Research presents mixed findings on the relationship between corruption and the
size of government. According to Goel and Nelson (2010) and Rose-Ackerman
and Palifka (2016), the larger the government, the more numerous the
opportunities for rent-seeking by officials. In contrast, Gerring and Thacker (2005)
find that the size of government is not correlated to higher levels of corruption.
One conclusion that can be drawn from the mixed research findings is that the
relationship between corruption and the size of government depends on other
factors such as regime type, political stability and government structure (e.g.
federal versus centralised).
• Nature of bureaucracy
Tanzi (1998), Kaufman and Wei (1999) and Goel and Nelson (2010) all contend
that government bureaucracy and government intervention in the economy
promote corruption. Tanzi (1998) further asserts that "the existence of regulations
and authorizations gives a kind of monopoly power to the officials who must
authorize or inspect the activity". He also specifies the quality of the bureaucracy
as an important cause of corruption.
• Public spending at local level
A study by Corrado and Rossetti (2018) addresses public corruption in various

regions of Italy. Using a regional dataset on corruption crimes perpetrated by
67
public officials, combined with demographic and socioeconomic variables, they
found that the extent of public spending at local level explains corruption, but that
socioeconomic and cultural conditions also matter. Their findings suggest that
"regions which have historically placed less importance on rooting out corruption
may be stuck in a vicious circle of higher levels of corruption" and that "individuals
who reside in regions where corruption is higher and persistent are less likely to
be satisfied with public services".
• Social capital
Social capital refers to the "links, shared values and understandings in society
that enable individuals and groups to trust each other and so work together"
(OECD 2007:102). The study of Corrado and Rossetti (2018) found that regions
with higher social capital are more likely to face lower levels of corruption. Their
results confirm the study of Bjørnskov and Paldam (2004), who report that higher
levels of social capital are associated with less corruption, although it is not clear
whether social capital leads to less corruption or whether low corruption leads to
greater social capital.
• Large unique projects
Locatelli et al (2017) analysed different types of corruption and projects that are
corruption prone. Their findings suggest that when public actors play a key role
in "large unique projects" – i.e. publicly funded projects which occur once and
have no predecessor to provide guidance – these projects are more likely to be
affected by corruption compared to smaller and more routine projects.
• Conflicts of interest
Conflict of interest has been defined by the Organisation for Economic Co-
operation and Development (OECD 2003) as "a conflict between the public duty
and private interest of public officials, in which public officials have private-
capacity interests which could improperly influence the performance of their
official duties and responsibilities". An example of a conflict of interest is the
"revolving door" situation, in which public officials obtain lucrative posts in the
private sector once they leave the public service, with the expectation that they
68
will use their public sector contacts to benefit the private company (Ferguson
2017). The types of "private interests" that could lead to a conflict of interest
include objective things like a directorship in a company, but can also include
subjective ideological, political and personal interests that may improperly
influence public duties (Ferguson 2017; Rose-Ackerman 2014). The existence of
a conflict of interest in and of itself is not necessarily unlawful. What is unlawful,
however, is the failure to disclose a conflict of interest and/or the mishandling of
it.
ACTIVITY 7
What are the causes of corruption?
FEEDBACK
Compare your answer with the response below:
There are several causes of corruption such as

• country age
• resource course
• political instability
• wages
• lack of rule of law
• failure of government
• size of government
• nature of bureaucracy
• public spending at local level
• social capital
• large unique project
• conflict of interest
2.2.8 THEORIES THAT EXPLAIN CORRUPTION

As corruption is a complex phenomenon, no one theory explains it all. We review
the main theories used to explain why corruption occurs.
69
2.2.8.1 Principal-agent theory
The desire for personal gain is often said to be the main cause of public sector
corruption, but this is an over-simplification of the complex relationships between
individuals and the state. Two of the most popular theories on corruption in the
economic literature are the principal-agent model and the related agency problem
(Klitgaard 1988; Shleifer & Vishny 1993). The principal-agent model assumes
that agents (public officials) serve to protect the interests of the principal (the
public, parliament, or supervisors). However, the interests of the agents are often
different from the interests of the principal. The agent can prescribe the pay-off
rules in the principal-agent relationship, but there is not an equal relationship
between the two parties and the agent could use this for personal benefit
(Groenendijk 1997). In this context, an agency problem occurs where the agents
choose to engage in a corrupt transaction, in their own interests and to the
detriment of the interests of the principal. To limit the agency problem, the
principal can design incentives and schemes (e.g. monitoring, bonding and
oversight) to try and prevent the agent’s potential abuses.
2.2.8.2 Collective action theory
Collective action theory has emerged as an explanation for why systemic

corruption continues even though there are laws making it illegal, and why
corruption resists various other anti-corruption efforts in some countries.
Collective action theory goes beyond traditional principal-agent relationships and
emphasises the importance of factors such as trust and how individuals perceive
the behaviour of others. Persson, Rothstein and Teorell (2013) regard systemic
corruption as a collective problem, because people rationalise their own
behaviour based on the perceptions of what others will do in the same situation.
When corruption becomes a social norm, everyone starts seeing it simply as the
way to get things done. People are aware of the negative consequences of
widespread corruption, but they engage in corrupt actions as they believe that "it
doesn't make sense to be the only honest person in a corrupt system" (Marquette
& Peiffer 2015). In such an environment, anti-corruption measures based on the
principal-agent model will not be effective, as there are no "principled principals"
who will enforce anti-corruption norms (Klitgaard 2004; Persson et al 2013). An
institutional or organisational culture of corruption leads to the normalisation of
70
corrupt practices at societal as well as individual level, and perpetrators are free
to violate or ignore formal anti-corruption rules (Appolloni & Nshombo 2014). To
combat corruption in these circumstances, there is a need for collective and
coordinated approaches, such as reform coalitions or proactive alliances of
organisations that feel the same about corruption.
2.2.8.3 Institutional theory
Institutional theory - also known as institutionalism - uses country and

government institutional characteristics, such as pre-existing rule of law, well-
defined anti-corruption norms and independent anti-corruption institutions with
enforcement powers, to explain corruption in the public sector. Institutional theory
"examines the processes and mechanisms by which structures, schemas, rules,
and routines become established as authoritative guidelines for social behaviour"
(Scott 2004). In relation to understanding corruption, institutional theory brings in
the social context and explains how corruption might become entrenched in
organisations, in institutions and in society, despite the existence of an anti-
corruption framework (Luo 2005). Institutional theory considers that corruption is
influenced by the character, design and transparency of the political system and
its institutions. At the same time, it acknowledges that the relationship between
corruption, institutions, political systems, culture and gender is highly complex
(Debski et al 2018). A fair amount of research has focused on the relationship
between political institutions on the one hand and, on the other hand, the extent
and levels of corruption.
Related to this is the "institutionalist" view of political corruption that was

developed by Thompson (1995) and Lessig (2018). This view stresses that while
corruption can occur at individual level, it can also be institutional where
institutions are structured in a way that makes them deviate from their original
purpose. An example is private financing of political campaigns in the US.
In South Africa, candidates that run for elections can receive financial support
from a diverse set of private sources such as ordinary citizens, private
corporations and cultural or religious groups. Once elected, a politician who has
received financial support from, say, a private company may push forward some
71
regulation that aims at reducing the fiscal pressure in the area where this
company operates.
In this example, the combination of unlimited financial support and lack of

transparency is an issue because even if candidates do not act illegally at
individual level, the practice of private donation is susceptible to political
corruption. It can thus be argued that the institution of democratic elections is
corrupt since "the institutionalised practice of receiving private funds for electoral
campaigns makes the institution of democratic elections depend on the arbitrary
influence of financial powers" (Ceva & Ferretti 2017:3). The institutionalist
approach accordingly suggests that in the study of corruption we should focus on
the "bad barrel" (distorting institutional practices and mechanisms) rather than
concentrating on the "bad apples" (individual misbehaviour).
2.2.8.4 Game theory
Another theory that explains public sector corruption is game theory. This theory
borrows from economic literature and tries to explain corrupt decisions by public
officials. Macrae (1982) suggests that corruption is part of a rational calculus and
an integral and often deeply rooted method by which people take decisions. In
this context, individuals face a "prisoner's dilemma", which "illustrates a conflict
between individual and group rationality" (Kuhn 2019). The individual fears a
disadvantage if they refuse to engage in corrupt practices, while other individuals
do not refuse to do so in the same situation. As a result, all individuals obtain
some sort of benefit which is always less than the benefit that each of them would
have obtained if they refused to engage in corrupt practices. This is illustrated,
for example, in the area of public procurement, where participants in corruption
include private sector actors that are unsure of the actions of others. The fear of
being outdone by competitors acting illegally or unethically thus motivates
otherwise ethical companies to engage in procurement corruption. Note that
various situational and psychological factors could play a role in fostering
unethical behaviour, sometimes despite an individual's best intentions to act
ethically.
72
2.2.9 PREVENTING PUBLIC SECTOR CORRUPTION
As recognised by Article 5 of the UNCAC (2003), the core principles associated
with preventing corruption in the public sector are the rule of law, proper
management of public affairs and public property, integrity, transparency and
accountability. In Articles 7 and 8, UNCAC requires states to put in place specific
measures that ensure adherence to these principles, including adopting merit-
based systems for recruiting and promoting civil servants, prescribing criteria for
election to public office, enhancing transparency in the funding of political parties,
preventing conflicts of interest, promoting codes of conduct for the public sector
and establishing systems for declaring assets. Additional measures for
preventing corruption, in Articles 10 and 13 of UNCAC, include the promotion of
stakeholder participation and open government. These and additional measures
that can prevent corruption in the public sector are discussed below.
2.2.9.1 Codes of conduct
Corruption prevention mechanisms often start with rules that prohibit certain
types of conduct. Rules include legal prohibitions against corruption, and criminal
and civil penalties for both the public and private sectors (Williams-Elegbe 2012),
but also include codes of conduct and ethics for public officials. According to
Article 8 of UNCAC, these codes must be used for promoting personal standards
(integrity, honesty and responsibility) and professional responsibilities for correct,
impartial, honourable and proper performance of public functions. Codes provide
guidance on how public officials should conduct themselves in relation to these
standards and how they may be held accountable for their actions and decisions.
In addition to UNCAC, other initiatives of regional and international organisations
also recognise and promote the implementation of codes of conduct. An example
is the International Code of Conduct for Public Officials, adopted by the UN
General Assembly in 1996.
2.2.9.2 Systems of rewards and incentives
At a basic level, all countries should establish a system that rewards appropriate
behaviour and penalises corrupt behaviour in the public sector. The system
should include extrinsic motivations such as a decent wage and merit-based
appointments and promotions. Research by the United States Agency for
73
International Development (USAID) (2017) suggests that an invariable link
between lower wages for public officials and corruption does not exist in all
countries, but that, in some cases, public officials who have higher wages and
merit-based promotions are less likely to accept illegal payments. High staff
morale is crucial for anti-corruption efforts to succeed, and there is a lower
tolerance for corruption among people who find their jobs satisfying (Kwon 2014).
Penalties for corrupt behaviour are included in the anti-corruption laws of many
countries, and research has shown that, in some cases, higher or harsher
penalties for corrupt behaviours can lead to a decrease in public sector corruption
(Fisman & Miguel 2007).
2.2.9.3 Accessibility
This refers to the ability of all firms to access government contract opportunities
(OECD 2016). Full accessibility is required to increase competition in public
procurement and foster the participation of small and medium-sized enterprises
(SMEs) in public procurement. Access is fostered by reducing the bureaucracy
inherent in the tender process, cutting the cost of participation in public
procurement and streamlining the tender process. Limiting bureaucracy is
particularly important in public procurement. Access to public contracts by SMEs
and other target companies can be facilitated by rules requiring a portion of
government contracts to be awarded to SMEs, women, minorities and other
target groups.
2.2.9.4 Human resources management
The rules and procedures for hiring, rotation, promotion, professionalisation and
training of civil servants also play a role in combating corruption in the public
sector. For example, staff rotation in jobs that are vulnerable to corruption helps
to prevent corrupt relationships from forming and to disrupt established corrupt
relationships. Rotation may also lead to decreased corruption in the private
sector, as the corrupt partner's continuation in a particular position might not be
guaranteed. Merit-based recruiting is another example of a human resources
management system designed to disrupt corruption. Article 7 of UNCAC
stipulates that the human resources management system of the civil service must
be based on the underlying principles of transparency, integrity and efficiency.
74
This includes ensuring objective criteria for the recruitment, retention, promotion
and retirement of public officials, as well as continuous learning opportunities and
adequate and equitable remuneration and conditions of employment for staff in
the civil service. As with all anti-corruption measures, rotation must be balanced
against other concerns, such as building competency and commitment to public
service.
2.2.9.5 Citizen and stakeholder participation
Public sector accountability requires a wide range of stakeholders – such as anti-

corruption offices, private sector organisations, end-users, civil society,
academia, the media and the public – to participate in public sector processes
and in the procurement process (OECD 2016). Participation of citizens is
especially important in this regard, including in the procurement context (Heroles
2012; Landell-Mills 2013). In some countries, recognition of the importance of
citizen participation in public procurement processes is reflected in the law. For
example, laws in Mongolia and Mexico call for citizen participation in public
procurement processes (Parafina 2015). This has shown to be effective in Mexico
in reducing the cost of public contracts (De Simone, Francesco & Shruti Shah
2012). Unlike in Mexico and Mongolia, the South Africa government does not
have specific regulatory authority in respect of public procurement. Most
government departments and public entities determine and regulate their
procurement systems internally in accordance with the regulatory requirements
for such a system. The principal legislation that regulates public procurement is
the Constitution of the Republic of South Africa of 1996. Section 217 of the
Constitution requires that when an organ of state contracts for goods and
services, it must do so in accordance with principles of fairness, equitability,
transparency, competitiveness and cost-effectiveness (Republic of South Africa,
1996). This constitutional requirement is echoed in section 51(1)(a) of the Public
Finance Management Act 1 of 1999 (PFMA), which states that an accounting
authority for, among other things, a national or provincial department or public
entity must ensure that the particular department or entity has and maintains an
appropriate procurement and provisioning system which is fair, equitable,
transparent, competitive and cost-effective. The PFMA is implemented through
75
the regulations published under it, namely the National Treasury Regulations
(Treasury Regulatory).
2.2.9.6 Open government and e-government
Article 10 of UNCAC requires states to adopt procedures for public reporting and
access to public sector information. In this regard, many countries have
established e-government services that allow the use of information and
communication technologies (ICT) in connection with government functions and
procedures, with the purpose of increasing efficiency, transparency and citizen
participation (United Nations 2016). ICT can improve the delivery of public
services, build trust between citizens and government and contribute to public
sector reform initiatives (OECD 2005). ICT is actively used to promote integrity,
particularly in public procurement and management of public finances as it can
strengthen transparency, facilitate access to public tenders and simplify
administrative procedures (United Nations 2016). Moreover, ICT could help to
reduce direct interaction between procurement officials and companies and allow
for easier detection of irregularities and corruption, such as bid-rigging schemes.
The digitalisation of procurement processes strengthens internal anti-corruption
controls and detection of integrity breaches, and it provides audit services trails
that may facilitate investigation activities (OECD 2016).
A good example of promoting access to information is the Open Data Charter,

which as of September 2019, had been adopted by 71 national and local
governments across the world (although there are disproportionately few
signatories from non-Western countries) and endorsed by 49 organisations from
civil society and private sectors. Government information shared as part of the
Open Data Charter should comply with six principles: the data should be
• open by default
• timely
• comprehensible
• accessible and useable
• comparable
• interoperable (following international data standards)
76
The data should be designed to foster improved governance and citizen
engagement, and it should promote inclusive development and innovation (Open
Data Charter 2018:4). In terms of public procurement, the European Union has
adopted Directive 2014/24/EU, which requires publishing all public tenders above
a certain contract value in the Supplement to the Official Journal of the European
Union (see chapter 3, section II: Publication and Transparency and summary).
Such legal requirements and efforts to provide open information platforms are
critical in preventing opportunities for corruption.
To assist in providing governments with support and technical knowledge on how

to implement open data initiatives, the Open Data for Development Programme
(OD4D) offers numerous resources and training programmes (Open Data
Charter 2018:4). The OD4D Anti-Corruption Open Up Guide, for example,
showcases the use of open data to promote and enforce anti-corruption efforts.
The website provides a vast range of information from all public institutions in
Georgia, including planned expenditures, bonuses and salaries of civil servants,
increasing transparency in public activities and allowing citizens and NGOs to
better understand and study public spending by the Georgian authorities.
2.2.9.7 Managing conflicts of interest
Conflicts of interest could lead to corruption; therefore, these conflicts need to be

disclosed and addressed in a way that will prevent corruption. In general, conflicts
of interest are addressed through financial and asset disclosure requirements,
codes of conduct and other regulations, such as prohibiting public officials from
working in the private sector for a certain period after they leave the public
service. The purpose of these measures is to require public officials to recuse
themselves from decisions where an actual or potential conflict may arise
(Mattarella 2014).
Most of the modern asset and interest disclosure systems were developed
following the adoption of UNCAC, in response to the requirements of Article 8 of
the Convention to avoid potential conflicts of interest in the future, facilitate the
management of these conflicts and ensure that corrupt public officials will not be
able to conceal the proceeds of any illegal activity (United Nations 2018).
77
The open data measures, which were discussed in the section above, can also
be used to facilitate the proceeding of asset declarations for public officials.
Additionally, making information easily available on topics such as asset
declarations and the tender process in public procurement encourages journalists
and researchers to scrutinise data and sectors of society that are often vulnerable
to corruption. For more information on how asset declarations can be used as an
anti-corruption tool, see the World Bank commissioned study by Kotlyar and Pop
(2016).
2.2.9.8 Compliance-friendly environment
In relation to ensuring compliance with anti-corruption rules and norms in the

public sector, nudges and training programmes are common ways of creating an
environment for compliance. Nudge theory was popularised by Thaler and
Sunstein (2008), who define it as “any aspect of the choice architecture that alters
people's behaviour in a predictable way without forbidding any options or
significantly changing their economic incentives. To count as a mere nudge, the
intervention must be easy to implement and cost effective. Nudges are not
mandating. Putting fruit at eye level counts as a nudge. Banning junk food does
not. Nudge theory presumes that, when faced with a choice, people are more
likely to go for a default option, and so presenting simple alternatives now of
decision-making can alter behaviour without heavy-handed enforcement”.
In the corruption context, the concept of ambient accountability uses "physical

space and the built environment to empower people, help them
understand/assert their rights and stop corruption right where it matters - ideas,
inspiration, evidence from stickers, murals and billboards to feedback interfaces,
urban screens, and architectural interventions" (Zinnbauer 2012). Anti-corruption
and ethics training are common in the public sector and in specialised areas like
public procurement - the idea being to sensitise officials to the rules, to areas of
risk and to measures to take when faced with ethical dilemmas (OECD 2007).
2.2.9.9 Monitoring and oversight
Monitoring can take the form of audits, transparency measures that provide
information needed to hold the public sector to account and civil society
78
monitoring. The kind and nature of oversight over, for instance, the procurement
process depends on a risk assessment of the procurement environment. Control
measures can thus serve as risk management tools if they are "coherent and
include effective and clear procedures for responding to credible suspicions of
violations of laws and regulations and facilitate reporting to the competent
authorities without fear of reprisals" (OECD 2016).
2.2.9.10 Accountability and scrutiny (the four-eyes principle)
The four-eyes principle refers to a requirement that some public sector activities
or decisions must be approved by at least two people. The four-eyes principle is
a tool for monitoring and increased accountability and operates on the basis that
it is harder to corrupt two people than one person (Bodenschatz & Irlenbusch
2019), although this might not be the case in systemically corrupt societies
(Williams-Elegbe 2018).
2.2.10 PRIVATE SECTOR CORRUPTION

Corruption in business is a universal problem, affecting companies of all sizes in
all countries. Companies could be both victims and perpetrators of corruption. In
a business context, corruption can include false or misleading financial reporting,
procurement fraud, embezzlement, bribery, etc. Below are some examples of
common forms of corruption in business (Rose-Ackerman 2007):
• Commercial bribery and kickbacks
These involve employees of one company giving payments, undue advantage or

expensive gifts to employees of another company to secure an advantage.
Examples include paying procurement staff to decide in favour of the paying
company, giving an expensive gift to a bank manager to secure a loan and
various forms of kickbacks.
• Extortion and solicitation
This occurs when an employee of a company requests a payment, undue

advantage, expensive gifts, or sexual favours in return for conducting specific
business-related tasks or making decisions.
79
• Gifts and hospitality
Excessive gifts and hospitality are given to employees to influence business

decisions or tasks. This kind of gift might be travel, luxury items or tickets to
sporting events.
• Fees and commissions
Agents and intermediaries are paid fees and commissions beyond what is
considered the industry standard, for the purpose of altering business decisions
or tasks. Characterising a payment as a fee or commission might be a way of
disguising the payment of a bribe.
• Collusion
This occurs when, for instance, a labour union employee and a member of the
company's management team exchange favours that result in employees'
interests not being accurately represented.
• Trading of information
This happens when a business employee offers or receives a bribe in exchange

for confidential information, where the bribe could take several different forms.
When confidential information is the basis for trading in a company's stock,
bonds, or other securities, this constitutes an offence called insider trading.
• Trading in influence
Sometimes referred to as influence peddling, this activity occurs when a business

employee gives payments, undue advantage or expensive gifts to a public official,
expecting to receive an undue advantage from them in return. An example is
when business people make political donations with the intent of influencing
political decisions, policies or laws.
80
• Embezzlement
This happens when employees misappropriate anything of value that was

entrusted to them because of their position.
• Favouritism, nepotism, cronyism, clientelism
These forms of corruption occur when a person or group of persons is given unfair
preferential treatment at the expense of others. Private sector corruption does not
usually involve a suitcase or envelope full of money. There are many grey areas,
where business practices may be legal but are at risk of being misused, such as
gifts and hospitality. Political donations and sponsorships can also be misused
for private gain. Some illegal business practices, such as kickbacks or small
bribes, may be so common in some countries that they are perceived as normal
and are no longer questioned.
Corruption in business takes different forms, but it can also occur at different
levels of corporate activity or spheres of influence: within the company, within the
supply chain, within the wider business operation and within the societal
surroundings.
2.2.11 CONSEQUENCES OF PRIVATE SECTOR CORRUPTION

A vast body of literature focuses on public sector corruption, but there is very little
systematic analysis of private sector corruption (Argandoña, 2003; Gopinath
2008). International anti-corruption efforts have also mostly focused on public
sector corruption (Sööt, Lars, Pedersen, Vadi, & Reino, 2016). This makes it
difficult to estimate the exact cost of private sector corruption, although private
sector corruption has serious and lasting impacts on the economy and wider
society. The occurrence of private sector corruption is reportedly high.
According to the Global Economic Crime and Fraud Survey 2018 by
PricewaterhouseCoopers, 28% of the companies that reported internal corruption
suffered from business misconduct, and 45% said they had suffered from asset
misappropriation. A World Bank's Enterprise Survey, which measures the
incidence of bribery in companies, shows that in some countries up to 51% of all
firms experience at least one bribe payment request per year. Private corruption
81
affects the entire supply chain, as it distorts markets, undermines competition and
increases costs to firms. It prevents a fair and efficient private sector, reduces the
quality of products and services and leads to missed business opportunities
(UNODC 2013).
Even if the primary goal of business is to increase wealth or profits, using

corruption to maximise profit will have negative effects on the company, such as
decreased employee morale, reduced productivity, loss of shareholder and
investor confidence and damaged reputation and business relations. Companies
must bear the costs associated with investigation and remedial action (Lee-Jones
2018). Below are some of the ways in which private sector corruption erodes
economic development and investment:
• Unfair competition: The company offering the bribe gains an unfair

advantage over its competitors, whose products and services will not even
be considered (Boles 2014). While some companies pay bribes to gain
advantages, others may be unwilling or unable to do so. Thus, corruption
undermines competition because companies that refuse to pay bribes will
likely be excluded from the market.
• Inflated costs: The lack of competition caused by corruption can result in
higher prices and poorer quality of goods and services, ultimately harming
the consumers (Lee-Jones 2018). For example, a company already paying
bribes to sell its products may consider it unnecessary to invest in
innovations, new technologies, training of personnel and other activities that
could improve its productivity and quality of services or products.
• Societal impact: Business corruption can have devastating impacts on the
environment and human rights (Martini & Zinnbauer, 2014).
ACTIVITY 8
Discuss the ways in which private sector corruption erodes economic
development and investment in South Africa.
82
FEEDBACK
• Unfair competition: The company offering the bribe gains an unfair advantage
over its competitors, whose products and services will not even be considered
(Boles 2014). While some companies pay bribes to gain advantages, others may
be unwilling or unable to do so. Thus, corruption undermines competition
because companies that refuse to pay bribes will likely be excluded from the
market.
• Inflated costs: The lack of competition caused by corruption can result in higher
prices and poorer quality of goods and services, ultimately harming the
consumers (Lee-Jones 2018). For example, a company already paying bribes
to sell its products may consider it unnecessary to invest in innovations, new
technologies, training of personnel and other activities that could improve its
productivity and quality of services or products.
2.2.12 RESPONSES TO PRIVATE SECTOR CORRUPTION

Owing to its serious societal impact, the fight against private sector corruption
has increased in international law and policy in recent decades. South
Africa’s National Development Plan (NDP) 2030, in Chapter 14, proposes various
measures to fight corruption which include holding leaders to account for the use
of public funds, putting in place a legislative framework to fight corruption and
establishing institutions dedicated to fight corruption. Government has embarked
on a process to develop a National Anti-Corruption Strategy (NACS) that meets
international standards, that is focused on societal behaviour change and that will
contribute to achieving the NDP goal of a resilient anti-corruption system for
South Africa. The NACS aims to unify all sectors of society to fight corruption and
to align all citizens towards the key values of integrity, transparency and
accountability, which should guide the actions and behaviour of all South Africa’s
citizens.
Criminalising private sector corruption and ensuring that companies can in fact
be held liable for corruption and be effectively sanctioned – under criminal or civil
law - serve both retributive and deterrence goals, because corporate misconduct
is punished and justice is done, which sends a message that deters companies
from engaging in misconduct. Moreover, these responses to business corruption
83
also encourage companies to develop preventive anti-corruption measures, such
as ethics and compliance programmes, codes of ethics, risk assessments and
due diligence procedures for business partner scrutiny. These measures are
discussed below.
2.2.12.1 Criminalising private sector corruption
A major response to private sector corruption is applying criminal anti-corruption

norms to corporations and enforcing them through effective sanctions and
incentives. The enforcement of these norms starts from the detection and
reporting of corruption to the investigation, prosecution and trial stages. Criminal
law is associated mainly with individual criminal responsibility and therefore
usually applies to natural persons (individuals) and not to legal persons
(corporate entities). To effectively enforce anti-corruption norms on corporations,
states need to incorporate corporate liability (or liability of legal persons) into their
law. Corporate liability, a concept discussed in more detail below, means that
various sanctions can be imposed on companies that violate anti-corruption
norms. These sanctions can include fines, confiscation, contract remedies,
suspension and debarment, loss of benefits and liability for damages.
2.2.12.2 Corporate liability
Historically, corporations were outside the scope of criminal law, which focused
on personal guilt, culpability and blame. Anti-corruption enforcement,
accordingly, was aimed at individuals and targeted primarily public officials
engaging in taking bribes and embezzling public funds and individuals offering
bribes – although the latter were targeted to a much lesser degree. Recently,
however, the debate on how to get companies to comply with domestic and
international anti-corruption laws and regulations has intensified. Many of the
biggest corruption investigations concern legal persons rather than natural
persons. The liability of legal persons such as corporations is also known as
corporate liability and is a key feature of the global fight against corruption (Lee-
Jones 2018).
Corporate liability was introduced partly because traditional legal tools, such as
individual criminal responsibility, have been insufficient to curb crime.
84
Decentralised corporate structures and complex decision-making processes
make it difficult to identify individual wrongdoers. In most cases of corporate
corruption, senior management might not directly participate in the behaviour
constituting the actual offence, but nonetheless play an important role by failing
to supervise employees effectively or by incentivising the behaviour that leads to
the offence. Case studies of large corporations reveal that senior management
may have created or cultivated a corporate culture that incentivises wrongdoing
by more junior employees. In that situation, senior management may have moral
responsibility. It is, however, difficult to pursue charges against individual
managers owing to the very nature of corporations and their extensive systems
of delegation.
2.2.12.3 Suspension and debarment
Debarment from procurement is an important regulatory mechanism against

corruption. Debarment policies can exclude certain suppliers and contractors
from profitable contracts owing to their engagement in corrupt and unethical
practices (Acorn 2016). Debarment determinations take a variety of pathways. In
Canada, for example, there is a rules-based and automatic debarment system.
At international level, the World Bank's suspension and debarment system,

overseen by the Office of Suspension and Debarment, is a comprehensive
defence against wrongdoers (World Bank 2015). The system sanctions corrupt,
fraudulent, collusive, coercive and obstructive practices. There are five different
sanctions that could be imposed: debarment with conditional release, fixed period
debarment without conditional release, conditional non-debarment, public letter
of reprimand and restitution. The World Bank (2015) assesses aggravating and
mitigating factors when determining which one of these five possible sanctions to
apply.
While the threat of imprisonment is limited to individuals, suspension and

debarment can be a deterrent for companies that rely on government contracts.
Companies may also be required to dismiss employees as a condition of
settlement. Although technically not a state sanction, this can be an effective
deterrent for individuals, particularly managers or other senior personnel who
85
may have difficulty finding alternative employment. An organisation's managers
and employees should understand, as part of their anti-corruption training, that
bribery is not only detrimental to all stakeholders, but an offence that would lead
to the termination of their employment (a "zero-tolerance policy").
2.2.13 PREVENTING PRIVATE SECTOR CORRUPTION

Stricter regulation requires and encourages companies to comply with rules more
strictly, but also to focus on their values and develop an ethical culture.
Stakeholders such as employees, customers, shareholders, business partners
and civil society expect even higher standards of integrity and ethical business
conduct than what can be enforced merely by imposing rules. Focusing on rules
and regulations alone will often not meet these higher expectations of ethical
business practices. Therefore, an effective ethics and compliance programme,
which goes beyond mere compliance and aims to foster a culture of integrity,
should include internal, external and collective measures.
2.2.14 EFFECTIVE ANTI-CORRUPTION ETHICS AND

COMPLIANCE PROGRAMMES
There are different management models for internal measures that ensure
business integrity and ethics, but they all share similar characteristics:
• Business leaders and managers actively support doing the right thing and
are personally committed and willing to act on their values. However, the
middle managers, who are the team leaders and backbone of companies,
must also take responsibility. Ethics is everyone's responsibility, even
though it must start at the top.
• The guiding values and commitments make sense and are clearly
communicated at every appropriate opportunity, including in a well-
balanced code of ethics and guidelines.
• Internal measures are based on a risk assessment to spend limited
resources as effectively as possible.
• The values are integrated into day-to-day business, and practical resources
and training are provided to guide employees even in difficult situations and
grey areas.
86
• An internal control system is established and there are various channels for
reporting, such as whistleblowing.
• The anti-corruption ethics and compliance programme is understood as a
continuous process of learning, and measures are monitored and reviewed
regularly. Freely available resources can be used for continuous education
purposes, such as the video-based e-learning tool developed jointly by
UNODC and the United Nations Global Compact.
• Having the full support of and commitment from all levels of management is
essential for creating a culture of ethical values and implementing an
effective anti-corruption ethics and compliance programme (UNODC 2013).
When developing the programme, oversight mechanisms with internal
controls and record-keeping must be included. Effective programmes also
have clear, visible and accessible policies prohibiting corruption, mitigating
particular corruption risks and addressing violations. They also establish
channels for reporting on corruption (UNODC 2015).
• For larger companies, the programme should engage with business
partners, subsidiaries and intermediaries. Employee training and promoting
and encouraging ethical behaviour and compliance are essential for
effective implementation.
Companies should not only focus on their own culture for ethics, but also engage
with business partners and their supply chains. Intermediaries are very often the
weak link, and the public perception does not only focus on the supplier itself, but
also on the companies that contracted them (UNODC 2013). In addition to
ensuring compliance with national and international regulations, companies
should thus adopt a proactive approach to strengthen business integrity and
ethics in their supply chains, regarding their corporate responsibility and
sustainable business practices.
Finally, companies can also engage in collective action such as sharing

experiences in working groups or joining initiatives such as the United Nations
Global Compact. In environments in which unethical practices are prevalent,
companies could resort to collective action to try to change the status quo. For
87
example, they could get regulators to intervene or set standards in areas such as
supply chains.
ACTIVITY 9
Discuss effective anti-corruption ethics and compliance programmes.
FEEDBACK
It is now generally accepted that businesses have a responsibility to act as good corporate
citizens. Companies understand that fighting corruption makes good business sense and
that a well-executed anti-corruption ethics and compliance programme yields greater
value over time. The evolving international legal framework and the rapid development of
rules of corporate governance around the world are now prompting companies to focus
on anti-corruption measures as an essential component of their mechanisms to protect
their reputation and the interests of their investors and shareholders. Increased costs due
to corrupt payments, unfavourable dependencies between the supply and demand side
of a corrupt act (resulting in continuous extortion requests) or missed business
opportunities in distorted markets are further examples of the negative consequences of
corruption for companies. Most of all, corruption is illegal, and companies face serious
consequences for violating the law. These consequences, besides the legal penalties,
have a strong impact on companies, including their reputation. Companies that
understand that fighting corruption requires more than complying with domestic laws and
avoiding negative consequences are increasingly encouraged to set themselves apart
from their peers.
2.2.15 SUMMARY
In this section, we discussed corruption as a economic crime, also known as
financial crime, which refers to illegal acts committed by an individual or a group
of individuals to obtain a financial or professional advantage. The principal motive
in these crimes is economic gain. Economic crime areas are of specific interest
88
to forensic investigators and examiners investigation teams to investigate fraud
and corruption incidents.
Discuss the consequences of public and private sector corruption.

_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
__________________________________________
Discuss the process in preventing public sector corruption.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
__________________________________________
89
90
LEARNING UNIT 3:
CREDIT CARD AND

CHEQUE FRAUD
SECTION 1: CREDIT CARD FRAUD
• define the concept of credit card fraud

• highlight elements classified as credit card fraud in a crime against
Key learning financial or identity theft
outcomes • list and discuss the types of credit card fraud
• identify different kinds of credit card fraud schemes
• explain the process and techniques related to credit card fraud
investigation and detection
3.1.1 INTRODUCTION
On day-to-day transactions, credit scams and fraudsters are targeting our
vulnerabilities to gain access to money, assets and identity, and others make
illegal transactions without having the credit card in their possession. Credit card
fraud is therefore the most common type of identity theft around the world. In
South Africa, credit card fraud is a serious problem for consumers and it is no
surprise that millions of people fall victim every year. Card fraud scammers are
robbing South Africans of over R800 million every year. Since 2019, credit card
fraud has increased by 18.4%, an increase of 1.1% from 2020. This figure is
91
increasing every year because scammers are always trying to find new ways to
get money from credit cards.
Criminals are always looking for the opportunity to commit crime, and breaking
financial systems, particularly credit cards, is one of these opportunities. During
the low-tech era of the 1980s, it was relatively easy to counterfeit credit cards.
When a credit card is used as an instrument to commit fraud, it will contain
evidence of misrepresentation and other unlawful changes, which can be
identified to prove the crime of fraud.
3.1.2 DEFINITION OF CREDIT CARD FRAUD

In 1887, the concept of the credit card was first discussed in Edward Bellamy’s
utopian novel, Looking backward. Many believe that modern-day credit card fraud
is the natural progression of theft from cheque fraud.
The crime of credit card fraud begins when someone either steals a credit or debit
card, or fraudulently obtains the card number and other account information
necessary for the card to be used successfully. While the actual physical theft of
credit cards does happen, modern technology has seen a steep rise in the
incidence of intercepting account information electronically. The owner of the
account, the merchant from whom card information was stolen or intercepted and
even the card issuer may be unaware of the compromise until the information is
used to make purchases.
The term credit card fraud broadly refers to the use of a credit card, debit card,
or any similar form of credit to make purchases, or to obtain financial gain with
the intention of avoiding payment. This includes identity theft, identity assumption
and fraud sprees. In the eyes of the law, certain elements are required for a
financial or identity theft crime to be classified as a form of credit card fraud:
• Credit card theft: This is taking a credit card, or credit card number, from
another person, without the cardholder’s consent, with the intent of using or
selling it.
92
• Credit card forgery: This is purchasing something of value using a credit
card, by someone other than the cardholder, or an authorised user, with the
intent of defrauding the card’s issuer.
• Credit card fraud: This is taking a credit card, or credit card number, from
another person, with the intent to use, sell, or transfer it to another person,
or using the credit card or card number to purchase something of value, with
the intent to defraud.
3.1.3 TYPES OF CREDIT CARD FRAUD

The literature categorises credit card fraud in various ways. Delamaire et al
(2009) differentiate between application fraud and behavioural fraud. In
application credit card fraud, the fraudsters apply for a credit card with a false ID,
whereas in behavioural credit card fraud, the fraudsters find a way to obtain the
cardholder’s credentials in order to use a pre-existing credit card. Ghosh and
Reilly (1994) divide fraudulent transactions into six categories: fraud from lost or
stolen cards, fraud from counterfeit cards, online fraud, bankruptcy fraud,
merchant fraud and fraud from cards that were stolen during the expedition
process. Patidar and Sharma (2011) divide fraudulent transactions into three
categories: card-related fraud, merchant-related fraud and internet fraud. Laleh
and Azgomi (2009) identify face-to-face (card present) fraud and e-commerce
(card not present) fraud. Their argument for this strict and simple classification is
that the overlap between categories may weaken fraud detection approaches. As
described by credit card fraud detection experts, in the industry the fraudulent
scenarios are divided into five different types:
• card-not-present (CNP) fraud

• counterfeit and skimming fraud
• lost and stolen card fraud
• card-never-arrived fraud
• false application fraud
3.1.3.1 Card-not-present (CNP) fraud
CNP fraud is a type of credit card scam in which the customer does not physically
present the card to the merchant during the fraudulent transaction. It can occur
93
with transactions that are conducted online and over the phone. It is theoretically
harder to prevent than card-present fraud because the merchant cannot
personally examine the credit card for signs of possible fraud, such as a missing
hologram or altered account number.
The credit card payment processors take a number of steps to minimise CNP
fraud. These include verifying that the address provided by the customer at the
time of purchase matches the billing address on file with the credit card company,
checking the validity of three-digit CVV security codes and prohibiting merchants
from storing these codes.
3.1.3.2 Counterfeit and skimming fraud
Counterfeit and skimming fraud are related to each other. Theft fraud means
using a card that is not yours. The perpetrator will steal someone else’s card and
use it as many times as possible before the card is blocked. Similarly, counterfeit
and skimming fraud occurs when the credit card is used remotely; only the credit
card details are needed. At one point, the fraudster copies the card number and
codes and uses it via certain websites, where no signature or physical cards are
required. Card skimming involves the illegal copying of encoded information
(data) from the magnetic stripe of a legitimate card, making use of an electronic
card reader (skimming device) with the intention of using the copied data for
encoding and producing a counterfeit card for purposes of fraudulent transactions
(SABRIC 2017:30; SABRIC 2018:19). Counterfeit card fraud entails fraud arising
from the use of an illegally manufactured bank card using data that has been
copied (skimmed) illegally from the magnetic stripe of a genuine bank-issued card
(SABRIC 2018:28; 2019:18). It requires the skimming of card data from a genuine
bank card, obtaining the personal identification number linked to the card,
encoding another card (i.e. the counterfeit card) with the skimmed card data and
transacting with the counterfeit card using the cardholder’s PIN.
The creation of counterfeit cards, together with lost/stolen cards, poses the
highest threat in credit card fraud. Fraudsters are constantly finding new and
more innovative ways to create counterfeit cards. Some of the techniques used
to create false and counterfeit cards are listed below:
94
• Erasing the magnetic stripe: A fraudster can tamper with an existing card
that has been acquired illegally by erasing the metallic stripe with a powerful
electromagnet. The fraudster then tampers with the details on the card so
that they match the details of a valid card, which they may have attained,
e.g. from a stolen till roll. When the fraudster begins to use the card, the
cashier will swipe the card through the terminal several times, before
realising that the metallic stripe does not work. The cashier will then proceed
to manually input the card details into the terminal. This form of fraud has a
high risk because the cashier will be looking at the card closely to read the
numbers. Doctored cards are, as with many of the traditional methods of
credit card fraud, becoming an outdated method of illicitly obtaining either
funds or goods.
• Creating a fake card: A fraudster can create a fake card from scratch using
sophisticated machines. This is the most common type of fraud, although
fake cards require a lot of effort and skill to produce. Modern cards have
many security features all designed to make it difficult for fraudsters to make
good quality forgeries. Holograms have been introduced in almost all credit
cards and are very difficult to forge effectively. Embossing holograms onto
the card itself is another problem for card forgers.
• Altering card details: A fraudster can alter cards by either re-embossing
them — by applying heat and pressure to the information originally
embossed on the card by a legitimate card manufacturer – or by re-
encoding them using computer software that encodes the magnetic strip
data on the card.
• Skimming: Most cases of counterfeit fraud involve skimming, a process
where genuine data on a card’s magnetic stripe is electronically copied onto
another. Skimming is fast emerging as the most popular form of credit card
fraud. For example, the employees/cashiers of a business carry pocket
skimming devices, a battery-operated electronic magnetic stripe reader,
with which they swipe customers’ cards to get hold of customers’ card
details. The fraudster does this while the customer is waiting for the
transaction to be validated through the card terminal. Skimming takes place
unknown to the cardholder and is thus very difficult, if not impossible, to
trace. In other cases, the details obtained by skimming are used to carry out
95
fraudulent CNP transactions by fraudsters. Often, the cardholder is unaware
of the fraud until a statement arrives showing purchases they did not make.
• White plastic: A fraudster creates a card-size piece of plastic of any colour
and encodes it with legitimate magnetic stripe data for illegal transactions.
This card looks like a hotel room key but contains legitimate magnetic stripe
data that fraudsters can use at POS terminals that do not require card
validation or verification (e.g. petrol pumps and ATMs).
3.1.3.3 Lost and stolen card fraud
Fraud with stolen and lost credit cards is the most common type of credit card
fraud and involves the theft of genuine card details that are used to make a
purchase through a remote channel such as the phone, or the internet and/or by
presenting the card at a till point. However, according to SABRIC, the use of this
type of fraud decreased when the chip-and-pin card, which requires a person to
enter a pin code when transacting with the card, was implemented. As with
counterfeit card fraud, the legitimate cardholder may not be aware of this fraud
until they check their bank statements. To counter this, banks send out SMS
alerts to account holders’ cellphones and e-mail addresses whenever a
transaction is made.
3.1.3.4 Card-present fraud
In card-present fraud, the fraudulent party physically presents the counterfeit

credit card to the merchant. There are other types of credit card fraud that rely on
digital methods where the card is not physically present. Card-present fraud has
become less common because credit card thieves have shifted their attention to
online forms of credit card fraud. Online credit card theft allows hackers to access
potentially far larger pools of credit card information without needing to expose
themselves to the risk of in-person detection at a store. Moreover, with large
merchants holding vast databases of credit card information, online cybercrime
allows hackers to potentially access hundreds of thousands or even millions of
credit cards at once.
Despite this shift toward online crime, however, card-present fraud continues to
be a significant problem. According to a 2019 South African Banking Risk
96
Information Centre (SABRIC) report, CNP fraud accounted for 72.9% of the
losses on SA-issued credit cards. This figure is about three times greater than
the equivalent rates in other such as Australia, France, or the United Kingdom in
the same year. For this reason, South Africa is launching the Rapid Payments
Programme, an integrated interoperable digital platform expected to go live in
2022, which will enable affordable, safe and reliable settlements within 60
seconds.
3.1.3.5 False application fraud
Application fraud is a form of identity fraud that involves a fraudster applying for
a new account in a service or product using stolen or synthetic identities. The
targets are often bank accounts, credit or debit cards, public administration, e-
commerce and loans, to name a few. This is not just a financial-related threat.
Fraudsters target public administrations to hijack tax refunds or pension funds, or
e-commerce loyalty programmes. This type of fraud is often the consequence of
previously successful data breaches that provide the fraudster with massive
personal information datasets. These are used to forge synthetic identities or to
impersonate somebody else.
3.1.4 CREDIT CARD FRAUD DETECTION PROCESSES

Despite increased media coverage regarding the extent of credit card fraud and
the means and methods used by organised criminal groups, the evidence base
remains underdeveloped. The knowledge gaps confronting policymakers as well
as role players, among others, are the lack of empirical studies and research into
the extent of the challenge. Sharma and Singh (2020:11814) concur that one of
the biggest problems associated with fraud detection is the lack of both the
literature providing experimental results and of real-world data for academic
researchers to perform experiments on.
SABRIC (2016, 2017, 2018, 2019) states that more than R2.5 billion was lost
through card fraud during the 2016–2019 financial period. There has been an
exponential increase in all forms of card fraud transactions.
97
SABRIC (2016, 2017, 2018, 2019) also reports that credit card fraud has soared
in South Africa recently, resulting in the loss of more than R600 million a year.
From 2016 to 2019, a loss of R201 302 223 million was incurred through lost or
stolen card fraud, R8 502 532 million through not received issued (NRI) fraud and
R21 598 954 million through false application card fraud. Counterfeit card fraud
contributed the second most losses amounting to R469 559 032, and account
takeover losses amounted to R19 521 784 million. The highest fraud losses
resulted through CNP fraud to the tune of more than R1.6 billion. SABRIC (2018)
further indicates that mobile banking or online applications are experiencing an
unprecedented rate of card fraud, resulting in a total loss of
R260 007 285 million for the 2018–2019 period. Over R2.2 billion was lost during
the 2016–2019 period and it is reported that with the advent of COVID-19,
cybercrimes rose exponentially. Cybersecurity experts in South Africa state that
there is a sharp increase in cybercrimes such as carding, romance schemes and
compromised business e-mails (Mbopane 2020). Criminals committing
cybercrime ask for finance donations on the pretext of procuring medical
treatment, personal protective equipment and gear. SABRIC (2018) reports that
high card and online fraud transactions were mostly recorded in Gauteng,
Western Cape and KwaZulu-Natal and in all three provinces, CNP accounted for
the most card fraud. Table 1 below indicates gross fraud losses since 2016 to
2019 regarding South African-issued credit cards.
Table 1: Credit card gross fraud losses

Fraud Type 2016 2017 2018 2019 Total
Lost and/or stolen cards R15 800 000 R25 700 000 R81 497 606 R78 304 617 R201 302 223
Not Received Issued (NRI) R3 100 000 R987 000 R1 865 630 R2 568 902 R8502532
False Application R1 900 000 R5 500 000 R10 294 741 R11 304 213 R21 598 954
Counterfeit R99 000 000 R83 600 000 R143 300 000 R43 659 032 R469 559 032
Account takeover R2 900 000 R2 500 000 R7 365 437 R6 765 347 R19 521 784
Card Not Present (CNP) R250 000 000 R318 400 000 R531 900 000 R528 8900 000 R1.6 billion
Mobile Banking Fraud Not available Not available R129 002 523 R131 004 762 R260 007 285
Total losses 372 700 000 R436 687 000 R873 394 351 R902 487 873 R2 585
269 224
Source: Chigada (2020:3)
98
ACTIVITY 10
1. What is credit card fraud?

2. What are five key steps of credit card fraud?
FEEDBACK
1. Credit card fraud
Credit card fraud is the unauthorised use of a credit or debit card, or similar payment tool
to fraudulently obtain money or property. Credit and debit card numbers can be stolen
from unsecured websites or can be obtained in an identity theft scheme.
2. Five key types of credit card fraud
• card-not-present (CNP) fraud
• counterfeit and skimming fraud
• lost and stolen card fraud
• card-never-arrived fraud
• false application fraud
3.1.5 SUMMARY
In this section, the focus was on the factors that define the concept of credit card
fraud, the key types of credit card fraud and the credit card fraud detection
process. No forensic investigators and examiners can be successful without
understanding the investigation of credit card fraud.
List and discuss the key types of credit card fraud.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
99
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_________________
100
SECTION 2: CHEQUE FRAUD
to
Key learning • define the concept of cheque fraud

outcomes • list the types of cheque fraud
• list and discuss cheque schemes to commit fraud
• explain the process of investigating and detecting cheque fraud
3.2.1 INTRODUCTION
Technology has made it increasingly easy for criminals, either independently or
in organised gangs, to create increasingly realistic counterfeit and fictitious
cheques as well as false identification that can be used to defraud financial
institutions. Cheques are no longer a popular method of payment as they once
were some years ago, as banking has evolved and advanced and become digital.
A minority of fraudulent cheques do still get through the system, and it is helpful
if forensic investigators and examiners know what kind of fraud is attempted so
they can try to catch the perpetrators.
3.2.2 CONCEPT OF CHEQUE FRAUD

Cheque fraud refers to any efforts to obtain money illegally using paper or digital
cheques. This can include someone writing a bad cheque on their own account,
forging a cheque in someone else’s name, or drafting a completely fake cheque.
But it can also include countless other types of fraud using cheques.
3.2.3 TYPES OF CHEQUE FRAUD

There are three main types of cheque fraud:
• Counterfeit: This is a cheque that has been created on non-bank paper to

look genuine. It relates to a genuine account but has been created and
written by a fraudster for the purposes of committing fraud.
101
• Forgery: The cheque is genuine, but the signature is not that of the account
holder. The fraudster has forged the signature by signing the cheque
themselves.
• Fraudulently altered: A genuine cheque is made out by the genuine
customer, but it has been altered by a fraudster before it has been paid in
(e.g. by altering the recipient’s name on the cheque or the amount). It is no
longer a genuine cheque.
3.2.4 CHEQUE FRAUD SCHEMES

Fraud schemes involving cheques take many forms. Cheques can be
• altered, either the payee or the amount

• counterfeited
• forged, either the signature or endorsement
• drawn on closed accounts
• used in a variety of schemes
Cheque fraud criminals may be financial institution insiders, independent

operators, or organised gangs. The methods they use to commit cheque fraud
include
• getting customer information from financial institution insiders

• stealing financial institution statements and cheques
• working with dishonest employees of merchants who accept payments by
cheque
• rifling through rubbish for information about financial institution relationships
Descriptions of some common cheque fraud schemes follow, with information on

what makes them successful and what bankers can to do avoid them.
3.2.4.1 Altered cheques
Altered cheques are a common fraud that occurs after a legitimate maker creates
a valid cheque to pay a debt. A criminal then takes the good cheque and uses
chemicals or other means to erase the amount or the name of the payee, so that
102
new information can be entered. The new information can be added by typewriter,
in handwriting, or with a laser printer or cheque imprinter, whichever seems most
appropriate to the cheque.
Altered cheque schemes can be successful when customers are careless and
financial institutions fail to check payee identification properly. To protect against
this fraud, customers should
• avoid leaving large blank spaces in the number or amount lines on cheques
they write
• report to drawee or payer financial institutions when their cheques are stolen
Financial institutions should
• review cheques to ensure that the handwriting or print styles are consistent,
and that no signs of erasure or alteration show
• compare the signatures on items and the appearance of the presenter with
the signature and picture on the identification
3.2.4.2 Counterfeit cheques
Counterfeit cheques are presented based on fraudulent identification or are false

cheques drawn on valid accounts. Counterfeit cheque schemes can be
successful when criminals are skilful in using technology to create false
documents or have access to information and supplies from financial institution
insiders.
To protect against this fraud, customers should protect their personal information,
including account records. Financial institutions should
• review customer identification thoroughly

• maintain separation of functions, so that no one person has account
information and access to controlled supplies, such as commercial cheque
stock
• warn customers about cheque fraud and the need to protect their
information
103
3.2.4.3 Identity assumption
Identity assumption in cheque fraud occurs when criminals learn information

about a financial institution customer, such as name, address, financial institution
account number, home and work telephone numbers, or employer, and use the
information to misrepresent themselves as the valid financial institution customer.
These schemes may involve changing account information, creating fictitious
transactions between unsuspecting parties, or preparing cheques drawn on the
valid account that are presented using false identification.
Identity assumption schemes can be successful when a financial institution
• accepts account changes over the phone

• is careless in requiring and reviewing identification presented for cash-out
transactions
• does not limit the size of cash transactions, especially at temporary or
remote locations
To protect against this fraud, financial institutions should
• ensure that changes to accounts are secure, by requiring customers to

request changes in writing or in some other way, such as password
identification, that guarantees the identity of the customer
• train personnel, including all tellers, to
o check identification carefully, particularly in split/deposit transactions
o require two forms of identification
o record the identification information on the back of the item presented
o inspect cheques carefully to ensure that they are not counterfeit;
these cheques are often printed on lower quality paper, which tends
to feel slippery or are produced using desktop publishing equipment,
which smudges when rubbed with a moist finger
o limit the size of cash transactions at temporary or remote locations to
require people presenting large items to complete the transaction
inside the financial institution office
o use cameras
104
3.2.4.4 Closed account fraud
Closed account fraud is based on cheques being written against closed accounts.
This type of fraud generally relies on the float time involved in interfinancial
institution transactions.
Closed account fraud can be successful when customers do not destroy cheques
from unused accounts or do not inform their banks properly of the account status.
To protect against this fraud, customers should
• keep their financial institutions informed of the status of accounts

• actively close unneeded accounts rather than merely abandon the account
• destroy cheques from dormant/inactive or closed accounts
Financial institutions should
• place special holds on cheques drawn on accounts that have been inactive
for some time
• send a letter to customers of dormant/inactive accounts asking if the
account should be closed
• advise customers to destroy cheques from closed accounts and to notify the
financial institution when they intend to close an account
3.2.4.5 Fraud by bank insiders
Often cheque fraud schemes depend on information provided by bank insiders.

In addition to schemes which may involve access to information about one
account or relationship, fraud based on insider knowledge is often broader
because it is based on the knowledge of the bank’s operations and access to
many accounts.
Fraud by insiders can be successful when customer account information is not

kept secure and if insiders know when cheques are read by automatic cheque
processing equipment. Cheques processed automatically, unlike those
processed manually, are not checked for agreement of magnetic ink character
recognition (MICR) and account information. To protect against fraud, financial
institutions should
105
• conduct thorough and complete background investigations of their
employees
• maintain a separation of functions, so that no one person has access to
customer account information and cheque stock
3.2.4.6 Telemarketing fraud
Telemarketing fraud is based on the creation of “demand drafts” rather than

cheques. A demand draft resembles a personal cheque but carries no signature.
In place of a signature, it reads that the account holder has given permission to
have money withdrawn from their cheque account to pay bills for goods and
services.
Telemarketing fraud can be successful when customers reveal confidential

account information. To protect against this fraud, financial institutions should
• warn customers about them, either through direct mail or advertising in the
financial institution
• check a customer’s file when a demand draft is presented to see if they have
provided written authorisation for the financial institution to pay those drafts
3.2.4.7 Cheque fraud by gangs
Some gangs are actively involved in cheque fraud. These gangs typically go after
corporate accounts. To protect against this fraud, financial institutions should
• warn customers about these schemes

• verify new employees’ backgrounds
• require proper identification from customers before cashing cheques
• be aware that gangs obtain account information from financial institution
insiders, who process cheques, copy payee cheques and use discarded
receipts and/or statements
• be aware that gangs will recruit account holders in good standing and
request people to open accounts or fictitious accounts (to deposit cheques)
• be aware that gangs also will obtain genuine identification, in which they are
negotiating the cheques (be cognizant of the issuance date of the
identification)
106
3.2.5 PREVENTIVE MEASURES
3.2.5.1 General internal controls to prevent cheque fraud
Strong organisational controls can reduce the likelihood of cheque fraud. A sound
organisational strategy should require the financial institution to
• monitor, classify and analyse losses and potential losses to identify trends
• report findings from monitoring activities to the audit, risk management and
security divisions, and to senior management
• ensure communication among departments about cheque fraud concerns
• assess operating procedures regularly and implement changes
• target cheque fraud awareness training to specific cheque fraud schemes –
note how they occur and how to prevent them
3.2.5.2 Internal controls to prevent cheque fraud by insiders
Unfortunately, dishonest financial institution employees can be involved in

cheque fraud. Internal controls that can help prevent cheque fraud by financial
institution insiders include
• ensuring that account changes, such as adding names or changing

addresses and/or other information, are authorised by the customer in
writing, or in a way that guarantees that the customer is requesting the
change
• establishing special protections for dormant accounts, such as requiring
extra approvals and mandatory holds and maintaining special security for
signature cards
• maintaining permanent signature cards for each account and keeping files
and appropriate documentation for business accounts (e.g. a memorandum
of incorporation and recent tax return)
• separating duties to ensure that no one person in the financial institution,
acting alone, can commit cheque fraud
• ensuring that persons other than those who open accounts or prepare
statements handle night depository, ATM, automatic clearing house (ACH)
and mail deposits
107
• ensuring that customer complaints and discrepancy reconcilements are
directed to staff who are not account openers, tellers, or bookkeepers
• conducting thorough and complete background investigations of new staff
3.2.6 EDUCATION AND TRAINING

Alert and well-trained frontline personnel, managers and operations personnel
are essential for effective cheque fraud prevention programmes. Before
beginning their positions, new employees should be trained in financial institution
procedures concerning
• acceptable identification
• opening new accounts
• cashing cheques and accepting deposits
• detecting counterfeit cheques
• cash-back transactions
• backroom operations
Effective training and education are important in preventing cheque fraud losses.
Specific financial institution positions should receive specific training. One such
position is tellers.
Financial institutions must emphasise to all tellers the importance of being alert
to cheque fraud. One way to focus on preventing cheque fraud is to include a
separate section on the subject in teller manuals. That section can emphasise
typical cheque fraud schemes and warning signs. Some common warning signs
include
• a cheque that does not have a MICR line at the bottom

• a routing code in the MICR line that does not match the address of the
drawee financial institution
• MICR ink that looks shiny or that feels raised – magnetic ink is dull and
legitimate printing produces characters that are flat on the paper
• a cheque on which the name and address of the drawee financial institution
is typed, rather than printed, or that includes spelling errors
108
• a cheque that does not have a printed drawer name and address
• a personal cheque that has no perforated edge
• a cheque on which information shows indications of having been altered,
eradicated, or erased
• a cheque drawn on a new account that has no (or a low) sequence number
or a high rand amount
• a signature that is irregular-looking or shaky or shows gaps in odd spots
• a cheque printed on poor quality paper that feels slippery
• cheque colours that smear when rubbed with a moist finger (this suggests
they were prepared on a colour copier)
• cheques payable to a corporation that are presented for cashing by an
individual
• corporate or government cheques which show numbers that do not match
in print style or otherwise suggest that the amount may have been increased
• cheques presented at busy times by belligerent or distracting customers
who try to bypass procedures
• cheques that have rand amounts in numbers and in words that do not match
ACTIVITY 11
What are the types of cheque fraud schemes?
FEEDBACK
Cheques can be
• altered, either the payee or the amount
• counterfeited
• forged, either the signature or endorsement
• drawn on closed accounts
• used in a variety of schemes
109
3.2.7 SUMMARY
In this section, we focused on cheque fraud, and we determined the main types
of cheque fraud and cheque fraud detection processes. All forensic investigators
and examiners must understand the investigation of cheque fraud.
Discuss the measures of preventing cheque fraud.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
__________________________________________
110
LEARNING UNIT 4:
OVERVIEW OF THE LEGAL

SYSTEM
SECTION 1: CRIMINAL AND CIVIL LEGAL

SYSTEM
to
• distinguish between and discuss two kinds of law, i.e. criminal

Key learning and civil law
outcomes • list and discuss the role of various courts in South African justice
system
• explain the process conducted in criminal and civil court related
to the prosecution of corruption and fraud offences
4.1.1 INTRODUCTION
The Constitution of the Republic of South Africa of 1996 is the supreme law of
the country and binds all legislative, executive and judicial organs of the state at
all levels of the government (Republic of South Africa, 1996b). The judicial
authority in South Africa is vested in courts, which are independent and subject
only to the Constitution and the law. No person or organ of the state may interfere
with the functioning of the courts, and an order or decision of a court binds all
organs of the state and people to whom it applies.
111
Economic crimes may be prosecuted in criminal and civil courts. Criminal law
deals with offences of a public nature, and civil law is the body of law that provides
remedies for the violation of private rights. Information on the functioning of courts
is covered extensively in your first- and second-year modules.
4.1.2 CRIMINAL JUSTICE SYSTEM IN GENERAL

The criminal justice system is a complex system comprising four major
components, each with separate and distinct subcomponents. A diverse group of
criminal justice practitioners are employed in these systems, including law
enforcement officers, corrections officers, probation and parole officers, judges,
attorneys, paralegals, mental health professionals and paraprofessionals. Each
of these professional groups, as well as individuals within these groups, hold
different perspectives on offending behaviour, punishment and rehabilitation.
Coordinating these various systems and criminal justice practitioners and

establishing partnerships among them is a complex task. To add to this
complexity, there is a great deal of diversity among criminal justice populations
and within communities. Consequently, including offenders, former offenders and
communities in criminal justice initiatives is a huge undertaking. Further,
communities are characterised by different laws, crime rates and attitudes
towards the criminal justice system, particularly towards police officers and police
initiatives (Corsaro, Frank & Ozer 2015; Scaglion & Condon 2006; Wehrman &
De Angelis 2011).
4.1.3 SOUTH AFRICAN CRIMINAL JUSTICE SYSTEM

Crime is a constant and increasing issue in the South African democracy. It
affects all sectors of society and does not discriminate on grounds of race,
gender, religion, political affiliation, or economic status. Anyone who lives in
South Africa has a fairly reasonable chance of having to interact, at some time,
with the criminal justice system, either as a victim or witness, or maybe even as
an accused person. South Africa has a relatively well-developed and modern
criminal justice system which has its roots in a blend of Roman-Dutch and English
112
law and has, over the years, drawn and borrowed from a variety of respected
international legal systems. The Constitution of 1996, the foundation on which
our criminal justice system rests, was designed to provide a system of human
rights either not previously available to all citizens or not entrenched in law. It sets
the core values on which the system is based and guides our courts in interpreting
and implementing laws. The Constitution has been criticised for being unfairly
biased and protecting the offender at the cost of the victim. Although accused
persons certainly do enjoy specific rights, the Constitution aims to protect all
persons within the Republic. An integral part of the Constitution is the Bill of
Rights which aims to protect the individual against the abuse of power held by
the state.
4.1.4 CRIMINAL JUSTICE SYSTEM ROLE PLAYERS

Several people and organisations fulfil functions in the criminal justice system.
The major role players are the following
• The South African Police Service (SAPS) prevents and investigates crime
and catches suspected criminals.
• The National Prosecuting Authority (NPA) decides whether to prosecute
someone who is suspected of having committed a crime.
• The presiding officer is the magistrate or judge who hears the case, and the
judiciary (the courts) decide if the accused is innocent or guilty after having
heard evidence. They also decide what sentence should be given if
someone is guilty.
• The Department of Justice and Constitutional Development provides
accessible and quality justice for all.
• The prison system, run by the Department of Correctional Services (DCS),
makes sure that sentences are carried out. They also try to rehabilitate the
convicted criminals in their care.
• Probation officers/social workers provide social services for the poor and
vulnerable people. They work with victims of crime, families and
communities. Probation officers are appointed by the Minister of Social
Development, and are officers of every magistrate's court.
113
4.1.5 SOUTH AFRICAN COURTS
South African criminal courts operate on an adversarial system, which means
that there will always be two opposing parties litigating, with the magistrate or
judge sitting as the neutral arbitrator or umpire. Section 165 of the Constitution
states that the judicial authority of South Africa is vested in the courts, which are
independent and subject only to the Constitution and the law. The district and
regional courts are presided over by magistrates and the high courts, Labour
Court, equality courts, maintenance courts, Land Claims Court, Supreme Court
and Constitutional Court by judges. District and regional courts are where most
cases are heard, so we have begun with these lower courts.
4.1.5.1 District courts
District courts are the lowest courts and hear less serious cases, for example
drug cases, theft, drunken driving and/or assault. These courts may impose a
maximum sentence of 3 years’ imprisonment or R60 000 fine per count (unless
a specific law says otherwise). They can also only hear cases within the local
magistrates’ jurisdiction, usually within the geographical boundaries of the local
city or town.
4.1.5.2 Regional courts
These courts hear more serious cases such as rape, robbery, housebreaking,
kidnapping and corruption. These courts may impose a maximum sentence of up
to 15 years’ imprisonment or R300 000 fine per count. Their geographic
jurisdiction is usually limited to the province in which they are situated and/or in
which the crime was committed.
4.1.5.3 High courts
The high courts hear only very serious cases such as pre-meditated murder,
serial crimes, serious commercial crimes and politically motivated serious crime.
They have no limits regarding sentence and can hear a case from anywhere in
South Africa, but for practical purposes tend to only hear those within their
provincial jurisdiction.
114
4.1.5.4 Labour Court
The Labour Court handles labour law cases, that is, disputes arising from the
relationship between employer, employee and trade union. The court was
established by the Labour Relations Act of 1995, and has a status similar to that
of a division of the high court. It has its seat in Johannesburg and branches
in Cape Town, Gqeberha and Durban.
4.1.5.5 Equality courts
Equality courts are specialised courts designated to hear matters relating to

unfair discrimination, hate speech and harassment. The equality courts were
extended to the magistrates' courts primarily to bring access to justice to
marginalised and vulnerable citizens to assert their rights.
4.1.5.6 Maintenance courts
The court determines how much maintenance should be paid for a child. If
maintenance is not paid, the court can take the money from the maintenance
payer's salary or investment account, auction their property or issue a warrant of
arrest.
4.1.5.7 Land Claims Court
The Land Claims Court was established in 1996. Its primary focus is dealing with
land restitution/land claims cases. The court deals with restitution cases in the
form of referrals from the commissioner's office or when they come directly
through claimants or affected landowners.
4.1.5.8 Supreme Court
The Supreme Court of Appeal, which used to be known as the Appellate Division,
sits in Bloemfontein and is the highest court in respect of all other matters. It can
hear and decide an appeal against any decision of a high court.
Decisions of the Supreme Court of Appeal are binding on all lesser courts and
the decisions of the high courts (which used to be known as the Supreme Courts)
are binding on magistrates' courts within their areas. These decisions are an
115
important source of law. A decision of a high court in one division is not binding
on another, but in practice has strong persuasive force.
4.1.5.9 Constitutional Court
The Constitutional Court is the highest court in the country when it comes to the
interpretation, protection and enforcement of the Constitution. It deals exclusively
with constitutional matters of cases that raise questions about the application and
interpretation of the Constitution.
4.1.6 CRIMINAL JUSTICE PROCESS

The criminal justice process begins when a crime is committed and is either
discovered by the police, or a charge is laid by a complainant. Becoming the
victim of a crime can be a very traumatic experience. Having to then deal with the
system can also be a troublesome and frustrating task.
4.1.6.1 Complainant
Laying the charge is the first thing a victim of crime (called a complainant by the
legal system) needs to do if a crime has been committed against them. They can
do this in one of two ways: either by the complainant going to the police station
or meeting the police at the scene of crime, for example when there has been a
burglary (housebreaking), a car accident or an incident of violence and the police
have been called to the scene either by the complainant or some other party. If
the complainant is injured, not sober or is in a state of shock (or all of these!),
then the complainant’s condition should be attended to before any legal steps (as
detailed below) are taken.
While a crime can be reported at any police station, it is advisable to go to the

station in the area where the crime was committed, as that station will be tasked
to investigate the case. The first step in opening any case is for a statement to be
taken by the police. This statement is a very important part of the process as it
may influence the process later. The complainant should not make any statement
unless they are fit and ready to do so. This is especially so for the situations
described above. If the complainant has gone to the police station to open a case,
116
they should make sure they are well prepared by having all possible documents
or evidence relevant to the crime available. It would be advisable at this point for
the complainant to obtain a file, or large envelope, and keep all documents
relating to the complaint in one place, and in date order. Once at the police
station, the statement will probably be taken by a police officer, who will ask the
complainant to relate their story, or version of events, to him/her. The complainant
should keep a record of the name of the police officer who takes the initial
statement.
The complainant is entitled to the services of an interpreter if not fully comfortable

in English and the police should source not only local language interpreters, but
also foreign languages if needed. It is important to give all details relevant to what
happened to the police officer, and to listen carefully to questions being asked by
the officer. Once the officer has finished writing the statement, he/she will
administer an oath to the complainant confirming that the truth has been told and
accurately recorded. After that, the complainant will be asked to sign the
statement. It is most important for the complainant to read the statement carefully
or have it read (and translated) back so that they fully understand and accept
what has been written down before signing the document. If something is not
correct, it should be rectified before signing. The complainant will be held to this
statement and it will be the basis of possible future court proceedings. It is for
these reasons that great care should be taken in the process of statement taking.
The complainant is entitled to have their statement taken by their own legal
representative or even private investigator beforehand, but this will involve
personal cost to the complainant.
4.1.6.2 Investigation
From this point onwards the situation is handled by SAPS, which will open a
docket. The docket is basically a file in which all the evidence is gathered,
including the complainant’s statement. This file is prepared for onward
submission to the prosecutor. This docket will be assigned to a specific
investigating officer (I/O) from the detective branch and will be allocated a specific
reference number called a CAS number. This is not the same as a case number,
which is allocated by the court when the case is enrolled there. It is important for
117
the complainant to carefully retain this CAS number in their own file, and it is
usually sent to the complainant’s cellphone by SMS. It is vitally important to keep
this number as it is this number which the police will use to track and trace the
docket on its journey through the system. It will also be important to keep the I/O’s
name and contact number as well, as this will be the complainant’s contact
person until the case gets to court. The I/O’s function from here is to collect the
necessary and available evidence for the prosecutor. The I/O may ask the
complainant’s assistance here for names of other witnesses, whereabouts of
evidence and again the complainant should keep a record of all information
supplied in their own file.
4.1.6.3 Prosecution
The prosecutor becomes involved in a case when presented with a crime docket
by SAPS. By this time the police should have investigated the crime sufficiently
to link a suspect to the offence. Once the suspect has been arrested and is in
custody, SAPS has a legal obligation to take the accused to a court within 48
hours of the arrest. The accused will often be released on bail and be told to
appear in court on a certain day and at a certain time.
The complainant is usually not involved or consulted in this process at all.

However, whatever the result, it should be communicated to the complainant by
the forensic investigator, and this is another good reason to keep in regular
contact with the investigator. The prosecutor is a public official and so the
complainant should have access to him/her. The complainant has a right to
information and reasons for decisions made regarding the case and may
approach the prosecutor for this information. If the complainant does not know
which prosecutor is dealing with their case, then they should approach the control
prosecutor or senior public prosecutor for assistance. In seeking this assistance,
as much information as possible relating to the case should be provided to the
prosecutor, especially the CAS number and name of the I/O. The complainant
should by now have a record of all this information and should keep it in a safe
place. If the prosecutor is satisfied that there is sufficient evidence to prosecute,
then the case is put down for trial and a court date is scheduled on the court roll.
118
4.1.6.4 A witness
Bear in mind that the complainant may also be a witness. A person is called a
witness when they receive a subpoena which will stipulate the date and time of
the trial and the whereabouts of the trial. If a witness has any problems with
attendance or any queries about the trial, they should contact the prosecutor
named on the subpoena. Witnesses are entitled to be compensated for any
travelling costs incurred beyond a certain distance from the court. On the trial
date the witness should approach the prosecutor of the case by no later than
08:30 that morning. The prosecutor may need some time to discuss the case with
the witnesses. Before the trial starts, the witness will be entitled to consult with
the prosecutor about the evidence and to read the police statement to refresh
their memory.
Once the trial starts, the witness will not be able to discuss the case with the
prosecutor, so all queries about the case and the trial should be dealt with at this
consultation and before the trial. During the trial the witness will be called into
court to testify and this may happen over several different trial dates. If the
witness does not fully understand the language of the court, they will be entitled
to the services of an interpreter. Foreign interpreters will have to be arranged
beforehand as they will not be readily available every day at court. The witness
should listen carefully to all questions asked of them in court and answer all to
the best of their ability. They should always try to remain calm and respectful. A
magistrate is addressed as “Your Worship” and a judge as “My Lord/Lady”. But
“Sir” or “Madam” is quite acceptable if these terms cannot be remembered. The
witness will also be cross-examined by the defence counsel and because our
system is adversarial, there will be an effort to test the testimony of the witness
under cross-examination. Once the witness has finished testifying, they will be
excused and may leave the court. However, they may hear the rest of the trial
from the public gallery. Once all the evidence has been heard and the evidence
is completed, the magistrate or judge will make a finding as to whether the
accused is guilty or not of the charges laid against them by the prosecutor. If the
accused is found guilty, then the court will pass sentence.
119
4.1.6.5 An accused
The South African system presumes every accused person innocent until proven
guilty. It is this core value that underpins our South African justice system. It is for
this reason that our Constitution aims to protect those who find themselves on
the wrong side of the law and to protect them against any abuse of power vested
in those agencies that aim to uphold the law. However, that certainly does not
mean that guilty persons should walk free or that there should be a soft approach
when a crime has been committed. A balance between the rights of society to
punish those who transgress the law, and the rights of those who are deemed to
have broken society’s laws, must be maintained. An accused person will either
be brought before a criminal court after being arrested by the police or by being
issued with a summons to appear by the Clerk of Court.
A summons is an official document containing information about the time, date

and venue where the accused must appear as well as the charge and police CAS
reference. A summons must be personally delivered to the physical address of
the accused and someone will be required to sign for it. Failure to comply with a
duly served summons will result in a warrant of arrest being issued by the court
and the accused may then be brought before court in custody. However, if an
accused person is in custody, they may only be detained for a maximum of 48
hours before being brought before a court. If a weekend or public holiday falls in
that period, then they must appear on the court day immediately following. Once
the accused appears before court, the magistrate will explain the Constitutional
rights which, at that point, will include their right to have a legal representative as
well as their right to apply for bail.
As far as legal representation goes, the accused may choose their own attorney
or, if their income is below a certain bracket, they may qualify for Legal Aid and
the state will provide them with an attorney. They may also decline to have any
legal representative and rather speak for themselves. The magistrate or judge
will assist them in all the legal proceedings if they have no attorney, but it is risky
to have no legal representative and is not advised. Although the prosecutor is an
adversary or opponent to the accused, the accused nevertheless also has access
to him/her in the sense that the accused would be entitled to ask for copies of the
120
evidence to discuss the case and can also make representations. An example of
this would be where the prosecution and defence team engage in a pre-trial
conference where issues of the trial are discussed. In exercising their
Constitutional rights, the accused is entitled to know what evidence the
prosecution will be presenting against them in the trial. This is usually done by
the prosecution handing them copies of the statements in the police docket. The
accused is entitled to a copy of the charge sheet so that they know what charges
they are facing.
The accused must carefully consider whether to plead guilty or not guilty.
Pleading guilty brings with it its own benefits in that the court will probably pass a
more lenient sentence if genuine remorse is shown. It will also cut down the delay
in finalising the case, thus saving the accused both time and money. The accused
is also entitled to plea bargain with the prosecution, and this brings more benefit
to the accused as they will be able to negotiate with the prosecutor and will have
a clearer picture of the outcome. However, the accused is entitled to dispute any,
or all, of the charges the prosecution lays against them. There are a number of
rights that protect their interests during the trial, including the right to remain
silent, to present and challenge evidence and to a public trial. If the accused
informs the court that they intend to plead “not guilty”, the matter will then be set
down for trial where both parties will be given the opportunity to present evidence
in their case. The complexity of the case and the backlog in that court will
determine the remand date for that trial.
The length of delay can be anywhere from 1 to 15 months (or more) depending
on various factors. Note that foreigners are entitled to the same minimum legal
rights as other detained persons (including arrested persons) as guaranteed by
section 35 of the Constitution. The NPA has a target of 6 months for the
finalisation of a case in the district court and 9 months for a case in the regional
court. However, many cases take much longer than the target times and cases
can be postponed for a number of reasons, but ultimately a date will have to be
set for trial. The accused may also elect to plead guilty, and the case is often
then disposed of without any involvement or consultation with the complainant
(unless they are present of their own accord or have been requested to be at
court).
121
If the accused is pleading not guilty and a trial date is set, then all witnesses to
the offence (including the complainant) will be issued with a subpoena to attend
by the court. This subpoena is usually delivered by the I/O who will require the
witness to sign for it. It is important to note that this subpoena is a legally binding
document and there are serious consequences for not complying with it. It also
contains important information about the case including the date and venue of
the trial, the name of the accused, the name of the prosecutor and CAS number.
The complainant should include these details in their file. The interests of the
victim play an important role in the court and the court may well ask the victim to
assist with extra evidence to increase the sentence. A victim who has suffered
economic loss from the crime in question may also be ordered compensation as
part of the evidence. If the victim is dissatisfied with the outcome of the case, they
should discuss this with the prosecutor concerned. Sometimes the public do not
understand legal issues and verdicts can be misunderstood. The prosecutor
should explain these issues and advise on the prospects of appeal. Another
means of dealing with the case is by alternate dispute resolution (ADR). This
basically involves the accused and complainant deciding on a mutually
acceptable outcome facilitated by a neutral party (usually the prosecutor). The
ADR process is usually reserved for less serious cases such as assault, malicious
damage to property, negligent driving and less serious theft cases, although it
has also been used for more serious cases. The victim is not obliged to participate
in the ADR process and can insist on the matter being dealt with by the court.
However, the main advantage of the victim’s participation is that the case will be
resolved quickly, and the complainant will have a say (or more impact) in the
outcome. Typical methods of resolving these cases can be a formal apology,
compensation, or community service. This is a more formal process, does not
involve court and is usually done in private in the prosecutor’s office. If there is
no mutual agreement, then the case will go to trial in the ordinary way.
4.1.6.6 Bail
Bail is a very misunderstood concept. Bail does not mean the person has been
let off. Also, it is not a sentence, but rather a method of ensuring that person’s
attendance at court. Bail is a legal mechanism used so that an accused person
can be released from detention before the case is concluded, as long as certain
122
conditions are met. These conditions are meant to ensure that the accused
returns to court and does not run away. It usually involves paying a certain rand
amount as security, as well as the requirement to report to the police regularly,
or the surrender of travel documents like a passport. If an accused has been
arrested for a crime, they may be released on warning by the police before
appearing in court, but this is only possible for certain less serious offences. If
this does not happen, bail proceedings take place at a hearing to decide whether
bail is to be granted and to determine the conditions of bail.
There are other categories of offence where the police can ask a prosecutor to
consider bail after official court hours, and an accused person who has been
arrested should ask the police to assist with these queries. The mere fact that the
accused is charged with a serious offence is not a reason to refuse bail. In most
offences, the prosecution will have to show to the court that there are valid
grounds for the court to deny bail. These may include that the accused is a flight
risk, will interfere with witnesses or destroy evidence or will become a danger to
the public if released. Just like every application in court, the prosecution and the
accused are entitled to present evidence, challenge evidence and argue for the
granting, or refusal, of bail. In some categories of more serious offences, the law
has placed an onus on the accused, making it more difficult to obtain bail. A
person who is given bail is not “let off” as they will still be expected to appear
before the court on the date set for trial. Bail applications are given priority by the
courts because they are urgent as the liberty of the accused will be at stake. If
bail is refused, the accused will remain in custody until the completion of the case.
If bail is granted, then the accused will have to pay the stipulated bail money over
to the Clerk of Court before being released. This money is held as security until
the completion of the case when it is refunded to the accused. However, if the
accused fails to adhere to the conditions of bail, then a warrant may be issued for
their arrest, the bail cancelled and their bail money forfeited to the state and they
will be held in detention until the end of the case.
4.1.7 TRIAL AND SENTENCING

The trial will begin by the prosecutor reading out the charges to the accused, who
will be required to plead to them. The accused is entitled at this stage to tell the
123
court what the basis of their defence will be. After that, the prosecution will
present its case by calling its witnesses. Every witness called by the prosecutor
is entitled to be cross-examined by the accused or the legal representative. Once
the prosecutor has closed his/her case, the accused can decide to give evidence
themselves, call witnesses in their defence, or remain silent. Any witness called
by the defence is also opened to be cross-examined by the prosecutor. Once the
defence has closed its case, then both the prosecutor and defence are entitled to
present argument as to why the accused should, or should not, be convicted. The
court (magistrate or judge) will then pass judgment, summarising and analysing
the evidence and then finding the accused guilty or not guilty. If the accused has
been found guilty, then the court must consider an appropriate sentence. Again,
both parties are entitled to present argument or evidence in mitigation and/or
aggravation of sentence. The court generally has a very broad discretion in what
sentences to pass and can consider several factors. Sentences can include
imprisonment, a fine, a suspended sentence, correctional supervision,
community service or a combination of sentences. If the accused is aware that a
fine may be imposed, they would be advised to bring money to court because if
the fine is not paid, then they will have to go to prison. However, they will have
their bail money refunded to them at this stage, which can also be utilised to pay
a fine or part of it.
4.1.8 APPEAL
One of the characteristics of our judicial system is its process of appeal. Decisions
in lower courts are not cast in stone and dissatisfied parties may take the matter
on appeal. In essence, this means that a higher court is asked to assess and
check the correctness of the lower court’s decision. This is available to all
accused persons who may be dissatisfied with either their verdict, or their
sentence, or both.
However, when an appeal is instituted, the accused (or the legal representative)
must show to the appeal court that there are valid grounds that an appeal court
may consider in granting the appeal. This is called leave to appeal. Since these
grounds would involve some legal aspects, it would be advisable for a legal
representative to pursue this course of action. As the appeal hearing may only be
124
heard some time in the future, the accused is entitled to re-apply for bail pending
the appeal hearing. The other party to criminal trials is the state and it has a right
to appeal decisions that it is not satisfied with. The complainant, though, does not
have any direct right to appeal as only the prosecutor representing the state may
take this decision. As mentioned above, the complainant should rather consult
with the prosecutor so that this issue can be discussed, and the prosecutor can
explain what grounds may exist (or not) and the likelihood of success. The criteria
for the state to appeal are much stricter than those for accused persons and state
appeals are not as common.
ACTIVITY 12
Name the different types of courts and discuss their functions.
FEEDBACK
The district and regional courts are presided over by magistrates and the high courts,
Labour Court, equality courts, maintenance courts, Land Claims Court, Supreme Court
and Constitutional Court by judges. District and regional courts are where most cases are
heard.
District courts are the lowest courts and hear less serious cases, for example drug cases,
theft, drunken driving and/or assault. These courts may impose a maximum sentence of
3 years’ imprisonment or R60 000 fine per count (unless a specific law says otherwise).
They can also only hear cases within the local magistrates’ jurisdiction, usually within the
geographical boundaries of the local city or town.
Regional courts hear more serious cases such as rape, robbery, housebreaking,
kidnapping and corruption. These courts may impose a maximum sentence of up to 15
years’ imprisonment or R300 000 fine per count. Their geographic jurisdiction is usually
limited to the province in which they are situated and/or in which the crime was committed.
High courts hear only very serious cases such as pre-meditated murder, serial crimes,
serious commercial crimes and politically motivated serious crime. They have no limits
125
regarding sentence and can hear a case from anywhere in South Africa, but for practical
purposes tend to only hear those within their provincial jurisdiction.
The Labour Court handles labour law cases, that is, disputes arising from the
relationship between employer, employee and trade union. The court was established by
the Labour Relations Act of 1995 and has a status similar to that of a division of the high
court. It has its seat in Johannesburg and branches in Cape Town, Gqeberha and Durban.
Equality courts are specialised courts designated to hear matters relating to unfair
discrimination, hate speech and harassment. They were extended to the magistrates'
courts primarily to bring access to justice to the marginalised and vulnerable citizens to
assert their rights.
Maintenance courts determine how much maintenance should be paid for a child. If
maintenance is not paid, the court can take the money from the maintenance payer’s
salary or investment account, auction their property or issue a warrant of arrest.
The Land Claims Court was established in 1996. Its primary focus is dealing with land
restitution/land claims cases. The court deals with restitution cases in the form of referrals
from the commissioner's office or when they come directly through claimants or affected
landowners.
The Supreme Court of Appeal sits in Bloemfontein and is the highest court in respect of
all other matters. It can hear and decide an appeal against any decision of a high court.
Decisions of the Supreme Court of Appeal are binding on all lesser courts and the
decisions of the high courts are binding on magistrates' courts within their areas. These
decisions are an important source of law. A decision of a high court in one division is not
binding on another, but in practice has strong persuasive force.
The Constitutional Court is the highest court in the country when it comes to the
interpretation, protection and enforcement of the Constitution. It deals exclusively with
constitutional matters of cases that raise questions about the application and interpretation
of the Constitution.
126
List and describe the functions different role players in the criminal justice system.
4.1.10 CIVIL JUSTICE SYSTEM PROCESS

The civil justice system procedure in South Africa sets out the rules and standards
that courts follow when adjudicating civil suits (as opposed to procedures in
criminal law matters). These rules govern how a lawsuit or case may be
commenced, and what kind of service of process is required, along with the types
of pleadings or statements of case, motions or applications, and orders allowed
in civil cases, the timing and manner of depositions and discovery or disclosure,
the conduct of trials, the process for judgment, various available remedies and
how the courts and clerks are to function.
A civil case is usually brought by a person or organisation (called the plaintiff),

who feels that they were wronged by another person (called the defendant). If the
plaintiff wins the case, the court usually orders the defendant to pay
compensation. The state may be involved in a civil case as a party if it is suing or
being sued for a wrongful act, for example if government property is damaged, or
a government official injures somebody without good reason. There are several
processes and issues in both in criminal and civil law which are used locally and
internationally that forensic investigators should be aware of.
4.1.11 PROCEDURE IN CIVIL CASES

The procedure in a civil case can be quite complex. Furthermore, the terminology
describing steps in the process is not consistent in legal systems throughout the
world. This discussion focuses on jurisdictions that follow the three phases of civil
litigation: pleadings, discovery and the trial itself.
4.1.11.1 Beginning the civil action
Forensic investigation often begins before litigation occurs, but fraud

investigators and examiners should work with their eye towards potential
litigation. It is helpful to understand what is necessary to begin this process. A
127
civil action begins when the plaintiff files a pleading with the appropriate court,
usually in the jurisdiction in which the defendant resides or where the claim arose.
The pleading sets out the complaint against the defendant and the remedy that
the plaintiff is seeking. Depending on the practice and procedure of the court in
which the action is commenced, this document may be called a writ of summons,
a statement of claim, a declaration, or an application.
The required contents of the plaintiff’s pleadings vary somewhat between

jurisdictions, but most jurisdictions require fact pleadings, meaning the plaintiff
must identify
• the grounds for legal relief

• a summary of the evidence
• the specific facts on which the party’s claim relies
• key items of expected evidence
Some jurisdictions have elevated pleading requirements and also require witness
lists and the production of specific documents. A minority of jurisdictions require
simpler notice pleadings in which the facts in the pleading must merely put the
defendant on notice of the alleged claims; notice pleadings do not need to include
the specific facts underlying the case.
When a pleading is filed, a court officer “issues” the claim. This is done by affixing
the seal of the court to the pleading and signing the document on behalf of the
court. Copies, as issued, are then delivered to (or “served on”) the defendant.
Once the originating document is delivered to the defendant, the defendant must,
within a specified period, provide the court with a statement of defence in
response to the originating document. If the defendant fails to do so, they risk
losing the suit by default. In other words, if the defendant does not respond within
the specified period, the defendant forfeits the case, and the court issues a default
judgment holding the defendant liable as it deems fit. When making a default
judgment, the court assumes that because the defendant did not put up a
defence, the allegations must be true.
128
The liability assigned in a default judgment usually is limited to the relief
requested in the plaintiff’s complaint because it would be unfair to hold the
defaulting defendant to a higher liability than that indicated in the complaint that
was served on them.
In addition to allowing defences against the plaintiff’s claims, many jurisdictions

allow the defendant to raise counterclaims (also known as countersuits), in which
the defendant levels a claim against the plaintiff. The specifics of the counterclaim
might be filed as part of the defendant’s answer or as a separate document. If a
defendant files a counterclaim, the counterclaim and the original complaint will be
tried concurrently, with the final judgment stipulating a decision on each side’s
claims.
4.1.11.2 Preservation of evidence in civil matters
Most civil litigation concerning fraud involves many documents, tangible items
and digital information that might serve as evidence. Each jurisdiction has rules
for how potential evidence should be handled. Generally, common law
jurisdictions impose a duty on parties in civil litigation to take affirmative steps to
preserve relevant evidence, and this duty might arise prior to the commencement
of litigation. For litigation occurring in common law courts, the duty to preserve
relevant evidence typically arises when the litigation in question is reasonably
anticipated. For instance, if a company receives a letter from a vendor that alleges
a credible allegation of fraud and a threat to sue, the company’s duty to preserve
evidence has most likely arisen.
In contrast, civil law countries tend to have a narrower scope of what evidence is
required for litigation. Typically, the issue of when to take affirmative steps to
preserve evidence is established by the court, meaning the court dictates what
evidence must be preserved and produced by the parties or others with relevant
information. Due to privacy requirements in many civil law jurisdictions, retaining
personal information (a very broad class of information regarding individuals) for
longer than necessary might be illegal without a court order. Some civil law
jurisdictions allow a party to apply for a court order to preserve evidence prior to
a lawsuit being filed.
129
The duty to preserve evidence can be a confusing concept, especially in the
context of litigation between parties in different countries or parties with
information stored in foreign countries. For instance, the US requires parties to
issue litigation holds within their organisation when litigation is anticipated, which
freezes the regular destruction of documents and information. However, if the
litigation hold is followed regarding information stored in countries with strong
data privacy laws, in particularly members of the European Union, there is the
potential for criminal violation of such laws. The violators can face fines up to 20
million euros or 4% of their annual global revenue. Therefore, forensic
investigators and examiners must consult with legal counsel on how to preserve
evidence gathered during an examination.
4.1.11.3 Gathering evidence
After the parties submit pleadings to the court, the evidence-gathering process
begins. The system for collecting evidence varies from country to country,
especially along the lines of adversarial processes (generally common law
systems) and inquisitorial processes (generally civil law systems).
4.1.12 COMMON AND CIVIL LAW SYSTEMS
4.1.12.1 Common law systems (adversarial processes)
After statements of claim and defence are filed in common law jurisdictions, each
party is entitled to pretrial discovery. Discovery refers to the formal process in
which the parties collect evidence and learn the details of the opposing side’s
case. Pretrial discovery is intended to clarify the claim against the defendant, and
to permit each side to examine the evidence that will be used in court by the other
side.
In most common law jurisdictions, each party must file an affidavit of documents,
or affidavit of records, which lists and describes all documents in its possession
that are relevant to any matter at issue in the case. The party filing the affidavit
must allow the other party to inspect or copy any such documents. If any of the
documents are privileged, the privilege should be asserted in the affidavit of
130
documents. If requested, the judge will examine the documents to determine if
the privilege applies. Some of the more common privileges include the following:
• Litigation privilege: This privilege protects communications or documents

prepared in anticipation of litigation.
• Attorney-client or solicitor-client privilege: This privilege protects
information provided by the client to the solicitor which is necessary in order
to obtain legal advice.
• Settlement negotiations: Pretrial settlement negotiations are also
privileged. Some jurisdictions also allow the parties to make a request for
documents or records, in which they ask another party to turn over a specific
document or other record.
A party may be examined or questioned by the other party either orally or by

written questions. In Canada, this procedure is referred to as examination for
discovery; in South Africa, an oral examination for discovery is referred to as a
deposition and a written examination is referred to as an interrogatory. However,
other common law jurisdictions might not allow for pretrial oral discovery,
although written pretrial discovery is still available.
An oral examination, or deposition, is sworn testimony given by a party or witness

upon questioning by counsel for one of the parties before trial and outside of
court, usually in an attorney’s office.
4.1.12.2 Civil law systems (inquisitorial processes)
One of the most significant differences between the adversarial process of most
common law jurisdictions and the inquisitorial process of most civil law
jurisdictions is the way in which evidence is collected. Adversarial processes are
largely driven by the parties to a suit, whereas in inquisitorial processes, the judge
is the driving force. In other words, instead of the parties seeking evidence from
each other, the judge seeks evidence from the parties and other sources.
In the inquisitorial process commonly found in civil law jurisdictions, the evidence
is gathered simultaneously with the trial, as opposed to the common law method
of having the parties gather evidence over time and entering it into the record all
131
at once during the trial stage. Civil law legal systems tend to value documentary
and written evidence over oral testimony. When witnesses give testimony, the
judge orchestrates the questioning instead of the parties. The judge is also
responsible for collecting documents and physical evidence.
Many civil law systems have professional secrecy obligations, which require
members of certain professions to maintain the confidentiality of information
obtained from clients in the course of those services. This obligation is similar to
the attorney-client privilege, and legal representatives of the parties generally
may refuse to provide testimony or produce documents covered by the secrecy
obligation. While the parties’ attorneys or advocates are still involved in the
evidence-gathering process, they play a more advisory role, such as formulating
questions for the judges to ask and making recommendations on how to interpret
the evidence. The judge orchestrates the proceedings by calling witnesses and
eliciting testimony, as well as collecting documents and physical evidence.
Rather than keep a verbatim record of witness testimony, the judge makes a
synopsis of the evidence that will later be used in the decision-making portion of
the trial. Typically, the trial record consists of the judge’s summaries of evidence,
as opposed to every document or item of evidence submitted. However, key
documents or particularly important statements might be included. The parties
also work to ensure that the judge accurately creates the trial record and argue
to frame it in a way that represents their interests.
4.1.13 CIVIL TRIALS IN COMMON LAW JURISDICTIONS

The trial process in common law jurisdictions can most easily be divided into two
phases, namely pretrial stage and trial stage. Beyond discovery that occurs in the
pretrial stage, much of what occurs in the trial stage depends on the results of
the pretrial process. Pretrial stage civil cases often involve pretrial motions in
which the parties ask the court to rule on several issues that relate to how the trial
will be conducted. A common pretrial motion that occurs during or at the
conclusion of the discovery process asks the court to decide the case without a
trial, based on the evidence contained in the complaint and answer. In several
common law jurisdictions, this motion is referred to as a motion for summary
132
judgment. This motion will be granted if the court determines that the pleadings
and proof clearly demonstrate that there is no genuine issue of material fact
involved in the proceedings and that the moving party is entitled to judgment as
a matter of law. Motions for summary judgment generally are not favoured by the
court, as they terminate the proceedings before trial and the moving party bears
a heavy burden to demonstrate that there are indeed no circumstances, factually
or legally, under which the opposing party could possibly be entitled to relief. If
the granting of a motion for summary judgment disposes of all the issues between
the parties, the case ends, although the opposing party may appeal. If the motion
is denied, the case proceeds to trial. Other pretrial motions may involve requests
• seeking an order to secure assets before trial and prevent the defendant
from disposing of the assets while the lawsuit is pending
• asking the court to seize and take custody of property that is subject to the
dispute
• seeking an order preventing a defendant or a third person in possession of
assets claimed by the plaintiff from transferring, dissipating, wasting,
damaging, spending, concealing, or otherwise hindering the plaintiff’s
claimed interest in the property
• asking the court to rule that evidence is inadmissible and prohibiting
opposing counsel from referring to or offering the evidence during trial
• asking the court to dismiss the charges based on a defect in the complaint
• seeking a change of venue for the proceedings due to improper procedure,
unfair prejudice and similar reason
The purpose of a civil trial is to determine whether there is some basis on which
the plaintiff is entitled to a remedy from the defendant and, if so, what the
appropriate remedy might be. To achieve this purpose, the court (the magistrate
or judge) must listen to both sides and determine the facts of the case.
Generally, in a civil suit in common law jurisdictions, the plaintiff must prove that
it is more probable than not that the defendant is liable. This standard is
sometimes referred to as the preponderance of evidence in common law
jurisdictions. The plaintiff does not have to prove liability beyond a reasonable
doubt, as in a criminal case. In the adversarial process present in most common
133
law jurisdictions, the trial begins with the plaintiff presenting the evidence against
the defendant. The plaintiff calls witnesses to testify as to facts and to present
documents, photographs, or other kinds of evidence. The defendant may then
cross-examine the plaintiff’s witnesses to test their evidence. Once the plaintiff
has presented their case, the defendant can present their own evidence, which
may include calling witnesses, and the plaintiff can cross-examine the
defendant’s witnesses.
Expert testimony is another common facet of trials especially for technical cases
like white-collar crimes. In adversarial settings, civil parties may call expert
witnesses to give their opinion on matters thought to be too technical for the judge
or average juror to understand. Fraud investigators and examiners may be used
as experts in cases to compute and testify to damages. In most trials, each side
will produce a qualified expert who disagrees categorically with everything the
expert for the other side says. The court usually learns through cross-examination
that each expert has been paid for preparation and trial time because judges
generally have a difficult time understanding and evaluating expert testimony
such as the testimony that may have little effect on the outcome of the trial.
Throughout the trial, the judge must ensure that all the evidence presented and,
in adversarial proceedings, that all the questions asked are relevant to the case.
For example, in most situations, the judge will not allow hearsay evidence, i.e.
testimony based on what a witness heard from another person that is offered to
prove that the assertion made by the other person is true, because this evidence
lacks reliability. At the conclusion of the trial, both the plaintiff and the defendant
present a summary of their arguments, and the judge must then consider the
evidence presented and make a decision that is based on what the evidence
shows to be most probable.
4.1.14 CIVIL TRIALS IN CIVIL LAW JURISDICTIONS

Civil cases in civil law jurisdictions vary considerably compared to common law
civil cases. The most obvious difference is that civil law trials are a continual
series of meetings and written correspondences, rather than a single event, as in
common law systems. Throughout the process, evidence is introduced and
evaluated by the court, and motions are submitted and decided on by the judge.
134
The division between pretrial and trial stages found in common law civil trials
therefore does not apply in the typical civil law setting. The standard of proof in
civil law jurisdictions typically does not change in criminal and civil trials; it is often
described as the inner conviction of the judge, sometimes called the conviction in
time standard. This standard requires stronger evidence than the common law
preponderance of evidence standard, but not as much as the common law
beyond a reasonable doubt standard.
The judge chooses an expert (usually only one per issue) to give testimony on a
subject and make expert findings on behalf of the court. The idea is that court-
appointed experts are less biased than those that are hired by the parties. Some
civil law jurisdictions allow (or require) the parties to provide expert witnesses to
provide input for the court’s appointed expert. The court has the discretion to
reject or accept the appointed expert’s findings, but in practice the court usually
accepts them.
Throughout the trial, the judge evaluates evidence and records it in the trial
record. The record is generally a summary of the evidence, rather than a word-
for-word transcript of the proceedings. At the final hearing, the judge rules on the
admissibility and relevance of the evidence in the record and presents it. This
final hearing usually resembles the trial stage in common law jurisdictions. After
presenting the evidence in court, the judge, or judge panel (depending on the
jurisdiction and type of case) rules on the issues in the case.
4.1.15 CIVIL APPEALS

Generally, both sides may appeal from an adverse judgment, either as to liability
or damages. In common law systems, the appeals court is largely limited to
reviewing the legal decision of the trial court, rather than the factual determination
of the judge. The appeals court may reverse and remand for a new trial on some
or all of the issues, order that a certain portion of the awarded damages be
remitted, or enter final judgment, if legal grounds are clear, in favour of either
party.
In most civil law systems, the appeals court may review issues of both law and
fact, meaning it may obtain additional witness testimony, gather new
135
documentary evidence, obtain new expert opinions, etc. The appeals court may
reverse, affirm, remand for additional proceedings and (in some jurisdictions)
modify the trial court’s decision.
4.1.16 DECISIONS AND REMEDIES IN A CIVIL CASE

If the defendant in a civil case is found to have done nothing wrong, the judge will
dismiss the case, but if the defendant is found liable, the plaintiff is entitled to
some sort of remedy. In general, the term remedy refers to any process,
procedure, or consequence of a legal wrong by which a victim can be redressed
for their loss. Thus, if the defendant is found liable in a civil case, the remedy to
which the plaintiff is entitled must be considered.
4.1.16.1 Legal remedies
The remedy to which the plaintiff is entitled depends on several factors, such as
the relief sought, the facts and the authority given to the court to grant specific
relief. There are various types of civil remedies, but the following three are most
common:
• Damages are remedies for the victim’s recovery of money from the
defendant because of, and as compensation, reimbursement, or reparation
for, the defendant’s legal offence. Damages are the remedy most commonly
available to the successful plaintiff, and the main purpose of damages is to
compensate the plaintiff for the loss caused by the defendant. The number
of damages is normally fixed by the judge that decided the case, unless a
statute proscribes a particular amount. In fixing damages, the judge will
consider the out-of-pocket expenses incurred by the plaintiff and, where the
law permits such recovery, an additional lump sum to compensate the
plaintiff for the loss suffered and the loss that might be suffered in the future
because of the wrongdoing of the defendant.
Although the judge may take into consideration the amount demanded by
the plaintiff in the originating document, they are not required to award that
amount: they are free to award substantially less than the amount claimed.
In some jurisdictions, a court may occasionally award punitive or exemplary
136
damages in addition to those that would ordinarily be payable. These
damages are usually awarded when they are made available by statute or,
in most jurisdictions, when the judge feels that the conduct of the defendant
was so wrong that an increased award is required to express the
disapproval of the community. Punitive damages tend to be available in
common law systems, although a few civil law countries allow them in very
limited circumstances.
• Declaratory remedies are those in which the court states or declares the
rights of the parties. For example, when a court interprets a will or a contract,
its decision is declaratory in nature. Similarly, the decision of a court as to
the ownership of personal property or land is also declaratory.
• Equitable remedies are remedies used when the legal remedy by itself
would be inadequate compensation for the wrong suffered, in other words,
when the plaintiff has no adequate remedy at law (i.e. damages are
inadequate). One of the primary equitable remedies is releasing the
wrongdoer from liability.
4.1.16.2 Alternative dispute resolution (ADR)
A growing trend in civil litigation is to allow or encourage parties to an action to

resolve their disputes without the necessity of a trial. Alternative dispute
resolution (ADR) is the term used to refer to these processes. In fact, not many
cases go to trial; most are settled out of court or go though some kind of ADR.
ADR has certain advantages over litigation. It helps preserve existing business
relations between the parties, it provides more flexible remedies and often, but
not always, it is less costly. ADR in fraud cases usually involves either mediation
or arbitration.
In South Africa, there is a traditional dispute resolution mechanism that is

embedded in the culture of a people. Lekgotla is used to heal the families involved
in various disputes, including fraud cases. As a cultural system and a process
that is different from the Western courts, lekgotla relies heavily on the use of
idiomatic expressions as important guidelines and tenets to unravel the
complexities and challenges presented by participants in the lekgotla processes.
Lekgotla is an African system of dispute resolution in its own right; however, it is
137
subsumed in the South African national legal system, which is colonial in letter
and spirit. The interrelations between lekgotla and idiomatic expressions
constitute a complex process with the aim of bringing families together to
negotiate, confess, forgive, compensate, heal and engage in a ceremony that
restores harmony in the community. Culture is at the core of this interaction
between lekgotla and idiomatic expressions, with the goal of enhancing traditional
dispute resolution.
4.1.16.3 Mediation
Mediation is the process in which an impartial third person assists the parties in
reaching a resolution of the dispute. The mediator does not decide who should
win, but instead works with the parties to reach a mutually agreeable settlement.
Any mediation agreement will be enforced as a binding contract.
4.1.16.4 Arbitration
Arbitration is the process in which a dispute is submitted to an impartial third

person (known as an arbitrator) who then decides the outcome of the case (i.e.
which party should win). The arbitrator acts as a judge by deciding the case on
its merits. Arbitration can be either binding or non-binding. If the arbitration is
binding, then the decision of the arbitrator is final, and the parties cannot later
submit their dispute to a judge for determination.
Conversely, if the arbitration is non-binding, the arbitrator’s determination is not

binding on the parties. Today, many contracts contain arbitration clauses
providing that if a dispute arises between the parties to the contract, both parties
agree to submit their claims to binding arbitration rather than filing suit.
Additionally, parties might agree to have the laws of a particular jurisdiction apply
during the arbitration, and these provisions are often enforceable.
ACTIVITY 13
List and discuss the legal remedies in the civil law processes.
138
FEEDBACK
Legal remedies
The remedy to which a plaintiff is entitled depends on several factors, such as the relief
sought, the facts and the authority given to the court to grant specific relief. The following
three are most common:
• Damages are remedies for the victim’s recovery of money from the defendant
because of, and as compensation, reimbursement, or reparation for, the
defendant’s legal offence. Damages are the remedy most commonly available to
the successful plaintiff, and the main purpose of damages is to compensate the
plaintiff for the loss caused by the defendant. The number of damages is normally
fixed by the judge that decided the case, unless a statute proscribes a particular
amount. In fixing damages, the judge will consider the out-of-pocket expenses
incurred by the plaintiff and, where the law permits such recovery, an additional
lump sum to compensate the plaintiff for the loss suffered and the loss that might
be suffered in the future because of the wrongdoing of the defendant.
Although the judge may take into consideration the amount demanded by the
plaintiff in the originating document, they are not required to award that amount:
they are free to award substantially less than the amount claimed. In some
jurisdictions, a court may occasionally award punitive or exemplary damages in
addition to those that would ordinarily be payable. These damages are usually
awarded when they are made available by statute or, in most jurisdictions, when
the judge feels that the conduct of the defendant was so wrong that an increased
award is required to express the disapproval of the community. Punitive damages
tend to be available in common law systems, although a few civil law countries
allow them in very limited circumstances.
• Declaratory remedies are those in which the court states or declares the rights of
the parties. For example, when a court interprets a will or a contract, its decision is
declaratory in nature. Similarly, the decision of a court as to the ownership of
personal property or land is also declaratory.
• Equitable remedies are remedies used when the legal remedy by itself would be
inadequate compensation for the wrong suffered, in other words, when the plaintiff
139
has no adequate remedy at law (i.e. damages are inadequate). One of the primary
equitable remedies is releasing the wrongdoer from liability.
4.1.17 SUMMARY
The justice system in South Africa is complex system that comprises various
components to function efficiently and effectively to decide on disputes before the
courts. Forensic investigators must therefore be knowledgeable about the roles
played in different courts. In this section, you learnt about various types of courts,
criminal and civil law process, decisions and legal remedies and the common law
jurisdictions in the trial processes. In the next section, we will look at basic
principles of gathering and maintaining evidence for forensic investigation of
fraud and corruption cases.
Discuss the process of criminal justice in South Africa.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________
140
SECTION 2: BASIC PRINCIPLES OF
EVIDENCE
• describe and explain the sequential conceptual stages in a criminal

investigation
• distinguish between the relevant techniques and protocols of
Key learning evidence collection, preservation and linking analysis
outcomes • recognise ethical principles in an investigation and present an
appropriate response
• examine the concept of probable cause, elements of a crime and
other appropriate basic criminal justice principles and their
importance in the process of an investigation
4.2.1 INTRODUCTION
Evidence consists of anything that can be used to prove something. In a legal
sense, evidence refers to the testimony, documents, exhibits and other tangible
objects offered to prove or disprove the existence of an alleged fact during court
proceedings. In legal systems, the use of evidence is often regulated by an
intricate set of principles that have been developed and refined over hundreds of
years, designed to ensure that only relevant and probative evidence is admitted
and that irrelevant, unreliable and prejudicial evidence is excluded so that cases
can be fairly and expeditiously decided.
Every aspect of a legal case from filing the complaint to the presentation of
witnesses and exhibits is affected by rules of evidence. This body of law covers
not just what counts as evidence, but how that evidence is gathered, handled and
presented. In every court, the law of evidence governs the admissibility of
evidence in legal proceedings. The law of evidence, however, varies between
countries and legal systems.
141
Common law legal systems have separate rules of evidence that regulate the
admission and evaluation of evidence by courts. These rules establish what can
and cannot be introduced during a dispute. Civil law legal systems, however, do
not have a separate code of evidence law.
The rules of evidence can be complex, and counsel should be contacted if an

important question of evidence arises in the case of fraud investigation.
Additionally, rules of evidence vary by jurisdiction, even within the same country.
The following are some general principles regarding evidence; however, fraud
examiners should always review the rules applicable in their jurisdiction.
4.2.2 MEANING AND IDENTIFICATION OF EVIDENCE

The word evidence is derived from the Latin word “evidare” which means to show
clearly, to make clearly and to discover clearly. In a general sense, evidence
means a collection of facts produced by the parties either orally or in written form
before the court of law to prove the existence or non-existence of disputed facts.
In a legal sense, evidence means and includes
• all statements made by the witnesses and permitted by the court as oral
evidence
• all documents produced by the parties for inspection of the court, known as
documentary evidence
The following definitions may be helpful to understand the classification of

evidence under law:
• Oral evidence: Personal acknowledgement of facts by words, verbal

statements, visible representation, gestures or signs or any other means
which can be communicated to the court.
• Documentary evidence: Any matter expressed or described upon any
substance by means of letters, figures, or marks for the purpose of
recording. Electronic records such as CDs and memory sticks also come
under the definition of document. When a document is called for the
inspection of the court, it is known as documentary evidence.
142
• Primary evidence: The original document is produced before the court of
law for its inspection.
• Secondary evidence: Parties may be permitted by law to produce the
copies of the original in place of primary evidence.
• Direct evidence: The fact is directly attested by witnesses, things or
documents.
• Circumstantial evidence: Information dealing with related surroundings or
circumstances. It is evidence of circumstances or situations leading to the
happening of the principal fact.
• Hearsay evidence: Any information received by a person with the help of
others and not through their direct senses.
4.2.3 SEIZURE OF ELECTRONIC EVIDENCE

The forensic investigator or examiner may be the person realising that an offence
has been committed. In some instances, the requirements of the Prevention and
Combating of Corrupt Activities Act 12 of 2004, regarding a duty to report certain
activities, may come into operation. The forensic investigator or examiner can
also be a part of an investigation team. It is therefore important to have a basic
knowledge of search and seizure procedures where electronic evidence is
involved.
The forensic auditor may only participate in the search if their name is on the
search warrant. Perhaps the most critical step in the forensic process is how data
is collected or acquired. Digital evidence must be acquired in such a way as to
ensure that all relevant evidence is seized and secured in a forensically sound
manner. This will ensure that the digital evidence is not tainted or destroyed.
In fact, there are several practical considerations and procedures when the
decision is made to proceed with a computer seizure. One of the primary
considerations that is often neglected is debriefing the subject, which involves
asking the subject for passwords and whether any encrypted data exists on the
target computer. The following is provided as guidelines when seizing computers
on a scene. These processes should ensure compliance with any criminal
143
procedure and accordingly should be followed in all circumstances. Evidence
may be seized under the following circumstances:
• with a search warrant in terms of the Criminal Procedure Act

• with an Anton Pillar order issued by a competent court
• when an employee/suspect gives consent
• when it is justified by necessity or in terms of the Bill of Rights’ limitation
clause (section 36(1) of the Constitution)
• when the employee did not have a reasonable expectation of privacy
4.2.3.1 Actions for forensic investigators and examiners
Unless completely unavoidable, data should not be analysed on the machine

from which it was collected. Instead, the forensic investigators and examiners
must make forensically sound copies of all data storage devices, primarily hard
drives, and analyse the data on these copies.
4.2.3.2 How to collect, seal and package evidence
Computer-related evidence is like any other evidence you might find, except that
it tends to be very volatile and can be easily damaged or destroyed. Therefore,
handle it with extra care.
It is advisable that only officers with sufficient knowledge and hands-on

experience deal with computers, peripherals, programs, etc., as well as with other
technical or specialised equipment during searches. Never let the suspect or non-
qualified persons touch the computer.
4.2.4 SECURE THE DIGITAL EVIDENCE

Mahalik, Tamma and Bommisetty (2016:12) mention that how to secure digital
evidence in a forensic investigation may differ due to the different types of
evidence. There is therefore no standardised forensic examination framework in
place to extract data from digital devices. Forensic investigators and examiners
must ensure that all evidence collected is well documented and forensically
sound. Mahalik et al (2016:13) indicate the following forensic process as an
overview of the steps to be taken when securing digital evidence:
144
4.2.4.1 Intake phase
Afonin and Katalov (2016:15) state that the initial stage of mobile forensics is the
physical seizure of the device, which will be kept in the custody of the investigator.
Forensic investigators and examiners are required to obtain a search warrant
from the court and a detailed document with all the information pertaining to the
digital devices within the search warrant, in order to adhere to forensic soundness
principles. Mahalik et al (2016:13) caution that in this phase forensic investigators
and examiners must pay careful attention to documenting all information
pertaining to the allegation associated with the digital devices.
According to Bair (2016:4), forensic investigators and examiners must maintain

certain requirements before securing evidence data from digital devices. They
need to take precautions when seizing the digital devices by storing them in a
Faraday bag or a Paraben StrongHold Box to block ongoing wireless connectivity
and avoid data modifications on the device.
In addition, the investigators must use the Image MaSSter Solo-3 data to acquire
data from the device’s flash memory before the device is placed in the evidence
bag or box using different forensic tool software options. For example, device
configuration overlay option (DCO) is used to hide and protect part of the hard
drive from the operating system and file system.
Digital devices are network devices that automatically update data while receiving
and sending information from different sources, such as telecommunications, Wi-
Fi access points and Bluetooth. Importantly, forensic investigators and examiners
must pay attention to the status of the digital device to establish whether it is on,
in sleep mode or switched off before it is secured. When they have secured digital
devices in a Faraday bag, the devices are automatically disconnected from the
network and such evidence is safe. The digital device must then be switched on
to extract more information.
Usually, the court likes to challenge electronic evidence by questioning the

process followed during the collection of such evidence and exploiting the gaps
in the process. When electronic evidence is presented in court for prosecution,
145
the court requires the forensic investigator or examiner to clearly outline the
processes that were followed in obtaining that evidence.
Investigators need to comprehend the chain of custody when collecting evidence

from digital devices. This means that they must document all the steps taken in
collecting the evidence from the time it was located to when it is presented in
court. The documented process will allow the court to review the quality of
presented evidence and make an assessment of whether it has been tampered
with or contaminated.
4.2.4.2 Identification phase
The identification phase requires that forensic investigators and examiners to

identify the incident or event to be investigated and the scope of the investigation
based on the request received. This phase enables the investigators to define
the scope of the investigation and identify evidence that needs to be collected
when applying for a search warrant. The appreciation of legal authority will
eliminate the risk of evidence obtained being rejected by the court during the legal
proceedings.
The identification of the digital device’s information, such as make, model,

operating system and storage capabilities, is crucial to determine the forensic
tools that will be used to examine the device (Tamma, Skulkin, Mahalik &
Bommisetty 2018:15). Various digital devices have unique storage capacity.
Some store the data only on the handset, whereas others store the data on
hardware, in the cloud and memory card. In this instance, the investigators will
decide on the suitable method and a forensic tool to be used to acquire the
required evidence.
4.2.4.3 Preparation phase
In the preparation phase, the investigation team sets up to collect digital evidence
in fraud and corruption cases. The selection of the team members is based on
appropriate qualifications, skills and knowledge to acquire data from a device.
According to Tamma et al (2018:15), once the investigation team has been
146
identified, the preparation phase allows the forensic investigators and examiners
to conduct research on the digital devices to be examined. The investigators will
then select the appropriate methods and tools to be used for data acquisition,
considering the operating system of the digital devices under investigation. This
gives the investigators an opportunity to procure forensic tools and software that
they will need for data acquisition and transportation to the Forensic Laboratory.
Prior to the examination of the digital devices, the investigators need to

understand the digital forensic framework, standard operating procedures
(SOPs), best practices, guidelines and techniques to be followed.
4.2.4.4 Isolation phase
In this era of new emerging digital technologies with built-in network capacities,
automatic data changes are inevitable through incoming messages, Wi-Fi,
Bluetooth connections and application upgrades (Tamma et al 2018:15). This
means that when a digital device is connected to the network, it continues to
receive new data that might change the evidence residing on the device. In order
to circumvent this risk, the forensic investigators and examiners need to isolate
the electronic devices and secure them in a Faraday bag or Paraben StrongHold
Box before starting the acquisition and examination of the devices. When the
device is not connected to the network, it will not send or receive new updates.
Subsequently, the alteration of evidence will not occur.
4.2.4.5 Processing phase
According to Tamma et al (2018:23), the processing phase concerns data

acquisition, which is the process of imaging or extracting information from the
digital device and its outward equipment and media. The information on the
device can be extracted from different sources (Afonin & Katalov 2016:13). The
forensic tool that the investigators may use to extract the data will depend on the
location of the information on the device. There are three different data acquisition
methods as listed below:
147
• Physical acquisition
The physical acquisition of a digital device is performed by the investigators using

forensic tools and methods. The forensic investigators and examiners must
directly access the device’s flash memory to collect evidence. In so doing, the
investigators are able to acquire both the current and deleted data from the from
the device.
• Logical acquisition
Logical acquisition of the digital device is when the forensic investigators and
examiners extract data from the electronic device using the device
manufacturer’s application-programming interface for synchronising the contents
with a computer. Note that logical acquisition is quite tricky because the
investigators need to first establish if the device imaged is modified or not. In
addition, they must establish if modification of data has occurred during the
imaging process. In a nutshell, the investigators need to have vast skill and
experience to notice every little change taking place on the device.
The challenge with this method is that not all data will be acquired. It will depend
on the tools used by the investigators to extract data. When the investigators opt
to acquire data using a bit-by-bit copy of the mobile storage through a cable or
wireless contact, the probability of not acquiring all the data must be noted. The
investigators will only be able to recover files that are on the device, but not data
that is in the unallocated spaces.
• Manual acquisition
In using the manual data acquisition method, the forensic investigators or

examiners will extract data from the device using the user interface to investigate
the contents of the device memory. They will take pictures of the contents
appearing on the device’s screen. Note that this method of data acquisition is not
reliable since the investigators can make mistakes.
148
4.2.4.6 Verification phase
Casey (2011:20) describes authentication as satisfying the court that the contents
of the evidence remained unchanged, that the information in the record does in
fact originate from its purported source and that the extraneous information such
as the apparent date is accurate. The authentication of digital evidence is the
process of ensuring that the recovered evidence is the same as the original
seized data, but the concept is refined. Once again, the chain of custody plays a
crucial role in verifying the integrity of evidence. This means that the investigators
need to maintain and document the chain of custody of evidence, detailing all the
individuals who handled the evidence to verify that it was not altered from the
time it was collected until it was presented in court. To verify that the contents of
the imaged data from the device of the suspect employees were not
contaminated, the investigators can validate the data from any source using
cryptographic hash values.
The commonly known commercial tools to perform hash values are Message–
Digest Algorithm (MD5) and Secure Hashing Algorithm (SHA2). Tahiri (2016:55)
explains that hashing is the use of cryptographic forensic processes like MD5 and
SHA to maintain and verify the integrity of evidence, which in turn increases the
possibility of such evidence being admitted in court. Hashing of data is done
before and after analysis to determine if the data was altered during the
acquisition process. This means that the hash value of the input data must be the
same as the hash value of the output data.
4.2.4.7 Reporting phase
Once the forensic investigators and examiners have completed recovering and
analysing raw data extracted from the digital device, they need to prepare a
detailed report. The forensic report must indicate the evidence analysed under
investigation. The investigators need to outline the processes followed in
extracting the data from the device and the identified findings. This must also
include the hash values of the evidence obtained, allowing the interested parties
to repeat the data acquisition process if they need to verify the integrity of the
evidence presented to the magistrate or the judge in court.
149
4.2.4.8 Presentation phase
Presentation of evidence involves documentation of evidence extracted from the

device in a comprehensible manner such that even a layman can understand it.
This means that the person to whom the electronic evidence is presented does
not have to be a forensic expert in order to understand the chain of events. The
presentation of evidence requires the investigator to write a formal report to the
presiding officer of the court or the requestor of an investigation, outlining how
the extraction of data from the device was conducted and what evidence was
identified.
The investigation of cybercrimes has revealed that evidence collected from digital
devices may lose its credibility if the court identifies any gaps in the acquisition or
analysis process, and such evidence will not stand in court. Forensic investigators
and examiners need to close all the gaps in the acquisition or analysis process
to maintain the trustworthiness of such evidence. Well-documented evidence will
eliminate the chances of such evidence being dismissed in court.
In light of digital evidence, which is complex in nature, the analysis of data

requires extensive analytical skills. Investigators need to have the digital forensic
skills to translate raw data obtained from the device to a readable language that
is understood by all people and to outline the timeline of how the fraud and
corruption took place. The credibility of the evidence also relies on the
investigator’s presentation skills to convince the judge that the criminal activity
has indeed occurred.
Sometimes even if the digital evidence is properly acquired, due to lack of

presentation skills, the investigators find it difficult to present technical data to the
audience which is not familiar with digital forensics.
4.2.4.9 Archiving phase
Stiles (2014:5) states that the principles and compliance aspects of electronic
evidence are not different from those of paper. The decision to archive records in
either electronic or physical form must be made prior to their creation and such
decision should be documented in the relevant SOP. Archiving of data is the
150
process of storing data in a manner that is suitable for long-term availability and
retrieval.
The investigators need to archive the evidence in such a way that it can be
accessed when it is needed at a later stage for prosecution during a trial. The
digital evidence should be stored in accordance with the statutory requirements,
policies and procedures for the organisation. In addition, Stiles (2014:8)
emphasises that electronic evidence should be archived in its original form. The
investigators must maintain the chain of custody and ensure that evidence from
the device is marked and indexed for easy retrieval when it is required.
Note that digital evidence may be stored in separate file systems using metadata
to designate archived records. Furthermore, the investigators need to archive the
digital evidence in such a way that it cannot be altered and deleted without
detection, by using a physical write-blockers when transferring data from one
storage medium to another.
4.2.5 OTHER DOS AND DON’TS

There are some basic procedures that must be followed when processing digital
evidence. These precautions must be followed explicitly when working with
computers:
• Do not eat, drink, or smoke close to the computer system or near any of the
storage media (such as disks). Crumbs, liquid and/or smoke particles could
all potentially damage the equipment or stored data. If this happens, it
becomes very difficult, if not impossible, to recover the data (and evidence).
• Do not write on a disk, on a label of a disk, or on a bag that contains a disk.
Write on a label and then place the label on the disk. If it is necessary to
write on a disk, use a soft felt-tip pen.
• Do not place magnetic media near magnetic fields, as this could cause
damage. Magnetic fields that are strong enough to damage data are more
common than you might think.
• Do not expose magnetic media to either extreme heat or cold.
Temperatures outside the range of 4 °C to 32 °C can damage the data.
151
• Do not fingerprint magnetic media. The particles of fingerprint powder are
almost impossible to remove from the media surface, and the drive will not
be able to read the data contained on the media. Permanent damage to the
drive equipment could also result.
4.2.6. THE LEGISLATIVE FRAMEWORK REGULATING THE

COLLECTION OF ELECTRONIC EVIDENCE IN SOUTH
AFRICA.
South Africa has promulgated its systems of rules that regulate how electronic
evidence should be collected such as the Electronic Communications and
Transactions Act (ECTA) 25 of 2002, and the Regulation of Interception of
Communication-Related Information (RICA) 70 of 2002. The provisions of both
section 51(2) of ECTA and section 17(2)(b-d) of RICA clearly outline to the
forensic investigators and examiners that an application to obtain electronic
information residing in the digital device must be obtained in writing.
To obtain such information as evidence, the investigator or examiner must state

the description of the information required and solid grounds to believe that
evidence related to the fraud and corruption cases under investigation could only
be obtained by accessing the information located in the identified digital device.
Hence, section 3(1)(b) of the Cybercrimes and Cybersecurity Bill underlines that
any person that is unlawfully acquires data within or which is transmitted or from
the computer system is guilty of offence. In addition, the below-mentioned statute
provide guidance to investigators insofar as the investigation of cybercrimes
/electronic communication and the collection of digital evidence from the cell
phone device of the suspected employees is concerned. The contravention of
these legal principles results in a penalty or punishment.
4.2.6.1. The Constitution of the Republic of South Africa, Act 108 of 1996
Section 7(1) of the Constitution of Republic of South Africa pronounces on the

Bill of Rights of all citizens in South Africa which must be respected and protected
by the state. In addition, section 7(2) of above mentioned Constitution provides
that the Bill of Rights binds a natural or juristic person.
152
This includes the privacy right as stated in Section 14(d) of the Constitution in
relation to everyone’s right to non-infringement of their privacy to communications
infringed. Thus, the protection of illegal collection, retention, dissemination and
use of personal information is prohibited. Section 35(5) of the Basic Provisions of
Constitution of the Republic of South Africa, Act 108 of 1996 states that any
evidence that is obtained unfairly and is unfavourable to the administration of
justice must be excluded during trial. Section 14(d) of the Bill of Rights clearly
stipulates that the collection of evidence needs to be cognisant of the alleged
suspect’s privacy right and the right to non-violation of their communications.
Evidence that is obtained in a manner that violates any right in the Bill of Rights
will not be considered by the court, citing that it would render the trial unfair.
4.2.6.2. The Protection of Personal Information Act (POPIA) 4 of 2013
According to Section 5 of the POPIA 4 of 2013, a data subject (the suspect) has
the right to have their personal information processed on condition of legal
processing of personal information. Hence, the investigator or examiner must
highly regard the provision indicated in Section 13 of POPIA stating that personal
information should be collected only for lawful and explicitly defined purposes of
the activity of the third party. Moreover, Section 5(a) of POPIA states that a data
subject (the suspect) must be notified of the purpose or reasons for the collection
of his/her information as digital evidence from the cell phone during investigation
pertinent to the alleged fraud and corruption cases. In light of this, the investigator
needs to take reasonable steps to adhere to the requirements of search and
seizure prior to the commencement of an investigation.
4.2.6.3. The Regulation of Interception of Communication-related

Information Act (RICA) 70 of 2002
It is noted that the collection of evidence from the suspected digital device is
collected forensic investigator or examiner who was not privy to the
communication. Section 4(1) of RICA prohibits the investigator’s or examiner to
intercept any communication to which he/she is not party. It is irrefutable that the
investigator or examiner will always encounter challenges when collecting
evidence during the investigation of cybercrimes. However, the fact that the
prosecution of cyber related crimes is heavily dependent on the digital evidence
153
presented in court could not be overlooked. To curb this impediment, the
investigator or examiner needs to adhere to the provisions of the Regulation of
Interception of Communication-related Information Act 70 of 2002 (RICA).
According to Section 17(2)(b-d) of the Regulation of Interception of

Communication-related Information Act, the investigator needs to write an
application to the judicial officers and request the permission to collect the
electronic information located on the cell phone device of the suspects during the
investigation of criminal activity. In addition the description of the
information required and the grounds to believe that evidence related to the fraud
and corruption cases under investigation could only be obtained by accessing the
information located on the cell phone device must be stated on the application
made by the investigator. As a result, such evidence will be admissible in court
and used by the judicial officers to prove or dismiss the allegation of criminal
activity under investigation.
4.2.6.4. The Electronic Communications and Transactions Act (ECTA), 25 of

2002
Section 51 of the ECTA 25 of 2002 allocates principles for electronic collection of

information of a personal nature. In terms of Section 51(2) of the Act, a data
controller (forensic investigator or examiner) must be in possession of the written
permission of the data subject for the process of collecting, collating, processing
or disclosing of any personal information of the data subject to be in force, unless
if he/she is permitted by the law. This provision emphasises the need for the
investigator to obtain a search and seizure warrant from the magistrate court prior
to the collection of digital evidence from the employees’ suspect work cell phone.
In addition, Section 5(3) states that the data controllers (forensic investigator or
examiner) ought to disclose in writing to the data subject (alleged suspect) the
explicit purpose for which any information is being requested, collected, collated,
processed or stored. In the
application of the search and seizure warrant, the forensic investigator or
examiner is required to clearly state the allegation under investigation and the
154
reasonable grounds linking the suspect to the allegation of a criminal activity in
question.
4.2.6.5. The Criminal Procedure Act (CPA) 51 of 1977
Section 20 of the CPA 51 of 1997 provides that the State may seize any material
which is concerned in, or is reasonably believed to be concerned in the
commission of a transgression or suspected commission of such transgression
within the Republic of South Africa or elsewhere, which may yield evidence
pertaining to the commission or suspected commission of a transgression.
However, the CPA stipulates the conditions in which article should be seized in
section 21(a) – (b) of this act.
The provision made in the afore mentioned sub-sections requires that the article
should only be seized on the basis of a search and seizure warrant issued by a
magistrate court or a judicial officer presiding at the criminal proceedings where
such article is required as evidence. This means that the investigator is only
allowed to seize the suspect employees’ cell phone device only if he/she firstly
obtained the search and seizure warrant signed by the magistrate court or the
presiding offer for the purpose of proving the allegation against him/her. The
investigator or the law enforcement agencies who acts in contrary to the search
and seizure warrant issued in Section 21 of the CPA shall be guilty of an offence.
ACTIVITY 14
What are the circumstances in which forensic investigators and
examiners may seize evidence for investigation processes?
FEEDBACK
Evidence may be seized under the following circumstances:
• with a search warrant in terms of the Criminal Procedure Act
• with an Anton Pillar order issued by a competent court
• when an employee/suspect gives consent
155
• when it is justified by necessity or in terms of the Bill of Rights’ limitation clause
(section 36(1) of the Constitution)
• when the employee did not have a reasonable expectation of privacy
4.2.7 SUMMARY
Forensic investigators and examiners usually obtain great deal of evidence when
conducting fraud and corruption investigations. Therefore, it is critical to know
and understand how to analyse documents collected as evidence in such cases.
Forensic investigators should make sure that relevant documents are included
and irrelevant documents are eliminated.
1. Define the concept of evidence and provide practical examples.
2. List three basic forms of evidence.
3. Discuss the special rules concerning the admission of evidence in adversarial
proceedings.
156
LEARNING UNIT 5:
LEGAL TESTIMONY AND

INVESTIGATION PROCESS
SECTION 1: TESTIMONIAL EVIDENCE
to
Key learning
• describe types of witnesses in court and give practical examples
outcomes
• explain and discuss the basic form of evidence
• discuss rules concerning admissible evidence in court
5.1.1 INTRODUCTION
Eyewitnesses can provide very compelling legal testimony, but rather than
recording experiences flawlessly, their memories are susceptible to a variety of
errors and biases. They (like the rest of us) can make errors in remembering
specific details and can even remember whole events that did not actually
happen. In this unit, we discuss several of the common types of errors, and what
they can tell us about human memory and its interactions with the legal system.
5.1.2 TESTIFYING
Testimonial evidence is evidence presented in the form of statements made
during a legal proceeding, such as a trial, an administrative hearing, or a
deposition. All testimonial evidence has specific requirements governing its
157
admissibility that depend on the type of witness and the way the witness is
testifying. The judge or administrator applies these requirements to determine
who can testify and what they can testify about. Witness testimony, however,
differs in adversarial and inquisitorial jurisdictions. Again, adversarial jurisdictions
(which are typically common law countries) are those that use judicial processes
in which the parties to a proceeding drive the discovery process (the search for
evidence). Inquisitorial jurisdictions are those that use judicial processes that
place the primary responsibility of discovering evidence on the presiding judge.
In adversarial systems, a large amount of litigation is conducted using oral
evidence, with witnesses offering testimony, being examined in direct
examination by their representatives and, in turn, cross-examined by opposing
counsel. Conversely, in inquisitorial systems, the examining judge interrogates
witnesses, and it is up to the judge to decide the value of witness testimony.
Furthermore, adversarial systems give more weight to testimonial evidence than
inquisitorial systems, and cross-examination of witnesses is virtually non-existent
in inquisitorial systems.
Forensic investigators and fraud examiners, accountants and auditors are often
requested to provide testimony in criminal and civil prosecutions where their
services can be used to support investigations of financial fraud, embezzlements,
misapplication of funds, bankruptcy fraud, improper accounting practices, tax
fraud, etc. Fraud examiners may also be used as defence witnesses or to support
the defendant’s counsel on matters that involve accounting or audit issues.
There are two basic kinds of testimony. The first is lay testimony (sometimes
called factual
testimony), where witnesses testify about what they have experienced firsthand
and their
factual observations. The second kind is expert testimony, where a person who,
by reason of education, training, skill, or experience, is qualified to render an
expert opinion regarding certain issues at hand. Typically, a fraud examiner who
worked on a case will be capable of providing lay testimony based on
observations made during the investigation. When a trial involves issues that are
complex or unfamiliar to most people, as is common in incidents of fraud, expert
testimony is appropriate to help the fact finder understand these issues.
158
The type of testimony provided by fraud examiners depends on both their role in
the case and whether they are qualified to provide expert testimony. If a fraud
examiner who participated in the investigation also qualifies as an expert
regarding a relevant issue, they might provide both lay and expert testimony.
Alternatively, the witness might solely be used either to present factual evidence
or to provide a particular expert opinion based on the facts.
Many of the considerations for providing testimony are the same, regardless of
whether it is factual or opinion based. However, there are also some important
distinctions, which are discussed throughout this unit.
5.1.3 CONSIDERATIONS FOR TESTIFYING AS A LAY WITNESS

A lay witness (or fact witness) is anyone who provides non-expert testimony in a
legal proceeding. Before testimony begins, fraud examiners serving as fact
witnesses will need to lay the proper groundwork. So, to be an effective fact
witness, fraud examiners must investigate, prepare and disclose.
There are basic competency requirements for all witnesses. For fact witnesses,
competency relates to their capacity for observation, recollection and
communication. As we will discuss later in this unit, there are stricter capacity
requirements for witnesses who need to give opinion evidence either lay opinions
or expert opinions.
5.1.4 INFORMATION VERSUS EVIDENCE

Witnesses, particularly those involved in an investigative process, must
appreciate the difference between information and evidence. Information consists
of all facts, documents, observations, statements, or other indications of what
happened. Evidence is information that is presented at trial, under the supervision
of the judge, to prove or disprove an alleged fact at issue (i.e. to convince the
judge of the truth or falsity of the fact at issue).
159
The effective fraud examiner must not let concerns about the admissibility of
investigative information or “leads” limit the scope or tenacity of the examination.
Even if information is not in and of itself admissible, this information might lead to
the discovery of admissible evidence.
Similarly, the effective witness is not hindered simply because the underlying
information is inadmissible in court. Sometimes admissibility depends on the form
of the information or prior disclosures; other times, it depends on whether
specified procedures were followed. Therefore, all witnesses should work closely
with their lawyers to make sure that all important information can be presented
as evidence.
5.1.5 SOURCES OF LAY TESTIMONY

The rules of evidence, which govern the admissibility of evidence in court, prefer
factual testimony based on first-hand knowledge (i.e. testimony on matters that
the witness has perceived through one of the senses). There are several
permissible sources for factual testimony:
• observations
• information collected during investigations
• calculations and summaries
• research
• opinions (typically limited in scope)
Testimony derived from personal involvement in any of the above sources will
generally be more effective and more easily admitted than all other types. Even
if a witness is admitted as an expert, maximum exposure and reliance on direct
rather than derivative information will increase the likelihood that the witness’s
statements will be admitted as evidence.
5.1.6 USE OF SUMMARIES

Whenever one party wishes to introduce an item of evidence, the other side is
typically entitled to inspect that evidence. When there are so many items of
160
evidence that they cannot be conveniently examined in court, some jurisdictions
allow the contents to be presented in the form of a chart, summary, or calculation.
The original documents (or duplicates) should then be made available for
examination or copying by other parties at a reasonable time and place, and the
court may order that the underlying documentation be produced in court.
5.1.7 OPINIONS BY LAY WITNESSES

Generally, fact witnesses can only testify about the things they have personally
observed and cannot give opinions or conclusions. However, some jurisdictions
might allow some types of opinions from fact witnesses. For instance, in South
Africa, criminal law allows a fact witness to testify in the form of an opinion when
that opinion is
• rationally based on the perception of the witness (i.e. one that a normal
person would form from those perceptions) and
• helpful to obtain a clear understanding of the witness’s testimony or the
determination of a fact in issue.
Lay witnesses are commonly allowed to testify about
• the appearance of persons or things

• identity
• the manner of conduct
• competency of a person
• degrees of light or darkness
• sound, size, weight, or distance
• state of mind, including intent
Lay witnesses are generally restricted from providing expert opinions. In the
United States, for example, Federal Rule of Evidence 701 prohibits lay witnesses
from providing opinions based on scientific, technical, or other specialised
knowledge. Under the rule, the distinction between lay and expert testimony is
that a permissible lay opinion “results from a process of reasoning familiar in
everyday life”, while expert testimony “results from a process of reasoning which
161
can be mastered only by specialists in the field”. This rule does not bar an expert
from testifying as a lay witness; the same witness can provide both lay and expert
testimony in a single case.
5.1.8 CONSIDERATIONS FOR TESTIFYING AS AN EXPERT

Litigation involving fraud is often complex, and the parties or the court might seek
the help of experts. Experts can serve one of two roles in the trial process:
testifying expert or consulting expert. Testifying expert witnesses give opinion
testimony when specialised knowledge is needed to help the fact finder
understand evidence or determine a fact in issue. Consulting experts typically do
not testify at trial. Instead, they are hired to provide technical assistance to the
attorney in preparing the case. In adversarial processes, both testifying and
consulting experts play an ongoing part with the litigation team for both sides.
In inquisitorial processes, however, the court hires the expert to testify on

technical issues. Although experts serve one of two roles, they can perform
various functions throughout the litigation process. Lawyers often count on
testifying experts to help the courts to understand the case. In his book, Effective
expert witnessing, author Jack V Matson lists the four main functions of all expert
testimony and offers advice on fulfilling each assigned duty:
• Establish the facts. You must first develop a strategy to collect and examine
the documentation in the case. The discovery process, which is a
mechanism for full disclosure of all knowledge pertinent to the case, usually
yields a vast amount of paper, which the expert then must sift through to
make a preliminary classification of relevance.
• Interpret the facts. Tie together cause and effect relationships with the data
and the facts for the technical basis of your case. Do not be fooled by
correlation that seemingly links cause and effect but holds no theoretical
justification.
• Comment on the opposing expert’s facts and opinions. If engaged in an
adversarial proceeding, develop a good understanding of the opposing
experts by reviewing their educational background and experience. Read
162
their publications. Probe for weaknesses that your side might exploit. Often,
trials become a battle of the experts. Prepare for the battle with as much
intelligence as you can muster. Take apart the opposition’s expert report,
which represents the other side’s best case, piece by piece. Your attorney
needs to know the most intimate details about the facts and opinions
contained in that report.
• Define the professional standards in the particular area of your opponent’s
expertise. One of the most critically important ways an expert is used in trial
is to define the “standard of care” exercised by fellow professionals in the
field. Standard of care has been traditionally defined based on the
judgement normally exercised by professionals in good standing.
Additionally, the professional must be informed or aware of current practices and

promulgation. Obsolete practices are now considered by the court to be negligent
practices. Thus, professionals must exercise reasonable, informed judgement in
carrying out their duties. Experts will be called upon to define the professional
standard.
Depending on the rules of the jurisdiction, the expert witness may be called by
the court (i.e. the judge) or the parties. If called by the prosecution or plaintiff,
fraud examiners might testify to their findings, and if called by the defence, they
might testify regarding opinions expressed by the prosecution’s or plaintiff’s
expert to create doubt in the fact finder’s mind about the credibility or weight to
be given to that expert.
Alternatively, an expert might be called upon to give an opinion different from that
reached
by an equally credible expert called by the court or on the other side. This might
be due to different interpretations of the facts of the case. In some instances,
given equally plausible alternatives, the case might be decided based on which
expert witness was the most credible. Additionally, effective expert witnesses
frequently share certain characteristics. Credibility is one such feature. To
become “credible” expert witnesses, they must be members in good standing of
the profession and usually be recognised as an authority in that profession or
163
some specialised aspect of practice within it. Similarly, expert witnesses in
accounting must have a thorough knowledge not only of generally accepted
accounting principles, but also of current promulgations. The expert’s expertise
often might involve special knowledge of a specific industry. In this case, the
expert should be aware of recent developments and any important issues within
that area.
The expert also must be analytical and be able to work with incomplete data. The
expert, however, might not always be able to recognise when data is incomplete.
As a result, the expert might make assumptions that will then be open for
interpretation or attack. If not all data has not been made available to the expert,
then a party might be able to offer alternate scenarios that are more plausible
under the circumstances, thus discrediting the expert.
5.1.9 ACCEPTING THE ROLE OF A TESTIFYING EXPERT

Serving as a testifying expert is a difficult task, but it can be a rewarding
experience. Before accepting a role that could potentially require testifying as an
expert, the examiner must be capable of doing so and confident that the
testimony will be helpful.
Ideal expert witnesses need to be respected experts in their fields and continue
learning
throughout their careers. For certified fraud examiners, that means completing
continuing professional education, regularly reading publications in the specific
field and actively looking for new developments. Fraud schemes and the
investigation and prevention measures associated with them are always evolving,
so the ideal expert will stay up to date with these issues. Additionally, a fraud
examiner needs to confirm that the requested testifying role is within the scope
of their skills. For example, a fraud examiner might have a long history in
securities fraud, but that does not mean that they are qualified to testify in a case
that will require appraising assets. Experts must reject work outside of their scope
for the interests of the retaining parties and their own careers.
164
When an expert is asked by a party to provide expert testimony, it is usually easy
to see what that party wants the expert’s testimony to be whatever will most help
the party win. An expert must make sure that their analysis is objective and not
shaped by the retaining party’s will. Asking the right questions of the retaining
party in the beginning is necessary to avoid becoming an expert witness in a case
in which the expert should not be involved. The types of questions necessary
depend on the case, but in general, the expert should ask:
• Who are all the parties and potential parties to the litigation?
• Who are the other attorneys for all the parties?
• Who are the other experts in the case?
• What are the basic facts of the case?
• What is the scope of subject matter the party is requesting expertise for?
• Is the party seeking a consulting or testifying witness?
• Are there any known or potential conflicts of interest?
• What court or administrative body will hear the case and what procedural
rules should the expert know about?
• How will communications work (e.g. will the clients be contacted directly)?
5.1.10 CONFLICTS OF INTEREST

When retained, experts must quickly determine if any conflicts of interest exist or
appear to exist in a particular case because a conflict might preclude
participation. A conflict of interest exists when an expert’s ability to objectively
evaluate and present an issue for a client will be impaired by any current, prior,
or future relationship with parties to the litigation. Prior or ongoing relationships
might suggest to others that the expert cannot provide undivided loyalty to the
cause and the client. Whether a relationship causes a conflict of interest depends
on the facts. Simply meeting a person does not necessarily cause a conflict, but
a close personal or business relationship is more likely to give the perception of
a conflict.
There are several actions an expert can take to determine if any conflicts of
interest exist. For example, before an engagement, an expert can ask for the
165
names of all parties involved, and then review the names with associates to
disclose any connections, however remote.
Compensation (whether from the parties or from the court) for expert testimony
services is standard, and it is not generally considered a conflict of interest. The
amount of compensation can be brought up at trial, so the payment should not
be above normal.
Penalties for consulting or acting as an expert in a conflict of interest include

expert disqualification, attorney disqualification and inadmissibility of expert
testimony.
5.1.11 DIVERGENCES IN ADVERSARIAL AND INQUISITORIAL

JURISDICTIONS
While most jurisdictions have procedures for admitting expert testimony in judicial
proceedings, adversarial and inquisitorial jurisdictions tend to take different
approaches. The main difference is the party retaining the expert.
Adversarial jurisdictions (which are typically common law countries such as South
Africa) usually allow the litigation parties to retain experts to either consult or
testify in proceedings, meaning the parties pay the experts directly. Each party
might obtain its own expert, and it is common to have competing expert testimony
in a proceeding. The parties are given an opportunity to both question their own
expert in front of the judge as well as cross-examine the other party’s expert to
potentially reveal weaknesses in that expert’s methods or analysis. The fact finder
(i.e., the judge) must weigh these competing expert opinions.
In most inquisitorial jurisdictions (which are typically civil law countries), the court
hires its own expert witnesses for technical issues that require guidance. This
expert provides the court with information, and the judge has the discretion to
determine whether to apply the expert’s testimony when deciding issues. Unlike
in adversarial jurisdictions, in inquisitorial jurisdictions, it is primarily the judge’s
responsibility to elicit the testimony from the expert. However, the parties’
representatives can ask the expert questions, and in some cases can challenge
the expert’s qualifications or testimony. In some inquisitorial jurisdictions, the
166
parties might also be able to (or be required to) make experts available for the
court-appointed expert to question. Therefore, while not procedurally the same,
expert witnesses in both adversarial and inquisitorial systems must be prepared
to have their testimony withstand the scrutiny of the opposing party’s legal
counsel or the court-appointed expert.
While a jurisdiction’s classification of being either adversarial or inquisitorial tends

to determine its procedures for admitting expert testimony, this is not always the
case. For example, Spain is a civil law country with an overall inquisitorial system,
but it takes the
adversarial approach of letting the parties obtain their own experts.
Pretrial preparation remains key to becoming a successful expert witness, and

success often depends on full inquiry and thorough investigation. In adversarial
proceedings, the discovery process occurs in the pretrial stage, and an expert
may provide assistance during this phase of litigation. An expert may help by
composing discovery requests or answers. A financial expert is often expected to
educate a lawyer on the types of documents typically available for certain cases.
Many times, financial crime experts must search through extremely large
numbers of documents or computer files to determine whether evidence of
fraudulent intent or behaviour exists. The parties might overwhelm the other side
with paper or electronic documents to hide or trivialise vital documentation.
Because an efficient search saves time and money, successful experts develop
an early strategy to achieve their goals within a specific period.
When testifying as an expert, it is often useful to obtain a list of all other witnesses,
including other testifying experts. This is important so that the expert is not
surprised by the existence of other experts or reports. The decision can then be
made if it is necessary to be present for the testimony of those witnesses and the
necessary court approval can be obtained. If other experts will be present, then
the expert witness must examine the other experts’ reports and assess whether
they contain reasonable points that might affect the credibility of the expert
witness’s report.
167
Experts who are testifying need to be keenly aware that their communications
with counsel or the judge will often get turned over to the parties. The best
approach is to assume that each communication regarding the case will be heard
or read by all parties to the litigation.
5.1.12 DISCOVERABILITY OF EXPERT’S REPORTS

At some point during litigation, parties have a chance to examine an expert’s
opinions and underlying rationales. Caution is the key for expert witnesses at
every step of the legal process. Reports and supporting documents used by
experts might have to be disclosed to the opposing side in adversarial processes,
and the parties in inquisitorial processes might also have a chance to review
these documents. Therefore, experts should be cautious about what records they
have. Fraud investigators and examiners must always consult with the party or
court retaining them about the information in the report and the documents used
to prepare the report.
5.1.13 KEEPING GOOD FILES

The best way to protect the confidentiality of information is to keep good files.
Dan Poynter, the author of The expert witness handbook, reports that experts
routinely “reduce their files to useful reports only” once they have been officially
engaged as a witness for trial. No one is recommending that files be sanitised,
Poynter adds, just updated. The difference may be subject to abuse, but it is
simple: Any materials that serve as the basis for an expert’s opinion must be in
the file. Notes, documents, or tests that serve as background or represent
unfruitful lines of investigation do not have to be included and probably should
not be.
The lawyer trying the case does not want an expert having to answer questions
about dead ends or exploratory jaunts; a shrewd cross-examiner can turn a
hastily scribbled hypothetical into just enough “reasonable doubt” to raise
concern regarding the accuracy of an expert’s testimony. So, in the best-case
scenario, an expert presents to the court an opinion and its basis, nothing more,
nothing less.
168
5.1.14 QUALIFYING TO TESTIFY AS AN EXPERT WITNESS
Before an individual can testify as an expert, the proposed witness must be
qualified as an expert. What constitutes expert status? Generally, the term expert
witness refers to someone whose education and professional credentials
establish their knowledge of a particular set of practices. The process for
qualifying as an expert varies by country, but there are some common
approaches in adversarial and inquisitorial jurisdictions.
5.1.14.1 Qualifying to testify as an expert in adversarial jurisdictions
Parties introduce expert witnesses, so they are tasked with proving that an expert
witness is qualified to give testimony. As with introducing exhibits in trial, counsel
must lay a foundation for the expert’s testimony. This means showing that by
formal education, advanced study, or experience, the witness is sufficiently
knowledgeable on the subject at hand. In other words, a witness must be qualified
to testify as an expert. The foundation may be established during the pretrial
stage or during direct examination.
Generally, before allowing an expert to testify before the judge will make three
determinations:
• Is the person qualified as an expert witness?

• Will the expertise of the witness assist the court in understanding the
evidence or determining a fact at issue? In other words, is the proposed
testimony relevant to the facts of the case?
• Is the testimony reliable?
• Qualification requirement
Before admitting expert testimony, the judge must determine that the expert is a
qualified practitioner. This element addresses whether the individual is qualified
to assist the trier of fact. The process of evaluating whether an expert is qualified
centres mainly on the candidate’s formal education and work experience whether
that includes 30 years in law enforcement or 10 years in a large accounting firm.
However, there is no standard educational requirement for expert testimony; a
169
witness with no formal education may be qualified based on training or
experience. Some other factors that may be considered include the candidate’s
o awards and honours

o licensing or certification
o technical training
o published books and journal articles
o positions in professional associations, societies and organisations
In addition to being qualified as an expert, the expert’s qualifications must be

relevant to the particular issue(s) in the case at hand. However, the important
thing to remember is that a person can be qualified as an expert based on either
special training or experience. A person does not have to be a certified fraud
examiner (CFE) to testify as an expert on fraud prevention, detection, or
investigation techniques if that person has sufficient practical experience in those
techniques. The CFE designation is important because it is recognition of the
special skills that the person has demonstrated to become a CFE. A professional
designation does not, however, automatically qualify someone as an expert for
purposes of testifying in court.
Although designations are important, it is most helpful to have prior experience

as an expert with litigation or criminal matters. This is primarily because of what
is learnt during the experience of testifying. Further, it is often helpful to have
been accepted as an expert in other cases, which eases current acceptance. The
danger is, however, that if a witness serves as an expert on behalf of litigants in
many cases, they could appear to be a “professional witness”.
To establish the candidate’s expertise, the counsel introducing the expert witness
will often read the expert’s qualifications or ask specific questions to establish the
witness’s credentials. Defence lawyers are not likely to challenge the credentials
of experts, assuming they meet at least minimum standards of professional
competence. To do so may give these experts an opportunity to fully highlight
their professional credentials and perhaps make a greater impression on the
judge, thus adding more weight to their testimony. Although expert qualifications
are not often contested, it does happen.
170
• Relevant and reliable requirement
After determining that a witness is a qualified expert, the trial judge must
determine that the testimony being offered by the expert is relevant to the facts
of the case and reliable. These two aspects focus on what opinions the expert
will actually testify to in court. Relevant testimony will assist the court in
understanding the evidence or determining a fact at issue. To be relevant, the
proposed testimony must be sufficiently related to the facts of the case so that it
will aid the court in resolving a factual dispute. In other words, the testimony must
tend to make the existence of any fact more probable than it would be without the
evidence. Testimony is not relevant if the court can make its own determination
without expert testimony.
To be reliable, the testimony must be based on sufficient facts and data, and it
must be the product of reliable methodology that has been reliably applied to the
facts of the case. This ensures that an expert’s opinions are not mere speculation.
Accordingly, fraud examiners should be sure to fully cover the rationale for their
assumptions and determine whether the assumptions are supported by the facts.
When preparing an expert report or testimony, fraud examiners should keep in
mind the principles set out above. They should document their conclusions, how
they reached those conclusions, what evidence they based the conclusions on
and what professional techniques or knowledge they used. Additionally, it is a
good idea for expert witnesses to keep a list of professional books or journals that
advocate or sanction whatever principles they used in drawing their conclusions.
5.1.14.2 Qualifying to testify as an expert in inquisitorial jurisdictions
The primary experts in inquisitorial jurisdictions are usually appointed and

presented by the judge, rather than the parties. Like in adversarial jurisdictions,
the judge makes the final determination of whether an expert is qualified.
However, most inquisitorial jurisdictions have more standardised requirements.
Many jurisdictions (through the courts, chambers of commerce, or other

organisations) maintain lists of experts in particular fields from which the courts
may choose for the case at hand. These experts are qualified if they meet national
standards, such as being certified in a particular field (e.g. an accounting
171
certification). Some jurisdictions allow judges to look outside of the lists for
experts. Due to the maintenance of expert lists and the relatively low perceived
bias of experts in inquisitorial jurisdictions, it is acceptable for expert witnesses to
offer their services in court more often than in adversarial jurisdictions.
After being initially selected by the judge, expert witnesses are usually required
to submit a report to the court and are subject to questioning by the parties to the
litigation. The parties’ representatives may ask questions about the expert’s
qualifications, potential biases and report, but are generally more limited in the
scope of questioning than parties in adversarial proceedings. The judge has
already reviewed the witness by this point and there are generally more specific
requirements in inquisitorial systems, so there is a lower perceived need to allow
parties to challenge the expert.
• Preparing to testify
Most cases filed will not go to trial; most civil cases are resolved through a
settlement agreement (a voluntary agreement resolving part or all of a dispute),
and in common law countries, most criminal cases result in a plea bargain (a
negotiation in which a criminal defendant agrees to plead guilty to a lesser
charge). Therefore, most witnesses’ experience in testifying comes through
having their depositions taken.
• Depositions
In many countries, depositions are available as a means of gathering testimonial

evidence. A deposition is sworn testimony given by a party or witness upon
questioning by counsel for one of the parties before trial and outside of court. A
deposition serves as a powerful discovery device that may be used to compel
anyone associated with the case to give oral testimony under oath. Although the
subject cannot decline to testify in a deposition, they may be allowed to specify a
convenient time and place for the deposition. In addition, a deposition may be
recorded by a court reporter, camera, or a voice recorder.
172
For skilled investigators, depositions provide an opportunity to hear the other
side’s case aloud, but the opposition may set ulterior goals as well, including
o learning new information or confirming existing facts

o appraising the subject’s ability as a witness
o locking the subject into a hard-to-defend position
o creating a written record for future impeachment
Before testifying at a deposition or at trial, the witness should ensure that required
graphic displays are ready and available and that they have a complete
understanding of the report and other relevant issues. Many witnesses have been
discredited in depositions or at trial because they could not explain details of a
report, such as how a particular calculation was made. The witness should ensure
that they agree with counsel on the sequence of evidence and the strategy for
presenting it.
At pre-testimony meetings, it is appropriate to discuss the expert’s qualifications

(if applicable) to ensure that they are current, to discuss the strengths and
weaknesses of the case and to discuss and agree on what parts of the fraud
examiner’s reports, if any, are to be entered as exhibits.
Additionally, witnesses should carefully study the written transcription of the

deposition afterwards to ensure accuracy, immediately correcting any omissions
or errors, whether made by the witness or the stenographer. In the case of expert
testimony, experts should notify their retaining party if their opinion changes after
a deposition. If the expert is present at the deposition of an opposing expert, the
expert may be asked to summarise their impressions afterwards and note any
grey areas that need further inquiry.
• Appearance and composure
The appearance of the witness often influences whether other people see them
as credible. It is recommended that witnesses wear conservative business attire,
be well groomed and be neatly dressed. It is also important that the witness
maintain a professional demeanour. In the witness box, the witness should
173
maintain a poised, alert appearance, stand firmly and be ready to take the oath.
The witness should not smile unnecessarily at the judge or the lawyers. Also, it
is important that the witness avoid fidgeting.
A witness must maintain eye contact with the prosecutor as much as possible;
they should not stare off into space, at the floor, or at the ceiling. Because the
judge will be taking notes during the testimony, witnesses should speak slowly to
ensure that the judge does not fall behind. A witness should direct their answers
to the presiding officer and their voice should be strong, clear and audible. Before
answering each question, the witness should pause and carefully consider the
answer; they should also respond slowly and deliberately.
ACTIVITY 15
What determinations must be made before an expert is allowed to testify
before the court?
FEEDBACK
Generally, before allowing an expert to testify before the judge will make three
determinations:
• Is the person qualified as an expert witness?
• Will the expertise of the witness assist the court in understanding the evidence or
determining a fact at issue? In other words, is the proposed testimony relevant to
the facts of the case?
• Is the testimony reliable?
5.1.15 DOS AND DON’TS

There are other considerations in being a credible witness:
• Have a confident attitude.

• Maintain professional pride and integrity throughout.
• Tell the truth; be honest and avoid bias.
• Use simple rather than complex terms, and refrain from using professional
jargon where possible.
174
• Explain complex concepts in a layperson’s terms.
• Be friendly and polite to all parties present.
• Be alert.
• Correct any misstatements as soon as they are detected.
• Listen carefully and answer the specific questions—do not go off on
tangents or volunteer more than the question requires.
• Do not verbally fence with the questioner.
• Do not try to be humorous.
• Be calm and deliberate in responding to questions—think before you speak.
• Plan your testimony in advance and know your material thoroughly.
• Use graphs, charts and other visual aids if they help to clarify a point.
• Do not read from notes if you can avoid it (the opposition lawyer will probably
demand to see these notes, and you will then look like you rehearsed your
testimony).
• Prepare your material completely. If you have documents to introduce, have
them organised so that you can quickly retrieve them when asked to do so.
• Do not hesitate or stammer; recover your composure when a tough or
complex question is posed.
• Ask for a question to be repeated or clarified if not fully comprehended.
• If an answer is not known, say so; do not guess.
• Do not invent and do not inflate.
• In cross-examination, do not respond too quickly because counsel might
wish to object to the question.
• Do not be evasive.
Several other things should also be avoided. These range from conspicuous
activities like drinking five cups of coffee immediately before testifying to small
physical mannerisms that might affect your appearance. These mannerisms,
which might be as simple as rubbing your hands together continually, looking
down at your hands, fidgeting on the stand, or jingling coins in a pocket, could
become irritating to the judge.
In depositions and at trial, the judge or the opposition might drill a witness about
their report, credentials, methodology and conclusions pertaining to the case. If
175
a witness is being questioned critically, then the witness often answers tersely,
giving only a straight “yes” or “no”. For inquiries that require more, witnesses
should respond directly and precisely and refrain from volunteering any
information.
5.1.16 DIRECT EXAMINATION

Direct examination is the initial questioning of a witness by the party that called
the witness (in adversarial jurisdictions) or the judge (in inquisitorial jurisdictions).
Most of the time, direct examination is a non-confrontational questioning aimed
at exposing the facts and issues of the case. It is usually not as treacherous as
cross-examination—where opposing parties challenge the witness’s testimony—
but still requires a good strategy for answering questions, knowledge of the case
and self-awareness.
5.1.16.1 Direct examination for lay witnesses
When a fraud investigator or examiner testifies as a fact witness, the direct

examination generally proceeds from setting a background to establishing the
witness’s personal knowledge of the relevant material. Non-expert witnesses
must have some first-hand mental or sensory impression on which to base
testimony. They generally cannot discuss things they have only heard about or
surmised. Conversations may be admissible, but only if details can be fully
established, such as who participated, where and when the conversation took
place, and so on. To be allowed, a conversation has to show relevance to the
proceedings. Note, however, that inquisitorial jurisdictions tend to be less
restrictive as to what testimony is allowed than adversarial jurisdictions.
As with an interview, the questions put to a witness can be broadly categorised

as open or closed. Open questions ask for a detailed response: “What was it
about the ledgers that made you call them ‘irregular’ in your report?” The witness
offers a summary of the irregularities in their own words. A closed question,
conversely, asks for a direct answer: “Did you remark that the ledgers were in an
‘irregular’ state?” Closed questions are usually answered with yes or no, unless
they are aimed at extracting some particular piece of information. For example,
the attorney might ask, “What was the word you used to describe the state of the
176
ledgers?” The witness then replies, “I called them ‘irregular’.” A combination of
open and closed questions is often used during direct examination.
5.1.16.2 Direct examination for expert witnesses
Expert witnesses, like lay witnesses, are subject to direct examination, but the
direct examination of expert witnesses will differ somewhat from that of lay
witnesses.
• Adversarial versus inquisitorial direct examinations
Remember that most expert witnesses in adversarial proceedings are chosen by

the parties to the litigation (although adversarial courts may also appoint
independent experts). Judges in inquisitorial courts typically appoint their own
experts to evaluate technical matters. These relationships largely impact the
dynamic of providing expert testimony in direct examinations.
In adversarial systems, the expert and the retaining party are “allies” in the sense
that legal counsel will attempt to paint the expert’s testimony in the best light
during direct examination and will try to correct any issues in the expert’s
testimony that the opposing party raises. Additionally, the party retaining the
expert might try to prepare the expert for
the types of questions that will likely be asked. However, it is important that the
expert never allow their opinion or best judgement to be supplanted by that of the
retaining party. The expert must maintain objectivity, despite the obvious shared
interest.
Most inquisitorial systems have a different dynamic, where the primary experts
are appointed by the court. Expert witnesses in inquisitorial jurisdictions are
subject to various
examinations and might have to conduct their own examinations of witnesses.
Usually, all of the expert’s activities related to the case are controlled by the judge,
who determines the scope of the expert’s analysis, the expert’s authority to
access certain items of evidence, whom the expert can interview and several
other functions. Because some jurisdictions allow parties to submit testimony or
evidence from their own experts in addition to the court-appointed expert, the
177
latter might need to interview the parties’ experts. The expert should carefully
follow the judge’s instructions, especially since the instructions are usually made
available to the parties of the proceeding.
The expert’s findings are often requested in written form, but the expert might
also have to answer oral questions from the judge and the parties’ legal counsel.
In some ways, the expert’s job in an inquisitorial system is easier than in
adversarial systems because there is less assumption that the expert is biased
toward one of the parties. However, the expert might have broader investigative
responsibilities, depending on the judge’s orders. The same rules of integrity and
professionalism for experts apply equally in both adversarial and inquisitorial
proceedings.
5.1.17 EXPERT REPORTS

Experts typically create written reports of their analysis of the case. In adversarial
processes, these reports are written in the pretrial stage and presented during
direct examination by the party who retained the expert.
In inquisitorial processes, written reports are generally the only form of expert
testimony presented, but the expert might also provide oral testimony. If there is
oral testimony, the judge performs the direct examination. Because experts are
hired for their opinions, they are often not subject to the usual restrictions about
statements of judgement. Experts also have other leeway not given to ordinary
witnesses. They may rely on documents or exchanges that would otherwise be
inadmissible as hearsay. This allows them to use articles, academic papers,
professional texts and consultations in rendering their opinions of the case. These
materials are typically admissible as long as they were used by the expert in
developing their opinion.
5.1.17.1 Question and presentation style
Expert witnesses present their findings in various ways, such as narrative

questions, hypotheticals, specialised materials, and special exhibits. Experts are
commonly asked to answer narrative questions, which are broad, open-ended
questions that allow experts to present their opinions in their own words with
178
minimal prompting. Fraud cases can require complex summarising for the facts
to make any sense. Average jurors and some judges might have never
considered how someone could manipulate store inventories to drive up the
company’s stock price and then make a profit on the phony surge. The expert
witness in cases dealing with these issues often will begin testimony by
recounting the narrative background of a case, the tests and experiments that
were performed during the investigation and a summary of the findings based on
the witness’s professional expertise.
For example, during a direct examination, the judge or counsel for the party
presenting the expert witness might ask open questions, such as, “Could you
please tell us about the background of this case?” or “What procedures did you
perform in your examination?”
Compound (two-part) and hostile questions do not generally occur in this process.
Additionally, leading questions are generally not allowed during direct
examination (e.g.
“The results were negative, weren’t they?”).
Expert witnesses also are typically allowed to demonstrate their findings by using
hypotheticals, which are fictional situations, similar to the act in question, that
clarify and highlight particular aspects of the dispute. But to be effective,
hypotheticals must be constructed very carefully. Appeals courts have been
adamant that the facts of the case being tried have to be reflected directly in the
hypothetical situation; there must be no exaggeration or obscuring in the
presentation.
5.1.17.2 Publications and exhibits
Experts sometimes use specialised materials in reaching and communicating

their opinions, but generally, these materials must be used and relied on by
people in the expert’s relevant field. Also, these materials may be produced as
part of the trial. Finally, experts may use special exhibits to demonstrate facts
about the case or some aspect of their opinion. These exhibits may include
charts, diagrams, annotated documents, or photos. If the exhibit is offered to
prove a fact, it must satisfy the rules applicable to any other piece of evidence in
179
the case. In demonstrating a professional opinion, the role of the exhibit must be
clear and its applicability to the present case justified, if necessary.
5.1.17.3 General direct testimony considerations
The purpose of direct examination is to draw out the evidence to prove or

disprove issues in the case. Most likely, this will only be a reiteration of what has
previously been discussed between the witness and counsel (in adversarial
proceedings) or the judge (in inquisitorial proceedings) outside the courtroom. It
is still very important, however, for the witness to refresh their memory
beforehand by referring to all relevant facts and data considered for the case.
Direct examination is the most organised aspect of the trial; it is the stage in which
the
witness’s credibility must be established with the judge. According to the concept
of the primary memory, people remember best what they hear first and last during
a presentation. This often is a useful idea to employ in giving or structuring
evidence. Another noteworthy point is that the fact finder in a proceeding often
has a limited attention span in a long trial; thus, it is often useful to use a
“grab/give/conclude” method of presenting evidence.
To a witness, the interpretation of questions and the ability to listen are crucial
skills. Even though the witness might already have gone through a mock direct
examination, it is critical that each question be carefully evaluated again—the
witness should reflect on the questions asked and not anticipate them (they might
have been changed, anyway, since the time of rehearsal). The answers to all
questions should be clear and concise and, where complex terms are used, they
should be clarified. Similarly, expert witnesses should explain complex concepts
in a layperson’s terms and avoid professional jargon because the fact finders
might not be familiar with esoteric or technical terminology.
Witnesses should avoid, or limit, the use of notes (if allowed) as much as
possible, and they should strive to maintain eye contact. If an expert witness is to
give an opinion, they should state the opinion with conviction. Certain standards
for fraud examiners that apply when they testify are found in the ACFE Code of
180
Professional Ethics (ACFE 2019). Specifically, fraud examiners are prohibited
from expressing opinions about the guilt or innocence of any person or party. This
does not mean that the witness cannot testify to the indications or characteristics
of fraud found in the case. It also does not mean that the fraud examiner cannot
testify that, based on the evidence, they believe the accused might have
committed the offence. However, the ultimate guilt or innocence of any person or
party is the sole responsibility of the fact finder (judge, arbitrator, etc.). The fraud
examiner typically will not be permitted to testify to the ultimate fact questions.
ACTIVITY 16
What does a witness need to do to be considered a credible witness?
FEEDBACK
• Have a confident attitude.

• Maintain professional pride and integrity throughout.
• Tell the truth; be honest and avoid bias.
• Use simple rather than complex terms, and refrain from using professional
jargon where possible.
• Explain complex concepts in a layperson’s terms.
• Be friendly and polite to all parties present.
• Be alert.
• Correct any misstatements as soon as they are detected.
• Listen carefully and answer the specific questions—do not go off on tangents or
volunteer more than the question requires.
• Do not verbally fence with the questioner.
• Do not try to be humorous.
• Be calm and deliberate in responding to questions—think before you speak.
• Plan your testimony in advance and know your material thoroughly.
• Use graphs, charts and other visual aids if they help to clarify a point.
181
• Do not read from notes if you can avoid it (the opposition lawyer will probably
demand to see these notes, and you will then look like you rehearsed your
testimony).
• Prepare your material completely. If you have documents to introduce, have
them organised so that you can quickly retrieve them when asked to do so.
• Do not hesitate or stammer; recover your composure when a tough or complex
question is posed.
• Ask for a question to be repeated or clarified if not fully comprehended.
• If an answer is not known, say so; do not guess.
• Do not invent and do not inflate.
• In cross-examination, do not respond too quickly because counsel might wish to
object to the question.
• Do not be evasive.
5.1.18 SUMMARY
Eyewitnesses can provide very compelling legal testimony, but rather than
recording experiences flawlessly, their memories are susceptible to a variety of
errors and biases. They can make errors in remembering specific details and can
even remember whole events that did not actually happen. In this unit, we
discussed several of the common types of errors, and what they can tell us about
human memory and its interactions with the legal system. An expert creates
written reports on their analysis of the case. In adversarial processes, these
reports are written in the pretrial stage and presented during direct examination
by the party who retained the expert.
1. Define the concept of evidence and provide practical examples.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
182
_______________________________________________________________
__________________________________________
2. List three basic forms of evidence.

_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
__________________________________________
3. Discuss the special rules concerning the admission of evidence in adversarial
proceedings.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
__________________________________________
183
SECTION 2: PLANNING AND CONDUCTING
AN INVESTIGATION
Key learning • discuss the planning stage of an investigation

outcomes • draw a detail plan for fraud investigation
• conduct a fraud investigation
• explain the detailed investigation of fraud
• detect and prevent fraud
5.2.1 INTRODUCTION
Economic crime investigation includes the investigation of any allegations or
inquiry into an organisation’s anti-fraud policies and controls that represent
perhaps the most important part of a fraud examiner’s wide and varied body of
knowledge. Many factors can impact a fraud examination, complicating the
process for the fraud examiner and the investigation team. However, careful and
thorough planning will mitigate these challenges and ensure that those involved
are prepared to carry out a responsible and thorough engagement that achieves
its goals without jeopardising results. Taking the time to properly plan a fraud
examination greatly increases the chances of its success.
5.2.2 CONDUCTING A FRAUD EXAMINATION

There are many reasons why organisations choose to conduct fraud
examinations. A properly executed fraud examination can achieve a number of
organisational objectives, including
• identifying improper conduct

• identifying the persons responsible for improper conduct
• stopping fraud
• sending a message throughout the organisation that fraud will not be
tolerated
184
• determining the extent of potential liabilities or losses that might exist
• helping facilitate the recovery of losses
• stopping future losses
• mitigating other potential consequences
• strengthening internal control weaknesses
In some instances, a fraud examination might be required by law. A duty to

investigate can arise from statutes, regulations, contracts, or common law duties.
For example, a corporation’s directors and officers owe a common law duty of
care to their organisation and shareholders. Therefore, when suspicions of fraud
arise, it might be necessary for them to investigate to ensure that they have full
knowledge of these issues affecting the company. Likewise, some laws hold
employers accountable for investigating employee complaints involving certain
matters, such as retaliation, discrimination, harassment and similar issues.
5.2.3 WHAT FRAUD INVESTIGATION ENTAILS

The term fraud examination refers to a process of resolving allegations of fraud
from inception to disposition, and it is the primary function of the anti-fraud
professional. The fraud examination process consists of a variety of tasks that
might include
• obtaining evidence
• reporting
• testifying to findings
• assisting in fraud detection and prevention
5.2.3.1 Obtaining evidence
The value of a fraud examination rests on the credibility of the evidence obtained.
Evidence of fraud usually takes the form of documents or statements by
witnesses; therefore, fraud examiners must know how to obtain documentary
evidence and witness statements properly and legally.
185
5.2.3.2 Reporting
Once evidence has been obtained and analysed, and findings have been drawn
from it, the fraud examiner must report the results to the designated individuals
(e.g. management, the board, or the audit committee). A fraud examination report
is a narration of the fraud examiner’s specific activities, findings and, if
appropriate, recommendations.
These communications are necessary so that management can determine the
appropriate course of action.
The results of an examination can be communicated in various ways. The

appropriate method of communication depends on the facts at issue, but most
reports are communicated orally or in writing. When communicating the results
of a fraud examination, the fraud examiner is responsible for providing clear,
accurate and unbiased reports reflecting the fraud examination results. This need
arises from the possibility that these results might end up being read or used by
various groups of people, such as organisation insiders, attorneys, defendants,
plaintiffs, witnesses, juries, judges and the media.
5.2.3.3 Testifying to findings
Often, fraud examiners are called upon to provide testimony and report their
findings at a deposition, trial, or other legal proceeding. When providing
testimony, fraud examiners must be truthful. They should also communicate
clearly and succinctly.
5.2.3.4 Assisting in fraud detection and prevention
Fraud examiners are not responsible for preventing fraud; management or other
appropriate authorities are responsible for this. Nevertheless, fraud examiners
are expected to actively pursue and recommend appropriate policies and
procedures to prevent fraud, especially when their examinations identify issues
with fraud controls. Because of their education, experience and training, CFEs
are uniquely qualified to assist organisations in preventing and detecting fraud.
186
5.2.4 BEFORE STARTING AN INVESTIGATION
While their responsibilities sometimes overlap, forensic investigators and
examiners approach economic crimes from different perspectives, usually using
different information that is documented in different ways for different purposes.
Forensic investigators and examiners develop new techniques to reveal more
indications of corruption and fraud. When the indications of fraud surface, they
may ask trained and experienced forensic auditors to aid in developing and
implementing investigative procedures that will help resolve the concerns or
prove or disprove the allegations of fraud. There is some common ground
between forensic auditors and statutory auditors, although there are some vast
differences as well.
Statutory auditors examine a company's financial statements in accordance with

International Auditing Standards. Forensic auditors mainly tackle two broad
categories of financial fraud:
• fraudulent accounting and reporting

• misappropriation of assets
Much of the forensic auditor's work involves retrieving, interrogating and

analysing relevant information in order to answer specific questions about what,
why, when, how and by whom regarding allegedly improper behaviour. Some of
the areas where the two disciplines differ are
• the reasons why the audit is performed

• the objectives and outcomes of the audit
• the time taken to complete the audit
• the scope of the audit and the procedures involved
• the audience
• the format of the report
• the findings and opinions
• the focus
• the level of scepticism
• the nature of the audit, that is, whether it is conducted openly or undercover
• the degree of disruption of the business
187
• the level of consistency in execution, performance and documentation
• the degree of frequency and regularity with regard to communications with
management
• staffing requirements
• sampling
• whether or not attorney privilege exists
• indemnification
• requests for information
• the complexity of interviews and the need for counsel
• evidence (chain-of-custody requirements)
• the amount and nature of documentation required
• the level of presentation skills required
5.2.5 BEFORE STARTING AN INVESTIGATION
5.2.5.1 Predication
Predication must exist before an investigation is undertaken. Predication is the

totality of circumstances that would lead a reasonable, professionally trained and
prudent individual to believe fraud has occurred, is occurring or will occur. It is the
basis for undertaking a fraud investigation. It would be inappropriate to begin an
investigation without sufficient predication.
5.2.5.2 The right of private persons to investigate crime
The increase in white-collar crime in South Africa has placed great strain on the
ability of SAPS to investigate this crime. This inability has resulted in an increase
in forensic auditors/investigators investigating white-collar crime. In State vs
Botha and other (1) 1995 (2) SACR 598 (W) and State vs Dube 2000 (1) SACR
53 (N) the high court expressed its acceptance of the fact that private and
corporate investigations occur. Equally important is to note that there is an
obligation to report the criminal conduct under investigation to SAPS. This
obligation is mandated by the Prevention and Combating of Corrupt Activities
(PCCA) Act 12 of 2004 which introduced a positive duty to report certain criminal
conduct. The PCCA Act obliges any person who holds a position of authority and
188
who knows of or ought reasonably to have known or suspected that another
person committed a corrupt activity or the offence of theft, fraud, extortion, forgery
to report that knowledge or suspicion or cause that knowledge or suspicion to be
reported to any police official if an amount of R100 000 or more is involved.
Failure to comply with this obligation is an offence punishable by a fine or

imprisonment of not more than 10 years. For further reading see the PCCA Act
12 of 2004 at http://www.justice.gov.za/legislation/acts/2004-012.pdf. As a
forensic investigator or examiner, you will most likely be requested by victims of
crime to investigate a fraud and corruption cases in which the amount is more
than R100 000. The question that arises is: who is responsible to report in terms
of this Act? The Act places the onus on a “person who is in authority”. These
persons may include the financial director, managing director, chief executive
officer or any person in authority who has been delegated with that responsibility
by an organisation. However, as the investigator/auditor, you have a duty to
report in terms of the PCCA Act to any such person in authority.
Investigators need to understand the rules and regulations that govern an

investigation. They cannot proceed with an investigation without obtaining the
authority to do so. This authority within the corporate environment is in the form
of a mandate.
5.2.5.3 Mandate
Before starting an investigation, the investigator must make sure that they have
the necessary mandate or authority to perform the investigation. The mandate
must always be in writing and can take one of many forms. For the external
investigator, the mandate can take the form of an engagement letter from the
client; for an internal investigator, the mandate can be a letter of instruction from
the company signed by the appropriate person with authority to do so. In the case
of an investigation under a specific Act, the Act will determine who is responsible
for issuing such a mandate. In the latter case, it is important for the investigator
to ensure that there are sufficient and appropriate grounds for issuing the
mandate, regardless of the fact that they have received a mandate. This might
189
prevent the case from being dismissed by the court after the investigation has
been completed.
The mandate is issued not only for the protection of the investigator, but also to
clarify the scope of the investigation. The mandate can also be presented to other
persons to prove the investigator has the authority to investigate the matter.
ACTIVITY 17
What does fraud examination entail?
FEEDBACK
The term fraud examination refers to a process of resolving allegations of fraud from
inception to disposition, and it is the primary function of the anti-fraud professional. The
fraud examination process consists of a variety of tasks that might include
• obtaining evidence
• reporting
• testifying to findings
• assisting in fraud detection and prevention
Obtaining evidence
The value of a fraud examination rests on the credibility of the evidence obtained.
Evidence of fraud usually takes the form of documents or statements by witnesses;
therefore, fraud examiners must know how to obtain documentary evidence and witness
statements properly and legally.
Reporting
Once evidence has been obtained and analysed, and findings have been drawn from it,
the fraud examiner must report the results to the designated individuals (e.g.
management, the board, or the audit committee). A fraud examination report is a narration
of the fraud examiner’s specific activities, findings and, if appropriate, recommendations.
These communications are necessary so that management can determine the appropriate
course of action.
190
The results of an examination can be communicated in various ways. The appropriate
method of communication depends on the facts at issue, but most reports are
communicated orally or in writing. When communicating the results of a fraud examination,
the fraud examiner is responsible for providing clear, accurate and unbiased reports
reflecting the fraud examination results. This need arises from the possibility that these
results might end up being read or used by various groups of people, such as organisation
insiders, attorneys, defendants, plaintiffs, witnesses, juries, judges, and the media.
Testifying to findings
Often, fraud examiners must provide testimony and report their findings at a deposition,
trial, or other legal proceeding. When providing testimony, fraud examiners must be
truthful. They should also communicate clearly and succinctly.
Assisting in fraud detection and prevention

Fraud examiners are not responsible for preventing fraud; management or other
appropriate authorities are responsible for this. Nevertheless, fraud examiners are
expected to actively pursue and recommend appropriate policies and procedures to
prevent fraud, especially when their examinations identify issues with fraud controls.
Because of their education, experience, and training, CFEs are uniquely qualified to assist
organisations in preventing and detecting fraud.
5.2.6 PRELIMINARY INVESTIGATION

This usually starts when the client contacts the forensic auditor/investigator to
conduct an enquiry on a suspicion of fraud. The conducting of the enquiry is
determined by the preliminary allegations communicated to the forensic
auditor/investigator by the prospective client and dependant, number of persons
suspected of being involved in the alleged fraud, company resources available at
their disposal (e.g. documents, computer access, staff availability) and budget
available to conduct a preliminary investigation. Based on the results of the
preliminary investigation, the forensic auditor/investigator must advise the client
on the best possible way forward, for example whether to proceed with criminal,
civil or internal action. Their findings in terms of the preliminary investigation will
191
determine their mandate, which will be formalised in the form of an engagement
letter.
5.2.7 PLANNING THE INVESTIGATION

When drawing up an investigation plan, it is important to keep in mind the overall
expectations and goals of the investigation. To do so, the starting point should be
to identify the complainant goals. Is it reimbursement, disciplinary steps to only
get rid of possible crooked employees, do they just want to stop further
occurrences of the criminal conduct, or is it to bring the offenders to book in a
criminal trial? It is important to decide on obtainable results and acceptable
outcomes. Sometimes monetary and time constraints do not allow, for instance,
the complainant to recover all its losses, all the persons involved in a syndicate
to be brought to justice and sentenced to the maximum period of imprisonment
and all the systems and procedures in place to be reviewed and improved to such
an extent that this type of fraud will never occur again.
Especially in the case of financial crimes, it is imperative to plan. The cliché

“failing to plan is planning to fail” still holds true today. What does an investigation
plan aim to achieve?
The main goal of an investigative plan is to prevent reactionary decision-making.

Developing an investigation plan generally aims to achieve the following
supplementary goals:
• Its focus should be in line with the overall objectives of the investigation as
agreed with the management of the client. It is no use pursuing other goals
which are not in line with the initial general objectives. If a change in
circumstances necessitates the review of these goals, it should be
confirmed with the management of the client before doing further
investigations.
• Another goal of the investigation is to prevent duplication. This is especially
the case when other agencies, such as the police, are conducting a parallel
investigation. It goes without saying that an investigation heads for disaster
if the same witnesses are approached by different investigators about the
192
same issue. Duplication also creates the risk of conflicting versions which
may impact on the credibility of a witness if the matter goes to trial. Serious
problems can also occur when a person is treated as a suspect by one set
of investigators, but as a witness by another set of investigators. It is
furthermore obviously a waste of resources. It is therefore important to
coordinate efforts not only where more than one firm or agency investigates
a matter, but also within one team. For instance, investigator A should not
decide by himself/herself to approach a witness without first clearing it with
the other members of the investigating team, since that specific witness
might already have been approached or it may not be strategically proper
to approach the witness at this stage of the investigation.
• A third goal is to prevent an oversight of leads. Regular planning meetings
may prevent this, especially when all the team members are active
participants in the investigation and planning meetings. The investigation
plan should therefore make provision for planning meetings where the
evidence obtained is evaluated and reviewed regularly so that potential
oversight of leads is minimised.
• A fourth goal is to retain control over the investigative process. Duplication
of investigative activities must be avoided. It is furthermore imperative to
keep track of the whereabouts of documentation or other exhibits. It is
therefore recommended that the investigative plan emphasise the principle
that the chain of custody of exhibits should be maintained in a specific way,
for example everybody should be clear that the exhibits should be kept
under lock and key (at least) in a secure location where they cannot be
damaged, destroyed or improperly removed. The investigation plan could
also designate specific team members to make copies of important
documents and to keep the same security at a different location.
• Lastly, the plan should also require that if a team member needs a specific
exhibit, it should be recorded who took the exhibit, when and where it will
be kept in the interim. An important final goal of the plan is that it should be
adaptable. Sometimes it may be useful to spell out alternative means to
obtain the desired result if the first option fails.
193
Once again, it is important to review and adapt the initial investigation plan as
new avenues for investigation open up, or a change in the strategy is necessary
due to a change in circumstances.
5.2.8 HOW TO DEVELOP AN INVESTIGATION PLAN

It is a good idea to debrief all available informants and witnesses fully before
drawing up an initial plan. Identify the indicators of fraud/irregularity. What policies
and procedures were in place at the time that the fraud took place? Were there
any deviations from these established procedures? If so, can you establish by
whom? Were there any innocent reasons why the procedures were not followed
or were the procedures in any event inadequate from the start?
Develop a fraud theory. Do a scenario hypothesis. A fraud theory is then

developed. To do so, certain assumptions will have to be made. According to this
theory, these assumptions are then tested to determine whether they can be
proved. These assumptions generate the investigative plan.
5.2.8.1 A good fraud investigation plan
Clear and detailed decisions should be made. Every team member should know
exactly what is expected of them. It should be established who is ultimately
responsible. If a task consists of various components, each member should know
exactly what they are ultimately responsible for.
Time frames should be agreed on and adhered to. Accountability is another

characteristic of a good investigation plan. Members should adhere to the time
frames. If they do not, their failure should not simply be ignored. The team leader
should determine the reasons for the failure and resolve them. Good team spirit
usually creates a culture of responsibility in the team, and allocated tasks are
more likely to be completed then.
It is vital to improve on the plan on a regular and ongoing basis. A good plan also
involves all team members. Members should as far as possible have a say in the
task that is allocated to them, considering the members’ strengths and
responsibility in the team.
194
5.2.8.2 Financial planning
Proper financial planning will help save the complainant money. The investigator
needs to determine how much money is available. It may be necessary to
compromise on more expensive investigative techniques and consider alternative
ones.
5.2.8.3 Personnel planning
Early identification of the right persons inside organisations who may assist in
obtaining the relevant documents and information may ensure an efficient
investigation. The same applies within the investigation team itself.
Consider the use of outside experts such as handwriting and computer forensic
experts to attend to some aspects of the investigation. In certain circumstances
it might be advisable to enter into a confidentiality agreement with outside sources
to protect the integrity and confidentiality of the investigation.
5.2.8.4 Technology planning
The investigator needs to ask the following questions:
• What investigative techniques will we pursue? Is the equipment available or

should we obtain the required equipment? Are we going to outsource some
aspect of the investigation, e.g. the imaging of computers, surveillance? Is
it necessary for computer upgrades?
• Always consider the worst-case scenario. What if we cannot complete a
specific task or objective in time? How will it impact on the rest of the
investigation?
The investigator needs to decide on what the first step should be. Ideally, they
want to make an impact and surprise the suspects so that they are more inclined
to confess their crimes and return the proceeds of their frauds (this can include
catching the perpetrator in the act, searching premises where incriminating
evidence is kept, interrogating the suspects with strong incriminating evidence,
monitoring and intercepting phone calls, using a trap etc.). They must consider
internal controls in place at the client:
195
• How strong are these controls?
• Any deviations? Why? Who is involved?
Recommendations for improving controls should be attended to on an ongoing

basis. Witnesses and suspects need to be identified.
• Decide on an interview strategy.

• Can co-perpetrators be kept apart after their arrests?
• Consider whistleblowing provisions in the legislation and internal policies in
this regard.
5.2.9 EXECUTION PHASE

The execution phase of an investigation involves gathering all evidence
necessary to prove all the elements of an offence for a successful prosecution.
In this stage people with different skills and expertise in the related disciplines will
perform investigations specific to their discipline, for example computer experts
will retrieve electronic data to be able to assess and affirm the integrity of
electronic data. In fraud cases, evidence is in the form of documents. The
documents that an auditor/investigator will examine may include general ledgers,
audit reports, computer systems and security systems report, e-mails, purchase
orders, vendor information, accounting journals, etc. It is therefore critical that
auditors/investigators be alert to indicators that the documents being examined
may be suspicious, incomplete, or not authentic. They must therefore be alerted
to identifying red flags when examining documents, such as
• use of erasers
• use of correction fluid
• photocopies of the original document
• incomplete printing
• missing pages
The execution phase may at times be affected by budgetary constraints, which

may result in the inability to gather all evidence, for example a situation may
present itself where data stored in all the computers cannot be imaged. The
196
investigator will then have to make a choice as to which computers with the
electronically stored information will have the best evidence to prove their case.
They will then image the specific computers identified.
During any investigation it is important that the chain of custody be maintained.

This can be done by ensuring that documents are identified, marked, inventoried,
and preserved to maintain the chain of custody. It is critical is to ensure that
original documents of evidentiary value are not tampered with. This can be done
by making copies or imaging the document and placing the original in a
transparent envelope or, in the case of multiple documents, in boxes which must
be labelled correctly and sealed. The duplicate copies can be used for further
investigation. It is imperative that the original document not be tampered with, for
example making notes on the document or using a pen or pencil to underline the
irregularities identified. It is also important that the handling of documents be
confined to the least number of people to ensure continuity of possession.
ACTIVITY 18
Describe the red flags when examining documents during forensic
investigation.
FEEDBACK
• use of erasers
• use of correction fluid
• photocopies of the original document
• incomplete printing
• missing pages
5.2.10 SUMMARY
Before starting a forensic investigation, investigators must make sure that they
have the necessary mandate and authority to perform the investigation. The
mandate must always be in writing and can take one of many forms.
197
For the corporate investigator, the mandate can take the form of an engagement
letter from the client, whereas, for an internal investigator, the mandate can be a
letter of instruction from the company signed by the appropriate person with
authority to do so. In the case of an investigation under a specific Act, the Act will
determine who is responsible for issuing such a mandate. It is then important for
the investigator to ensure that there are sufficient and appropriate grounds for
issuing the mandate, although they have received a mandate. This might prevent
the case from being dismissed by the court after the investigation has been
completed. Forensic investigators and examiners usually obtain a great deal of
evidence when conducting fraud and corruption investigations. Therefore, it is
critical to have a knowledge and understanding of analysing documents collected
as evidence in such cases. The forensic investigators and examiners should
make sure that relevant documents are included and irrelevant documents are
eliminated.
Develop and discuss a fraud response plan that is relevant to your working
environment.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
__________________________________________
198
BIBLIOGRAPHY
Abed, G & Gupta, S. 2002. Governance, corruption and economic
performance. Washington, DC: International Monetary Fund
Accounting Verse. [n.d.]. Introduction to accounting summary.
www.accountingverse.com/accounting-basics/introduction-to-accounting-
summary.html. [Accessed 4 April 2022].
Acorn, E. 2016. The power of procurement in the fight against foreign bribery. 2016 OECD
Integrity Forum. Paris.
Adekanya, F. 1986. Fraud in banking transactions. The Nigerian Banker, 1(6):34-67.
Afonin, O & Katalov, V. 2016. Mobile forensics - advanced investigative strategies.
Birmingham: Pakt Publishing
Andrea, DP, Olivier, C, Yann, B, Serge, W & Gianluca, B. 2014. Learned lessons in credit
card fraud detection from a practitioner perspective. Expert Systems with
Applications, 41(1):4915–11. https://doi.org/10.1016/j.eswa.2014.02.026 [Accessed
4 April 2022].
Andvig, J. 2006. Corruption and fast change. Journal of World Development, 34(2)
(February):328-340.
Appolloni, A & Nshombo, JM. 2014. Public procurement and corruption in Africa: a
literature review. In: Decarolis, F & Fray, M. (eds). Public procurement's place in the
world: the charge towards sustainability and innovation. Basingstoke: Palgrave
McMillan.
Argandoña, A. 2003. Private-to-private corruption. Journal of Business Ethics, 47(3):253-
67.
Association of Certified Fraud Examiners (ACFE). 2019. Fraud examiner manual. Austin,
Texas.
Bair, J. 2017. Seeking the truth from mobile evidence. Massachusetts: Academic Press.
Bellamy, E. 1887. Looking backward. New York: Dover Publications.
Bjørnskov, C & Paldam, M. 2004. Corruption trends. In: Lambsdorff, JC, Taube, M &
Schramm, M. (eds). New institutional economics of corruption. London: Routledge.
Bodenschatz, A & Irlenbusch, B. 2019. Do two bribe less than one? An experimental study
on the four-eyes-principle. Applied Economics Letters, 26(3):191-185.
Boles, J. 2014. The two faces of bribery: international corruption pathways meet conflicting
legislative regimes. Michigan Journal of International Law, 35(4):674-713.
199
Casey, E. 2011. Digital evidence and computer crime. 3rd ed. Massachusetts: Academic
Publishing.
Ceva, E & Ferretti, MP. 2017. Political corruption. Philosophy Compass, 12(12).
Chen, J. 2021. Guide to financial crime and fraud.
https://www.investopedia.com/terms/f/fraud.asp [Accessed 4 April 2022].
Chigada, JM. 2020. A qualitative analysis of the feasibility of deploying biometric
authentication systems to augment security protocols of bank card transactions.
South African Journal of Information Management, 22(1):a1194.
https://doi.org/10.4102/ sajim.v22i1.119 [Accessed 4 April 2022].
Corrado, G & Rossetti, F. 2018. Public corruption: a study across regions in Italy. Journal
of Policy Modeling, 40(6):1126-1139.
Corsaro, N, Frank, J & Ozer, M. 2015. Perceptions of police practice, cynicism of police
performance, and persistent neighborhood violence: an intersecting relationship.
Journal of Justice, Criminal Justice, 43:1–11.
Dahlström, C & Lapuente, V. 2015. Democratic and professional accountability. In:
Dahlström, C & Wängnerud, L. (eds). Elites, institutions and the quality of
government. London: Palgrave Macmillan.
Dahlström, C, Lapuente, V & Teorell, J. 2012. The merit of neritocratization: politics,
bureaucracy, and the institutional deterrents of corruption. Political Research
Quarterly, 65(3):656-668.
Debski, J, Jetter, M, Mosley, S & Stadelman, D. 2018. Gender and corruption: the
neglected role of culture. European Journal of Political Economy, 55:526-537.
Delamaire, L, Abdou, H & Pointon, J. 2009. Credit card fraud and detection techniques: a
review. Banks and Bank Systems, 4(2):57–68.
De Simone, F & Shruti, S. 2012. Civil society procurement monitoring: challenges and
opportunities. In: Bohorquez, E & Devrim, D. (eds). A new role for citizens in public
procurement. New Mexico: Transparencia Mexicana.
Dong, B & Torgler, B. 2011. Democracy, property rights, income equality, and
corruption. FEEM Working Paper.
Ferguson, G. 2017. Global corruption: law, theory and practice. 3rd ed. Victoria: University
of Victoria.
Fisman, R & Miguel, E. 2007. Corruption, norms, and legal enforcement: evidence from
diplomatic parking tickets. Journal of Political Economy, 115:1020-1048.
Gerring, J & Thacker, CT. 2005. Do neoliberal policies deter political
corruption? International Organization, 59(1):233-254.
200
Ghosh S & Reilly, DL. 1994. Credit card fraud detection with a neural network. In:
Nunamaker, JF & Sprague, RH. (eds). Proceedings of the 27th annual Hawaii
International Conference on System Science, vol 3: Information Systems:
DSS/knowledge-based Systems. Los Alamitos, CA, USA.
Goel, RK & Nelson, MA. 2010. Causes of corruption: history, geography and
government. Journal of Policy Modeling, 32(4):433-447.
Gopinath, C. 2008. Recognizing and justifying private corruption. Journal of Business
Ethics, 82(3):747-754.
Groenendijk, N. 1997. A principal-agent model of corruption. Crime, Law and Social
Change, 27(3-4):207-229.
Hayes, A. 2021. Misrepresentation. https://www.investopedia.com/terms/
m/misrepresentation.asp [Accessed 4 April 2022].
Heroles, FR. 2012. Tweet: Citizens&markets: wakening the ally.
https://twitter.com/citizensmarkets/status/497182438133874689 [Accessed 4 April
2022].
Holmberg, S & Rothstein, B. 2015. Good societies need good leaders on a leash. In:
Dahlström, C & Wängnerud, L. (eds). Elites, institutions and the quality of
government. London: Palgrave Macmillan.
India Code. 1872. Indian Evidence Act.
https://www.indiacode.nic.in/handle/123456789/2188?sam_handle=123456789/136
2 [Accessed 4 April 2022].
IOL. 2019. Elections2019: Research reveals how parties buy votes.
https://www.iol.co.za/news/politics/elections2019-research-reveals-how-parties-buy-
votes-21632422 [Accessed 4 April 2022].
Jiménez, JL & García, C. 2018. Does local public corruption generate partisan effects on
polls? Crime, Law and Social Change, 69(1):3-23.
Kaufmann, D & Wei, JS. 1999. Does "grease money" speed up the wheels of
commerce? NBER Working Papers, No. 7093. Cambridge, MA: National Bureau of
Economic Research.
Kenny, C. 2006. Measuring and reducing the impact of corruption in infrastructure. World
Bank Policy Research Working Paper.
Kenton, W. 2021. Kickbacks. https://www.investopedia.com/terms/k/kickback.asp
[Accessed 4 April 2022].
Klašnja, M. 2017. Uninformed Voters and Corrupt Politicians. American Politics Research,
45, 2, 256-279.
201
Klitgaard, R. 1988. Controlling corruption. Berkeley: University of California Press.
Klitgaard, R. 2004. Leadership under systemic corruption.
https://www.researchgate.net/publication/265285791_Leadership_
under_Systemic_Corruption [Accessed 4 April 2022].
Koornhof, C & Du Plessis, D. 2000. Red flagging as an indicator of financial statement
fraud: the perspective of investors and lenders. Meditari Accountancy Research,
8:69-93.
Kotlyar, D & Pop, L. 2016. Asset declarations: a threat to privacy or a powerful anti-
corruption tool? Washington: World Bank.
Kubbe, I. 2017. Europe's 'democratic culture' in the fight against corruption. Crime, Law
and Social Change, 70(2):217-240.
Kuhn, S. 2019. Prisoner's dilemma. In: Zalta, EN. (ed.). The Stanford encyclopedia of
philosophy. Stanford: Center for the Study of Language and Information.
Kramer, E. 2018. Eradicating corruption: you can't just pin your hopes on
democracy. Public Administration Review. American Association for Public
Administration.
Kwon, I. 2014. Motivation, discretion and corruption. Journal of Public Administration
Research and Theory, 24(3):765-794.
Laleh, N & Azgomi, A. 2009. An overview of a hybrid fraud scoring and spike detection
technique for fraud detection in streaming data. Proceedings of the 3rd International
Conference on Information Systems, Technology and Management. Ghaziabad,
India, 12–13 March, pp. 356–367.
Landell-Mills, P. 2013. Citizens against corruption: report from the front line. Harborough:
Troubador.
LaPorta, R, Lopez-de-Silanes, F, Shleifer, A & Vishney, R. 1999. The quality of
government. Journal of Law, Economics, and Organization, 15(1):222-279.
LaVine, M. 2018. Occupational fraud. https://www.eisneramper.com/financial-fraud-rt-blog-
1118/ [Accessed 4 April 2022].
Lederman, D, Loayza, M & Soares, R. 2005. Accountability and corruption: political
institutions matter. Policy Research Working Papers. Washington, DC: World Bank.
Lee-Jones, K. 2018. Regulating private sector corruption . Berlin: Transparency
International.
Lessig, L. 2018. America, compromised. Chicago: University of Chicago Press.
202
Locatelli, G, Mariani G, Sainati, T & Greco, M. 2017. Corruption in public projects and
megaprojects: there is an elephant in the room! International Journal of Project
Management, 45(3):252-268.
Luo, Y. 2005. An organizational perspective of corruption. Management and Organisation
Review, 1(1) (March):119-154.
Macrae, J. 1982. Underdevelopment and the economics of corruption: a game theory
approach. World Development, 10(8) (August):677-687.
Mahalik, H, Tamma, R & Bommisetty, S. 2016. Practical mobile forensics. 2nd ed.
Birmingham: Packt Publishing.
Marquette, H & Peiffer, C. 2015. Corruption and collective actions. Bergen, Norway: U4
Anti-Corruption Resource Centre.
Martini, M & Zinnbauer, D. 2014. Regulating private-to-private corruption. Berlin:
Transparency International.
Matson, JV. 1994. Effective expert witnessing. Boca Raton: CRC Press.
Mattarella, BG. 2014. The conflicts of interests of public officers: rules, checks and
penalties. In: Auby, J-B, Breen, E & Perroud, T. (eds). Corruption and conflicts of
interest: a comparative law approach. Cheltenham, UK: Edward Elgar.
Mbopane, L. 2020. South Africa to lose billions of rands from cybercrimes during COVID-
19. https://safetyandsecurityafrica.com/sa-to-losebillions-of-rands-from-cybercrimes-
during-covid-19-experts-warn/ [Accessed 4 April 2022].
Menes, R. 2006. Limiting the reach of the grabbing hand, graft and growth in American
cities, 1880 to 1930. In: Glaeser, EL & Goldin, C (eds). Corruption and reform.
Chicago: University of Chicago Press.
Montinola, GR & Jackman, R. 2002. Sources of corruption: a cross-country study. British
Journal of Political Science, 32:1 (January):147-170.
Murphy, CB. 2020. Corporate finance and accounting.
https://www.investopedia.com/terms/f/financial- statements.asp#:~:
text=Financial%20statements%20are%20written%20records,
Balance%20sheet [Accessed 4 April 2022].
National Treasury. 2013. Fraud prevention plan. http://oag. treasury.gov.za [Accessed 4
April 2022].
Natural Resource Governance Institute. 2019. Corruption.
https://resourcegovernance.org/topics/corruption?type[event]=event&sort_by=title&
sort_order=asc&page=8 [Accessed 4 April 2022].
203
Ojigbede, SI. 1986. Fraud in banks. An unpublished paper presented on bank inspectors
course organized by Financial Institutions Training Centre (FITC) in Lagos Nigeria,
6-17 October.
Ojo, T & Adewanmi, A .1982. Banking and finance in Nigeria. Lagos: CIBN & Landmark.
Open Data Charter. 2018. Using data to combat corruption. https://open-data-
charter.gitbook.io/open-up-guide-using-open-data-to-combat
corruption/background-charter-open-up-guides [Accessed 4 April 2022].
Organisation for Economic Co-operation and Development (OECD). 2003. Managing
conflict of interest in the public service: OECD guidelines and country
experiences. Paris.
Organisation for Economic Co-operation and Development (OECD). 2005. E-government
for better government. Paris.
Organisation for Economic Co-operation and Development (OECD). 2007. Bribery in
public procurement: methods, actors and counter measures. Paris.
Organisation for Economic Co-operation and Development (OECD). 2014. Foreign bribery
report. Paris.
Organisation for Economic Co-operation and Development (OECD). 2016. Preventing
corruption in public procurement. Paris.
Patidar, R & Sharma, L. 2011. Credit card fraud detection using neural network.
International Journal of Soft Computing and Engineering, 1(2):2231-2307.
Payment Association South Africa (PASA). 2016. Card fraud 2016: protect your card and
information at all times. https://www.sabric.co.za/media/1038/2016-card-fraud-
booklet.pdf [Accessed 4 April 2022].
Persson, A, Rothstein, B & Teorell, J. 2013. Why anticorruption reforms fail: systemic
corruption as a collective action problem. Governance, 26(3):449-471.
Poynter, D. 2011. The expert witness handbook. Para Publishing.
PricewaterhouseCoopers. 2014. Global economic survey. London.
PricewaterhouseCoopers. 2015. Global economic survey. London.
PricewaterhouseCoopers. 2018. Global economic crime and fraud survey. London.
PricewaterhouseCoopers. 2014. PwC 2014 Global Economic Survey. Confronting the
changing face of economic crime. 4th South African ed.
https://www.pwc.co.za/en/assets/pdf/global-economic-crime- [Accessed 16 June
2022].
Pring, C & Vushi, J. 2019. Tackling the crisis of democracy, promoting rule of law and
fighting corruption. Berlin: Transparency International.
204
Radzinowicz, S & Wolfgang, C. 1997. Crime and justice. The criminal society of Nigeria.
New York: Basic Books.
Ramphal, K. 2018. Analysing and comparing the impact of misrepresentation and non-
disclosure on the validity of a contract: similarities, differences and remedies.
Master’s in Business Law, University of KwaZulu-Natal.
Republic of South Africa. 1996a. Local government anti-corruption strategy. Pretoria:
Government Printer.
Republic of South Africa. 1996b. The Constitution of the Republic of South Africa of 1996.
Pretoria: Government Printer.
Republic of South Africa. 2004. Prevention and Combating of Corrupt Activities Act 9 of
2004. Pretoria: Government Printer.
Republic of South Africa. 2011a. Draft public service integrity management framework.
Pretoria: Government Printer.
Republic of South Africa. 2011b. Municipal Systems Amendment Bill. Pretoria:
Government Printer.
Rose-Ackerman, S. 2014. Corruption and conflicts of interest. In: Jean-Bernard, A, Breen,
E & Perroud, TT. (eds). Corruption and conflicts of interest: a comparative law
approach. Cheltenham, UK: Edward Elgar.
Rose-Ackerman, S & Palifka, BJ. 2016. Corruption and government: causes,
consequences and reform. Cambridge: Cambridge University Press.
Ruhiiga, TM. 2009. Costing the impact of corruption on service delivery in South Africa: an
exploratory overview. Journal of Public Administration, 44(4):1090-1101.
Scaglion, R & Condon, RG. 2006. Determinants of attitudes toward city police.
Criminology, 17:485–494.
Schneider, F. 2007. Shadow economies and corruption all over the world: new estimates
for 145 countries. Economics, 9.
Scott, P. 2022. What is accounting? https://corporatefinanceinstitute.com/
resources/knowledge/accounting/accounting/ [Accessed 4 April 2022].
Scott, WR. 2004. s.a. “Institutional theory”. Encyclopedia of social theory. London: Sage.
Shah, A. 2006. Corruption and decentralized public governance. World Bank Policy
Research Working Papers Series. Washington DC: The World Bank.
Sharma, B & Singh, S. 2020. An investigation of challenges face in detecting fraud.
International Journal of Mechanical and Production Engineering Research and
Development, 10(3):11813–11822.
205
Shleifer, A & Vishny, RW. 1993. Corruption. The Quarterly Journal of Economics,
108(3):599-617.
Snyman, CR. 2002. Criminal law. 4th ed. Durban: Butterworths.
Soliman, H & Cable, S. 2011. Sinking under the weight of corruption: neoliberal reform,
political accountability, and justice. Current Sociology, 59(6):735–753.
Sööt, M, Lars, J, Pedersen, KH, Vadi, M & Reino, A. 2016. Private-to-private corruption:
taking business managers' risk assessment seriously when choosing anti-corruption
measures. 2016 OECD Integrity Forum. Paris.
South African Banking Risk Information Centre (SABRIC). 2016. Release of card fraud
stats 2016. http://www.sabric.co.za [Accessed 4 April 2022].
South African Banking Risk Information Centre (SABRIC). 2017. SABRIC digital banking
crime statistics. https://www.icfp.co.za/article/sabric-digital-banking-crime-
statistics.html [Accessed 4 April 2022].
South African Banking Risk Information Centre (SABRIC). 2018. Annual report. Midrand.
South African Banking Risk Information Centre (SABRIC). 2019. SABRIC digital banking
crime statistics. https://www.icfp.co.za/article/sabric-digital-banking-crime-
statistics.html [Accessed 4 April 2022].
South African Banking Risk Information Centre (SABRIC). 2020. These are the most
common banking scams in South
Africa. https://businesstech.co.za/news/banking/409869/these-are-the-most-
common-banking-scams-in-south-africa [Accessed 4 April 2022].
Stiles, T. 2014. A guide to archiving of electronic records. Essex: Scientific Archivists
Group.
Stockemer, D. 2018. Gender equality and electoral corruption: some insights from the local
elections in Macedonia. Journal of Contemporary Central and Eastern Europe,
26(2-3):267-275.
Sung, HE. 2004. Democracy and political corruption: a cross-national comparison. Crime,
Law and Social Change, 41(2):179-192.
Sydney, IF. 1986. Management control system and the prevention and detection of frauds
in banks. Lagos: CIBN & Landmark.
SWGDE. 2019. Best practices for mobile device evidence and collection preservation and
acquisition. https://www.globalrightscompliance.com/uploads/
84f9281491a3a444312a0fed594157df.pdf [Accessed 4 April 2022].
Tahiri, S. 2016. Mastering mobile forensics. Birmingham: Packt Publishing.
206
Tamma, R, Skulkin, O, Mahalik, H & Bommisetty, S. 2018. Practical mobile forensics. 3rd
ed. Birmingham: Packt Publishing.
Tanzi, V. 1998. Corruption and the budget: problems and solutions. In: Jain, AK.
(ed.). Economics of corruption. London: Kluwer Academic.
Thaler, R & Sunstein, C. 2008. The art of the nudge: improving decisions about health,
wealth and happiness. New Haven: Yale University Press.
Thompson, D. 1995. Ethics in congress. Washington: Brookings Institute.
United Nations (UN). 2003. Convention Against Corruption. Geneva.
United Nations (UN). 2016. The use of information and communications technologies for
the implementation of the United Nations Convention against
Corruption. Conference of the States Parties to the United Nations Convention
against Corruption, Geneva.
United Nations (UN). 2018. Asset and interest disclosure systems. Conference of the
States Parties to the United Nations Convention against Corruption, 5-7 September.
Geneva.
United Nations Office on Drugs and Crime (UNODC). 2013a. Guidebook on anti-corruption
in public procurement and the management of public finances: good practices in
ensuring compliance with Article 9 of the United Nations Convention Against
Corruption. Vienna.
United Nations Office on Drugs and Crime (UNODC). 2013b. The United Nations
Convention Against Corruption: a strategy for safeguarding against corruption in
major public events. Vienna.
United States Agency for International Development (USAID). 2017. Combatting corruption
among civil servants: interdisciplinary perspectives on what works.
https://www.unodc.org/e4j/en/anti-corruption/module-4/key issues/references.html
[Accessed 4 April 2022].
Warren, ME. 2004. What does corruption mean in a democracy? American Journal of
Political Science, 48(2):328-343.
Wehrman, MM & De Angelis, H. 2011. Citizen willingness to participate in police-
community partnerships: exploring the influence of race and neighbourhood context.
Police Quarterly, 14(1):48–69.
Wells, JT. 2005. Principles of fraud examination. Hoboken, New York: John Wiley and
Sons.
Williams-Elegbe, S. 2012. Fighting corruption in public procurement: a comparative
analysis of disqualification or debarment measures. Oxford: Hart.
207
Williams-Elegbe, S. 2018. Systemic corruption and public procurement in developing
countries: are there any solutions? Journal of Public Procurement, 18(2):131-147.
Write, F. 2021. South Africans think corruption is getting worse under Ramaphosa.
https://businesstech.co.za/news/trending/521918/south-africans-think-corruption-is-
getting-worse-under-ramaphosa/ [Accessed 4 April 2022].
World Bank. 2015. Corruption.
http://www.enterprisesurveys.org/data/exploretopics/corruption [Accessed 4 April
2022].
Zinn, R & Dintwe, S. 2015. Forensic investigation: legislative principles and investigative
practice. Cape Town: Juta.
Zinnbauer, D. 2012. Ambient accountability: fighting corruption when and where it
happens. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2168063 [Accessed
4 April 2022].
208

Forensic Investigation Textbook

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Forensic Investigation Textbook

Uploaded by

Copyright:

Available Formats

Open Rubric

LEARNING UNIT 1: ____________________________________________________ 1

FINANCIAL TRANSACTIONS AND FRAUD SCHEMES ____________________________________________ 1

LEARNING UNIT 2: ___________________________________________________ 25

THEORY ON CORRUPTION AND FRAUD ____________________________________________________ 25

LEARNING UNIT 3: ___________________________________________________ 91

CREDIT CARD AND CHEQUE FRAUD _______________________________________________________ 91

LEARNING UNIT 4: __________________________________________________ 111

OVERVIEW OF THE LEGAL SYSTEM _______________________________________________________ 111

LEARNING UNIT 5: __________________________________________________ 157

LEGAL TESTIMONY AND INVESTIGATION PROCESS __________________________________________ 157

Investigation of Selected Crimes and Transgressions: Module A (FOR3703) is aimed at

There is an unacceptably high level of economic crimes, transgressions, or irregularities,

After completing this module, you should be able to

PRESCRIBED MATERIAL FOR THIS MODULE

There are no prescribed manuals or textbooks for this module.

• explain basic accounting concepts that are used by forensic

1.1.1 INTRODUCTION TO FINANCIAL TRANSACTIONS AND

The purpose of this learning unit is to introduce you to some fundamental

1.1.2 BASIC FORENSIC ACCOUNTING CONCEPTS

In response to the growing importance of accounting investigative skills within

Therefore, accounting investigative skills within law enforcement agencies are

Scott (2022) describes accounting as a process of consolidating financial

• Record keeping: The system of record keeping of financial transactions

1.1.3 FORENSIC BASIC ACCOUNTING EQUATION AND THE

Assets = Liabilities + Owner’s Equity

• Assets consist of the net resources owned by an entity. Examples of assets

1.1.4 FORENSIC ACCOUNTING RULES FOR RECORDING

• The principle of double entry is that each transaction debit has a

1.1.5 FORENSIC ACCOUNTS AND THE ACCOUNTING CYCLE

Fraud investigation often requires an understanding of the debit and credit

Discovering concealment efforts through a review of accounting records is one of

Assets = Liabilities + Owner’s equity

Key • define financial statements and types of financial statements

• Statement of financial position (balance sheet): This conveys the

1.2.2 GENERAL TECHNIQUES FOR FINANCIAL STATEMENT

1.2.3 BASIS OF ACCOUNTING

1.2.3.1 Cash basis accounting

1.2.3.2 Accrual basis accounting

In terms of the accrual basis of accounting, transactions are recorded in the

List and discuss ways of analysing financial statements of forensic

Key • list the types of financial statement fraud

According to the ACFE (2019:1.203), financial statement fraud is the least

1.3.2 TYPES OF FINANCIAL STATEMENT FRAUD

• overstating revenues by recording future expected sales

1.3.3 REASONS FOR COMMITTING FINANCIAL STATEMENT

• encourage investment through the sale of stock

1.3.4 FINANCIAL STATEMENT FRAUD RED FLAGS

• accounting anomalies, such as growing revenues without a corresponding

1.3.5 FINANCIAL STATEMENT FRAUD DETECTION METHODS

A mathematical approach known as the Beneish Model evaluates eight ratios to

Fraud risk governance is described as a process of assessing fraud risks within

1.4.2 EFFECTIVE FRAUD RISK MANAGEMENT

Assessment begins with employees. There needs to be a holistic understanding

From there, a risk tolerance limit is used to create a cost-effective framework. A

1.4.2.2 Fraud risk governance

Additionally, these should be documented, shared and easily accessible to all

1.4.2.3 Fraud risk prevention

One of today’s most effective fraud risk prevention strategies is to implement

In between assessments, it is critical that an organisation, from top to bottom,

If fraud is detected, employees need to be able to have a streamlined way to flag

1.4.2.5 Monitoring and reporting

Outcomes of the current strategy must be measured, and the results