Case Study: Conducting Workplace Investigations That Uncover Hidden Financial Fraud Risks

In today's fast-paced corporate environment, what begins as a workplace grievance can sometimes uncover something equally or even more consequential.  Consider this.  You are a healthcare institution, employing 8,000 employees in the Midwest, generating between $50–100 million annually.  You received a complaint from a 10-year employee, citing bullying and unfair treatment related to gender. You begin the investigation, and the story takes a twist. You find a deeply hidden financial fraud scheme. This case not only highlights the value of structured investigations but also underscores how behavioral red flags and credibility assessments can open the door to deeper organizational risks.

Initial Complaint

The process started with a complaint from a junior analyst who reported being moved from a private office to a cubicle – for reasons he believes was to be under the close watch of his boss, the senior financial manager. He also cited the abrupt removal of several core responsibilities—primarily related to vendor oversight and payment cycle reviews.  He filed his complaint after what he claimed was a hostile exchange that included his boss using demeaning, gendered language towards him.

Investigators began with a narrowly defined scope centered on bullying and gender harassment, but even during the initial interviews, cracks began to show. Several colleagues observed that the senior manager—once dependable and collaborative—had become isolated and irritable over the past year. She canceled meetings, closed her door often, and worked alone well into the night. These changes appeared to coincide with reports of personal financial stress at home, and the departure of a long-time coworker and friend. One witness noted that the manager had started reacting defensively when asked for documentation and took offense when questioned about procedures.

Expanding Scope

What initially appeared as straightforward workplace misconduct soon raised red flags pointing towards possible financial irregularities. Investigators noted crucial indicators such as password-protected financial statements, transactions processed outside regular business hours, and substantial payments to a vendor lacking standard documentation. At this stage, the investigator recognized that this behavioral context warranted a deeper look.

According to ACFE, financial fraud is frequently linked to behavioral changes in perpetrators, especially among individuals in positions of trust. Investigators should consider expanding the scope of an investigation to include financial misconduct when behavioral changes in finance personnel coincide with procedural irregularities or unexplained vendor relationships.

The investigation team expanded their scope to conduct an audit of financial transactions, vendor relationships, and internal approval processes. They retrieved system access logs and reviewed the manager’s communications and documentation practices. What they found added urgency: password-protected financial statements, significant after-hours activity, and unusually large payments to a vendor – the now departed employee –  that no one else on the finance team recognized. There were no onboarding records or internal discussions around this vendor, just a series of high-value payments processed quietly over several months.

Credibility Assessment Framework

At this point, the credibility assessment framework became central to the investigation. It provided the lens through which all testimonial and documentary evidence was evaluated:

1. Direct Corroboration: Multiple team members confirmed they had personally seen the analyst moved and his responsibilities stripped. These firsthand observations gave weight to the initial complaint.

2. Circumstantial Corroboration: While no one witnessed the specific verbal altercation between the junior analyst and his boss, several colleagues attested to the manager’s increasing volatility, including her tendency to shout at vendors and deflect questions. These patterns indirectly supported the analyst’s bullying claims.

3. Inherent Plausibility: Given the manager’s stressors, including her personal financial strain and the loss of a close colleague, it was plausible that her conduct had deteriorated and that she might have rationalized bypassing controls.

4. Motive to Misrepresent: The manager had clear incentive to deny wrongdoing. Her professional reputation, and perhaps even her career, were at stake. This motive colored her defensive and inconsistent testimony.  By contrast, there was less incentive for the long-term junior analyst to fabricate claims against his boss. To the contrary, he likely feared being judged and retaliated against by others.

5. Material Omission: During interviews, the manager withheld a material piece of information – her personal connection to the vendor in question. Only later did investigators discover they shared a residential address—a fact that should have triggered immediate conflict-of-interest disclosures.

6. Inconsistent Statements: The manager’s narrative shifted across interviews. At one point, she described the analyst as overwhelmed, justifying her decision to take over his duties. Yet in an earlier email, she had described him as underutilized—an inconsistency that raised concerns about her credibility.

7. Control Override: The most compelling evidence came from the manager’s own actions. She had processed payments to a vendor without any standard documentation, onboarding verification, or peer review. These actions constituted a clear override of internal financial controls.

Financial Fraud Analysis

Investigators conducted a forensic review of payment records and communication logs, ultimately identifying a consistent pattern: off-hours payment activity, restricted access files, and an absence of collaborative workflows. These indicators, coupled with the personal relationship to the vendor, left little doubt. What began as an HR case had evolved into a classic fraud discovery.

The investigation concluded with definitive findings. The senior manager was terminated and the matter referred to law enforcement. Legal proceedings followed, and the organization pursued restitution for the funds that had been misdirected. While not all losses were recovered, the case prompted sweeping reforms.

Lessons Learned

Post-investigation, the healthcare institution implemented stricter vendor onboarding protocols, dual authorization for payments, and real-time transaction monitoring. They also launched a fraud awareness training initiative and reemphasized internal whistleblower protections.

The most important lesson? Financial fraud does not always come through the front door—it often hides in plain sight, behind behavioral shifts and quiet procedural deviations. Investigations that stay narrowly focused may miss critical signals. But when investigators are trained to assess credibility systematically and respond to patterns of red flags, they can uncover fraud that others overlook.

This case illustrates how critical it is to treat HR complaints as potential gateways to broaden organizational risk—and how credibility assessment is not just a legal standard, but a strategic investigative tool.

If your agency requires an independent investigation into allegations made against elected officials, contact Van Dermyden Makus to connect with one of our many attorney investigators experienced in conducting investigations involving elected officials.