A company offering inventory management systems encountered severe business challenges when its systems at numerous client locations were unexpectedly disabled, causing widespread and costly operational disruptions.
Our CRA Forensic Services team investigated and determined that a former executive, whose access rights and credentials had not been revoked, was responsible for intentionally causing the disruptions.
Key points
• Situation
– A significant, unexplained malfunction was detected in the inventory management systems software licensed by the company to multiple clients across numerous states.
• Our investigation
– We were engaged to preserve evidence, analyze the affected systems, and determine the cause of the malfunctions.
– We discovered that the systems had been accessed remotely using an account linked to a former executive’s computer and IP address.
– We concluded that the former executive, terminated several weeks earlier but whose access rights and credentials had not been revoked in a timely manner, had used remote access tools to log into these systems and uninstall critical software, effectively disabling the systems and hindering remote management capabilities.
• Outcome
– The forensic evidence that our team gathered was critical to identifying the perpetrator, proving liability, and obtaining damages in the legal proceedings against the former employee.
The engagement team was led by VP and Forensic Services Practice Leader Kristofer Swanson.
CRA’s Forensic Services Practice assists in the prevention, detection, and correction of a broad range of risks and potential misconduct, reaffirming companies’ commitment to integrity and exemplary corporate governance. Other recent assignments have included investigating and assessing allegations of financial statement irregularities, fraud, FCPA, and bribery and corruption non-compliance, export controls and sanctions, anti-money laundering, #MeToo issues, theft of trade secrets, ineffectiveness of SOX controls, and cybercrime.
