Transcript: Kathy Enstrom podcast

Kathy discusses with GRIP the essential points to consider when conducting corporate investigations.

This is a transcript of the podcast Veteran investigator Kathy Enstrom walks us through the effective investigation between GRIP’s US content manager Julie DiMauro and Kathy Enstrom, Director of Investigations for the Moore Tax Law Group.


Julie DiMauro: Greetings everyone. I’m Julie DeMauro, the US Content Manager, speaking to you from New York City on this windy, chilly January day. Welcome to our Global Relay Intelligence and Practice, or GRIP, podcast.

You can find articles, thought leadership insights, and our podcasts on our website,, and we welcome your input at any time. I’m going to have our esteemed guest today, Kathy Enstrom, introduce herself, giving you all an overview of her career experience as a financial investigator. Take it away, please, Kathy.

Kathy Enstrom: Thank you, Julie, and thank you so much for inviting me to your GRIP Podcast. I am excited to have this discussion today. A little bit about my background is I am currently the Director of Investigations for the Moore Tax Law Group based in Chicago, Illinois. And yes, it is windy here, just as well as it is in New York by you, Julie. But what does a Director of Investigations do for a law firm? Basically what I do is I assist the lawyers in developing a strategy for defense of our clients.

Our law firm specifically works in the tax arena and tax controversy, and so we assist in clients who have been under investigation by Internal Revenue Service investigation or have a significant audit that may have some possible fraud implications there. And so I’m there to provide the experience that I gained while working there, which I’ll go through in a second. And I just am able to give that insider perspective that the lawyers may not have at my firm. So regarding that career at IRS, I was at IRS Criminal Investigation for 26 years in the capacity of special agent all the way up to executive level.

And so within that area, obviously IRS Criminal Investigation focused on tax crimes and other financial crimes. And so my career has mostly been in that venue, the financial aspects. And trying to find the money that maybe somebody has hidden away from either the government or some other thing.

And so everything that I have learned and done and experienced has been about finding the truth behind something. So if there has been a loss of funds or maybe there has been somebody that appears to have way too much money compared to what their tax return might have indicated, that is what Criminal Investigation Special Agents do is dive in and find out what has happened and where all the money has gone.

Which kind of leads us into, I conducted external criminal investigations, but that is very similar to conducting an internal investigation. And kind of like what I do right now is if a client comes to us and maybe has been approached by the government, what I do is basically perform an internal investigation of our client.

Taking all of the information that they have provided to us, either in electronic form or interview form, and conducting interviews of their associates and themselves and trying to make us understand what maybe the government already knows about or is going to find out. And so I am basically conducting an internal investigation of our client. Which is kind of the topic of the day.

Julie DiMauro: Exactly. Well, I want to get into that because we will definitely talk about the differences between the internal investigation and the external one. The rationale for having an external investigator join your team and who should be involved. So let’s start with the internal investigations first, Kathy. So can you walk us through an internal investigation talking to us about policy procedure who needs to be there and how to just carefully plan that out in the context of organizing one within your firm and then maybe deciding to bring in external experts if needed?

Kathy Enstrom: No, perfect. I can do that. So corporations are under increased scrutiny by regulators across the globe. And as a result, it’s more important than ever for companies to conduct an effective and thorough internal investigation when any allegation of misconduct arises. And so as soon as something is identified, you need to act immediately. So an effective investigation allows the company to proactively examine the facts and assess any maybe legal, financial, or reputational risks involved.

And then maybe if it’s warranted, either civil litigation or government investigation could lead the next step. So I would strongly say one of the first things that a company should do is make sure that there is some sort of plan in place if something happens. It’s similar to you’ve got a fire extinguisher on the wall and there’s glass covering it. Break in case of emergency.

I hope to never use that thing that’s behind that glass, but having a plan in place, it should be drafted when there isn’t an emergency. You should not try to build that boat in the middle of a flood. You need to have it ready for you in the beginning. And so having that plan or work plan or policy is kind of the first thing that any organization and any science organization should have.

What’s in that work plan?

Number one is you need to identify, the first step is to identify the scope and the objective of whatever the issue is. And that concludes the type of issue that’s being conducted. If it’s financial related, then there’s certain steps there. If it’s something else like a harassment related issue, there’s certain steps there.

But having that general work plan is a must. And that would include who should be involved and who, like whether or not lawyers should be immediately involved. I would probably suggest, yes, they should be involved pretty early. But having that investigator there also early on is so important because they have a different mindset.

My mindset sometimes, as my firm has experienced in the time that I’ve been working there, is that people are liars. And therefore, I kind of go into a situation where maybe somebody’s not telling me the truth and I need to get to the bottom of that. And so is there documentation to back up their truth or something to that effect? But I’ve got that different mindset where I am questioning people constantly. And that’s what you kind of need. Because sometimes when, and we’ll give some examples later on, and sometimes it’s those most trusted employee out there that is doing the bad thing.

So if you have a policy in place, I would just say, if you have one already, when’s the last time you looked at it? Because if it hasn’t been updated in 20 years, can you imagine what life was like 20 years ago versus what it is today? I mean, phones are not as prevalent, text messages, emails are not as prevalent. And therefore, do you have that technology related items in that plan from then that you should have now?

So the policy should have also one final thing, it should outline when to contact law enforcement. I mean, give some examples or some outlines in regards to, hey, maybe this is outside of what we should be doing internally. And maybe that’s when law enforcement should be involved.

Julie DiMauro: That makes sense. Now you talked about who needs to be included. You mentioned lawyers. I’m curious, legal advisors, external or internal, are you referencing? And who else needs to be at the table?

Kathy Enstrom: Absolutely. So yeah, I would say there’s human resources should be involved because if it’s an employee related issue, they need to know about it. Especially if it’s like a harassment related issue. If it’s a financial issue, they still need to know about it. Legal advisors, absolutely. Whether or not you have an internal legal counsel or external, I mean, I definitely think they should be involved just to make sure you stay within the line that you need to stay in.

The investigator portion, not every company has internal investigators and that’s fine. But I would caution you is if you don’t have an internal investigator, don’t just assign anyone to it. Don’t think that, oh, I listen to Murder Podcast, so I’m going to be a great investigator. No, no, no, no, no. There is a lot more involved in that. And therefore, if you don’t have somebody internally, advocate for that external investigator.

And there are so many former law enforcement officers who now are working in the contracting field that you could easily Google search or whatever to find anybody that is valued. But I would definitely check references because not all are alike. I am a financial investigator, but if you ask me to do something like in another vein, I probably wouldn’t do as good of a job.

You really need to have that right investigator behind you. But there’s also some other stages that I would like to go through if we have some time, Julie, to talk to you about what you also need to do in an investigation. Let’s just say you do have an internal investigator or if you hire an external, this could be some of the things that you want them to do.

Number one is, what’s the expectation for the final report? Are you going to be doing a final report? I would say absolutely. There should be some sort of summary that outlines your steps you’ve taken, who you’ve interviewed, what records you’ve reviewed, and then a final recommendation, we’ll say. But then also there should be some updates given to the corporate execs or boards throughout this investigation. Let’s just say if this investigation lasts three months, then there probably should be monthly updates.

If this investigation lasts a year, I would also say the same. But if it’s like a couple of days, maybe not as crucial to have those updates. But the reason why is because in a let’s just go with an embezzlement case. We identify that missing money is in your corporation. What are your steps involved?

Some of it will be pretty expensive, which we will talk about next because I know that is a big concern. But document and data preservation is so important in an embezzlement type of case. What information should you gather almost immediately? And that will be like you identify the custodians of the people who have the data. And as we all know, a lot of things are just on our computer nowadays. There’s not paper anymore. If there is, it’s, you know, scratch pieces of paper or it’s already in the shredder. I rarely keep paper anymore.

And so that would mean you would need somebody to get interviewed. You would interview those custodians. What type of devices do they have? Computers, phones, hard drives, do they have hard records? That’s a possibility. And then there’s some nuances there that, you know, you don’t really think about as much but your BYOD. Is it bring your own devices? Are they sharing their personal and work device at the same time? And then how do you navigate that? Because if you want to take the items off of their device, you need that lawyer involved to make sure that you’re not infringing upon any sort of Fifth Amendment privilege.

But also home offices. That’s going to be an issue too because can you come into their home office and start searching through any hard record data? You know, that’s going to take some legal finessing there. So there’s some complications that you may not be like up to date. Your policy should be up to date to cover these issues. And that’s why it’s extremely important to like constantly review that your policies.

But I’m going on to the document and data preservation, you know, getting that information early is going to be so important. But as we all can imagine, downloading your computer of an employee or your phone of an employee is going to create a vast amount of records. Hundreds of thousands, if not million documents or items.

And I would just say that that is going to be probably the most expensive part of an internal investigation is pulling that information down. And I would strongly recommend storing it in an eDiscovery type database because that will allow you to tag certain things, create issues, create folders. And if maybe if it goes to a civil lawsuit or a criminal investigation, it’s much easier to turn over the required documents in that way.

There also could be tagged privilege, which is extremely important because you may not want items to be outside of your organization. So hiring that external vendor, like I said, will cost a lot to capture and host the data. But it will be so important and have such great value if this ends up in some sort of civil or criminal action.

The next most important thing I would say to do is the document review. Obviously, you’ve got all the documents, now what? And you got to narrow down that universe of documents and establish some sort of protocol with search terms. And like actually writing this out, like I decided to do search terms of the following. And this is what the production of it was and have the ability, like I said, to tag those documents and group those documents.

And so that’s super important. And then establish who reviews those documents because it can’t just be anybody. You need to have that trustworthy group of people that know about this issue. So they have to be trained to like what the issue is, trained on how to review the documents, what’s privileged, what’s not, and have that experience and knowledge so that they can actually be helpful in the investigation. And then one last thing I want to talk about is the interview process.

It’s extremely valuable to have an experienced investigator conduct interviews.

Yes, there’s interviews of the custodians of records. There’s interviews of people that are related to it. And then there’s the interviews of the people that may have done, like I said before, the embezzlement. So there’s scope interviews and then there’s substantive interviews. So that’s the two breakdowns. The scope interview kind of just is like the beginning. And I would say strongly to anybody that the scope interview should be done almost immediately.

You get the general gist early. You find out the memories are fresh. You find out the basic facts very quick. You ask very open-ended questions. You discover extensive people’s knowledge of the issue and possibly catch people in line. But the problem with some of the scope interviews is you don’t have that backup documentation already reviewed.

You’re kind of going in cold. And so sometimes at the con, and you have to be very strategic as far as who you interview and when. The substantive interviews are conducted after document review. And sometimes people want to wait to conduct those substantive interviews if they’ve identified somebody who’s culpable, someone who may be pinned in the sense of they stole the money. And you want those documents ready because if you ask them a question and they give you a contrary answer to what you expect, you can, you know, produce the document and show them, well, then please explain to me this check that you wrote to this vendor that doesn’t exist.

And so that requires extensive preparation from the investigator and some very strategic thought processes involved in how to conduct it. And then this goes back to how important it is to have a qualified investigator running this particular investigation, going from either the overarching investigation down to the interviews of each individual.

Julie DiMauro: This is a terrific overview, Kathy, very helpful. Thank you. And you know, I have a burning question about the internal investigator, which is this is someone working within the organization. How does that person maintain their independence?

Kathy Enstrom: It is tough maintaining their independence. Those not just for the investigator, but honestly, it should be for any, and I work in the tax area, but any return preparers, CPA, enrolled agents, CFO, I mean, when you’re dealing with money and that’s predominantly the crimes that I invest, that’s the only crime that I investigate and a lot of the crimes that happen out there in corporations is that you need to make sure that you can trust everybody, but also, like I say, not start questioning everything too.

So having an investigator that does that questioning, that maintains that independence, that doesn’t also, you know, hang out with the families of all of the people. I mean, I can just say, like, for example, let’s say a CPA who is that doesn’t work for the business. Let’s say you’ve got that CPA, he or she helps out with all of the accounting within that firm or that organization, and all of a sudden they start donating to the CEO’s charities and attending family functions with the CEO, getting a little too close, let’s just say, and then all of a sudden that CEO is asking that person, well, can you please just, you know, alter this or try to figure out a way that we can avoid this or evade taxes here, which is a big no-no, and they have ingratiated themselves so quick into that relationship that they don’t want it to go away and therefore they perform the bad act to help the CEO.

So having that independence is so critically important. Having that little thing in your brain is to question everybody and to make sure that you’re doing things appropriately and ethically.

Julie DiMauro: Thank you. Absolutely. One more question about the internal investigator, because I want to hear about the external one, of course, is the internal investigator’s access to the C-suite, who are they reporting to, to the board to give their, you know, kind of the facts and findings of their investigative work? How does that operate?

Kathy Enstrom: Yeah, that is a tricky one. I mean, I know in, like, let’s say banking industries, the investigative unit reports up to a vice president and then goes up higher and higher and higher. But when there’s a theft within the company, there needs to be some sort of direct line of communication from the investigator, the investigative team, to individuals, the top executives and the board.

There needs to be in the early days, possibly like a pitch to them for their buy-in, like, hey, we really need to look into this matter because of many reasons. So number one, it’s, there’s the most expensive aspect, or I should say the most expensive thing that could happen is if you don’t investigate and then publicity comes out of the misconduct and public perception or bad press can cost an organization a lot more, or God forbid, if there’s some criminal aspects and the next thing you know, IRS criminal investigation or FBI comes in and raids the place. I mean, that is the cost of that is so much more than having cost of a valuable investigative team to work this issue from internal.

And so that’s one of the things that I was talking about earlier is the cost of an investigation is going to be expensive. But if you present that work plan to the executives or the board, assess them and understand, or help them in understanding the issues, provide them goals and expectations, even provide them with a budget, like, I expect this to be done within this budget, and then constantly giving them updates, not only to the budget, but also the progress of the case is going to be important.

I mean, I kind of a recent example of and I’m not I have no knowledge of this, but just from an outsider perspective of Silicon Valley Bank, they didn’t have a chief risk officer for many, many months prior to the collapse, not a permanent one. And if they could have had that risk officer or investigator shouting to the board like, hey, you know, there’s some issues here, could have been avoided. I mean, that’s Monday morning quarterbacking for you. But I mean, having that team, that investigator and the ability to report directly to the top people is so important.

Julie DiMauro: Makes a lot of sense. Thank you so much. So I want to talk about the external investigator. How do you choose this person who’s qualified to do this and who do they report to? Can you walk us through that?

Kathy Enstrom: Oh, gosh, external investigators, like I said before, are a different aspect of this in the sense that they they come in and do the job, a hired gun, so to speak, and then are off on their way. They are clearly independent. They have no allegiance internally. So they will come in and make sure that they do a great job from top to bottom with, you know, within the guidelines that you’re asking them. Now, they do have a bit of a learning curve because they don’t know the organization as well. But that doesn’t mean they can’t end up doing their job well.

Finding someone, like I said before, there’s a lot of fantastic former law enforcement officers in every vein from federal, state, local to choose from who have retired and now are working in this area now. Finding them using Google is one matter, but also getting recommendations from people you trust is going to be extremely important. And then obviously vetting them. I mean, you can hire them, but also ask, you know, maybe, hey, who are your recent clients or look into how where their recent clients are to make sure that they have done a good job in the past.

And I wouldn’t be afraid to go to those smaller shops. I know a lot of people think that having those big firms that do it will help them through any issue. But you know, don’t be afraid to go to the one or two man shops, too, because they are probably equally, if not more dedicated to doing a good job because they are so small and want to have a good reputation afterwards.

Julie DiMauro: Perfect. You mentioned very helpfully, Silicon Valley Bank. Do you have examples of financial misconduct cases that you can share to give us a sense as to what investigators have to tackle and the evidence that they need to seek out?

Kathy Enstrom: Absolutely. I mean, one of the biggest ones and maybe I’m a little biased because I’m from Illinois and this happened here in Illinois is Dixon, Illinois, a city employee named Rita Crunwell stole over fifty three million dollars in 20 years time span. If you haven’t watched her document, the documentary on her, All the Queen’s Horses. It’s on Amazon Prime.

It’s a little dated because it was a couple of years ago, but it’s still pretty amazing how she was able to, over the span of 20 years, steal that amount of money in such a small town of 17000 population, approximately. The lessons learned in that one is quite amazing. She was the sole person in charge of accounts payable accounts, receivable bank accounts, regulatory authority of the bank account. I mean, she basically was the one man show, which is common in small organizations like a city like Dixon.

But typically an embezzler would never take any time off. They are the most dedicated employee you have. This case was interesting because she did take a lot of time off her secondary career was showing quarter horses on a national level and had an amazing farm near Dixon or in Dixon and won many, many trophies. And so she took a ton of time off, but the way she handled the reporting and the bank account that it was secretive is was quite ingenious, but also very simple. If it was any more complicated, she probably would have gotten caught sooner, but it was very simple.

But ultimately while she was out of the office, another city employee asked for bank accounts from the local bank, say, give me all the accounts. I’m in a rush. Just, you know, give them to me as soon as possible. Typically when she would ask Rita would tell her only ask for these accounts, not the last number, last account that Rita was keeping on the side, the bank decided to give them all everything, all the accounts. And that’s when she found the other account that seems to be like the slush fund.

So it was amazing that this is what turned it to be that that employee then turned to the mayor who then turned to the FBI. And for months, the FBI worked this investigation from top to bottom and tried to find, you know, how she was stealing all of this money for such a long period of time. Ultimately, she was arrested, charged and all of her assets were seized for forfeiture to replenish and give back to the city of Dixon. What’s interesting also here is there was no checks and balances within the city, but there was an auditor involved.

And so you think that, oh, I’ve got an audit on this. It’s fine because an auditor would have noticed this other bank account. Unfortunately, in this case, the auditor did not know about it. And therefore, I shouldn’t say they didn’t know. They kind of knew. And ultimately, they were forced to pay $35 million back to the city as well in a civil lawsuit after everything was said and done.

The auditor kind of knew that, you know, this was all being done. They knew about the bank account. They actually prepared her personal returns as well. So they kind of knew where she was getting her money or sort of, or where she wasn’t getting her money. And so they didn’t advise the city and therefore had to pay later. But having those checks and balances in any organization is so incredibly important so that not one person handles everything.

And that is one good example. I’m going to do another quick, quick example about economic or corporate espionage. So economic and corporate espionage is a priority of the FBI. And what that means is, are there people out there trying to steal secrets within the business and then sell it to someone else, whether or not it’s domestically or internationally?

So last year, a man in New York who worked for GE Power was sentenced to conspiracy to commit economic espionage after a four-week trial. He sought to enrich himself by exploiting his position at GE Power, gather technology, and conspired with the government of China to steal that technology and give it to them. And like I said, he sought to enrich himself. So he most likely got money from China for doing this. He ultimately was sentenced to 24 months. But here are some signs for not only economic espionage, but also for the example I gave with Rita Crunwell out of Dixon, Illinois. Is that if the people have some unexplained wealth, maybe you need to start questioning that.

In the instance of Rita, she had an amazingly huge farm and people didn’t necessarily question why she had all of this money when she was just a city employee with high school education. So maybe they should have questioned a little bit more. Same with the GE Power gentleman. Maybe he had extra money that the other employees of his are like, “How does he drive this amazingly great car and I’m sitting here with whatever else?” So that’s one unexplained wealth is a sign that could be somebody having issues or maybe doing something on the side.

I would be cautious with that. You got to make sure that you’re not accusing people unsubstantiated. But there’s some other signs that could be added in there. Maybe they work weird hours. They are the only person that maybe understands accounting if they’re in the case of Rita. Whenever there was a question about accounting, they would just say, “Oh, just ask Rita. She’ll tell you everything and then she’ll probably just give you a lot of accounting verbiage and try to convince you. Oh, you don’t know this. I know this. Everything is good.”

Possibly if somebody is… I’ve seen too many issues of either gambling habits or other habits that are out there that use a lot of money. It could be substance abuse. When somebody is in that area has an addiction, they need that money and so then they take chances within. So be on the lookout for that. Any complaints by vendors that maybe they weren’t paid or missing documents or vendors saying, “Well, I did pay that. Here’s the check that shows that I paid that.” Or in the case of Dixon, it was amazing because even before they found Rita had had this extra bank account, their next door city with a comparative size of population actually gave them a letter saying, “How come your profits are this and our profits are so much more than your…” Not profits.

I shouldn’t say that for a government organization, but “our budget is so much higher than your budget. I don’t understand”. And they almost were like warning Dixon like, “Hey, you really need to look into this more because you should be at the same level as us. And for some reason, you’re not.” So giving that comparison to other single organizations is super important as signs of indications or signs that somebody may be stealing from internally.

Julie DiMauro: Very helpful. Good to look at those indicia. I want to think about after the investigation concludes, what does that look like? Especially in terms of disclosures you might need to make to regulators or other legal authorities.

Kathy Enstrom: Right. So, yeah, I would say number one is you’ve got to have that post-action report that should be written and presented to corporate execs or board members if it’s all staying with internal. And then the second question is, does this constitute action by the corporation to self-disclose to law enforcement, to regulator or to Department of Justice or to whomever is appropriate? Back in March of last year, 2023, DOJ announced a voluntary self-disclosure policy for organizations to report misconduct. And this was all throughout DOJ, but even DOJ tax division specifically had an announcement in regards to this because of financial matters and how it should be reported.

And it was a pretty, I don’t know how much had it been done since then because it’s fairly new, but it is an important thing that you have to consider in case that there is an embezzlement.

Also with regulators, if you’ve got regulators, if that’s in your organization, that you absolutely should be considering reporting that matter to them because last thing you want is a regulator to find out about something before you or find out about it after you’ve already done something to that matter. That should be a partnership. The regulation or the regulator in your organization should be more of a partner is my thought. And then the most important action that should be done after a company finds out about an issue is to fix the issue immediately. Find out what happened and make sure you plug that hole.

Julie DiMauro: Absolutely. It’s interesting in that document, the DOJ document, self-disclosure policy, they mentioned timely often in it, right? And prompt reporting, prompt remediation, and yeah, just fixing the problems in a very timely way so that they can actually go in and help the organization. The organization can cooperate and thereby get the problem solved again in a way that helps the business and the market, the marketplace. So thank you for your insights. This has been truly, truly very helpful. And I’m taking copious notes. I’ll listen back so that I can jot some of these down. Kathy, it was hugely practical and very engaging. I really thank you for your time today.

Kathy Enstrom: My pleasure. It was great being on with you. I look forward to future relationships with Grip.

Julie DiMauro: Thank you to our audience for joining us today for our podcast. We hope you’ll tune back in for more of our programs and read our compliance insights and articles on our grip platform located at Happy New Year.

Listen to the audio.