Cut down on courthouse antics. Learn how legal system abuse is defined + strategies to mitigate this type of abuse with Marsh McLennan Agency. Defend your org.
CFOs thrive on accurate information. But in a world awash in misinformation, knowing what’s true can be challenging. That makes due diligence an increasingly important part of a CFO’s job, especially as compliance the world over becomes more complex. Understanding who your company is working with, who your customers are, and what your employees are up to are critical to avoiding non-compliance and fraud.
But where to start? Cynthia Hetherington is the CEO and founder of the Hetherington Group, an intelligence and investigations consultancy, as well as the founder of the Osmosis Institute, an international association for the development and sharing of intelligence skills. She’s an expert in open source intelligence (OSINT), the use of publicly available information in answering investigative questions, and she recently published OSINT, The Authoritative Guide to Due Diligence.
CFO Brew followed up with her after she spoke at the recent Association of Certified Fraud Examiners conference in Las Vegas to understand what open source intelligence is, how it informs due diligence, and why organizations should care about due diligence.
This is part one of our interview with Cynthia Hetherington. To read part two, click here. This interview has been edited for length and clarity.
You’ve talked about open source intelligence and its role in due diligence. How do the two fit together?
Historically speaking, in due diligence, the primary and majority use of time spent for investigators is to understand the individuals and corporations that you’re being vended from, getting involved with, enlisting as customers, or acquiring. Knowing what your customer is, and understanding the match between what they are saying they are, and what they actually are, requires investigation. Open source intelligence is the methodology for gathering that due diligence.
The last 10 years have muddied up what this platform looks like. Intelligence practices and investigative practices have a certain rigor similar to accounting, similar to the function of a [chief] financial officer. They’ve gone through education, training, instruction, and have requirements based on either state or some sort of governance oversight, for what they do and how they do it. There’s not a lot of wiggle room and doing your financial work. With doing online due diligence work, using the internet to answer your questions is nothing but wiggle room.
In an era of misinformation, disinformation—I don’t say this in the negative terms—but [with] artificial intelligence and use of artificial intelligence to help you, you need to now create a left and right lane to establish a formula for conducting investigations to know your customer, your vendor, your partner, your bosses, your employees. There’s no excuse not to know that information, it’s there. Open source intelligence, or OSINT, is the practice for getting that.
You mentioned this flood of misinformation and artificial intelligence. How responsible do you see organizations for verifying the information that they’re encountering and for verifying the relationships that they have?
I’m very concerned with how companies are ingesting information for doing their own internal due diligence now, especially in light of misinformation and disinformation. There’s a lot of talk about it. There’s a lot of posts in LinkedIn, there’s a lot of business professional associations discussing or having lectures about it. But there’s no normative process for understanding how to deal with this or misinformation. Artificial intelligence is just a force multiplier. It allows us to do anything faster. Yet nobody’s come in with compliance that says, “This is how we ingest that information.”
Why should organizations care about doing good due diligence? It’s a cost center for a lot of organizations and our audience is concerned with how much things cost and how much profit they produce.
We could say that chief financial officers are not out there at the front line with a shotgun protecting the gates. But yes, he or she is, because if you start making financial moves, or accepting proposals for what they look like, or not fact checking the companies you’re getting involved with, not only could you be getting in bed with a company that is fraudulent, you can crush the entire company, taking the livelihoods out of the staff.
The [chief] financial officer is the front line. They’re not the accountant at the end saying, “This is how we, at the end of the year, put our financial statements in so that we can be accountable”; they’re the front line keeping the company safe.
I’ve always worked with—I’ll use a broad term—accountants. Yes, you’re going to find an attorney somewhere, and they’re always going to say, “It depends.” But an accountant is going to sit down and say, “Show me the data.” Oh, my God, I love my financial officers, because that’s all open source intelligence, due diligence does—it pulls data, does analysis, and then works with financial officers so that they can ingest and say, “This matters or this doesn’t matter.”