Cue movie trailer narrator: In a world beset with misinformation and regulatory complexity, it falls on finance professionals to conduct accurate and timely due diligence to protect their organizations from fraud, legal, and reputational risk.
However, that’s a great big mandate: Do finance professionals have what it takes?
Cynthia Hetherington, is the CEO and founder of the Hetherington Group, an intelligence and investigations consultancy, as well as the founder of the Osmosis Institute, an international association for the development and sharing of intelligence skills. She’s an expert in open source intelligence (OSINT), the use of publicly available information in answering investigative questions, and she recently published OSINT, The Authoritative Guide to Due Diligence.
CFO Brew followed up with her after she spoke at the recent Association of Certified Fraud Examiners conference in Las Vegas about common due diligence mistakes, the skills finance professionals need to practice open source intelligence (OSINT), and how organizations should be thinking about due diligence.
This is part two of our interview with Cynthia Hetherington. To read part one, click here. This interview has been edited for length and clarity.
What are some of the due diligence mistakes that you see organizations making?
There are a few mistakes that happen. One is coming late to the game. You know, in the 11th hour somebody decides, “Oh, wow, now is a good time to get a background investigation done on the parties or players we’re getting involved with.” Also, fact checking international relationships and making general assumptions that things will just be unavailable, inaccessible or too expensive to reach. Now that the internet has just been in, productively speaking, it’s 30th year of really giving us answers. Everything is within reach now. The third point is that the [chief] financial officer doesn’t always understand where the barriers are legally and ethically.
What skills do finance professionals need to engage in this kind of work?
I cannot believe, when I look at what I thought of as accounting 10 years ago, and what someone who’s getting an accountancy degree is doing today. You’re not an accountant anymore. I mean, you might have accounting skills, but you’re a data analyst, you’re scrum developer, you’re way more educated on software platforms than anyone else that I know of.
They’re actually OSINT analysts because they’re going out there and doing their own due diligence. They’re making best use of Google and maybe some other tools at their fingertips.
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
Accountants are very analytical thinkers, just to make a blanket statement. They’re incredibly analytically minded. They could think both in Venn diagrams and linear, so they make excellent investigators because they could follow a thread all the way to the end. They really are naturally disposed to doing this.
What’s your kind of broad advice around due diligence and OSINT for the CFO of, say a $100 million company? How should they be paying attention to it?
To the CFO of a mid-market company, that’s when you’re at the most vulnerable state because you don’t have as much oversight. You’re not a publicly traded company, perhaps where oversight is just written into your doctrine and we know we have to check a box to make sure. So all those the Foreign Corrupt Practices Act and the Fair Credit Reporting Act and driver’s protection, and privacy—all those acts and the legality of it, they’re not written in. It’s mandatory, but they’re not written and that’s not going to be what’s top of mind.
He’s going to be looking at his EBITDA, he’s going to be looking at his numbers at the end of the year. It’s too much for that [CFO] to then also pivot and say, “Oh, we’re in major acquisition mode and we’re going to be buying packaging companies in China, India, Brazil, and Mexico. We’re going to start taking our production and our manufacturing out of this state.”
The due diligence analysts at his side are saying, “Are the people that you are now pivoting to legal, ethical, and within compliance and aligned with your company’s value and mission statement?”
Everything might line up perfectly. But if you decided to move your company to a factory that had bad construction, and it crumbles to the ground, killing 80 of your employees—this has happened—and a protest shows up on your doorstep tomorrow because you didn’t pay a million dollars to every one of the families that lost a family member in that building collapse. Then you’re the company that kills people making children’s clothing, or you’re the company that didn’t really make sure that the seal was tight on the baby aspirin before it got distributed.
This is what a due diligence expert does for the [CFO]. We make sure, together, that the CEO is not going on camera and apologizing...to say, “I'm sorry, we made a mistake.”