Andrews International


Following an acquisition of a major UK organisation by a US client of Andrews International, the company became the victim of a recurring series of cyber enabled fraud attacks that resulted in significant financial losses and presented a risk to its reputation and ability to operate.


The company’s aim was to understand the nature of the attacks on the company, establish whether current or former staff were involved and prevent the crimes from recurring in the future. Operating in the regulated sector, there was an additional imperative to be able to evidence that adequate procedures were in place to protect customers and investors.

Today Advisory was commissioned to conduct an independent structured review of the problem, test controls and implement fraud prevention tactics as part of a Policy Health Check.


Working in accordance with Today Advisory’s strict ISO:9001 and ISO:27001 certified quality and security processes, a dedicated project manager was appointed and produced a project plan that was agreed with the client. The manager then assembled a team of subject matter experts with appropriate skills and experience for the assignment. They completed tasks which included multilingual open source research; structured interviews; data sharing and matching; and facilitating liaison with national and international agencies.


The Today Advisory team examined all lines of enquiry and succeeded in identifying those persons responsible for the frauds; recovery of hardware used to perpetrate the crimes; and identification of the suspect responsible for creating the software installed within it.

Information received from interviews with staff and other parties and corroborated by research and analysis concluded that on the balance of probabilities, those responsible for the cyber enabled fraud attacks on the company were not aided by an insider. Changes to make the company’s fraud, security and anti-corruption policies compliant with the law and recognised best practice were recommended and adopted.

The fraud attacks against the company stopped and the company was able to provide the regulator and other stakeholders with evidence that it had acted correctly and had appropriate procedures in place to prevent a recurrence of the incident.