Gee,

Thank you for your reply. 

The company is quite small, so they don't have an IT department as we do, but an external company that provides IT backup when needed.  IT definitely won't be "onto" this one. 

It's not whether the activity was carried out in work time that is important.  It may have been carried out after work time is ended. 

OK.  It is most unlikely that anyone here at DD can identify me or my friend (he isn't registered with DD).  This is the story:

The company in question has networked computers.  Everyone can see everyone else's stuff in their networked files EXCEPT for "my documents" and "private" folders.  My friend had to obtain a copy of documents from his colleague.  Normally, he would ask for them to be emailed, but it so happens that the colleague is on leave so he can't ask for them.  He logs into the colleague's folder and searches for a document.  In doing so, he comes across a set of documents which he thinks may be relevant to what he needs.   He opens them.  Some are relevant; some are not.  The ones that are not relevant are very shocking.  Taken individually, the documents seem quite innocuous.  When linked together, they clearly indicate that the colleague has been writing letters and documents to further a fraudulent activity.  The fraudulent activity has nothing to do with the company they work for.  The fact that documents have been saved to a computer is not proof that they have been used, but an indication that they might have been used (may seem likes semantics, but some people say "I'm going to kill so-and-so" - it doesn't mean they really will murder that person). 

Now that my friend is aware of this matter, what should he do?  The company's computer use policy has been breached and a crime may have been committed.   Is he obliged to report it? Let sleeping dogs lie; it isn't his problem?  Suggest his colleague saves personal documents onto a memory stick?