Fraud

 

 

The Lucrative Library Fraudhttps://iaonline.theiia.org/2021/Pages/The-Lucrative-Library-Fraud.aspxThe Lucrative Library Fraud<p></p><p>This is a very surprising allegation,” said the library manager during an interview with auditors. When the Office of the City Auditor in Austin, Texas, initially looked into an accusation that a staff member of the Austin Public Library was buying printer toner with the library’s credit card and reselling it out of his garage, library staff reported that nothing appeared to be particularly out of place. The auditors were repeatedly told that Randall Whited, the accounting associate who, according to auditors, allegedly stole at least $1.3 million in printer toner while employed with the library, was very well liked. </p><p>The Office of the City Auditor received an anonymous tip in March 2019 with few details. The City Auditor’s Integrity Unit had a name, a job title, and knowledge that Whited had access to a city credit card. The investigation began by sifting through purchase records, which allegedly revealed that Whited spent hundreds of thousands of dollars on one particular brand of printer toner. The auditors wondered if this was too much toner or an appropriate amount for a library with more than 20 locations, so they set out to learn more about the library’s purchasing system and the amount of toner used by staff. </p><p>Library employees told the auditors their branches used just a few cartridges a year. However, the public-facing printers, which received the bulk of use, used a different brand of toner than Whited’s purchases. Auditors took the printer’s usage history from each printer’s memory and combined it with manufacturer printer cartridge capacity data to estimate how much toner was needed. It appeared that Whited was overbuying hundreds of boxes of toner every year. So where were the extra boxes going? </p><p>Despite his 8 a.m. start time and instructions from his supervisor to arrive no more than 30 minutes early, camera footage allegedly revealed that Whited often came in as early as 6:30 a.m. and would take boxes of toner from the library and hide them in his vehicle. </p><p>Once the auditors had evidence that Whited was stealing toner, the focus shifted to determining how much he may have stolen during his employment. The initial review of purchase transactions was expanded to encompass Whited’s entire tenure with the library starting in 2007. The analysis uncovered more than $1.5 million in printer toner purchases dating back to 2010. Through printer usage data, auditors estimated that the library would have needed about 15% — roughly $200,000 — of that amount, at most. </p><p>The expanded review also found other ways that Whited allegedly was defrauding the city, including dozens of purchases totaling at least $18,000 that were reportedly shipped to Whited’s home address or to Amazon lockers located outside of Austin. The auditors were able to find backup documentation for these purchases — ranging from video games to drones to robotic vacuums — which clearly indicated some of the items were never sent to the library. Additionally, some of the documents lacked detail, only including descriptions such as “supplies,” which made it nearly impossible for the people responsible for approving Whited’s purchases to know what they were signing off on. Library managers trusted him, so they never questioned him on the purchases or why they were being shipped to his home. To make matters worse, the approvers had no idea how much toner was appropriate to buy, so Whited’s daily purchases of toner did not raise any concerns. Nor did the fact that the library overspent its budget for office supplies by roughly 400% for several years in a row. As long as the library was under its total allocated budget, management did not look into details.</p><p>According to auditors, a lack of segregation of duties also contributed to Whited’s alleged fraud. He reportedly received most of the items he ordered, so he controlled both ends of the process for the library. He also was assigned multiple roles in the purchase tracking system, so he could more easily redirect questions about the purchasing process or his purchases.</p><p>After evidence allegedly confirmed the audit findings, auditors wanted to know what Whited was doing with the goods he appeared to be purchasing using city credit cards. The answers starting trickling in through social media. Auditors found Whited allegedly was using online marketplaces to sell some of the items he stole from the library. Auditors also found evidence that suggested Whited was selling toner to online grey market websites that specialized in selling pre-owned toner. </p><p>Ultimately, the City Auditor’s report in October 2020 detailed Whited’s alleged enormous fraud, as well as the waste that the City of Austin incurred as a result of the purchases and management’s failure to catch on sooner. Whited resigned in August 2019, before the conclusion of the investigation. He was arrested in September 2020 and is awaiting trial. <br></p><table cellspacing="0" width="100%" class="ms-rteTable-4" style="height:30px;"><tbody><tr class="ms-rteTableEvenRow-4"><td class="ms-rteTableEvenCol-4" style="width:100%;"><strong>​LESSONS LEARNED</strong><ul><li>Segregation of duties works for a reason. The same person should not be allowed to order and receive items. Just as importantly, employees should not be able to approve their own purchases. When investigating, auditors should look for individuals who hold dual roles like these that could be exploited.</li><li>Empower reviewers. Purchase approvers or reviewers in an organization should know they are more than just a rubber stamp. They should be trained on the importance of their role and their ability to say “yes” or “no” in the purchase approval process. Additionally, auditors should make sure these individuals have appropriate operational knowledge about the area of the organization for which they approve purchases so they understand what needs are real. When investigating, auditors should listen for witnesses who say they “just trust” someone to take care of things.</li><li>Don’t rely solely on witness testimony. In this investigation, like many, witnesses were interviewed to learn more about library operations before auditors knew what records or other evidence might be useful. The initial witnesses shot down the idea that Whited might be defrauding the City. He was a “great employee” who had been in the job for years and knew what the library needed. Had auditors stopped the investigation after witnesses contradicted the allegation, the fraud might still be occurring today.</li><li>Keep an open mind about evidence. Auditors never know what they are going to find during an investigation or where evidence will come from. When this investigation started, no one on the audit team knew much about printers or printer usage. They worked with IT staff to review printer manufacturer information and learned that most printers have enough memory to keep a record of everything they ever printed. By combining the printed page records with manufacturer toner data, they were able to calculate how much toner the library needed over a given time period. That was a huge step in the investigation and allowed auditors to determine how much excess toner Whited allegedly was buying and stealing.<br></li></ul></td></tr></tbody></table><p></p>Michael Yamma1
Procurement Fraud: 12 Common Pitfallshttps://iaonline.theiia.org/2021/Pages/Procurement-Fraud-12-Common-Pitfalls.aspxProcurement Fraud: 12 Common Pitfalls<p>​<span style="text-align:justify;">Fraud can occur during any stage within the procurement life cycle, resulting in recurring and significant losses. Organizations may be at risk of fraudulent activities conducted by internal staff, collusion between internal staff and external service providers, or collusion among suppliers. Procurement fraud can be perpetrated in many ways, and it can be difficult to detect. </span></p><p style="text-align:justify;">Twelve common pitfalls, in particular, can increase the risk of fraud in the procurement process. By remaining alert to these areas, internal auditors can help protect their organizations from procurement-related losses. </p><p style="text-align:justify;"><strong>1.</strong> <strong>Weak control environment.</strong> When formalized policies are inadequate or ineffective, and staff training to help the organization prevent and detect procurement fraud is insufficient, employees may write off fraudulent or unethical activities as cultural norms. They might assume, for example, that receiving gifts and entertainment from vendors — regardless of value — is always acceptable. These perceptions can result in widespread control weaknesses and increased potential for fraud.</p><p style="text-align:justify;">Procurement policies and procedures that lack comprehensive review, approval, and monitoring of scenarios will also increase the risk of procurement fraud. For instance, in the absence of well-defined guidelines and controls, purchases can be designated as "urgent" or "emergencies" to bypass the need to compare competitive quotes.  </p><p style="text-align:justify;"><strong>2.</strong> <strong>Incompetent purchase budget review or approval.</strong> Reviewers and approvers may not have been equipped with relevant antifraud skills to ask the right questions before requested items are approved in the purchase budget. After budget approval, users or requestors can make purchases much more easily. Effective budget reviews are therefore especially critical to fraud prevention. </p><p style="text-align:justify;"><strong>3.</strong> <strong>Inadequate purchase request scrutiny.</strong> In the absence of proper scrutiny, staff members might be able to request and make excessive or unnecessary purchases. It is therefore essential for those charged with evaluating the validity of purchase requests to carefully review and assess the justifications for items to be purchased. </p><p style="text-align:justify;"><strong>4.</strong> <strong>Inadequate review of purchase specifications</strong>. Organizations require specific expertise to evaluate the validity and appropriateness of purchase specifications indicated for sourcing.  Without this resource, purchase specifications can be customized to favor certain vendors and cause unnecessary financial losses to the organization. </p><p style="text-align:justify;"><strong>5.</strong> <strong>Ineffective quote reviews.</strong> Without effective assessment of quotes or bids before contract award, intentional favoritism of a particular vendor might not be easily detected. It is easy to enable a particular vendor to be selected when limited criteria are used to assess competing vendors. Management should carefully review and decide on vendor assessment criteria and then evaluate the competing quotes or bids received accordingly.  </p><p style="text-align:justify;"><strong>6.</strong> <strong>Insufficient background checks.</strong> The organization may fail to conduct effective background checks on new vendors. It may approve vendors without requiring them to provide appropriate documentation, such as business registration details. This deficiency creates, for example, the potential for staff members or their relatives to set up a shell company to make excessive or fictitious purchases that benefit themselves or their relatives at the expense of the organization. </p><p style="text-align:justify;"><strong>7.</strong> <strong>Ineffective conflict-of-interest declaration procedures.</strong> Periodic conflict-of-interest declaration procedures may become a check-the-box exercise instead of a meaningful control activity to prevent and detect inappropriate transactions. For example, the procedures may lack adequate vendor details to help staff identify the companies with which their organization is transacting. Without well-designed procedures, employees may perceive the conflict-of-interest declaration as routine and fail to recognize its importance. </p><p style="text-align:justify;"><strong>8.</strong> <strong>Ineffective inspection of goods and services received.</strong> If goods and services are delivered to the organization without being checked and acknowledged by independent, competent parties, intentional underdelivery, damaged goods, or inferior goods could go undetected. </p><p style="text-align:justify;"><strong>9.</strong> <strong>Ineffective project monitoring.</strong> Without robust controls in place to monitor ongoing projects — including periodic reviews of percentage-of-completion, estimated costs-to-complete, etc. — the organization may not detect warning signs of fraud such as excessive change orders and cost mischarging. </p><p style="text-align:justify;"><strong>10.</strong> <strong>Ineffective three-way matching.</strong> Those responsible for reviewing invoices submitted for payment may lack the expertise to recognize potentially fraudulent items, such as personal purchases, inflated invoices, and fictitious purchases. Moreover, they may neglect to perform a three-way match among the purchase order, receipt of goods, and supplier invoice. As a result, procurement fraud schemes may go undetected prior to vendor payment. </p><p style="text-align:justify;"><strong>11.</strong> <strong>Absence of robust procurement analytics.</strong> Highly irregular one-time payments may be relatively easy to spot with periodic checking and basic review procedures. But when irregularities occur more frequently, with lower dollar amounts that seem insignificant in isolation, they might easily go unnoticed without more sophisticated analytics. The organization can perform analytics with indicators that reflect repeated purchase orders with amounts just below the approval threshold limits, excessive purchases made from particular vendors, etc., to facilitate the identification of irregular activity. </p><p style="text-align:justify;"><strong>12.</strong> <strong>Inadequate criteria for evaluating vendors.</strong> Once a vendor is hired, the organization may neglect to monitor its performance on an ongoing basis. Robust criteria, such as applicable quantitative and qualitative performance criteria and indicators (e.g., price competitiveness, timeliness of delivery, product or service quality, and customer service responsiveness), should be evaluated periodically to ensure staff make value-for-money purchases, instead of excessive or fraudulent purchases, on the organization's behalf. <br></p><h2>Avoiding the Pitfalls</h2><p>Opportunities for procurement fraud abound in nearly every organizational setting. With awareness of the potential pitfalls, internal auditors can take steps to equip themselves with crucial knowledge to review and provide advice on control procedures that can prevent unnecessary procurement fraud losses. <br></p>Sylvia Lim1
Hush Money Fraudhttps://iaonline.theiia.org/2020/Pages/Hush-Money-Fraud.aspxHush Money Fraud<p>​In early 2020, Lauren George was promoted to director of internal audit at the Pier Ten Group, a management company for a hotel chain in Southern California. George was interested in innovation and had training in robotic process automation, which she was eager to bring to her new role to increase productivity and expand risk coverage.</p><p>Before her promotion, Pier Ten’s internal audit department typically performed smaller audits using manual processes. George’s first goal as director was to improve coverage without increasing staffing. She started by adapting a pre-built reconciliation bot to compare expenses to receipts and reperform all bank reconciliations starting with the company’s San Diego property.</p><p>The expense reimbursement bot was simple. Receipts were already stored in a shared folder by date and titled by date and dollar amount. The bot downloaded expenses for the year into one Excel file. It then went into the receipts folder and copied the date, description, and amount for the expense into the same file. Finally, the bot sorted the expenses by date and amount and flagged any unsupported expenses and receipts not matching an expense. </p><p>Before she reviewed the flagged items, George manually checked a sample of matched items to confirm the bot was working correctly. In the first pass, it identified 22 mismatches where expenses matched but the date on the receipt was off by a day. To be certain, she reviewed some of the receipts to make sure they matched the descriptions. The bot also flagged 12 expenses for $500 without receipts totaling $6,000. George thought the bot wasn’t picking up the receipts until she saw there were no receipts in the folders, just a blank sheet titled by day and dollar amount. </p><p>When George pulled the expense reports filed for each of these, she identified three commonalities: The receipts were missing, the description on the expense report was labeled “business expense reimbursement,” and the reimbursements were made to Skip Townes, the hotel controller.</p><p>The reconciliation bot was deployed next. It was pre-built, but required some modifications to make certain it was accessing the bank systems to retrieve bank account and credit card information. It also downloaded information into Excel and compared dates and amounts and flagged items that did not match. The results were messier than the expense reimbursement bot. Although many items matched, several items remained unreconciled. </p><p>George pulled the monthly reconciliations and started comparing line items with the bot’s reconciliation. She identified better rules that would help the bot perform more effectively next time, including pulling different reports to help reconcile some items. After her review, she was left with 12 credit card overpayments totaling $87,321.53. </p><p>Satisfied with a successful first pass, George documented her results and met with Walter Banning, the property manager, and Townes. To her surprise, Banning and Townes did not share her enthusiasm about the bot’s performance. George’s questions about the undocumented receipts and credit card payments were met with challenges about the technology. When she showed the source documents supporting the outstanding questions, both men expressed concern and insisted they would investigate and get back to her. </p><p>George suspected she was being stalled after weeks passed with no answers. The questions she asked could easily be answered with a little digging, so she contacted Wilson Kon, the audit committee chair, for guidance. George explained to Kon how the bots reperformed manual repetitive tasks, just like having an audit staff member who did exactly what he or she was told over and over. The work still needs to be reviewed and source documents pulled to investigate, but the observations are validated just like any other audit. Convinced by George’s explanation, Kon encouraged her to expand her review of the property’s financial processes, and assured her that Banning and Townes would provide her answers. </p><p>The next day, George met with Banning and Townes to discuss the observations. Both men were on edge and kept changing their answers. According to Banning, it was an IT issue that they were exploring. When George asked them to explain, they could not. Townes suggested it was a performance issue with the employee performing the reimbursements and reconciliation. George pointed out that Townes approved the reconciliation and Banning approved the expense reimbursement. She followed by asking why they did not flag these issues in their review. Banning went back to blaming the issues on the bot. George again left the meeting with no answers. </p><p>George first called Kon with an update and then the district manager and human resources (HR). With their support, she expanded her review to all financials for a month and went directly to the staff member performing the reconciliations. Several flagged items appeared, which were validated. The hotel accountant quickly identified the flagged items as bonus checks, reimbursements for Banning’s credit card, and car allowances for Townes. Surprised and curious, George dug in deeper.</p><p>She discovered that shortly after Banning was promoted to property manager, the corporate office cut the bonus program. He felt this was unfair and that he should be compensated for the success of his property, so he instituted his own bonus program. With the help of Townes, Banning found various ways to issue the bonuses, including a $500 monthly reimbursement to the controller to keep quiet about the bonuses. An expanded review found that the expenses for $87,321.53 were payments to Banning’s personal credit card company, and that extra manual payroll checks were issued to the controller, front desk manager, and housekeeping manager. In total, George identified nearly $485,000 in unsupported and suspicious payments, payroll checks, and reimbursements spanning three years. </p><p>George turned over her results to HR and local authorities. Pier Ten terminated Banning and Townes and brought charges against them. They claimed that the bonus program was sanctioned by the corporate office through a handshake deal.  <br></p><table cellspacing="0" width="100%" class="ms-rteTable-4" style="height:30px;"><tbody><tr class="ms-rteTableEvenRow-4"><td class="ms-rteTableEvenCol-4" style="width:100%;">​<strong>Lessons Learned</strong><ul><li>Robotic process automation (RPA) is a useful tool for enhancing internal audit capabilities. Simple and quick bots can immediately enhance department productivity when applied to repetitive processes relying on digitized data and tasks. </li><li>Fraud risk always exists, but internal audit must balance risk and resources. Deploying RPA can significantly lower the cost of certain fraud detection procedures. These procedures would mitigate many difficult-to-close internal control gaps in small- and medium-size companies. Initially, this could lead to fraud detection, but over time, these inexpensive procedures would become preventative. </li><li>When developing bots for audit work, internal audit should consider passing them off to the business units. Reconciliation bots make useful audit tools, but once hardened, they are capable of performing the regular control function, providing additional value and capacity to the business departments. Just like analytics, later reviews can include regularly testing the bot’s performance and, when convinced, relying on the bot’s results. <br></li></ul></td></tr></tbody></table><p></p>Bryant Richards1
Billed Around the Clockhttps://iaonline.theiia.org/2020/Pages/Billed-Around-the-Clock.aspxBilled Around the Clock<p>​Two years ago, Future Energy Corp. (FEC), based in Finland, decided there was a need for flexibility and cost-cutting, so it changed its payment for services from a fixed fee to an hourly fee and implemented an IT system to track hours. Future Power, a subsidiary of FEC, relied heavily on BX Solutions OY, a subsidiary of BX Ltd., to maintain and repair its production equipment. After FEC conducted an annual risk assessment of its subsidiaries, internal audit decided to schedule a review of the equipment maintenance and repair process. </p><p>The audit revealed Future Power’s high dependency on BX Solutions OY and a lack of competition in the region. The audit report also outlined the potential risk for overbilling fraud because of insufficient verification of hours reported by BX Solutions OY personnel. The subsidiary was renting office space for its personnel on the premises of Future Power, so logs from entrance systems did not provide any insight on whether its employees were working on Future Power equipment or doing other tasks. The audit team concluded that the risk of overbilling existed, but no proof could be provided. Future Power management chose to accept the risk and stated additional controls were not needed. Internal auditors insisted they were and escalated the issue to FEC’s board of directors. Finally, as a compromise, Future Power management allocated one employee to conduct independent checks of hours reported by BX Solutions OY.</p><table cellspacing="0" width="100%" class="ms-rteTable-default"><tbody><tr><td class="ms-rteTable-default" style="width:100%;"><strong>LESSONS LEARNED</strong><br>​<ul><li>When it comes to the purchasing of services per hour — lawyers, IT developers, consultants — how often are organizations overbilled? How can an organization find the right balance of trust and control? Organizations risk playing a “catch me if you can game” with contractors unless the environment encourages fair reporting of spent hours. Internal audit’s role is to review the process of hour validation and determine whether hours can be verified, at least to a reasonable extent. </li><li>Operational-level management is usually overwhelmed with important daily issues, so it is difficult to get managers to take an interest in a potential fraud risk. When they read an internal audit report that raises a red flag about something that has not happened — but might — they might not care nor understand the seriousness of the risk. Rather than point out lack of caring, internal auditors should suggest additional controls or work toward reaching a compromise that satisfies both parties.</li><li>Collaboration with a contractor that acknowledges fraud is unlikely to happen often — if at all. If the contractor has already made up its mind about how much it is going to reimburse, any collaboration promises are likely to be empty declarations. Also, internal audit should keep in mind that there is likely a specific reason why a contractor wants to acknowledge fraud. The best-case scenario is that the contractor is embarrassed of its findings and wants to avoid bad publicity. The worst case is that it is trying to cover up something much bigger and wants to voluntarily return a small part of what was stolen from the company to avoid litigation and prosecution.</li><li>When circumstances require internal audit to collaborate with outside parties where conditions or other information is exchanged, it should include legal counsel to avoid any unwanted damage to the company, such as disclosure of confidential information. It’s important for internal audit to know when to step back as a trusted partner.</li></ul><br></td></tr></tbody></table><p>One year later, Future Power’s CEO emailed FEC’s audit manager, Alicia Cohen, after he received a letter from BX Ltd.: “I am forwarding to you a weird letter from our main maintenance and repair partner, BX Ltd. I told them you will handle it from here.” </p><p>Cohen could barely believe what she read in the forwarded letter. BX Ltd. reported that its local subsidiary was defrauding FEC: “Due to a mistake and misbehavior, working hours have been overbilled since our last contract renewal. Corrective action has been taken and a credit for €2.3 million ($2.7 million) will be issued to you immediately. We suggest a regular review to ensure a robust hourly recording process moving forward.” </p><p>The audit team felt vindicated. The potential fraud risk scheme they described to management a year before was realized. The team set out to investigate how the overbilling happened. </p><p>Initially, BX Ltd. willingly cooperated. Via web-based meetings, BX Ltd.’s compliance representative, Pierre Brodeur, explained that its investigation was triggered by an anonymous whistleblower complaint from BX Solutions OY. The investigation revealed that remuneration for BX Solutions OY management depended on the profitability of Future Power’s maintenance and repair contract, as it was its biggest and most important client in the region. The change from fixed pricing to an hourly based system caused BX Solutions OY management to become concerned about profitability levels, so employees were instructed to bill Future Power for as many hours as possible. After the conclusion of the internal investigation, BX Solutions OY management and the employees who participated in the scheme were fired. </p><p>Brodeur handed over internal time sheets of BX Solutions OY employees involved in maintenance and repair activities. FEC’s internal auditors compared the time sheets against billed hours, determined the number of overbilled hours, and multiplied the difference by the hourly rate to calculate the value of the hours. When FEC’s investigative team reported an amount two times higher than the €2.3 million, cooperation between the parties ended. BX Solutions OY misled BX Ltd.’s compliance team, claiming repairs were still priced at a fixed rate, so BX Ltd.’s compliance department calculated overbilled hours for maintenance services and disregarded hours spent on repairs. FEC’s internal auditors, however, reviewed repair contract terms with legal counsel and concluded that repairs had to be billed on an hourly basis, as well. </p><p>The internal controls assessment did not take long. Internal audit tried to reconcile time sheets of BX Solutions OY personnel with hours recorded in the system, but there were no names or employee identification numbers. Moreover, BX Solutions OY personnel could record their hours monthly rather than on an ongoing basis. As a result, Future Power supervisors issued and accepted work orders without knowing how many people were on site on any specific day. </p><p>An analysis of work orders for the previous two years found that more than 40% of annual maintenance expenses were for regularly conducted visual inspections of equipment. It was impossible to determine whether inspections were actually carried out because there was no paper trail. </p><p>Though Future Power appointed an employee to conduct independent checks of hours reported by BX Solutions OY the year before, management never touched base with the employee to determine whether he had suitable tools to conduct those checks. The employee was overloaded with other duties and preferred to keep a low profile without interfering, controlling, or suggesting improvements. </p><p>Future Power eventually received €2.3 million from BX Ltd. and filed a legal dispute for additional amounts owed. <br></p>Anna Kon1
The Seducer's Gamehttps://iaonline.theiia.org/2020/Pages/The-Seducers-Game.aspxThe Seducer's Game<p>​Intelligent, innovative, witty, charming, persistent, optimistic, bold, adaptable, and business savvy — these often are the key traits of a leader. But what if those traits mask other, less exemplary characteristics, such as being manipulative, deceptive, fearless, and thinking he or she is untouchable, while also lacking any sense of integrity, honesty, and empathy? Unfortunately, these traits can coincide within the same person. </p><div><p>The unique combination of these personality traits defines a seducer, which can be seen in modern-day fraudsters such as Theranos’ Elizabeth Holmes and Fyre Festival’s Billy McFarland. Within the Seduction of Fraud methodology, seduction refers to a psychological process that often plays a significant role in contemporary frauds. Therefore, it is important for internal auditors to understand the seduction of fraud and how it relates to fraud prevention, detection, and investigation within their own organizations.</p><h2>The Seduction of Fraud Diamond</h2><p> For decades, internal auditors have relied on the elements of the Fraud Triangle — pressure, opportunity, and rationalization — to understand fraud and develop internal controls that limit the risk of fraud to their organizations. While experts have provided alternatives to the Fraud Triangle, a new approach can be used to understand and prevent the latest variations of fraud, what we call Big Frauds, from occurring. These Big Frauds — such as Fyre Festival, Theranos, Volkswagen, and Wells Fargo — are similar to their traditional counterparts, yet stark differences become apparent under evaluation. It was through this evaluation that we realized the limitations of the Fraud Triangle and developed a tool to replace it — The Seduction of Fraud Diamond (See “The Seduction of Fraud Diamond” below).</p><p><img src="/2020/PublishingImages/Seduction-of-Fraud-diamond.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:500px;height:273px;" />There are differences between the Fraud Triangle approach and the Seduction of Fraud methodology. First, it is important to understand the original intent of Donald Cressey, who is attributed as the creator of the Fraud Triangle. As a criminologist, Cressey wanted to understand why trusted employees without a history of unethical or illegal behavior would decide to betray their employers. So, after excluding from his study anyone with a criminal record or a history of unethical behaviors, Cressey interviewed inmates who were first-time embezzlers to determine any similarities among them and try to understand their motivations. His observations and key takeaways resulted in the well-known attributes of the Fraud Triangle. But the study’s objectives and parameters point out obvious limitations in applying the Fraud Triangle to a wide array of modern white-collar schemes and perpetrators. </p><p>The Fraud Triangle’s primary weakness is its basis of starting with an honest person — a person who needs a combination of specific motivations and circumstances to commit fraud. The Fraud Triangle fails to explain why most people involved in the Big Frauds had no history of criminal activity or unethical behaviors, yet committed fraud even though there were no circumstances that justified their behavior. </p><h2>The Psychology of Fraud</h2><p>The Seduction of Fraud methodology examines human behavior and ethical decision-making related to fraud. Using this methodology, auditors not only rely on traditional understanding within the anti-fraud and audit community, but they also reach into the fields of analytical psychology, psychiatry, literature, philosophy, and religious studies. Combining these divergent areas of study can bridge the gap between fraud prevention, ethics, and human behavior. </p><p>As a psychological process, seduction has existed since the beginning of time. It is described in religious scripture in the Garden of Eden; historical chronicles of Cleopatra’s power and control; and 18th century Giacomo Casanova’s detailed use of seduction as a tool to commit frauds, cons, and social engineering. From an early age, Casanova understood the importance of reading the emotions of others, which allowed him to manipulate and deceive, and become one of the most infamous con artists in history. </p><p>Understanding the true meaning of the Seduction of Fraud requires removing the veil of normal human behavior to look earnestly at the inner core of humans to realize their true motivations. The Seduction of Fraud Diamond starts with a temptation, which might involve some sort of pressure, but does not require it. Once the temptation is set, the next part of the psychological process begins: deception. The goal of seduction is to gain power and control over the person being defrauded — not through force, but by subtle coercion. The seducer’s aim is to make victims feel as if they are in control and making decisions on their own, for their own benefit. It is only after the fraud is exposed that the illusion becomes apparent. Therefore, seducers can either use the Seduction of Fraud to commit fraud themselves, or they can use it to convince other people to commit fraud or perform unethical actions without their full knowledge or understanding. </p><h2>Attributes of the Seducer<br></h2><table cellspacing="0" width="100%" class="ms-rteTable-default"><tbody><tr><td class="ms-rteTable-default" style="width:100%;">​<strong>Common Seducer Personality Traits</strong> <p>The personality traits that historical seducers and modern-day fraudsters share include being:<br></p><ul><li>Improvisational</li><li>Flexible</li><li>Innovative</li><li>A risk taker</li><li>Intelligent</li><li>Charming</li><li>Bold</li><li>Assertive</li><li>Discerning</li><li>Persistent</li><li>Witty<br></li><li>Reinventive</li><li>Business savvy</li><li>Adaptable</li><li>Manipulative</li><li>Deceptive</li><li>Fearless</li></ul></td></tr></tbody></table><p>Understanding the attributes of the Seduction of Fraud Diamond and their application through audit procedures can help in the design of effective internal controls. While simple frauds still exist — such as the trusted bookkeeper who steals to pay for her husband’s gambling addiction — they are no longer the largest risks to the organization. It is the modern-day seductive fraudsters who will more likely cause turmoil in an organization at a multitude of levels — financial, reputational, legal, compliance, etc. </p><p>While many of the seducer’s personality traits are positive attributes, it’s the traits that are missing that cause problems (See “Common Seducer Personality Traits” at right). For example, integrity, loyalty, and empathy are all missing, which should be a huge red flag for an auditor. Boldness without integrity can easily turn villainous. Additionally, when boldness is combined with any other negative personality attribute or personality disorder, such as narcissism or psychopathy, it can be a considerable threat to an organization. While opportunity is the most self-explanatory attribute of the Seduction of Fraud Diamond and the Fraud Triangle, the main difference is that in the Fraud Diamond, opportunity can be created, whereas the Fraud Triangle implies that opportunity must already exist. It is unchecked boldness that allows a potential fraudster to exploit existing opportunities or, if needed, create new opportunities. Furthermore, in many of today’s social engineering schemes, fraudsters use psychological manipulation to reach their goals. </p><h2>Investigation and Analysis</h2><p>Another weakness inherent to the Fraud Triangle is that it relies on a functioning conscience. The conscience is meant to warn a person when making questionable decisions before violating an internal boundary. Even when a person has a conscience, his or her moral compass might be faulty. For example, when during a research study we asked fraudsters to explain whether their conscience bothered them when they were planning the fraud, there were recurring responses: “Yes, but only for a few minutes.” Therefore, internal auditors must consider the possibility that a perpetrator’s conscience may prohibit his or her moral compass from functioning correctly. </p><p>A faulty conscience may be a sign of narcissism, but not every person who is narcissistic or has narcissistic personality traits is a fraudster, and vice versa. Therefore, it is crucial to be conscientious about conclusions that are not substantiated through factual evidence. This is where an auditor’s investigative skills can affirm or dispel any initial concerns. </p><p>Alongside narcissism, a faulty moral compass explains an increase in entitlement, a key attribute of the Seduction of Fraud Diamond. Self-aggrandizing behavior, which recent studies show is increasingly more common in today’s society, often leads to entitlement — a criterion used to diagnose a person with narcissistic personality disorder. </p><p>The Fraud Triangle’s final weakness is that an employee’s privacy makes it impossible for internal auditors and management to understand or analyze external pressures on that employee. This does not mean organizations need to or should conduct psychological profiles on every employee within the organization, but, at the very least, internal auditors should sharpen their skills of discernment using the Seduction of Fraud approach. Using the Seduction of Fraud Diamond will enable auditors to be attentive to potential behavioral red flags. If a person is under careful observation, and the number of red flags begins to accumulate, auditors can then consider what actions, if any, should be taken. </p><h2>Update Your Toolbox</h2><p>Internal auditors need to understand that individuals do not necessarily fit into the framework as defined by the Fraud Triangle. By updating their professional toolbox to improve their analysis, internal auditors can better understand human behavior and detect potential behavioral red flags that could be indicators of the next Big Fraud. Internal auditors can use the insights provided by the Seduction of Fraud Diamond to prevent similar scandals at their own organizations.  <br></p></div>Sanya Morang1
Schoolhouse Fraudhttps://iaonline.theiia.org/2020/Pages/Schoolhouse-Fraud.aspxSchoolhouse Fraud<p>When the Wellington School District budget crisis hit the local newspaper, citizens were shocked. The superintendent, Tina Franken, and business manager, William McKenzie, implemented innovative programs that improved employee morale and productivity — not only for the central office, but also for the eight schools within the district. Before Franken’s arrival, the school district was often an embarrassment to the town, as employee issues led to frequent firings or resignations and the airing of dirty laundry in the local news. When the longtime district accountant resigned and filed a legal complaint against McKenzie, which consisted of fraud, abuse of town policies, and violations of state laws, gossip among district employees and citizens implied there were ties between the legal complaint and the budget crisis.</p><p> With a school budget shortfall of $2 million at fiscal year-end and a legal complaint, the select board for the town had no choice but to act. It asked the town’s internal auditor, Denise Silva, to review the school district’s budget process. </p><p> Silva knew town government issues could get messy and complicated. So she prepared a high-level audit program and planned to spend a lot of time exploring. First, she reviewed the district’s budget policies and procedures and requested the previous year’s approved budget with all planning comments and 12 months of results by month and account. She planned to interview employees involved in the process and take deeper dives into any areas with significant overruns. After receiving the budget documents, she realized that she needed to clear her calendar. </p><div style="width:300px;float:right;padding-left:10px;padding-right:10px;margin-left:10px;background-color:#6eabba;color:#000000;"><h3>Lessons Learned</h3><ul><li>The budget process should be included in the risk assessment and reviewed regularly, especially in regulated environments like municipalities. A quick review would have caught many of these issues in the first year. </li><li>Removing key controls from important processes should raise red flags. If the controls had been reviewed regularly, the budget crisis and fraud could have been avoided. </li><li>Small internal audit departments should consider rotational reviews that provide greater coverage across the organization. In this example, reviews of petty cash, budget, vendors, payroll, or accounting would have identified smaller issues that would have raised red flags and the need for additional reviews.</li><li>Messy situations may require internal audit to shut down the audit schedule for the rest of the year. Not only is it important to focus internal audit resources on high-risk areas, but it is critical to those responsible for oversight that they receive the clearest picture possible to make the most informed decisions about how to move forward.<br><br></li></ul></div><p>Silva detected several red flags in her initial review of the budget documents. First, McKenzie put the budget together under four large categories — instructional supplies, curriculum, payroll, and equipment — with lump sum amounts under each. Once the town approved it, the business manager arbitrarily assigned amounts to line item accounts in each category. Silva could not discern any reason for the assignment of funds. The second thing that stood out to her were hundreds of transfers throughout the line item accounts each month that were not approved by the school committee or board. Lastly, there were no budgets in place for revenue accounts, even though large amounts of money were collected for sports fees, bus fees, and student activities. These collections were recorded as petty cash for the school district to use on purchases. </p><p> Silva first interviewed McKenzie about his budget process. He explained that the budget process was cumbersome and a source of significant productivity issues, so he streamlined the two-month planning cycle to one week. Instead of providing a detailed number for each line item, McKenzie broke the accounts down into four categories based on prior years and departmental needs, and assigned each category a lump number. The school committee and board voted on and approved the categories. The town approved this process because it trusted Franken and McKenzie. </p><p> When Silva asked about missing revenue accounts in the process, McKenzie insisted that the district accountant required that all cash collections be received into petty cash, so budget figures weren’t necessary. Adjustments were made at the end of the year to reflect the accounting. McKenzie blamed the district accountant for many of the budget challenges. </p><p> Silva’s findings list was filled with broken policies, regulations, and accounting rules, but she knew more data was needed. Some basic analytical testing found that administrators in the central office were using funds to purchase large flat screen televisions, office equipment, and laptops. However, these items could not be located anywhere in the district, so Silva assumed that administrators were taking them home. She began testing invoices, which showed that the district often reimbursed administrators for conferences and travel more than once. On several of the travel reimbursements, spouses were included and paid for by the district. The amounts submitted for reimbursement exceeded the threshold specified in the district’s policy. </p><p> When Silva conducted interviews with staff in the central office, she found there were relatives of administrators on the payroll who never showed up for work. And though the office was open until 5 p.m., many administrators left at 2 p.m. Lastly, an employee who worked in disbursements revealed that administrators received kickbacks from vendors for large purchases and the awarding of contracts. </p><p> Silva identified $2 million of fraud and abuse while reviewing five years of data. But she was unable to quantify much of the activity, such as the vendor kickbacks. A reasonable comparison of the actual costs of big-ticket items and what was paid by the school district added another $2 million to the total. </p><p> As a result of Silva’s investigation, Franken and McKenzie were forced to resign and are currently serving jail time for their part in the fraud schemes. Silva quantified the known abuses — like the technology gifts, no-show jobs, time theft, and travel and expense violations — per administrator, and found that nearly every one of them received, on average, an additional $10,000 per year on top of their salary. Those in higher levels of administration received more. The district accountant received none and acted as a whistleblower by filing a legal complaint. Franken and McKenzie were making significant money with kickback and petty cash schemes, using gifts, no-show jobs, and abridged schedules to keep staff from complaining or noticing, and covering their tracks with a convoluted budget process.<br></p>Deanna Polli Foster1
Officials Call Penalty on Ex-NFL Player Fraudhttps://iaonline.theiia.org/2020/Pages/Officials-Call-Penalty-on-Ex-NFL-Player-Fraud.aspxOfficials Call Penalty on Ex-NFL Player Fraud<p>​The U.S. Department of Justice has charged six former National Football League (NFL) players with filing $3.9 million in fraudulent health-care claims, according to <a href="https://www.infosecurity-magazine.com/news/six-former-nfl-players-charged-4m/" data-feathr-click-track="true" target="_blank" style="background-color:#ffffff;"> <em>Infosecurity Magazine</em></a>. Prosecutors say the retired players submitted out-of-pocket medical expense claims for expensive medical equipment they never purchased.</p><p>The alleged fraudulent claims — some using forged prescriptions, invoices, and medical orders — were filed between June 2017 and December 2018. Moreover, some of the former players allegedly received kickbacks for recruiting other players into the scheme. Seven other retired players, who were indicted in December as part of the same alleged conspiracy, have pleaded guilty to making fraudulent claims.</p><h2>Lessons Learned</h2><p>There are both lessons to learn and actions to take from this fraud case — not only by all professional sports organizations, but also health insurance providers. These lessons are all the more important in the context of the COVID-19 pandemic and its consequences for the economy and public health.</p><p>The NFL alone has more than 20,000 retired players. Many of them, but not all, qualify for the Gene Upshaw NFL Player Health Reimbursement Plan. The league's plan provides up to $350,000 in benefits, and many retired players covered by it have medical conditions. Most former players lawfully rely on the plan's benefits; they are the real victims of this alleged fraud.</p><p>At its root, this case involves allegations of conspiracy, wire and health-care fraud, and a dose of a pyramid scheme. So what can internal auditors and health insurance providers learn from this case that can help prevent and detect future reimbursement frauds?</p><p>The main message is that health insurance providers<strong> </strong>need to continuously expand and improve their ability to detect potential fraud, including through the use of technology and data analytics, backed by monitoring and audits. Beyond that, here are three specific strategies:<br></p><ul><li> <strong>Monitor for suspicious transactions. </strong>The retired NFL players in this case allegedly used methods similar to those in other health-care fraud cases to deceive the insurance provider. These methods included submitting fabricated supporting documents such as false signatures on faked official letterhead with the names of real doctors.<br><br>The alleged claims frequently involved medical equipment such as hyperbaric oxygen chambers, cryotherapy machines, ultrasound machines, and electromagnetic therapy devices (designed for use on horses), costing as much as $50,000. These kinds of transactions should automatically receive additional scrutiny, including by using data analytics to detect repeating and irregular activity patterns from the same individuals. Internal auditors also should perform spot checks with equipment providers and physicians to verify the authenticity of purchases.</li> <br> <li> <strong>Verify providers.</strong> Health insurers should digitally store verified original signatures of equipment providers' staff physicians and compare them electronically for anomalies when especially large dollar reimbursement amounts are requested.<br><br></li><li> <strong>Implement electronic account controls.</strong> Insurers should use account-control mechanisms, including two-step verification and voice recognition-based account access. The individuals in this case allegedly dialed the telephone number provided on the reimbursement form and impersonated conspiring players to check the status of fraudulent claims and encourage payment as soon as possible. Phone calls to health-care companies should be recorded and monitored, as well.</li></ul><br>Art Stewart0
Where Did All the Payments Go?https://iaonline.theiia.org/2020/Pages/Where-Did-All-the-Payments-Go.aspxWhere Did All the Payments Go?<p>​More than $2 billion in missing funds led to the resignation and arrest of Wirecard's CEO last month, <a href="https://www.cnn.com/2020/06/23/tech/wirecard-ceo-markus-braun-arrested/index.html" data-feathr-click-track="true" target="_blank" style="background-color:#ffffff;">CNN reports</a>. The scandal broke when the company's external auditors couldn't find the money in trust accounts and refused to sign off on the digital payment company's financial statements. The missing amount equates to one-fourth of Wirecard's assets and set off a global search for the funds.</p><p>German authorities suspect that former CEO Markus Braun used fake transactions to inflate Wirecard's revenues and balance sheet. The company says the missing money may never have existed and has withdrawn preliminary results for 2019 and the first quarter of 2020. At the time of Braun's resignation, he said the company had been the victim of a massive fraud. Wirecard has since fired its chief operating officer.</p><h2>Lessons Learned</h2><p>This story about Wirecard's financial scandal may bring make memories for internal auditors. The infamous 2001 case of Enron and its CEO, found guilty of accounting fraud, became a major driver of the U.S. Sarbanes-Oxley Act of 2002 financial regulatory reform.</p><p>Germany's finance minister summed up the essence of the Wirecard scandal, saying, "Critical questions arise over the supervision of the company, especially with regards to accounting and balance sheet control. Auditors and supervisory bodies do not seem to have been effective here." So what can internal auditors learn from this case?</p><p>The Association of Certified Fraud Examiners defines <em>accounting fraud</em> as "deception or misrepresentation that an individual or entity makes knowing that the misrepresentation could result in some unauthorized benefit to the individual or to the entity or some other party." Financial statement fraud can take multiple forms, including:</p><ul><li>Overstating revenues through outright falsifications, manipulations such as recording future expected sales, or irregular accounting practices. An example is when a company understates revenues in one accounting period and maintains them as a reserve for future periods with worse performances to reduce the appearance of volatility.</li><li>Inflating an asset's net worth by knowingly failing to apply an appropriate depreciation schedule.</li><li>Hiding obligations and liabilities from a company's balance sheet.</li><li>Incorrectly disclosing related-party transactions and structured finance deals.</li></ul><p> </p><p>Several actions are key to reducing the threat of financial statement fraud.</p><p><strong>Strengthen </strong><strong>and rigorously implement internal controls over balance sheet account reconciliation</strong><strong>.</strong> Efforts to sustain a timely and accurate account reconciliation process should include:</p><ul><li>A strong management focus.</li><li>Sufficient understanding of the process.</li><li>Written policies and procedures.</li><li>Adequate employee training.</li></ul><p> </p><p>Identifying and addressing any weaknesses in this process can help auditors and companies detect and correct errors before they file their reports. Organizations need to reconcile all high- and medium-risk accounts that could contain a significant or material misstatement and make all necessary adjustments to the general ledger timely. Because account reconciliations are so important, organizations also should adopt a continuous improvement process aimed at reconciling all accounts before the post-closing adjustment review process.</p><p><strong>Pay</strong><strong> close attention to the work of external auditors. </strong>That scrutiny should include the audit committee asking questions of the external auditor and regularly reviewing the renewal process for selecting the auditor.<strong> </strong>The company also should be listening to its investors' concerns and complaints.</p><p>The focus in the Wirecard case has turned to its external auditors, who reportedly failed to report the company's unorthodox financial arrangements in the past. Wirecard's missing $2 billion allegedly involved an unconventional measure in which the company used third-party partners to process payments in countries where it wasn't licensed. Those businesses deposited revenue in trust accounts rather than pay it straight to the company. Wirecard explained that the money was kept that way to manage risk, saying it could be saved to provide refunds or chargebacks if needed.</p><p><strong>External auditors need to be vigilant in self-regulating the quality of their work. </strong>The external auditors allegedly did not confirm that Singapore's Banking Corp. held large amounts of cash on Wirecard's behalf. Instead, they relied on documents and screenshots provided by a third-party trustee and Wirecard, itself.<br></p>Art Stewart0
The Fraudulent Finance Officerhttps://iaonline.theiia.org/2020/Pages/The-Fraudulent-Finance-Officer.aspxThe Fraudulent Finance Officer<p>Fabrina Carr joined CA Clubs, athletic and social clubs scattered throughout the Northeast, in 2012 as a secretary. Soon after, she was promoted to chief financial officer. As the financial director, she had overall control of the company's finances with little oversight, and she managed a small group of employees. </p><p>In late 2017, Carr phoned her work colleague from Bermuda to announce her resignation. This event, like any other unexpected executive departure, triggered an internal audit. The CEO of the company called Gina Cupler, the director of internal audit, whose team quickly started assessing the situation.</p><p>Internal audit requested emails and reports for corporate credit cards, travel expenses, and department expenses for the previous two years. Review of travel found significant and unusual spending activity, an excessive amount of expensive business trips, and a suspicious expense of $7,213. Cupler reviewed Carr's credit card statements and saw that the expense was paid to a funeral home. Public burial records revealed that Carr's sister had passed away and that the burial service was conducted by the funeral home noted in the credit card statement. A keyword search in Carr's email account captured correspondence with the funeral home, as well as an itemized invoice. </p><p>Cupler decided to dig deeper into CA Clubs' banking activity. Records indicated that Carr wrote checks to various people and vendors, yet the vendor master file did list those check recipients. When Cupler asked Carr's employees about the vendor master file, they told her that Carr maintained administrative control of the accounting system. This gave her unrestricted access to manipulate vendor records and transactions without detection. In addition, bank statements revealed five $100,000 wire transfers to an offshore account just before Carr resigned, which she approved herself. </p><p>Cupler notified the CEO of internal audit's findings and asked her team to expand the investigation to all five years of Carr's employment. Internal audit identified 1,464 personal transactions that started one month after Carr joined the company and carried forward for almost five years. Details of her unbelievable spending spree included 51 flights, 56 hotel stays, and 270 shopping transactions. </p><p>Cupler also inquired with the external auditors about their work over the past few years. Because the current external auditors had recently taken over the account, internal audit had to request copies of the audit reports from the previous auditors. The reports included findings about poor record keeping and insufficient evidence to support expenses and vendor payments. However, all interactions with the external auditors were through Carr, who never shared audit reports with the board. And the board never requested to see them. </p><p>Cupler was perplexed at how this could happen, so she instructed her team to perform more research into Carr's background. Her human resources (HR) file included a black and white copy of an accounting degree from Whatsworth College. An inquiry with the college found no record of Carr's attendance. The degree was forged, and HR never reviewed Carr's education or accounting certifications. The team then looked into Carr's criminal and past employment records, which revealed a history of theft and writing of fraudulent checks. </p><p>At the first evidence of fraud, Cupler notified the authorities and kept them abreast of developments. Carr was arrested at the airport upon her return from Bermuda and was questioned by authorities about the money that was missing. Carr claimed she loaned $500,000 to her boyfriend, a Nigerian man who she met online. A subordinate of Carr testified at the court hearing that Carr texted her outside of business hours instructing her to make payments to the man. Despite being suspicious about the payments, she felt bullied and did not want to question her supervisor. The prosecutor argued that these transactions were the reason Carr eventually resigned from CA Clubs — she had taken $500,000 to help her boyfriend leave Nigeria, but he never repaid her. The judge sentenced Carr to six years in jail, but she was not ordered to repay any costs because she declared bankruptcy.</p><p>CA Clubs sent an announcement to its 7,000 members sharing information about Carr's conviction and explaining that a new management structure was put in place with more rigorous financial processes to better protect the company. The incident was a painful reminder of what can go wrong without adequate checks and balances in place.  <br></p><table cellspacing="0" width="100%" class="ms-rteTable-4"><tbody><tr class="ms-rteTableEvenRow-4"><td class="ms-rteTableEvenCol-4" style="width:100%;">​<strong>Lessons Learned<br><br></strong><ul><li>A pre-employment background check is a key preventive control. Verification that a person is who he or she claims to be is important, especially when it comes to meeting the compliance requirements with hiring legally authorized citizens. The background check also provides an opportunity to check a person's criminal record, education, employment history, and other information to confirm its validity.</li><li>Validation checks also should be performed when internal employees are promoted or move into new roles. Just because they have the skills, experience, and qualifications for the roles they were initially hired for does not mean they are immediately qualified for other roles in the company. HR should verify that their education, certifications, and any other skill sets are legitimate to meet the requirements of the new role. </li><li>Reliance on a single person to control all aspects of financial transactions is never a good idea because it creates opportunities to commit fraud. Small organizations may need to get creative when it comes to segregation of duties. Board members for small not-for-profit organizations can take on an active financial governance role by reviewing financial information monthly. </li><li>Thresholds should be in place around bank and credit card transactions with any override of these controls placed with the board. Companies also should work with their bank and credit card vendors to put automatic controls in place to prevent overspending.</li><li>Small companies may not have the resources to look at the cultural aspects of their work environment. However, board leadership can have an active presence and provide employees with an outlet outside of their normal chain of command, such as a whistleblower hotline, to report suspicious or unethical activity.<br><br></li></ul></td></tr></tbody></table>William Byrne1
Exploiting the Crisishttps://iaonline.theiia.org/2020/Pages/Exploiting-the-Crisis.aspxExploiting the Crisis<p>​Throughout the coronavirus pandemic, the state of Washington has paid out hundreds of millions of dollars in fraudulent unemployment claims, the <a href="https://news.yahoo.com/huge-washington-unemployment-fraud-warning-154200996.html" target="_blank" style="background-color:#ffffff;">Associated Press reports</a>. State and U.S. government officials allege that a West African fraud ring is filing false claims using stolen identities. Many of those people still were employed, so they weren't likely to notice that someone had filed an unemployment claim in their name unless their employer contacted them about it.<br></p><p>Like many states, Washington has faced a massive spike in unemployment claims. Since March, 2 million unemployment claims have been filed in the state, with weekly initial claims topping 180,000 compared to the usual amount of 6,000.</p><p>Authorities have tried to recover some of the money paid to false applicants and have blocked some other payments. Since Washington first discovered the fraudulent claims, eight other states have reported similar schemes to defraud their unemployment systems.</p><h2>Lessons Learned</h2><p>Around the world, governments have paid out huge amounts to assist individuals and businesses adversely affected by the COVID-19 pandemic. These payments have supported millions of people who have been laid off or furloughed, as well as assisted businesses of all sizes.</p><p>But in responding to the unpredictability and urgency of the crisis, governments emphasized speed over controls to get money to those in need as quickly as possible. That has created opportunities for fraud.</p><p>The unemployment fraud in this story is one of many schemes seeking to take advantage of growing demand for financial relief. There are several audit-related strategies governments can adopt to help clean up this fraud now and be better prepared to provide aid during a second wave of the pandemic.</p><p><strong>Audits</strong> Internal auditors need to audit the performance of temporary relief programs. These reviews should include looking for ways to achieve a more optimal balance between delivering benefits quickly and accurately.</p><p>Throughout the crisis, government officials in areas such as employment and taxation may have approved payments and not referred suspected abuse to their quality control, integrity, or enforcement functions. For example, Canada Emergency Relief Program staff members were instructed that applicants should still receive benefits even if records indicated they quit voluntarily or were fired for possible misconduct. However, the program's legislation excludes these factors from eligibility for benefits.</p><p>Not only should the departments directly involved in assistance programs perform audits, so should national audit functions, such as the U.S. Government Accountability Office, given the widespread nature of the government's response. Additional funding may be needed to undertake this work.</p><p><strong>Controls</strong> Program controls over emergency financial relief programs should be designed and operate in relation to other existing employment and social support programs such as unemployment insurance. Government agencies need to conduct pre-payment verifications and post-payment reviews to some degree, even during an emergency situation.</p><p>For example, government agencies have discovered a significant number of individuals who were receiving duplicate payments. Some people received this money by mistake, but others were intentionally trying to collect both emergency and unemployment payments at the same time. Uncovering these "double dippers" should be simple because applicants must provide basic identifying information to apply for either program. What is necessary is taking faster action to verify the problem and recover the money.</p><p><strong>Deterrence</strong> Effective fraud deterrence measures include clear warnings to benefit recipients about the consequences of cheating. In the example of a business that falsifies documents to claim a wage subsidy benefit, a deterrent would be penalties that are larger than the amount received through the program.</p><p>Whistleblower mechanisms also are needed. They should be tailored to the design of emergency programs and their eligibility criteria, and should operate via existing taxation agencies. These agencies typically collect reports of tax cheating such as not declaring all income, accepting "under the table" cash payments, or setting up a fake business to claim losses and reduce taxes.</p><p>Adding emergency financial relief programs to the existing whistleblower system may require someone who wants to report a potential fraudster to provide key information about the suspect. These details may include the individual's work or education situation, or his or her employer's number of employees and total payroll.</p><p><strong>Ongoing Assistance</strong> Governments should implement "exit strategies" for assistance programs that balance the ongoing needs of those who still are affected by the COVID-19 crisis with the necessity to reopen economies. Fewer people will require help as businesses reopen and workers are rehired. However, those who still don't have a job, or those who cannot qualify for unemployment insurance, may still need some form of assistance.</p><p>Moving forward, the lessons that governments learn from this crisis about audits, controls, and fraud deterrence could help them design a more effective, less fraud-susceptible relief program.<br></p>Art Stewart0

  • AuditBoard-March-2021-Premium-1
  • FastPath-March-2021-Premium-2
  • Temple-University-March-2021-Premium-3