Fraud

 

 

The Fraudulent Finance Officerhttps://iaonline.theiia.org/2020/Pages/The-Fraudulent-Finance-Officer.aspxThe Fraudulent Finance Officer<p>Fabrina Carr joined CA Clubs, athletic and social clubs scattered throughout the Northeast, in 2012 as a secretary. Soon after, she was promoted to chief financial officer. As the financial director, she had overall control of the company's finances with little oversight, and she managed a small group of employees. </p><p>In late 2017, Carr phoned her work colleague from Bermuda to announce her resignation. This event, like any other unexpected executive departure, triggered an internal audit. The CEO of the company called Gina Cupler, the director of internal audit, whose team quickly started assessing the situation.</p><p>Internal audit requested emails and reports for corporate credit cards, travel expenses, and department expenses for the previous two years. Review of travel found significant and unusual spending activity, an excessive amount of expensive business trips, and a suspicious expense of $7,213. Cupler reviewed Carr's credit card statements and saw that the expense was paid to a funeral home. Public burial records revealed that Carr's sister had passed away and that the burial service was conducted by the funeral home noted in the credit card statement. A keyword search in Carr's email account captured correspondence with the funeral home, as well as an itemized invoice. </p><p>Cupler decided to dig deeper into CA Clubs' banking activity. Records indicated that Carr wrote checks to various people and vendors, yet the vendor master file did list those check recipients. When Cupler asked Carr's employees about the vendor master file, they told her that Carr maintained administrative control of the accounting system. This gave her unrestricted access to manipulate vendor records and transactions without detection. In addition, bank statements revealed five $100,000 wire transfers to an offshore account just before Carr resigned, which she approved herself. </p><p>Cupler notified the CEO of internal audit's findings and asked her team to expand the investigation to all five years of Carr's employment. Internal audit identified 1,464 personal transactions that started one month after Carr joined the company and carried forward for almost five years. Details of her unbelievable spending spree included 51 flights, 56 hotel stays, and 270 shopping transactions. </p><p>Cupler also inquired with the external auditors about their work over the past few years. Because the current external auditors had recently taken over the account, internal audit had to request copies of the audit reports from the previous auditors. The reports included findings about poor record keeping and insufficient evidence to support expenses and vendor payments. However, all interactions with the external auditors were through Carr, who never shared audit reports with the board. And the board never requested to see them. </p><p>Cupler was perplexed at how this could happen, so she instructed her team to perform more research into Carr's background. Her human resources (HR) file included a black and white copy of an accounting degree from Whatsworth College. An inquiry with the college found no record of Carr's attendance. The degree was forged, and HR never reviewed Carr's education or accounting certifications. The team then looked into Carr's criminal and past employment records, which revealed a history of theft and writing of fraudulent checks. </p><p>At the first evidence of fraud, Cupler notified the authorities and kept them abreast of developments. Carr was arrested at the airport upon her return from Bermuda and was questioned by authorities about the money that was missing. Carr claimed she loaned $500,000 to her boyfriend, a Nigerian man who she met online. A subordinate of Carr testified at the court hearing that Carr texted her outside of business hours instructing her to make payments to the man. Despite being suspicious about the payments, she felt bullied and did not want to question her supervisor. The prosecutor argued that these transactions were the reason Carr eventually resigned from CA Clubs — she had taken $500,000 to help her boyfriend leave Nigeria, but he never repaid her. The judge sentenced Carr to six years in jail, but she was not ordered to repay any costs because she declared bankruptcy.</p><p>CA Clubs sent an announcement to its 7,000 members sharing information about Carr's conviction and explaining that a new management structure was put in place with more rigorous financial processes to better protect the company. The incident was a painful reminder of what can go wrong without adequate checks and balances in place.  <br></p><table cellspacing="0" width="100%" class="ms-rteTable-4"><tbody><tr class="ms-rteTableEvenRow-4"><td class="ms-rteTableEvenCol-4" style="width:100%;">​<strong>Lessons Learned<br><br></strong><ul><li>A pre-employment background check is a key preventive control. Verification that a person is who he or she claims to be is important, especially when it comes to meeting the compliance requirements with hiring legally authorized citizens. The background check also provides an opportunity to check a person's criminal record, education, employment history, and other information to confirm its validity.</li><li>Validation checks also should be performed when internal employees are promoted or move into new roles. Just because they have the skills, experience, and qualifications for the roles they were initially hired for does not mean they are immediately qualified for other roles in the company. HR should verify that their education, certifications, and any other skill sets are legitimate to meet the requirements of the new role. </li><li>Reliance on a single person to control all aspects of financial transactions is never a good idea because it creates opportunities to commit fraud. Small organizations may need to get creative when it comes to segregation of duties. Board members for small not-for-profit organizations can take on an active financial governance role by reviewing financial information monthly. </li><li>Thresholds should be in place around bank and credit card transactions with any override of these controls placed with the board. Companies also should work with their bank and credit card vendors to put automatic controls in place to prevent overspending.</li><li>Small companies may not have the resources to look at the cultural aspects of their work environment. However, board leadership can have an active presence and provide employees with an outlet outside of their normal chain of command, such as a whistleblower hotline, to report suspicious or unethical activity.<br><br></li></ul></td></tr></tbody></table>William Byrne1
Exploiting the Crisishttps://iaonline.theiia.org/2020/Pages/Exploiting-the-Crisis.aspxExploiting the Crisis<p>​Throughout the coronavirus pandemic, the state of Washington has paid out hundreds of millions of dollars in fraudulent unemployment claims, the <a href="https://news.yahoo.com/huge-washington-unemployment-fraud-warning-154200996.html" target="_blank" style="background-color:#ffffff;">Associated Press reports</a>. State and U.S. government officials allege that a West African fraud ring is filing false claims using stolen identities. Many of those people still were employed, so they weren't likely to notice that someone had filed an unemployment claim in their name unless their employer contacted them about it.<br></p><p>Like many states, Washington has faced a massive spike in unemployment claims. Since March, 2 million unemployment claims have been filed in the state, with weekly initial claims topping 180,000 compared to the usual amount of 6,000.</p><p>Authorities have tried to recover some of the money paid to false applicants and have blocked some other payments. Since Washington first discovered the fraudulent claims, eight other states have reported similar schemes to defraud their unemployment systems.</p><h2>Lessons Learned</h2><p>Around the world, governments have paid out huge amounts to assist individuals and businesses adversely affected by the COVID-19 pandemic. These payments have supported millions of people who have been laid off or furloughed, as well as assisted businesses of all sizes.</p><p>But in responding to the unpredictability and urgency of the crisis, governments emphasized speed over controls to get money to those in need as quickly as possible. That has created opportunities for fraud.</p><p>The unemployment fraud in this story is one of many schemes seeking to take advantage of growing demand for financial relief. There are several audit-related strategies governments can adopt to help clean up this fraud now and be better prepared to provide aid during a second wave of the pandemic.</p><p><strong>Audits</strong> Internal auditors need to audit the performance of temporary relief programs. These reviews should include looking for ways to achieve a more optimal balance between delivering benefits quickly and accurately.</p><p>Throughout the crisis, government officials in areas such as employment and taxation may have approved payments and not referred suspected abuse to their quality control, integrity, or enforcement functions. For example, Canada Emergency Relief Program staff members were instructed that applicants should still receive benefits even if records indicated they quit voluntarily or were fired for possible misconduct. However, the program's legislation excludes these factors from eligibility for benefits.</p><p>Not only should the departments directly involved in assistance programs perform audits, so should national audit functions, such as the U.S. Government Accountability Office, given the widespread nature of the government's response. Additional funding may be needed to undertake this work.</p><p><strong>Controls</strong> Program controls over emergency financial relief programs should be designed and operate in relation to other existing employment and social support programs such as unemployment insurance. Government agencies need to conduct pre-payment verifications and post-payment reviews to some degree, even during an emergency situation.</p><p>For example, government agencies have discovered a significant number of individuals who were receiving duplicate payments. Some people received this money by mistake, but others were intentionally trying to collect both emergency and unemployment payments at the same time. Uncovering these "double dippers" should be simple because applicants must provide basic identifying information to apply for either program. What is necessary is taking faster action to verify the problem and recover the money.</p><p><strong>Deterrence</strong> Effective fraud deterrence measures include clear warnings to benefit recipients about the consequences of cheating. In the example of a business that falsifies documents to claim a wage subsidy benefit, a deterrent would be penalties that are larger than the amount received through the program.</p><p>Whistleblower mechanisms also are needed. They should be tailored to the design of emergency programs and their eligibility criteria, and should operate via existing taxation agencies. These agencies typically collect reports of tax cheating such as not declaring all income, accepting "under the table" cash payments, or setting up a fake business to claim losses and reduce taxes.</p><p>Adding emergency financial relief programs to the existing whistleblower system may require someone who wants to report a potential fraudster to provide key information about the suspect. These details may include the individual's work or education situation, or his or her employer's number of employees and total payroll.</p><p><strong>Ongoing Assistance</strong> Governments should implement "exit strategies" for assistance programs that balance the ongoing needs of those who still are affected by the COVID-19 crisis with the necessity to reopen economies. Fewer people will require help as businesses reopen and workers are rehired. However, those who still don't have a job, or those who cannot qualify for unemployment insurance, may still need some form of assistance.</p><p>Moving forward, the lessons that governments learn from this crisis about audits, controls, and fraud deterrence could help them design a more effective, less fraud-susceptible relief program.<br></p>Art Stewart0
Police Entangled in Tow-truck Kickbackshttps://iaonline.theiia.org/2020/Pages/Police-Entangled-in-Tow-truck-Kickbacks.aspxPolice Entangled in Tow-truck Kickbacks<p>​A 10-month investigation has uncovered an alleged kickback scheme involving Ottawa police officers and a tow-truck operator. According to the police investigation and reporting by the <a href="https://ottawacitizen.com/news/local-news/three-ottawa-police-officers-charged-in-tow-truck-corruption-probe/wcm/8a2230cb-efe2-4e2e-84b8-a12686ecdf38/" target="_blank"> <em>Ottawa Citizen</em></a>, three officers solicited bribes from a towing service in exchange for information about the locations of vehicle crashes. </p><p>Other towing services had complained to the police about the alleged arrangement since 2018. Moreover, drivers involved in crashes said they had observed money changing hands between police officers and tow-truck drivers. The Royal Canadian Mounted Police (RCMP) has filed criminal charges against the officers, the owner of a tow-truck company, and two other individuals. </p><h2>Lessons Learned</h2><p>This news story and a <a href="https://www.desertsun.com/story/news/crime_courts/2020/03/12/3-riverside-county-sheriffs-deputies-indicted-tow-truck-bribery-scheme/5038596002/" target="_blank">similar investigation involving sheriff's deputies in California</a> highlight two issues that internal auditors can help law enforcement agencies address: 1) establishing and enforcing a strong ethics and conflict-of-interest regime, and 2) implementing better controls over tow-truck operations involving police officers. </p><p>The City of Ottawa's police chief has expressed that the Ottawa Police Service's (OPS') code of conduct and ethics regime must be reviewed and strengthened. That exercise should be informed by the breadth and depth of the allegations against the three officers charged with several crimes by the RCMP, including:</p><ul><li>Giving out police information about vehicle collisions to one towing service and getting a financial kickback. Further, the officers allegedly gave that operator access to confidential OPS databases. Additionally, the RCMP has charged a family member of the towing operator with secret commissions.</li><li>Obstruction of justice and breach of trust.</li><li>Causing a false insurance claim to be made about a collision.</li><li>Using the position of a police officer for personal gain on a dating website.</li><li>Conspiring to break and enter to commit theft.</li></ul><p><br></p><p>From the standpoint of strengthening the OPS code of conduct and ethics regime, one step the department has undertaken is establishing a unit responsible for ethics and code of conduct issues, headed by a senior officer at the superintendent (executive equivalent) level. Other measures that should be in place include:</p><ul><li>A code of conduct and ethics compliance regime, policies, and processes that specifically prohibit the kinds of behaviors listed above, along with disciplinary consequences for noncompliance. The regime should include a "zero tolerance" policy as appropriate for law enforcement officials.</li><br> <li>Regular reporting of cases involving disciplinary, ethics, and conduct issues, such as in the OPS Annual Report. The OPS reports on some professional conduct issues, but this mainly is statistical information. As a deterrent, the OPS should publicize cases where officers are found guilty of inappropriate or fraudulent actions.</li></ul><p><br></p><p>Regarding the issue of controls over police forces and their interactions with towing services, the OPS and city officials should review the department's operations and policies, in part, to determine whether its processes need to change. That should include whether officers should have discretion about which towing service to call.</p> <p>Perhaps a "blind" dispatch system is needed to ensure a better distribution of work among the various tow-truck operators in Ottawa. Making such changes may be complex in cases in which vehicles are involved in possible criminal activities, or where drivers in an accident have their own towing service, such as through the Canadian Automobile Association or a credit card company. </p>Art Stewart0
Breaking Down the Fraud Policyhttps://iaonline.theiia.org/2020/Pages/Breaking-Down-the-Fraud-Policy.aspxBreaking Down the Fraud Policy<p>​Nearly half of all global organizations in PwC's 2018 Global Economic Crime and Fraud Survey admit to having been the victim of fraud and economic crime in the past two years, resulting in more than $7 billion in total losses and a median loss of $130,000 per case. Nearly half of those frauds were because of internal control weaknesses.</p><p>Internal audit plays several key roles in the prevention, detection, and monitoring of fraud risks. First, as internal audit has broad visibility into the different areas of the enterprise, it should be aware of potential red flags of fraud in all audit engagements and identify ones that may warrant further investigation. Also, internal audit should assess the effectiveness of controls designed to mitigate fraud risk. Finally, internal audit can lend valuable expertise in an advisory role to the development of the fraud policy. To do this, internal auditors need to understand the key elements of a strong policy, and who it should involve.</p><h2> The Building Blocks<br></h2><p>Any organization can be a victim of fraud, regardless of its size, industry, or location. The most effective recourse is to develop a strong and implementable fraud policy that defines unacceptable behavior and how the organization will respond to it. While policies can vary depending on the organization's number of employees, industry complexity, and operating environment, the fundamental elements remain the same:</p><ul><li>The policy has top-down support.</li><li>It includes clear, specific language and examples.</li><li>It accurately and effectively defines fraud.</li><li>There is policy ownership, so a specific person or group of people are charged with overseeing the development and implementation of the fraud policy.</li><li>It clearly spells out personnel roles and responsibilities.</li><li>It explains the disciplinary and legal actions the organization will take.</li><li>It makes anonymous hotlines and reporting options available.</li><li><p>There is an effective communication plan around the policy.<br></p></li></ul> <p>While no fraud policy can define every fraudulent action, a well-written policy uses clear language and relatable examples to help reduce uncertainty of what the organization considers illegal activity. It also provides clear instructions regarding the responsibilities and procedures to be followed by all involved when illegal activity is suspected or uncovered. </p><p>However, it doesn't matter how well the fraud policy is written if it sits in a three-ring binder gathering dust. The organization must ensure that the fraud policy is not only created, but also read and understood by all internal personnel and external parties with which it engages. The greater the importance the organization places on this document, the greater the likelihood employees will place an equal amount of importance to it. From regular manager/employee policy reviews to live training to role playing, the same message, stance, and emphasis on eliminating fraud can be reinforced. Regular communication not only promotes understanding, but also can deter potential fraudsters.<br></p><p>Occupational fraud is most efficiently organized into three categories, each of which companies must identify and communicate with personnel. </p><ul><li> <em>Asset misappropriation</em> is the stealing or misuse of enterprise resources by personnel. This occurred in more than 89% of all reported cases and resulted in a median loss of $114,000, according to the Association of Certified Fraud Examiner's (ACFE's) Report to the Nations: 2018 Global Study on Occupational Fraud and Abuse.</li><li> <em>Corruption schemes</em> occur when personnel misuse their influence during business transactions to obtain benefit and violate their duties to the employer. According to the ACFE study, this results in 38% of occupational fraud cases with a median loss of $250,000.</li><li><p> Financial statement fraud occurs when personnel intentionally cause misstatements or omit information in enterprise financial reports. It is the least common but most costly, averaging $800,000 per incident.</p></li></ul><h2> Prosecuting Fraud<br></h2><p>While fraud detection and prevention is an organizationwide effort, clearly defined roles must be instituted to promote responsibility and reduce confusion. For example, the board of directors is responsible for corporate fraud governance, and management must be engaged in executing these policies. Internal audit's role should be clearly defined, as well. Auditors must have the authority to ensure fraud controls are appropriate and effective, to investigate instances of possible fraud, and to support management in executing the fraud risk assessment.</p><p>Without the threat of prosecution, a fraud policy is little more than a toothless tiger. Therefore, it's critical that the policy conveys a plan of disciplinary action to all personnel. The fraud policy must include a statement that all appropriate measures to deter fraud will be taken and all instances of suspected fraud will be investigated and reported to the appropriate authorities. </p><p>Generally, organizations have four options when fraud is uncovered: criminal prosecution, civil fraud lawsuit, a mutually agreed upon termination of the perpetrator, or no action. There are varying schools of thought as to which of these actions should apply to different fraud situations. For example, it can be argued that taking no action is one of the surest ways to promote an organization's susceptibility to future fraud because of the perception of impunity. On the other hand, there also are cases when the cost of prosecution exceeds the cost of the fraud and other disciplinary actions may be preferred. Some organizations will prosecute all fraud regardless of monetary value. From the internal auditor's perspective, however, the key question is whether the organization has considered the risks of its disciplinary policy (reputational risk, cost, future fraud risk, etc.) and is comfortable with them.</p><p>The fraud policy must provide personnel with instructions regarding the steps to take when suspecting fraud. The policy should remind personnel that they are not prosecutors of the law and that their job is to report their findings to the organization's appropriate party. The fraud policy should provide anonymous avenues to give employees confidence that they can safely report potential fraud, such as a fraud hotline number. In addition to verifying the existence of a hotline, internal audit also may want to understand whether it is being used and how effectively the company has responded to these tips.</p><h2>A Preventive Measure</h2><p>In the end, a fraud policy is an inexpensive and effective method for reducing the threat of potentially crippling financial losses. Furthermore, all departments, including internal audit, can play major roles in its development. This stand-alone document should be seen by all personnel as playing an integral role in the organization's health and longevity.  <br></p>Chris Errington1
The Double Dipperhttps://iaonline.theiia.org/2020/Pages/The-Double-Dipper.aspxThe Double Dipper<p>​Robert Shull and Alysa Cayden, the forensic audit team at Midnight Sun Inc. (MSI), sat with Justin Planter, a regional sales manager at the solar power company, as he rolled his eyes and made condescending faces. MSI’s procurement department forwarded Planter’s travel and expense (T&E) reports to Cathy Francis, the human resources manager, after an employee noted that spending was not consistent with the company’s T&E policy. Francis reviewed the reports and was concerned that there was a greater pattern of abuse, so she requested that Shull and Cayden examine his T&E reports.</p><p>Sitting next to Planter was his boss, Thomas Cooper, a veteran regional manager with more than 25 years of experience with MSI. During the interview, Planter admitted to purchasing a personal cell phone using his company credit card. In addition, he frequently used the card for alleged business meetings at establishments that bordered on adult entertainment. Much to his surprise, Planter’s employment was subsequently terminated. </p><p>After the interview, Shull and Cayden felt something was amiss. Cooper approved all of Planter’s T&E reports but was not suspicious of any of his spending. Also, they noticed that Cooper’s statements were inconsistent, requiring him to revise them on several occasions.</p><p>After his firing, Planter contacted MSI’s CEO, James Spicolli, and explained how Cooper allowed his management team members to use their corporate credit cards to dine out, make personal purchases, and charge mileage for business travel despite being reimbursed through another program. Planter also claimed that Cooper attended many of the dinners and instructed him to pay the bill so that he could approve the expenditure, thus avoiding the scrutiny of Cooper’s manager. He also alleged that Cooper coached him before the interview on what to say and promised that there would be no significant disciplinary action.</p><p>To review Planter’s allegations, Shull and Cayden obtained all T&E reports for Cooper and his management team. Data analytics compared the company policy against spending. One area of focus was cash reimbursements for expenses below $25, the minimum amount requiring receipts to be submitted.</p><p>The results were shocking. Cooper’s team members used their corporate credit cards for expenses well outside the T&E policy. Furthermore, Cooper approved every expense report submitted to him. They found numerous abuses of travel expenses:</p><p></p><ul><li>Managers split expenses to stay below the $25 internal control threshold. In one instance, two managers split unknown expenses at a liquor store. </li><li>One manager submitted for cash reimbursement for client meetings over lunch or dinner for $24.99 every other day for more than two years.</li><li>Multiple holiday parties and team meetings were reimbursed, including a substantial liquor bill at each.</li><li><p>Team members expensed mileage reimbursement twice. <br></p></li></ul><p>Shull and Cayden put together detailed profiles on Cooper and each manager, including their expense reports, supporting invoices, and the section of the T&E policy they violated. Additional evidence gathered during interviews resulted in the termination of Cooper and several other managers. Cooper justified the expenditures by explaining he was under budget for T&E expenses on his annual profit and loss statement.</p><p>Shull and Cayden then embarked on a companywide T&E audit. They obtained six months of data from MSI’s online T&E reporting program. The program allowed employees to book transportation and lodging, code expenditures by spending category, and submit expense reports for approval. Deviations from policy were flagged for the employee’s manager to review before approving the expense report. </p><p>Shull and Cayden organized and ranked all spending by employee and spending category. Their team selected T&E reports for detailed testing for the most egregious spending by category based on total spending and frequency of policy violation. Text analysis on words such as “gift card,” “baby shower,” and “party” identified miscoded or out-of-policy expenditures. They selected samples, reviewed receipts attached to the expense reports, and documented all policy violations. Finally, the investigation team interviewed the employees who submitted the expense reports. Policy violations included:</p><ul><li>A lack of review by managers of exceptions identified by the T&E program, which flagged millions of dollars of expenditures that were outside policy. </li><li>Abuse of cellphone reimbursement.</li><li>Abuse of meal reimbursement, first-class travel, and hotel lodgings.</li><li>Cash reimbursement where no invoice was submitted to support the expense.</li><li>Personal spending at online retailers.</li><li>Spending and funds transfers through money service providers, such as PayPal and Venmo, which have limited audit trails. </li><li>Purchases of gift cards. </li><li><p>Numerous spending violations in Las Vegas, including front row seats to shows and $1,000 dinners at four-star restaurants. <br></p></li></ul><p>Individual violations included:</p><ul><li>An employee transfered $7,000 from his corporate credit card to his personal business through a money service provider. </li><li>Employees shared their credit cards with one another when they reached their card limits.</li><li>A manager sponsored a “kids” event at a local bar. </li><li><p>A manager purchased gifts for his secretary at a popular women’s lingerie company.<br></p></li></ul><p>After the investigation, MSI invested in T&E audit software to review all reports in real time. When the software identifies T&E reports with excessive policy violations, the procurement department rejects them. In extreme cases, procurement forwards them to the forensic audit team. In addition, MSI started blocking spending on company credit cards by merchant category codes, which classify businesses by the products or services they provide. The T&E policy was updated to eliminate the use of money service providers. </p><p>In most cases of fraud, the employee was terminated. Employees who violated the T&E policy were reprimanded, and demand notices for repayment were sent to employees whose misdeeds were discovered after they left MSI. After one year, T&E spending was reduced by more than $5 million.  </p><p><br></p><table class="ms-rteTable-4" width="100%" cellspacing="0"><tbody><tr class="ms-rteTableEvenRow-4"><td class="ms-rteTableEvenCol-4" style="width:100%;"><p><strong>​Lessons Learned</strong></p><ul><li>Periodically conduct a T&E audit to ensure employees are in compliance with the T&E policy. Review and update the T&E policy and educate employees as part of annual code of conduct training. Low-cost software can review all T&E reports in real time. </li><li>Management should review subordinates’ T&E assumptions during its annual budgeting period. In MSI’s investigation, a management team used the T&E budget as a slush fund for personal spending and out-of-policy entertainment. </li><li>T&E policies should not allow for the use of money service providers (e.g., PayPal). These providers allow for the purchase of goods and services or the transfer of funds for personal use. They also have limited audit trails, which enhances the risk of fraud. </li><li>The organization should block merchant category codes on corporate T&E cards for goods and services that would not be appropriate for its business or allowable under its T&E policy.</li></ul></td></tr></tbody></table><p></p>Grant Wahlstrom1
Beware the Coronavirus Scamshttps://iaonline.theiia.org/2020/Pages/Beware-the-Coronavirus-Scams.aspxBeware the Coronavirus Scams<p>​As if sheltering in place during a pandemic wasn't bad enough, criminals are using the coronavirus (COVID-19) crisis to target people who are working from home, the <a href="https://www.ic3.gov/media/2020/200320.aspx" target="_blank">U.S. Federal Bureau of Investigation (FBI) warns</a>. According to the FBI's Internet Crime Complaint Center, these attacks are using email on two fronts. </p><p>First, attackers are sending email pretending to come from the U.S. Centers for Disease Control and Prevention (CDC), offering information on COVID-19. Instead, the links and attachments contain malware that steals personal information or ransomware that locks the user's computer until the person makes a payment.</p><p>Second, criminals are using phishing email to request personal information, claiming it is necessary for receiving a government economic stimulus check. Other phishing scams include requests for charitable contributions and offers for financial relief, airline refunds, and fake virus cures and testing kits. </p><h2>Lessons Learned</h2><p>Whenever an extraordinary event occurs that forces people to rapidly modify their behaviors from their normal routines, fraudsters exploit the situation. As the COVID-19 pandemic unfolds, the FBI's warning about fraud schemes is both timely and helpful. </p><p>Internal auditors should watch out for additional fraud threats not mentioned by the FBI. Inevitably, while the current pandemic is unique, as it progresses through its various stages of impact and ultimately fades, new forms of fraud will be on the march. Here, auditors can learn from what happened during the 2009 H1N1 swine flu pandemic.</p><p>During the H1N1 outbreak, the CDC had to address fraud related to falsification of testing, certification, distribution, and marketing irregularities involving influenza vaccines and related supplies. Some of the fraud and abuse schemes that are likely to arise once COVID-19 vaccines or treatments become available include:</p><ul><li> <strong>Investment scams and false claims about supposed COVID-19 vaccines and treatments.</strong> Already, authorities have arrested an individual in California who <a href="https://www.foxnews.com/health/california-man-charged-with-coronavirus-related-fraud" target="_blank">allegedly had solicited investments</a> for a COVID-19 "miracle cure." Criminals are likely to market and advertise fraudulent product claims, bogus products, and implied endorsements by government agencies — including agency logos — through websites, email, and social media. Regulators, investors, and auditors need to be vigilant, do their investment research, and avoid being panicked or swayed by the current pandemic.<br><br></li><li> <strong>Health-care provider schemes.</strong> Likewise, internal auditors should watch out for schemes in which doctors, pharmacists, and other medical professionals collude to make false claims, get kickbacks, and seek reimbursement for unnecessary tests from Medicaid, Medicare, and insurance providers. Such fraud already is common, but may grow as the scope and scale of COVID-19 treatment activities expands. For example, the FBI recently charged a marketing company executive in Georgia with <a href="https://www.fox5atlanta.com/news/georgia-man-accused-of-defrauding-benefit-programs-with-fraudulent-coronavirus-testing" target="_blank">allegedly receiving kickback payments</a> for steering patients to providers for COVID-19 testing and defrauding Medicare.<br><br></li><li> <strong>False or inflated billing for a COVID-19 </strong> <strong>vaccine</strong><strong>.</strong><strong> </strong>Governments have not determined how they will deal with the costs and pricing of a potential COVID-19 vaccine. In the U.S., the federal government provided H1N1 vaccine doses and related supplies at no cost to patients, although it charged administrative fees. Regardless of who pays for doses of a vaccine, authorities should be wary of schemes in which health-care providers seek an out-of-pocket fee directly from the patient that is above the maximum allowable charge from insurance or government-provided coverage.<br><br></li><li> <strong>Illegal or false manipulation of COVID-19 vaccine supplies. </strong>Given the global nature of this pandemic and of worldwide supply chains, fraudulent diversion schemes are likely. One example is selling or diverting vaccines or related supplies provided by the federal government. This activity may occur in combination with counterfeiting, adulterating, theft, or other consumer fraud schemes. <br> <br>Diversion schemes may include situations where criminals move legitimate prescription drugs or vaccines into illegal channels, such as the black market, illegal Internet sales, and sales without prescription. These treatments also may be acquired illegally through smuggling or via cargo, wholesale, manufacturer, and distributor theft.<br><br></li><li> <strong>Exploiting control weaknesses.</strong> Governments and health-care agencies have emphasized using computer-based modeling and analysis to, for example, attempt to predict the path of COVID-19 impacts, with and without mitigation strategies. This analysis was not as advanced in the era of H1N1. However, it could assist in identifying control weaknesses in regulatory, benefits delivery, and program management systems that are being developed and deployed rapidly to address COVID-19. Internal auditors should focus on ways to help identify these weaknesses and reduce the organization's susceptibility to fraud threats.</li> </ul><p><br></p><p>The CDC's website has much good <a href="https://www.cdc.gov/media/phishing.html" target="_blank">information</a> to educate the public about pandemic fraud. It should add information about where and how to report suspected COVID-19 fraud, including a hotline.</p>Art Stewart0
The Fraud Behind the Flagshttps://iaonline.theiia.org/2020/Pages/The-Fraud-Behind-the-Flags.aspxThe Fraud Behind the Flags<p>​After Greg Kane was promoted to director of internal audit at State Elder Care Co., a management firm for 54 long-term senior citizen care centers in Florida, his first objective was to refresh the risk assessment process. In his opinion, the previous director was too loose with his approach. </p><p>Kane met with department leaders as part of the risk assessment, including Tom Anderson, the director of purchasing. Purchasing was identified as an increasingly high-risk area because of the volume of spending and the absence of an internal audit in the last five years. According to Anderson, the department was deeply focused on a cost-savings initiative led by the chief operating officer, Dianna Foster. When asked how the initiative was going, Anderson eagerly expressed how 80% of spending from the 54 centers was consolidated to better leverage purchasing's buying power and reduce expenses and costs. </p><p>Kane presented his risk assessment and internal audit plan to the audit committee, which included a review of the purchasing department. Foster resisted the inclusion of purchasing, insisting that the cost-savings initiative was not complete and that an audit would halt improvements. The audit committee agreed to the review primarily based on Kane's insistence that a high-risk area should not be ignored for more than five years. </p><p>Internal auditors started the review by testing purchasing controls and performing a high-level analysis of purchasing data, which included looking at overall spending trends by year. They also conducted walk-throughs of purchase order approvals, vendor master file additions, and the bid process. Satisfied with well-documented and performed controls, the auditors chose a sample of 30 purchased items and services and tested them through all purchasing controls. Each test was perfect with three bids for each product, the best bid selected, approvals documented, and authorization levels followed. </p><p>When Kane met with his team, one auditor had an unusual comment about one of the samples — the 900 flags purchased the previous year for $150 each for the centers. Having never considered the cost and durability of a flag before, the auditor thought this seemed like a large expense. A quick Google search found that reasonable, quality flags last approximately 90 days and cost around $40. This resulted in a potential overspend of ($150 – $40) x (900 – 200) = $77,000.</p><p>Kane double-checked all the workpapers. Everything was in accordance with the purchasing policy, and controls appeared to be in place. And then it hit him. The audit team had not looked into the vendors. He Googled the flag vendor but was unable to find a website. However, he learned that it was incorporated just two years before. </p><p>With this new insight, Kane and his team identified any items that increased in spending by 10% or more each year. Several items popped up, adding up to total expenditure of roughly $200 million. The data showed that the items with increased spending nearly doubled each year. Within this sample, they identified items being provided by new vendors, which was nearly half of the sample. </p><p>The team then investigated each vendor within the bid process. Each bid appeared legitimate, but many of the companies providing the bids were recently formed and had no website. A few companies were consistently part of the bid process, whether they won or lost. When reviewing past bids, the team noticed that, in many cases, previous vendors were not included in the bid process. Kane's team documented its findings in preparation for a meeting with Anderson.</p><p>Kane explained that because of what he found with the flags, he decided to look at more data. Anderson turned pale. Kane asked how procurement chose the flag vendor and how often the flags need to be replaced. After a long silence, Anderson explained in a quivering voice how he and his team worked hard on cost savings and made great progress each year. Because he was short staffed, Foster helped administer bids for some of the items. It seemed like a great idea at first, but the number of items Foster managed grew each year. </p><p>Anderson admitted to rubber stamping many of the bids and approvals, assuming everything was above board. They were getting the same quality items they needed and cost savings were going up each year, so he did not think much of it. But he became concerned two years earlier, after one of his long-term vendors contacted him about being excluded from the bid process. Anderson looked into the bid and was surprised to see that it came in higher than expected. </p><p>Kane and his team then looked into all the bids to identify the vendors. Twenty-one recently formed companies were new vendors to the company. Further investigation revealed that many of them were registered to Erin Foster, Dianna's sister. Kane and the vice president of legal went directly to the audit committee with their concerns. </p><p>For five years, Dianna Foster hid a $15 million fraud behind the purchasing department's cost-savings initiative. She threatened to take business away from vendors if they did not agree to increase their costs by 20% to 30% and give her 80% of the increase as a kickback. One vendor, a hospice provider, agreed to pay Foster a personal referral fee for every senior referred from one of the elder care facilities. By year two, she realized that it would be easier to create companies and include them in the bidding process. The companies, run by her sister, would act as the pass-through for the business — buying the items from the prior vendor, marking up the prices, and splitting the money. </p><p>Dianna Foster was eventually arrested and sentenced to six years in jail and restitution. The organization of vendors Erin Foster created included 16 different companies and 87 unique bank accounts. Erin Foster was sentenced to three years in jail and restitution.</p><table class="ms-rteTable-4" width="100%" cellspacing="0"><tbody><tr class="ms-rteTableEvenRow-4"><td class="ms-rteTableEvenCol-4" style="width:100%;"><p><strong>​Lessons Learned</strong></p><ul><li>Assume every unanswered question is important. In this case, the fraud would have gone undetected if not for the question about the flags. These unanswered questions do not always lead to fraud, but they will always add context to the state of the business and help demonstrate an understanding of the process reviewed by internal audit. <br><br></li><li>Analyzing data can be a powerful tool. However, it is always significantly more powerful when internal auditors know what questions to ask. Running ad hoc analytics midway through an internal audit is a great supplement to running a standard set of analytics at the start. <br><br></li><li>Adjust procedures based on risk. Plans are based on assumptions and should be adjusted once new information is discovered. The value of internal audit is not in meeting deadlines, but in helping to identify areas of improvement. As the risk of a process increases with new information, the potential value of audit procedures also increases. <br><br></li><li>High-risk areas should always be reviewed regularly. The possibility of a review each year would have prevented this fraud, as Foster would have been more fearful of getting caught. Each year after the first incident, the fraud nearly doubled in size. Catching the perpetrator in year three would have saved the company nearly $10 million. Comparing this to the 300 hours of internal audit time and about 40 hours of purchasing employee time seems like a high return on investment. </li></ul><br></td></tr></tbody></table><p></p>Bryant Richards1
Building Scheme Is No Big Hithttps://iaonline.theiia.org/2020/Pages/Building-Scheme-Is-No-Big-Hit.aspxBuilding Scheme Is No Big Hit<p>It's like a country song where a bad deal has gone down. Federal prosecutors say Arizona businessman Frank Capri defrauded developers and contractors throughout the U.S. by entering deals for branded restaurants that were never built, <a href="https://www.usatoday.com/story/news/nation/2020/02/07/feds-toby-keith-and-rascal-flatts-restaurants-used-fraud-scheme/4696056002/" target="_blank">the <em>Arizona Republic</em> reports</a>. </p><p>According to a <em>Republic</em> investigation, Capri's company, Boomtown Entertainment, licensed the names of country music stars Toby Keith and Rascal Flatts to establish restaurants at malls. Boomtown built 20 Toby Keith restaurants and made deals to develop more restaurants, which were never built. </p><p>Instead, authorities say Capri and his associates funneled construction money into their own accounts and covered it up using fraudulent paperwork, fabricated contractors, and forged signatures. Nineteen Toby Keith restaurants have closed since 2013, and Boomtown became insolvent. Toby Keith and Rascal Flatts are not implicated in the alleged fraud.</p><p>Capri and his associates face wire fraud, money laundering, and conspiracy charges. Separately, civil court judges have ordered Capri to pay $65 million in civil judgments.</p><h2>Lessons Learned</h2><p>Global studies by the Association of Certified Fraud Examiners (ACFE) have consistently ranked real estate and construction fraud as the second or third most costly frauds in terms of median loss, with estimated average losses of more than $600,000. Construction companies can be both the victims of this type of fraud and the perpetrators. </p><p>ACFE's studies also note that most occupational frauds in all industries were committed by individuals at the employee or managerial level. Most often these individuals work in accounting, operations, sales, and executive management. Not surprisingly, the higher the fraudster's authority level, the greater the losses. Overall, more than half were with their firms or in business relationships for more than five years.</p><p>Capri's alleged fraud encompasses many of the most common types of construction fraud schemes, including:</p><ul><li>False representations.</li><li>Diverting money intended for construction purchases through money laundering and mail fraud.</li><li>Nonpayment of subcontractors and materials suppliers.</li><li>Falsifying payment applications.</li><li>Billing for unperformed work.</li></ul><p><br></p><p>Auditors should not overlook an additional group of fraudulent activities that does not appear as a central part of this story, such as:</p><ul><li>Diverting lump-sum cost to time-and-material costs.</li><li>Substituting or removing materials, usually for lower quality items.</li><li>Manipulating change orders.</li><li>Subcontractor collusion.</li><li>Theft of equipment or tools.</li></ul><p><br></p><p>The need to have a strategy to prevent and detect construction fraud extends to a broad range of individuals and businesses involved in construction projects. These include investors — especially wealthy, famous, and busy investors — lawyers, real estate companies, property developers, and property management companies.<br></p><p>Particularly in the somewhat unusual circumstances of this fraud involving individuals in the entertainment industry, the best way to prevent and detect fraud on a construction project is careful oversight by both the owner/investor and a trusted management team. There are three specific measures auditors and their organizations should take for such projects.<br></p><p><strong>Conduct Due Diligence</strong> When entering into a business relationship and hiring people for a project, especially larger scale national projects, perform research on the individuals' backgrounds, including reference checks. Where warranted, these can be conducted by private investigators. A "wheeler dealer" or anti-controls attitude can be a sign of future fraud trouble.</p><p>Local and established contractors can be better choices to reduce the possibility of fraud. Be well-informed about local market conditions, availability of competition, and bid pricing of comparable projects in the area.</p><p>Also, become familiar with their business structure and the people involved. Many times the people who appear to be primarily involved in the business will have relationships with others, such as subsidiary companies. They may have family members who are trying to conceal who the principal is.</p><p>If the primary investors don't have the time to perform due diligence, they should engage a manager, accountant, compliance officer, or similar professional to do it.</p><p><strong>Ensure Projects Are Monitored Effectively</strong> A designated person, such as a chief compliance officer, should be a communication point between contractors on the project and the investor/owner/management team. This compliance officer should conduct initial investigations as well as ongoing reviews. Continuous monitoring is a simple way to decrease the likelihood of fraud. The compliance officer also should be empowered to conduct periodic audits and be able to review payrolls, invoices, and contracts.</p> <p> <strong>Stay Alert </strong>Fraud occurs when people stop paying attention. Implementing some of these measures early on will help in the long run, but as a baseline action, staying alert can help ward off construction fraud. Litigation costs money, violations can lead to lawsuits and even criminal charges, and a history of fraud can destroy reputations. Always be vigilant! </p>Art Stewart0
The Shady Stockbrokerhttps://iaonline.theiia.org/2020/Pages/The-Shady-Stockbroker.aspxThe Shady Stockbroker<p>​The stockbroker promised his clients a "no lose" investment, but now he is on trial for fraud, <a href="https://www.cbsnews.com/news/former-stockbroker-fired-five-times-goes-on-trial-on-federal-fraud-charges-in-pennsylvania/" target="_blank" style="background-color:#ffffff;">CBS News reports</a>. Prosecutors allege Anthony Diaz sold high-risk, high-fee alternative investments and filed false documents with the U.S. Securities and Exchange Commission (SEC) about clients' suitability to invest in those products. Additionally, the advertised guarantee rates of return were "highly speculative" and tied up clients' money for long periods, court documents allege.</p><p>Diaz is no stranger to controversy. Five brokerage firms have fired him, and he was permanently barred from trading in 2015. The Financial Industry Regulatory Authority (FINRA) ordered Diaz to pay $4 million in damages to former clients two years ago, but the organization says he has not complied.</p><h2>Lessons Learned</h2><p>The stockbroker's alleged illegal activities highlight the importance of investor self-education and awareness, as well as the role of FINRA, the U.S. financial industry's self-regulatory body. FINRA oversees more than 630,000 brokers across the U.S. Its BrokerCheck system — providing information on cases of broker misconduct and illegality — lists several thousand brokers, demonstrating the huge scale of broker misconduct. The cases go back a decade or more.</p><p>While BrokerCheck is a useful tool for investors, FINRA also provides other tools, such as investor education materials, an inventory of disciplinary actions against brokers, and a whistleblower hotline. Here are some suggestions that could help FINRA in its anti-fraud efforts.</p><ul><li>In its For Investors section, <a href="https://www.finra.org/" target="_blank">FINRA's website</a> lists numerous reasons for filing a complaint, such as potential fraud and misrepresentation. However, there is only an "other" category for individuals who want to learn about how to file a complaint and the problems that FINRA may address versus those that the SEC handles. FINRA should make broker fraud and misrepresentation a more explicit category of complaint. Moreover, it should provide more detailed information about how investors can identify these activities.<br><br></li><li>Investors need to be aware of the types of prohibited conduct for brokers, including the kind of illegal activity Diaz is alleged to have committed. However, FINRA's Investor Complaint Center only references this information as "see definitions below." FINRA's website should display this information more prominently within its BrokerCheck, Investor Complaint Center, and Rules and Guidance sections.<br><br></li><li>Broker misrepresentations and falsification of investor credentials and approvals are among the prohibited conduct. FINRA requires brokers to submit this information for monitoring. However, it is less clear what FINRA's monitoring specifically consists of and whether it could be strengthened to help prevent broker fraud.<br><br></li><li>Any strategy to deter fraudulent activity should publicize cases where individuals have been found guilty of fraud. While BrokerCheck provides extensive information regarding individual cases of brokers' prohibited conduct or fraud, FINRA's media center does not mention these cases. FINRA should provide regular updates such as highlighting these cases quarterly or at least annually and linking readers to BrokerCheck for more information. These updates also would be an opportunity for FINRA to summarize trends, including cases where judgments and awards occurred, as well as cases that were settled, withdrawn, or denied.<br><br></li><li>The SEC should consider what it might do to strengthen rules and requirements over FINRA's self-regulatory efforts. Specifically, the SEC should require much greater transparency and disclosure of fraud cases, including names and details.<br><br></li><li>In 2017, FINRA launched FINRA 360, a "comprehensive self-evaluation and organizational improvement initiative." Part of that initiative brings together two distinct enforcement teams. The first team comprises the surveillance and examination programs that handle disciplinary actions related to trading-based matters. The second team deals with cases referred from other regulatory oversight divisions, including Advertising Regulation, Corporate Financing, Member Regulation, and the Office of Fraud Detection and Market Intelligence. Some of the previous suggestions may help this integration to better fight fraud.<br></li></ul>Art Stewart0
Running on Emptyhttps://iaonline.theiia.org/2019/Pages/Running-on-Empty.aspxRunning on Empty<p>​At the end of the third business quarter, Sten Lepp, the chief audit executive at NorthStar Energy Corp., received an email from the head of sales, Henry Klassen:</p><p><em>“For your information, on the 8th of July, we discovered that a salesperson, Andy Pine, used standard consumption graphs for certain customers instead of the customers’ actual consumption history. Thus, sales to those clients were made with wrong assumptions. As soon as we discovered the manipulation, I had Pine write an explanatory letter and sent him home. We are processing termination documents, and I intend to deduct sales bonuses from his last paycheck to recoup monies. I am truly sorry for the incident. As a manager, it is difficult when a team member breaches trust.”</em></p><p>After reading the email, Lepp wanted to better understand exactly how the salesperson manipulated sales. How had such a standardized business process become so trust-based? The email looked like an attempt to sweep the matter under the rug as quickly as possible, so Lepp initiated an internal investigation.</p><table cellspacing="0" width="100%" class="ms-rteTable-default"><tbody><tr><td class="ms-rteTable-default" style="width:100%;"><strong>​Lessons Learned</strong><br> <style> p.p1 { text-indent:-12.0px; line-height:12.0px; font:9.0px 'Interstate Light'; } span.s1 { letter-spacing:-0.1px; } </style> <ul><li>Don’t jump to conclusions. Just because the prime suspect was no longer with the company and Klassen assured everyone that the incident had been taken care of doesn’t mean there isn’t much to investigate. When beginning an investigation, avoid assessments and conclusions early on and keep an open mind.  </li><li>Use professional skepticism, instead of falling victim to truth bias, which is people wanting to believe what they see or hear. The investigators first interviewed Klassen, who was cooperative and ready to explain the sales process and fraud scheme. While the chief investigator then compiled a summary of Pine’s deeds, the effective resolution, and the incident’s low impact, the other investigation team member decided to talk to the portfolio analyst. By talking to the analyst, the investigator learned that Klassen was not telling the truth and that the loss from those contracts was more substantial than a single person’s bonuses. The analyst also revealed that Pine and Klassen were close friends. </li><li>Have a thorough investigation plan. List all employees to be interviewed and in what order. Never start with those who could potentially be main suspects. Had the auditor not decided on her own to talk to the portfolio analyst, he never would have discovered that Klassen was less than truthful. Make sure investigation steps and responsibilities are listed, as well as what evidence is most likely needed. Agree ahead of time on communication channels and frequency, where evidence is stored and how it is indexed, and set and monitor deadlines for each step of the investigation.</li><li>Understand business context. Klassen succeeded in undermining the impact of the fraud because he focused everybody’s attention on bonuses overpaid to a single salesperson rather than the lack of controls withinin the sales system. If you are not familiar with the business, step back to read through manuals and related procedures, and interview employees.  </li><li>Conduct due diligence by preserving evidence. The decision to turn the case over to law enforcement may be reached several months later, but the evidence should still be available and the chain of custody must be clear. </li></ul><br></td></tr></tbody></table><p>The pricing strategy for each customer was based on the customer’s profile. One of the inputs that shaped the profile was the customer’s historical energy consumption data, which was used to project future consumption patterns. The pricing model then calculated the minimum selling price, allowing the salesperson to add a margin to that price while maintaining customer relations. This margin was shared between the salesperson and the company, and the salesperson’s bonus was a percentage of the added margin. </p><p>In the previous year, energy market prices increased, resulting in a higher precalculated base selling price. Most of the sales team was struggling to add every cent to the sales margin without customers complaining about the cost increases. Pine, however, completed contracts and bragged about his bonuses. His colleagues grew curious, but no one dared to ask Klassen because of his close friendship with Pine. Their chance came when Klassen left for a scheduled vacation and Helina Saar, a recent hire, came in as his temporary replacement. </p><p>When the other salespeople approached Saar about the discrepancies in bonuses, she accessed Pine’s portfolio in the sales system and found that he used creative solutions to ensure his bonuses while his co-workers struggled. Specifically, he changed the presumably unchangeable — the customer’s profile. He manually changed inputs to the pricing model in the sales system. Instead of using the customer’s real historic consumption data, Pine entered the customer’s consumption as a single value, so the system disregarded real consumption patterns and distributed consumption equally, calculating lower base prices. Lower base prices allowed Pine to add the desired margin and receive a larger bonus from each sale. </p><p>Saar talked about her findings with the portfolio analyst responsible for monthly sales results reporting, who then approached her supervisor to confirm the findings. The supervisor waited until Klassen returned from his vacation and informed him about Pine’s contracts. Klassen had no choice but to fire Pine. </p><p>The investigation unveiled several key findings:</p><ul><li>The sales process manual had not been reviewed for more than five years, and actual practices deviated substantially. There were no controls or monitoring from the head of sales or anyone else.</li><li>No attention was paid to the development of the sales information system. As a result, IT controls were not performing as intended and could be easily overridden with no one noticing.</li><li>Bonuses were paid out immediately based on forecasted revenues, and actual execution of sales contracts were not monitored, which invited fraudulent behavior from sales personnel.</li><li>Klassen and Pine owned and ran an online retail business together. Though it was in an unrelated business sector and did not breach NorthStar’s code of conduct, the investigation found that they took care of their affairs during business hours. Therefore, Klassen was paying little attention to what was going on in the sales unit.</li></ul><p><br>NorthStar, of course, suffered losses from such deals as it will have to cover energy costs from the customers’ real consumption patterns.</p><p>As a result, the company completely restructured the sales process, supporting information system, and bonus principles; contacted law enforcement; reviewed whistleblowing channel effectiveness; and fired Klassen.  </p><style> p.p1 { line-height:12.0px; } p.p2 { line-height:12.0px; } p.p3 { text-indent:18.0px; line-height:12.0px; } p.p4 { text-indent:-12.0px; line-height:12.0px; } p.p5 { text-indent:9.0px; line-height:12.0px; min-height:11.0px; } p.p6 { line-height:9.0px; font:8.0px 'Interstate Light'; } span.s1 { letter-spacing:-0.1px; } span.s2 { letter-spacing:0.1px; } span.s3 { font:8.0px Interstate; letter-spacing:-0.1px; } </style>Anna Kon1

  • IIA GRC_July 2020_Premium 1
  • AuditBoard_July 2020_Premium 2
  • IDEA_July 2020_Premium 3