A University of Kentucky professor has resigned his position after an audit discovered he had misused more than US$400,000 of the university's money, according to
a report by WKYT-TV in Lexington, Ky. Following up on a student whistleblower's report in September 2013, auditors allege that mining engineering professor Dongping "Daniel" Tao had double billed the university for travel and other expenses between 2008 and 2013, and frequently required graduate students to work exclusively on the professor's private consulting projects. "Graduate students are supposed to work on prescribed activities like research grants and contracts," university spokesman Jay Blanton said. The university has turned the materials used in its audit over to law enforcement authorities for review.
Appended to this story is a rather lengthy list of actions that the University of Kentucky has planned or implemented to avoid a similar re-occurrence of the kind of fraud committed by one of its faculty members. While commendable, it is frequently unclear what some actions of this type are designed to accomplish and whether they correlate to what I consider to be a core set of anti-fraud measures that academic institutions should seriously undertake. These include:
Conduct a tailored, comprehensive fraud risk assessment.
Conventional audit plans and engagements are useful, but insufficient to address the serious fraud risks and threats academic and not-for-profit organizations face in particular. These include diverse revenue/funding sources, multifaceted relationships with outside organizations with diverse mandates, the widely varying backgrounds of both professors and students, the ethical climate of the academic institution, and the state of its internal controls. Too often when organizations are confronted by a single major incidence of fraud, they react by taking actions to address that one event. Instead, they should take a deeper look at where they are exposed to fraud risks — and where in reality they have occurred.
Establish a balanced code of conduct covering
all of the academic institution's members.
Frequently, we see an overemphasis of prohibitions and measures designed to prevent and detect academic fraud of the type committed by students, and less emphasis and specificity about the kinds of fraud committed by academic staff members, as in this case. More specifically, both students and academics can be educated on and asked to sign a code of conduct that, for example, prescribes which kinds of work can be accepted both on and off campus — and under what circumstances — as well as provides guidelines for related compensation. This is much easier now that communications and consent forms are managed electronically. Academic instructors in particular should be governed and consent to following rules regarding their off-campus activities, including the use and compensation of students. It's a small but justifiable step that does not impinge on academic freedom or the pursuit of private business interests.
Control, but resist the temptation to over-control.
Academic institutions are likely to have in place substantive financial approval and monitoring requirements, including double signatures and segregation-of-duties rules, post verification, and cyclical audit processes. Yes, original receipts should continue to be required and scrutinized, which can help prevent double billing. But, adding much more to this may inevitably increase organizational costs, and compliance disincentives. Perhaps another way to improve deterrence and detection of financial fraud is to increase the level of cooperation and information sharing among employers and regulators, including the U.S. Internal Revenue Service, about the types of risks and fraudulent activity that academic institutions face.
Institute and monitor a strong compliance program.
This program needs to include effective means to report concerns and violations, such as a whistleblower hotline (both for students and academics). It also must address meaningful discipline for violation of the code of conduct policy — something that wasn't mentioned in the article about the University of Kentucky case. Reputational embarrassment for the institution should not be an impediment to aggressively investigating and dealing with the consequences of fraudulent activity as a deterrent to others.