Tuesday, November 26, 2013

Here We Go Again - Md. Woman Accused of Embezzling $5.1 Million


This one made the front page of the Washington Post (November 25, 2013) and ties in with the recent blog post on Fraud in Non Profit organizations. Key takeaways from this case:
  • Employee registered trade names and opened bank account that closely resembled legitimate vendors of the association
  • Employee had ability to generate false invoices and approved them for payment (inadequate segregation of duties)
  • When the checks were prepared she had them returned to her rather than sending them to the vendors
  • The employee had worked for the association for more than 10 years (long time trusted employee)
  • Started small with submitting false bills for registration fees for conferences (T&E fraud)
  • Well respected in the community by donating wedding gowns to military brides
This is a classic case of fraud with all the earmarks of other schemes employed by multitudes of other fraudsters. Clearly there is not much new in fraud schemes and the continued ignorance and avoidance by managers contributes to these situations. As long as managers do not take a proactive approach in detecting and preventing fraud by educating all employees, enforcing a zero tolerance policy, and accepting their management responsibility for establishing internal controls, fraud will continue unabated. 

Jim Kaplan
President and CEO 
AuditNet LLC
www.auditnet.org



Monday, November 25, 2013

Passing the Buck - Fraud at Non Profits

Another example of how non profit organizations cover up fraud by letting the fraudster off with restitution and dismissal. By allowing a fraudster to repay an embezzlement with an agreement for repaying the ill-gotten funds and then terminating their employment without criminal prosecution is a poor excuse for preventing occupational fraud. These terminated employees then go out and find another position at other non profits and often repeat their behavior. Once a fraudster escapes prosecution without any criminal record they pass their problem onto the next employer.

According to the follow up report in the Washington Post on November 24, 2013, an investigation of a fraud at the Progressive Policy Institute revealed that the officials did not call the police or alert donors of the incident. Instead they agreed to forgo legal action in exchange for restitution. The manager who embezzled the funds went on to work for nonprofit and political groups in Florida, serving as a finance director at one. Shame on the managers who agreed to settle so they could hide the fraud from the public and donors.

On the issue of occupational fraud organizations must have a zero tolerance policy and take all action necessary to prevent the fraudster from repeating their behavior and putting subsequent employers at risk. If organizations fail to do this then they are not performing the due diligence that is required for ethical behavior

Tuesday, November 12, 2013

Fraud Raised it's Head Again in Public Schools

We see continuing evidence of fraud in all types of organization including not for profits. corporations, government and yes, even in public schools. Today in the Metro section of the Washington Post there is an article  Fairfax school officials charged with embezzlement and money laundering. As a former Director of Internal Audit for Fairfax County Public Schools I repeatedly reported to the Superintendent about the lack of internal controls over educational staff. This particular embezzlement involved falsifying timesheets for personal gain. The Virginia State Department of Education requires public schools to regularly audit school activity funds administered by principals. As part of that audit the independent contracted CPA firm must conduct an evaluation of internal controls. During my tenure I reviewed the reports issued by the contracted CPA firm and found that control findings (comments) repeated from year to year with no changes or improvements. Internal auditors in public schools have a difficult task in that educators rarely place a high priority on fiscal oversight. Additionally there is a reluctance on the part of public officials to broadcast when fraud occurs as well as not pursuing criminal action or recovery of the ill-gotten gains.

The statement made by a school representative reinforces and sets the stage for leniency on the part of public officials when fraud is found:

Calling the matter tragic, Sandy Evans, the School Board member for Poe’s area, said Swansbrough “has been terrific” and was a warm, well-liked principal who “cares deeply” about Poe’s students. Evans said she wanted to hear the principal’s side.

Here again is an opportunity to report the embezzlement by adding the amounts stolen to the fraudsters tax reporting requirement by issuing a 1099 Misc. 

Monday, November 4, 2013

Why the Dead Get Government Checks

Agencies can't reliably tell who's alive so the checks keep coming.

This is not a new issue but apparently one that journalists resurrect from time to time. Auditors at GAO and other Federal Agencies have known of this issue for decades.  I recall attending a training session for IDEA software, an audit data analytic tool, in the 1990's. Auditors from GAO were in attendance and they referenced testing that they were doing where they matched their retiree database to the Death Index, a Social Security database of deceased persons to identify deceased retirees who were still receiving pensions.  State and local governments could request the Death Index from Social Security for a fee to run the same test on retiree data. Private companies could also subscribe to the index.

This type of testing is becoming a standard in many organizations as it allows the auditors to test large databases using automated techniques to identify anomalies in the data. The tests can be set up to automatically run against current data as a first step in detecting fraud and errors in systems.  The caveat in running these tests is the accuracy of the databases. If the Death Index includes names and social security numbers of those who are not dead then auditors must tread carefully in order to not reach erroneous conclusions.

The Washington Post article includes cases where relatives of deceased individuals collected social security and other benefits long after the beneficary had passed away. The sentences imposed on these individuals seemed rather light reinforcing the axiom that fraud does pay. I wonder if the federal government issued 1099-Misc for individuals that received these ill-gotten funds. Seems like another instance of fraud where the IRS could use the tax code to impose criminal and civil penalties.

The system for reporting deceased persons must be fixed. There should be reporting standards for federal, state and local governments. These systems must incorporate data from funeral homes, hospitals and other reporting entities.

Perhaps it was much easier in days past when we had more personal interaction. In the current environment much of our financial transactions take place without any personal or face to face contact. Electronic payments, online benefit applications and more have meant that we must rely on technology tools for internal controls. It is time that the federal government invests in technology to identify when things go awry.

Until these systems are fixed we will continue to see individuals that see the holes and take advantage of them at the expense of the taxpayer.

JK November 2013

Saturday, November 2, 2013

Reporting Fraud in Non Profit Entities - Congress and Attorney Generals are Shocked

Dateline Sunday November 2, 2013 Washington Post
Congress promises multiple investigations of possible wrongdoing at charities

In an ironic twist lawmakers and attorney generals expressed surprise and shock that non profit entities fail to report and follow up on fraudulent activity. When reading the article I had a mental picture of ostriches with their heads stuck in the ground.

The Association of Certified Fraud Examiners issues a biannual Report to the Nations on Occupational Fraud and Abuse. The report includes not-for-profits and clearly shows that fraud exists in these organizations. Perhaps what is more shocking is that while non profits must report misconduct or wrongdoing there is no equivalent reporting requirement on the part of for profit organizations. Shouldn't shareholders and the public have the right to know when companies they invest in or do business with experience frauds? One of the reasons why organizations whether for profit or not for profit are reluctant to report fraud is that it casts a shadow over management and it's ability to establish the proper controls. There are laws on the books protecting whistle blowers but the truth of the matter is that most frauds go undetected and not reported due to management concern about adverse publicity.

Perhaps corporate tax returns should include a similar disclosure requirement that applies to non profits. Frauds have a potential adverse impact on business continuity in for profit organizations. The cost of fraud in for profit businesses is viewed as a cost of doing business and is passed on the consumer. Frauds reduce the amount of money that non profits can use to provide services and drive the cost of products and services up in for profit organizations.

It is time that taxpayers, shareholders, regulators, politicians, and philanthropic donors paid attention to fraud in organizations that we have a stake in. Perhaps we need a campaign for fraud similar to that for terrorism: If you see something - say something! Report Fraud, Waste and Abuse and make fraudsters pay!

We welcome your feedback and comments and suggestions on how we can raise a debate on the issue of occupational fraud!