Fraud Awareness, Detection, and Deterrence Corporation for Public Broadcasting Office of Inspector General June 2016 The CPB/OIG was created by Congress in 1988 to promote the efficiency, effectiveness, and integrity of CPB by conducting audits, investigations, and other evaluations of CPB initiatives and operations. To report potential fraud, waste, or abuse in CPB initiatives and operations, please call 800-599-2170 or go to www.cpb.org/oig/contact.php

Purpose

1. Become aware of the fraud threat to your organization 2. Learn ways to detect it 3. Learn methods to deter it

CPB/OIG June 2016

2

Sources The Fraud Resistant Organization, Tools, Traits, and Techniques to Deter and Detect Financial reporting Fraud, Anti-Fraud Collaboration (AFC) - formed in 2010 by Center for Audit Quality, Financial Executives International, Institute of Internal Auditors, and National Association of Corporate Directors - focuses on financial reporting fraud Report to the Nations on Occupational Fraud and Abuse, 2014 Global Fraud Study, Association of Certified Fraud Examiners (ACFE) - focuses on fraud by employees against their employers as reported in 1483 cases Washington Post (WP), fall 2013, investigative series of fraud in nonprofits > 1000 form 990s from 2011 reporting diversions over $250,000 CPB/OIG June 2016

3

1. Fraud threat

CPB/OIG June 2016

4

Fraud threat/definition What is fraud? “Fraud involves obtaining something of value through willful misrepresentation” Government Auditing Standards, § 6.30.

CPB/OIG June 2016

5

Fraud threat/triangle Fraud triangle • Opportunity (lax internal controls, “rubber stamp” approvals, no oversight)

• Rationalization (undercompensated, not treated fairly)

• Pressure (personal debt, family issues, unrealistic performance expectations)

Sources: AFC, ACFE CPB/OIG June 2016

6

Fraud threat/frequency How much fraud is there? No one knows Estimate: 5% (ACFE)

CPB/OIG June 2016

7

Fraud threat/non-profits How much fraud in non-profits? • Diversions reported to IRS: 285 nonprofits, $170 m. loss (2009) >1000 nonprofits (2011) • 11% of occupational fraud cases reported to ACFE (2014) • Destroys public’s trust & support

Source: WP, ACFE CPB/OIG June 2016

8

Fraud threat/non-profits

• Oral Suer, former chief of National Capital Area United Way (local United Way) – – – – –

Pleaded guilty to defrauding almost $500,000 over 6-7 year period Charged for personal expenses & travel Paid himself $333,000 for annual leave he had already used Siphoned $94,000 extra from pension plan Sentenced to 27 months

CPB/OIG June 2016

9

Fraud threat/non-profits • Impact on organization – 2001 revenue: $90,000,000 – 2002 revenue: $19,000,000 (Suer was caught in 2002)

CPB/OIG June 2016

10

Fraud threat/non-profits Specific nonprofit vulnerabilities • Oversight thinner, staff limited • Control structures weaker • Supervisors more trusting of staff committed to mission Small entities ( $130,000 over 4 yrs. Sentence: 14 months prison, 2 years supervised release, + $141,469 restitution CPB/OIG June 2016

14

Fraud threat/schemes

2) Corruption (37%) • conflicts of interest (purchasing/sales schemes) • bribery (invoice kickbacks, bid rigging) • illegal gratuities

Source: ACFE CPB/OIG June 2016

15

Fraud threat/schemes 3) Financial statement fraud (9%) (least frequent occupational fraud; in highest loss, $1 m.) • Overstatement or understatement of assets/revenues/liabilities (improper valuations/disclosures, fictitious revenues, concealed/understated liabilities)

Source: ACFE CPB/OIG June 2016

16

Fraud threat/penalties

Federal criminal penalties (title 18 U.S.C.) • • • • •

false claims and conspiracy to defraud re claims (§§ 286-87) conspiracy (§ 371) theft of public funds (§ 641) false statements (§ 1001) mail and wire fraud (§§ 1241/43)

CPB/OIG June 2016

17

Fraud threat/penalties Federal civil penalties False Claims Act (31 U.S.C. §§ 3729-33) • knowingly presenting false claims to the government • deliberate ignorance or reckless disregard of the truth • treble damages plus $5-11,000 penalty for each false claim

CPB/OIG June 2016

18

Fraud threat/penalties

False Claims Act applies to CSG certifications to CPB Grantee must annually certify its compliance with the General Provisions and Eligibility Criteria and “improper certification may result in penalties under the False Claims Act.” CPB Annual General Provisions and Eligibility Criteria for Radio and Television, § 4.C.

CPB/OIG June 2016

19

Fraud threat/penalties CSG applicant “represents and warrants:” (1) That the information contained in this Application, Certification of Eligibility, and its financial report for FY 2013 are true and accurate. (2) That Applicant recognizes any false information may subject Applicant to penalties under the Federal False Claims Act,… CPB FY2015 TV CSG Legal Agreement, II.E.

Station and licensee officials sign this document CPB/OIG June 2016

20

Fraud threat/fraudsters

Who commits fraud? Can be anybody

CPB/OIG June 2016

21

Fraud threat/fraudsters John Valenta, college public radio station engineer - internal audit revealed abnormally large number of invoices from Valenta’s company - submitted false invoices for work not performed and merchandise not delivered - previously pled guilty to similar activity at another college radio station & sentenced to 2 yrs. probation + $11,270 restitution - now charged with felony theft Take: allegedly >$200,000 over 7 years

CPB/OIG June 2016

22

Fraud threat/fraudsters Most frequent occupational fraudsters • Men (67%) • Employees (42%) • Age 31-45 (52%) • In the accounting department (17%) • 1-5 years with employer (41%) • Never previously punished or terminated (82%) or criminally charged (87%) Source: ACFE CPB/OIG June 2016

23

2. Fraud Detection

CPB/OIG June 2016

24

Fraud detection How was occupational fraud detected? • Most often: tips (42%) (management review was second at 16%) • Less often: external audits (3%) (even worse than by accident at 7%) Source: ACFE CPB/OIG June 2016

25

Fraud detection You cannot rely on external audit to detect fraud • Auditor must plan and perform audit to obtain “reasonable assurance” whether financial statements are “free of material misstatement.” AU 316.01 • However, such an audit “provides no assurance that illegal acts will be detected.” AU 317.07

CPB/OIG June 2016

26

Fraud detection Proactive measures – shortest fraud duration/lowest loss • Hotlines – tips from employees best source in both occupational and financial statement fraud • Employee monitoring • Account reconciliation • IT controls • Internal audits • Management reviews Sources: ACFE, AFC CPB/OIG June 2016

27

Fraud detection Employee red flags • • • • •

Living beyond means (44%) Financial difficulties (33%) Unusually close relationship with vendor (21%) Control issues/unwilling to share duties (21%) Wheeler-dealer attitude (18%)

Source: ACFE CPB/OIG June 2016

28

Fraud detection Organizational red flags • Lax tone “tone at the top” • Lack of policies and procedures • Lack of internal controls, e.g. – segregation of duties – management reviews – timely reconciliation of bank accounts and non-integrated operating systems (e.g., membership or underwriting subsystems) • Common practice to override controls CPB/OIG June 2016

29

Fraud detection More organizational red flags • Duplicate or out-of-sequence checks • Cancelled checks with different font or ink from normal • Non-payroll checks issued to employees • Unusual payments to vendors (amounts, timing, duplicate/over payments) • Invoices for unusual goods/services • Invoices not professional or lack information (description of goods/services, invoice no., contact information) CPB/OIG June 2016

30

Fraud detection Christopher C. Morris, finance director, public video distribution entity • Forged company endorsement • Deposited into his personal account 200 checks made out to entity from customers buying products • Company’s insurer suing bank for negligence Take: allegedly > $2 m. Source: Boston Globe, 9/25/14 CPB/OIG June 2016

31

3. Fraud deterrence

CPB/OIG June 2016

32

Fraud deterrence

Threat of detection is one of the most powerful deterrents.

Source: AFC, ACFE CPB/OIG June 2016

33

Fraud deterrence

1) Exercise healthy skepticism 2) Establish culture of honesty and integrity 3) Ensure communication among all involved in financial chain

Source: AFC CPB/OIG June 2016

34

Fraud deterrence 1) Exercise healthy skepticism – balanced inquiry • • • •

Questioning mind – disposition to inquiry Suspension of judgment – wait for the evidence Search for knowledge – investigate beyond the obvious Interpersonal understanding – recognizing peoples’ motivations & perceptions can lead to biased information • Autonomy – self-direction, independence, conviction to decide for yourself • Self-esteem – self-confidence to challenge assumptions

Source: AFC CPB/OIG June 2016

35

Fraud deterrence 2) Establish a culture of honesty and integrity "tone at the top, mood in the middle, buzz at the bottom” • Establish and reinforce a code of conduct • Establish and reinforce internal controls • Provide fraud training for all employees and managers, emphasize behavior and organizational red flags • Encourage reporting suspicious activities, establish hotline Source: AFC CPB/OIG June 2016

36

Fraud deterrence

3) Ensure communication among all involved in financial chain • Communication between managers and employees • Keep board, audit committee, and auditors informed • Conduct a fraud risk assessment

Source: AFC CPB/OIG June 2016

37

4. Lessons from cases

38

Lessons from cases • Oral Suer, former chief of National Capital Area United Way (local United Way) – Use a variety of expense & payroll schemes & claimed excessive leave – Pleaded guilty to defrauding almost $500,000 over 6-7 year period – Paid himself $333,000 for annual leave he had already used – Siphoned $94,000 extra from pension plan CPB/OIG June 2016

39

Lessons from cases • To detect/deter payroll schemes – Review leave usage for compliance with policy – Supervisor review & approve time cards

• To detect/deter expense schemes – Review & analyze detailed expenses claimed against authorizations & supported by required receipts – Expenses claimed within specified limits (e.g., per diem, lodging, mileage) – Random authentication of receipts/invoices with vendor – Supervisory review & approval CPB/OIG June 2016

40

Lessons from cases Gail Waymire, finance manager, public TV station • Used a variety of payroll, expense, and purchasing/billing schemes to steal more than over $130,000 over 4 years: • Created false invoices • Recorded payments for equipment not purchased • Inflated payroll amounts & sales commissions • Created false ledger items for supplies and building maintenance

CPB/OIG June 2016

41

Lessons from cases • To detect/deter payroll schemes – Are personnel records independent from payroll & timekeeping – Compare personnel & payroll records to check for terminations – Are additional levels of management approval required for changes to employee salaries – Must overtime be approved by a supervisor – Are commission expenses compared to sales figures for verification (underwriting) – Does someone separate from sales/underwriting department calculate commissions CPB/OIG June 2016

42

Lessons from cases • To detect purchasing/billing schemes – – – – – –

Are purchasing & payment departments separate Management approval required for purchases (limits) Purchase orders specific (e.g., items, quantities, prices, and dates) Master vendor file reviewed for unusual vendors/addresses Competitive bids required Does receiving department report all items received, maintain a log, & provide receipts to accounting & purchasing departments – Are purchasing & receiving separated from invoice processing, acounts payable, & general ledger – Are controls in place to check for duplicate invoices & purchase orders CPB/OIG June 2016

43

Lessons from cases

John Valenta, college public radio station engineer • operated at the station for a number of years & used a number of purchasing & expense schemes • undisclosed conflict of interest • allegedly stole over $200,000 over 7 years

CPB/OIG June 2016

44

Lessons from cases • To detect/deter conflict of interest schemes – Compare vendor info with employee info (e.g., addresses, phone numbers, email accounts) – Do employees file disclosure statements of their financial/business interests – Code of ethics requiring disclosure of potential conflicts – Code of ethics prohibiting business with former employees

CPB/OIG June 2016

45

Lessons from cases

Christopher C. Morris, finance director, public video distribution entity • Allegedly stole more than $2 m. through a skimming scheme

CPB/OIG June 2016

46

Lessons from cases • To detect/deter skimming schemes – Is there segregation of duties for opening the mail, preparing deposit slips, making deposits, & recording receipts in the accounting system – Does employee who opens mail place restrictive endorsements on all checks received & record all receipts – Does employee who makes deposits reconcile deposit slips to receipts log – Are employees who handle funds bonded/insured – Is there job or assignment rotation for employees or volunteers who handle cash receipts & accounting responsibilities – Is there a policy/procedure for delinquent accounts – Supervisory review of write-offs CPB/OIG June 2016

47

Lessons from cases • Similar issues may arise at fundraising events, especially if cash is handled • To detect/deter cash larceny schemes – Are all contributions recorded (cash/checks/credit cards) & receipts given to donors – Are cash/check/credit cards receipts reconciled to receipt log and deposit slips – Are cash/check/credit card receipts counted & verified by 2 people – Is there separation of duties for depositing receipts, receiving cash/checks/credit cards, & recording receipts in accounting systems CPB/OIG June 2016

48

Take aways • Trust is important but not an internal control; establish controls & procedures (checks & balances) rather than solely relying on trust • Clearly define who is responsible for what & write it down • Have segregation of duties & physical controls (lock it up) • Institute a fraud policy – no tolerance & prompt action • Establish a hotline for tips & protect those who provide info • Call CPB/OIG if you identify something suspicious CPB/OIG June 2016

49

How to contact OIG hotline • http://www.cpb.org/oig/contact.php – online complaint form • 202-879-9728 or 800-599-2170 – telephone • 202-879-9699 – fax • [email protected] – email • Corporation for Public Broadcasting Office of Inspector General 401 Ninth Street, NW Washington, DC 20004-2129 CPB/OIG June 2016

50

Other fraud resources American Institute of Certified Public Accountants (AICPA) – www.aicpa.org sells publications on fraud & fraud investigations Institute of Internal Auditors Association of Certified Fraud Examiners (ACFE) – www.cfenet.com & www.fraudinfo.com ACFE Fraud Prevention Checkup, http://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/F raud_Prev_Checkup_DL.pdf CPB/OIG June 2016

51

How to contact OIG speakers • OIG Office – 202-879-9669 • Mary Mitchelson Inspector General

[email protected]

• William Richardson Deputy Inspector General

[email protected]

• Helen Mollick IG Counsel, Asst. IG for Investigations [email protected]

CPB/OIG June 2016

52