Introductions • Raina Rose Tagle • Partner and National Practice Leader, • Baker Tilly • Higher Education • Adrienne Larmett • Senior Consultant, • Baker Tilly • Higher Education
Agenda • Objectives • Understand fraud as defined by the False Claims Act (FCA) • Define warning signs and red flags • Learn from examples of fraud and noncompliance • Appreciate the impact of fraud • Detect, investigate, and monitor fraud • Adopt standards and procedures for fraud and compliance policy creation and enforcement
Background • Fraud occurs in all industries, and universities and research institutions are no exception. In addition, economic downturns raise the potential for fraud. Combine these with the facts that research activity brings an ever-expanding, complex set of regulatory requirements and sponsor expectations, that research institutions are facing a higher level of scrutiny than ever before, and recent examples of fraud and misuse demonstrate the concerns for research institutions. It becomes clear that every employee needs to understand the basics of why fraud occurs and how s/he can help prevent or detect it.
Key Construction Activities Understanding Fraud
Understanding Fraud • The Federal False Claims Act (FCA) defines fraud as: • Knowingly presenting or causing to be presented to the federal government (or agent or employee of the federal government) a false or fraudulent claim for payment or approval; • Knowingly making, using or causing to be made or used, a false record or statement to have a false or fraudulent claim paid or approved by the federal government; and • Conspiring to defraud the federal government by having a false claim allowed or paid.
Understanding Fraud (Cont.) • In its 2012 Report to the Nation on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners (ACFE) ranked higher education as the fifth most likely industry to experience employee fraud (of 23). 1 • 1The Association of Certified Fraud Examiners (ACFE), 2012 Report to the Nation on Occupational Fraud and Abuse
Understanding Fraud (Cont.) • How can it impact your institution? • The term “fraud” can refer to any false representation of a matter of fact. In the research world, this can take many forms, both financial and nonfinancial. Common types of fraud in research administration and examples of each include: Fraud in research can result in decreased federal funding, lengthy litigation, and ruined reputations and credibility. Learning how recognize and act upon fraud can help mitigate risk to your institution.
Understanding Fraud (Cont.) • Three elements of fraud have to be present in order for the perpetrator to be successful. Organizations should understand that while they have little control over the pressure a perpetrator may feel or their ability to rationalize their actions, management can mitigate fraud by minimizing the opportunity for it to occur. • Financial need • Addictive behavior • Pressure of non performance • Sense of revenge or disloyalty towards the organization or colleagues • Everybody else is doing it and nobody gets caught • Access to sensitive information • Confidence of not getting caught
Understanding Fraud (Cont.) Economic downturns increase our risk of fraud. Decreases in pay, reductions in employee headcount and internal controls, as well as diminished morale, are just a few factors that can open the door to fraud in a down market.
Key Construction Activities Warning Signs and Red Flags
Warning Signs and Red Flags (Cont.) • Unusual Behavior • Refusing to take vacation • Irritability or defensiveness • Complaining about the institution (e.g., inadequate pay, organizational pressure to obtain funding) to a greater extent than typical • Control issues or an unwillingness to share duties or information • Uncommon Relationships • Close or personal association with a vendor or subcontractor • Unusually close or personal relationship with an employee • Close relationship with a private funding group • Undisclosed conflicts of interest • Motivating Factors for Fraud • High personal debt • Divorce or family problems • Lifestyle Changes • Change in schedule (e.g., arriving early and leaving late when the individual previously worked a steady eight-hour day) • Sudden alteration of or maintaining a standard of living that does not match the individual’s position (e.g., simultaneous purchases of expensive items) • Employee complaints • Bullying behavior by a principal investigator • Claims of unfair pay or uncompensated overtime • Accusations of favoritism
Warning Signs and Red Flags (Cont.) Irregular or Inaccurate Documentation The most concrete set of signs involves the documentation that you likely review in the course of your work. The following are specific areas where fraud frequently occurs, and some signals that may warn you to dig deeper: Subcontracts, Independent Contractors, and Consultants • Executed agreements without workplans, budgets, or budget justifications • Large payment amounts to individuals, with or without a contract • Questionable methods of payment (e.g., wiring payments, unusual billing addresses) • Familial ties or other potential conflicts of interest (e.g., a researcher who subcontracts work to a biotech company he happens to invest in or own) Procurement Cards, Procurement, and Purchasing • Purchases of a personal nature • Changes in spending patterns • Lack of segregation of duties (e.g., a procurement cardholder is also the reviewer and approver of expenses) • Lack of documentation or business support for purchases (e.g., missing receipts, copied or scanned documents, handwritten receipts)
Warning Signs and Red Flags (Cont.) Research Subject Payments (e.g., Petty Cash, Gift Cards) • Poor documentation of research subject payments (e.g., questionable or missing receipts from subjects, payments made to individuals not otherwise documented as part of the research) • Subjects paid in cash when standard institutional practice is to pay with gift cards or vice versa • Large amount of cash on hand with weak physical safeguards • Petty cash box that does not match log of receipts, or that requires replenishment more frequently than normal Travel Advances, Travel, and Expense Reimbursements • Unauthorized travel or deviations in authorized travel plans • Travel expenses in excess of authorized amounts • Expenses or activities that violate university policy • Missing, copied, or handwritten receipts • Lack of segregation of duties (e.g., the individual traveling is also approving his/her travel and expense reimbursements)
Warning Signs and Red Flags (Cont.) Stipends, Salaries, and “Ghost” Employees (e.g., student, Part Time, and Temporary Workers) • Wages paid not supported by time sheets • Hours clocked in excess of agreed or approved work schedules • Number of workers in excess of budget justification or scope • Student employees working greater than expected number of hours • Signs of inaccurate effort reporting (e.g., salary charged not commensurate with research completed per technical reports, 100% of salary charged to sponsored projects when the individual also performs teaching or administrative duties)
Key Construction Activities Examples of Fraud and Noncompliance
Examples of Fraud and Noncompliance • University of Georgia • June 2012; Rebecca Adams Hill, a former business manager of the UG Carl Vinson Institute of Government, embezzled nearly $220,000 from March 2005-September 2009. Hill abused the university’s reimbursement system by submitting fraudulent expenses for supplies purportedly purchased with personal funds. Hill was sentenced to 20 years in prison and ordered to repay $219,795 in restitution. Hill employee had worked at the university for 30 years. • Kansas City University of Medicine & BiosciencesMarch 2011; Karen L. Peltz, former President, CEO and Trustee, accused of embezzling more than $1.5 million over a 5 year period. Peltz allegedly engaged in a variety of fraudulent reimbursement schemes, including receiving additional compensation.
Examples of Fraud and Noncompliance (Cont.) • Columbia UniversityNovember 2010; George Castro, formerly affiliated with the university in some undisclosed manner, charged with embezzling $4.5 million over a several month period. Castro manipulated university accounts and caused electronic funds transfers to accounts he controlled under the name of an apparent vendor. • Iona CollegeOctober 2010; Sister Marie E. Thornton, former vice president of finance, charged with and ultimately plead guilty to embezzling $1.2 million. Thornton, who reportedly had a gambling problem, issued college checks and used college credit card accounts for her own benefit and was also fraudulently reimbursed by the college with phony invoices.
Examples of Fraud and Noncompliance (Cont.) • Duke University • Late 2010; Dr. Anil Potti resigned from his job at Duke University amid questions of research fraud. It was discovered that Potti exaggerated his credentials, claiming incorrectly that he was a Rhodes scholar, a discovery that led to the American Cancer Society suspending hundreds of thousands of grant dollars that were to be used for Potti’s work. Since then, nine of Potti’s papers on individualized treatments for cancer have been retracted.
Examples of Fraud and Noncompliance (Cont.) • Penn State UniversityProfessor Craig Grimes has been accused of defrauding the National Institutes of Health and Advanced Research Projects Agency of federal grant monies, to the tune of $3 million. Grimes requested grants to study the measurement of gases in a patient’s blood, but the money was not spent for this research. Instead, clinical trials were never performed, and the grant funds were misappropriated, largely for the personal use of Grimes. Grimes has been charged with making false statements, money laundering, and fraud. He faces up to 35 years in prison and a fine of $750,000.
Key Construction Activities The Impact of Fraud
The Impact of Fraud • Fraud can have a devastating impact for a university or research organization. Though fraud is perpetrated against an organization and typically thought of as an internal concern, there are many consequences of fraud to consider: • Monetary damages • Organizations are estimated to lose up to five percent of revenue to employee fraud. • The ACFE estimates the average loss amounts to universities at a median loss of $36,000.1 1 The Association of Certified Fraud Examiners (ACFE), 2012 Report to the Nation on Occupational Fraud and Abuse
The Impact of Fraud (Cont.) • Reputational damages • A University of Washington study 1 found that monetary loss due to damaged reputations was much greater - more than 7.5 times the sum of regulatory system penalties. • When news of fraudulent activities becomes public, the impact on an organizations’ value is just the start of reputation damage. Ultimately, the long-term impact of lower revenue and higher contracting and financing costs contributes to a larger total loss over a period of months and years. • Impact on licensing potential for university discoveries • Discoveries based on falsified, or fraudulent date could hinder the ability to patent, or license • A patented product or drug based on fraudulent data or studies could potentially put a university at risk for suit should adverse events occur. • 1 The Cost to Firms of Cooking the Books (with D. Scott Lee and Gerald S. Martin), Journal of Financial and Quantitative Analysis, 43 (September 2008), 581-612.
Key Construction Activities Detecting, Investigating, and Monitoring Fraud
Detecting, Investigating, and Monitoring Fraud • Fraud is discovered in a variety of ways, but the ACFE’s 2012 Report to the Nation on Occupational Fraud and Abuse found that fraud detection occurs most often through tips or whistleblowers, with employees providing the majority of tips.
Detecting, Investigating, and Monitoring Fraud (Cont.) • After potential fraud or noncompliance is suspected or detected, it is important to notify relevant parties, including: • Key management personnel • Legal counsel • Internal Audit • Compliance function (if applicable) • Notification should also include a discussion of the roles and responsibilities of each party, and any necessary shift in the prioritization of workflow. Once the preliminary discussion is completed, the parties should work together to take preliminary steps to determine if an investigation is warranted. Investigations take time, cost money, and often detract the participants from their normal business activities.
Detecting, Investigating, and Monitoring Fraud (Cont.) • Is an investigation warranted? • There are several procedures to determine if an investigation is necessary: • Identify employee(s) to conduct the evaluation (e.g., compliance officer, internal audit, key management) • Evaluate tips • Perform non-invasive investigative procedures • If leads and tips have been substantiated, initiate internal investigations • When it is determined that an investigation is needed, it is important to have a realistic understanding of the scope and timeframe needed to complete.
Detecting, Investigating, and Monitoring Fraud (Cont.) • When performing a fraud investigation: • Proceed quickly: Prematurely tipping off an employee may result in losing opportunities to obtain valuable information that can be used to substantiate the fraud. • Proceed cautiously: Making false allegations or a wrongful termination may backfire against an employer and cause damage worse than the fraud itself. • Gather the facts and safeguard the organization from continued fraud: Documentation substantiating your losses must be complete and thorough. • Develop your objectives: Will the organization be satisfied with a termination, or do they want full restitution and prosecution? • Obtain professional assistance: It is important understand employer rights concerning access to a suspected employee’s office and e-mail/voicemail communication. Professional assistance may be useful when interviewing suspected employees. The initial interview may be the last and best opportunity to obtain information before the suspected employee seeks counsel. • Identify appropriate personnel to coordinate the investigation: An investigation may quickly become overwhelming and disruptive to an organization. The fact finding phase may be quick to start and end but potential litigation is often prolonged and slow moving.
Detecting, Investigating, and Monitoring Fraud (Cont.) • Monitoring for Fraud • Monitoring starts at the hiring stage. Appropriate hiring policies and procedures (thorough interviews, reference checks, and background checks) should be in place, as sound hiring practices serve to protect the organization and the individuals likely to perpetrate a fraud. • Implementing a code of conduct and having employees sign a fraud policy ensure that employees know what is expected of them, and provides protection should a problem arise in the future. It also sends a clear message to the employee that fraud of any kind is totally unacceptable. • Periodically perform background and record checks. This will capture questionable or illegal activities not available at the time of hire, or since the time of hire.
Detecting, Investigating, and Monitoring Fraud (Cont.) • Employees’ circumstances change, which may compel them to commit a fraud they otherwise would not have committed. As a result, organizations should have a policy that requires employees’ work and behavior be monitored on an ongoing basis. Work should be reviewed to see that appropriate procedures are being followed and that the individual’s manager is checking for both quality and propriety on a regular basis. • The financial records of the organization should be checked for changes on a regular basis. The monthly financial statements must be checked for unusual fluctuations. Changes of this type could be contribution income going down at a time of year when it should go up, or a noticeable and unexplained increase in office supplies or travel expenses. Major frauds may well be found by analyzing financial statement activity, but minor frauds will not.
Key Construction Activities Adopting Standards and Procedures for Fraud and Compliance Policy Creation, and Enforcement
Adopting Standards and Procedures for Fraud and Compliance Policy Creation, and Enforcement • Adopting standards and procedures for fraud is one measure an institution may take to safeguard itself from fraud. This may be achieved through the development of compliance policies. In developing a fraud policy, the following items should be considered for inclusion: • Policy purpose: what is the intent of the policy and what does it hope to achieve? • Policy: what is the institutional rule, what are the procedures to be followed should deficiencies be identified, and who does the policy apply to? • Laws or regulations: what are there federal, state, or local laws that may apply or help reinforce the policy? Are there fines and penalties for noncompliance? • Resources for employees: is there a compliance program or hotline an employee may use to report fraud? What is the policy on protection from retribution (i.e., whistleblower protection)?
Adopting Standards and Procedures for Fraud and Compliance Policy Creation, and Enforcement • Institutions also need to develop procedures for enforcing fraud and compliance policies. • Obtain buy-in from senior leadership that the institution has a zero-tolerance policy on fraud • Communicate the policy across the institution • Include fraud checks in investigations across all functions of the institution (e.g., purchasing card use, cash collection, academic dishonesty, research misconduct) • Be consistent in investigations (e.g., approaches, procedures, methods) • Be consistent in intuitional standards • Strive for equitable resolutions
Adopting Standards and Procedures for Fraud and Compliance Policy Creation, and Enforcement • The best deterrent to fraud is having a control environment that is communicated and supported by management. The perception of detection is the best deterrent to fraud. In order to have an appropriate environment in place, your institution should: • Communicate expectations – tone at the top. More importantly consider your actions • Assess your fraud risk – how would someone commit fraud here? • Train your employees on: • Internal controls • Fraud awareness • Ethics • Maintain an ethics and compliance program • Maintain an ethics/whistleblower hotline
Adopting Standards and Procedures for Fraud and Compliance Policy Creation, and Enforcement • Maintain a control environment – • Require expenses to be well-documented. This will decrease the opportunity for fraud in your organization. This means that expenses should include original receipts and a clear explanation of the business purpose for the expense. • Segregation of duties is important in many areas. There should be separate personnel completing tasks and performing reviews as described above. • Conflicts of interest should be evaluated. Researchers who hire, contract to, or receive money from related parties have an inherently greater opportunity to commit fraud by inappropriately dealing with those parties.
Questions & Comments Raina Rose Tagle, CPA, CIA CISA firstname.lastname@example.org (703) 923-8251 Adrienne Larmett email@example.com (703) 923-8134