Double-check and communicate to help contain fraud
Advice from an anti-fraud expert Fiscal Management recruited from the private sector
Originally Published in Statewise Fall 2010
by Joni Sager
The headline in the Austin American-Statesman earlier this year was jarring: “Safeguards failed charity whose ex-leader is charged with crimes — After $300,000 in losses shuts Family Connections, trail shows missed checkpoints, made-up numbers.”
According to the article, three state and local government agencies reviewed the non-profit’s finances six times in the last few years and gave it a clean bill of health.
How could this happen? How can it be prevented from happening at a state agency?
“I believe this fraud went on for so long because the director was the only person responsible for many of the important financial reporting functions of the organization,” says Financial Reporting Analyst Rami Legha, who has been with the Fiscal Management Division since 2008. Before joining the Comptroller’s office, she was an associate in the Fraud Investigations and Dispute Services group in the Houston office of Ernst and Young, LLP. A Certified Fraud Examiner (CFE) as well as a Certified Public Accountant, she holds Master of Professional Accounting and Bachelor of Business Administration degrees from the University of Texas at Austin.
Given the benefit of hindsight, Legha had these observations about the Family Connections case:
- It is advantageous to spend a few minutes to confirm information. A quick call to the external auditor could have corroborated whether the firm had actually performed an audit. The director now under indictment claimed education credentials on her resume that could have been discredited relatively easily.
- There should be a system of checks and balances. At least one other person should have been responsible for verifying the information the director presented to the board and external users of the financial statements.
- A large amount of trust was given to the director and her alone. Not often can an employee tell the board that meeting with the auditor is not necessary, and the board simply accepts that.
Legha has worked on a variety of fraud cases including stock options backdating, pharmaceutical fraud, contract fraud and financial institutions fraud (aggressive lending practices). “Becoming a CFE made me think,” she says. “What I mean by that is the CFE program trains you to be wary of situations such as variances or missing documents that initially you may be inclined to simply write off as a mistake or one-time event. I enjoy watching CSI and reading about interesting law cases in my free time. Researching fraud is sort of like being a financial investigator. That may not sound too cool, but I really enjoy it.”
Now her major responsibilities are providing support to agencies on their annual financial reports and helping compile the Texas Annual Comprehensive Financial Report.
“While in school, I thoroughly enjoyed the technical aspect of accounting,” Legha says. “Working here affords me the luxury of getting back to the debits and credits of accounting. Analyzing and understanding complex financial transactions are exactly what intrigued me about accounting in the first place.”
The move to state government accounting also brought her back to Austin, away from the “concrete city” that is Houston. She has great respect for the work state financial professionals do every day to combat fraud and knows protecting state dollars at an agency is a demanding job. “My experience can be applied to the public sector since agencies and companies have quite a bit in common,” she says. “At the end of the day, fraud is fraud.”
Here are her comments on fraud prevention and detection.
What controls are in place to ensure a fraud at a state agency won’t be the lead story on the news?
Controls such as segregation of duties, supervisor reviews, internal audits, reconciliations and data verification are just a few internal controls that could possibly prevent a significant fraud from happening at a state agency.
There are many controls in place to prevent fraud from occurring, but it is important to acknowledge that internal controls are in place to mitigate the risk of fraud. Regardless of how many effective internal controls are in place, it is nearly impossible to achieve 100 percent assurance that the internal controls in place will prevent 100 percent of the possible fraud. I think most people would be surprised at how intelligent and innovative fraudsters are, but this is exactly why fraud is so difficult to detect.
From my experience, most organizations have internal controls, such as segregation of duties, in place. The key is to have effective internal controls. Agencies may become lackadaisical in enforcing the internal controls, and that in turn renders the internal controls ineffective. It may be beneficial for agency management to take a moment to analyze if the internal controls are being properly monitored and enforced. A helpful tool might be the Association of Certified Fraud Examiners Fraud Prevention Check-Up.
How can agencies do a better job of segregation of duties?
With the current economic climate and limited resources, it can be difficult for agencies to effectively implement internal controls across all aspects of the agency. Generally speaking, internal controls can be categorized as preventive, detective and corrective.
The great thing about segregation of duties is it does double duty — acting as a preventive as well as a detective control. Talk about bang for your buck! The basic idea is to prevent a situation in which the same person who perpetrates the fraud is also in the position to conceal it.
If an agency finds itself in a situation where it cannot afford to properly enforce the segregation of duties control, one idea may be to have a supervisor conduct a review of a specific task based on a random sample. For example, the person who writes a check to a vendor should not be in the position to also sign/approve the check.
However, some smaller organizations may only have one person responsible for paying vendors. In this case, I would suggest the supervisor conduct periodical reviews of a random sample of checks and verify the validity and accuracy of the information.
What are your other top fraud prevention tips for agencies?
A simple but effective preventive control agencies can implement is communicating expectations regarding fraud. Advertise the agency’s fraud policy and/or checklist in addition to the training required by Governor’s Executive Order RP 36 (July 12, 2004). There are many examples of fraud policies online that can be altered to best suit the needs of an agency.
At team meetings, managers can remind employees that preventing and detecting fraud is everyone’s responsibility. In the fraud policy and in meetings, remind people of the fraud hotline. In addition to a specific hotline your agency may have, use the State Auditor’s Office Fraud Report Website and Hotline at (800) TX-AUDIT. The perception of detection can be enough to prevent some would-be-fraudsters from perpetrating a crime.
Don’t confuse or substitute professional skepticism and/or due diligence with trust. As much as you trust your co-workers, you should still approach situations with a certain level of professional skepticism and exercise due diligence. I am not suggesting agencies become skeptical about anything and everything, but I am suggesting you ask follow-up questions if something does not look right.
Managers and supervisors should be careful to not become rubber-stamp reviewers. When reviewing documents such as payment reimbursements, it can be easy to develop a habit of approving everything that comes by your desk; however, it is important to spend time reviewing the document for reasonableness as well as accuracy.
Given this fiscal climate, are there special things to watch out for?
The simple answer is yes; drastic times may call for drastic measures in some people’s minds. Criminologist Donald Cressey coined the concept of the fraud triangle. After analyzing numerous crimes, Cressey determined three characteristics present in almost all fraud cases:
- pressure (or motive),
- rationalization, and
- opportunity.
In other words, the person is under some sort of pressure, rationalizes the offense and then looks for an opportunity to exploit a weakness in the organization. Given the financial climate, many people are feeling a pinch financially. Throw in an unexpected expensive health care bill or the loss of a job, and the motive becomes very apparent.
With the budget cuts agencies have been directed to make, financial rewards such as a pay raise or a merit bonus may not be available to recognize employees’ contributions to the agency. When under pressure, fraudsters may rationalize their behavior by feeling entitled to some sort of financial reward for their hard work. When a fraudster is under pressure and has rationalized committing a fraud, exploiting an opportunity to commit the fraud is the next piece of the puzzle.
Agencies can keep an eye out for employees who are under extreme financial distress. This does not imply everyone under financial distress would commit fraud, but empirical evidence suggests financial distress may lead to fraud. Agencies may also consider recognizing employees using non-financial rewards, which may short-circuit the rationalization process. Agencies may be aware of weaknesses in their processes and procedures that could present an opportunity of exploitation. If so, agencies should monitor those weaknesses closely.