iftonlar 2014 Cl Fraud Risks in Higher Education AACS Annual Conference November 17, 2014 CLAconnect.com Diane C. DiFebbo, CPA, CFE Brenda Scherer, CPA
Learning Objectives Understand how fraud can occur Learn procedures you can implement to prevent fraud Learn how to detect fraud 2
Fraud Headlines in 2014 Fast Train Owner and Three Admissions Reps arrested for Theft of Student Aid Miami, FL October 2014 Mother and Daughter Plead Guilty in Student Aid Fraud Investigation Richmond, VA Sept 2014 Former Merrimack kcollege Director of Financial i Aid Charged with Fraud Boston, MA July 2014 Cousins Sentenced dfor Role in Student t Loan Fraud Scheme Madison, WI July 2014 3
Fraud Headlines in 2014 NYC Woman Pleads Guilty in Federal Court to Fraud in Connection with Federal Financial Aid to Attend Online State College June 2014 Record $8 Billion Tax Fraud Gets Ex Lawyer 15 Years June 2014 Former UGA registrar office employee charged with ih 42 counts of identity fraud and 19 counts of financial card fraud February 2014 Delta Air Lines employee from Minnesota accused of $22 million fraud July 2014 4
The Fraud Problem: How Big is Fraud? Globally, organizations lose an estimated 5% of annual revenues Applied to 2013 Gross World Product: $3.7 Trillion potential total fraud loss Source: Association ofcertified FraudExaminers 2014 Report tothe the Nation onoccupational Fraud & Abuse 5
The Cost of Fraud 6
The Cost of Complacency 7
Types offraud Occupational fraud Asset misappropriation Corruption Financial statement fraud Student financial aid fraud 8
Common Situations Is this Your Organization? But Judy is the only person handling cash. It s very efficient that way I sign every check so there can t be any fraud I only trust Joe with that task Suzie would never do that to me. John has access to change pay rates, but he never would 9
How Harmful Can Fraud Be? Loss of assets Cost of investigation is very high Ability to prosecute is very low Loss of integrity/reputation Once the media reports it, possible Loss of students vendors, or at least restrictions Loss of vendors, or atleast restrictions Loss of employees Loss of focus on operations 10
Why Fraud Occurs Incentive/ Pressure The Fraud Triangle Opportunity Rationalize/ Attitude 11
Fraud Quiz The most common type of fraud is: a. Fraudulent financial reporting b. Misappropriation of assets c. Corruption (conflict of interest) d. Petty theft e. Identity theft 12
Fraud Quiz The average amount of time from inception to detection of fraud schemes is: a. 1 5 months b. 6 11 months c. 12 26 months d. 26 35 months e. Greater than 5 years 13
Real Life Example #1 Executive Vice President of an entity in Arizona Lived a lavish lifestyle Created seven false vendors which he used to bill the entity for personal items Occurred over a seven year period Employee was writing a book on how to embezzle funds from your employer! Theft of $11 million 14
Real Life Example #2 Prisoner working in the education department of that Prison with access to personal information Applied for aid in an online program Excess aid was given to the accused through a Higher One card Finance office became suspicious and contacted the online learning center to verify extent of participation Theft Loss: $467,500 over a 10 month period 15
Real Life Example #3 Fraud ring involving 65 individuals ring leader former SFA department student worker Individuals recruited for personal info Checks go to recruits to avoid duplicate address who would give the Leaders a cut of the returned financial aid Part time employee noticed the same handwriting on several applications Total Loss: $539,000 over a 15 month period 16
Real Life Example #4 Grandmother, children and grandchildren involved Family members enrolled and applied for aid at multiple online schools Financial Aid Director noticed a number of students using the same addresses and telephone numbers Theft Loss: Nearly $1 Million 17
Real Life Example #5 Employee was the secretary of a business Handled financial records including check writing Ability to transfer from the line of credit to the checking account to handle overdrafts Had access to business credit/debit cards Embezzlement was more than $200,000 000 over a three year period Other staff noticed funds weremissing from the business bank account Husband had lost job early on 18
Real Life Example #6 Representative of Bursar Office handled CPE and night classes Payment was required to be done by credit card Accounting reconciled credit card deposits to Bursar records (prepared by representative) Person was highly trusted Person was 45 Lived a very high h level llife style tl 19
Real Life Examples #6 (Continued) The student would pay for classes using their credit card The Bursar would take one of their personal credit cards and make a refund for the exact payment The student got a receipt and a payment showed on their credit card and the class records were manipulated by the Representative One credit card company caught the pattern Theft Loss: $125,000 over one year 20
21
What Can You Do Set the tone at the top Strengthen your internal controls Be aware of Red Flags and act on what you see Know what s going on in your organization Perform random testing or other unpredictable procedures 22
Creating an Ethical Organization Culture Setting the tone at the top Establishing a code of conduct Creating a positive workplace environment Hiring and promoting ethical employees Providing ethics training Disciplining and prosecuting violators 23
Internal Testing / Identification YouCan Do Duplicate student social security numbers Duplicate student addresses Duplicate student last names Identical student coursework Increase in student withdrawals Withdrawals with similar names, addresses, zip codes 24
Fraud Controls Cost / Benefit In general, as control and security increases: occurrence decreases 25
Fraud Quiz Which measures are the most helpful in preventing fraud: a. Ethics training for employees b. Fraud audits c. Strong internal controls d. Background checks on new employees e. Willingness to prosecute 26
Fraud Quiz The age group that is most likely to commit fraud is: a. Less than 30 years old b. 30 36 years old c. 36 45 years old d. 45 60 years old e. greater than 60 years old 27
Fraud Quiz The education level of people who commit fraud is more likely to be those with: a. Post graduate degree b. Bachelors degree c. High school education d. Less than high school education e. Education level does not appear to be relevant 28
Fraud Quiz Frauds are generally detected by: a. Internal audit b. Tip from a vendor c. External audit d. Tip from a customer e. Tip from an employee 29
Other Fraud Stats 42% Employees 1 5 Years 66.8% Male 5.9% Education 30
Recovery oflosses 58% Of cases reported have no recovery 31
Questions 32
ftonlar 2014 Clif Diane C. DiFebbo, CPA, CFE Principal 407 244 9309 Diane.DiFebbo@claconnect.com Brenda Scherer, CPA Manager 612 376 4626 Brenda.Scherer@claconnect.com CLAconnect.com twitter.com/ CLAconnect facebook.com/ cliftonlarsonallen linkedin.com/company/ cliftonlarsonallen 33
Addendum 34
Fraud Awareness Types of Controls Automated Controls controls that automatically occur. Examples: Computer passwords are implemented to automatically control access to the systems. Manual Controls controls that must be manually completed. Examples: Account reconciliations must be manually completed using the account statement and the general ledger history. 35
Fraud Controls Prevention Preventative Controls designed to prevent fraud before it has occurred. Examples: Multiple people or lock boxes for checks Timely account balancing and reconciling and reviewing Passwords and physical safeguards Authorization and limits Segregation of duties 36
Fraud Controls Detection Detective Controls designed to detect fraud after it has occurred. Examples: Exception reports Systems maintenance reports Documentation reviews Internal Audit/Periodic Sampling 37
Key Control Questions The following are questions that every organization should ask themselves when evaluating key internal control areas: 38
Accounts Payable and Disbursements Does your organization use purchase orders? Who creates new vendors? Does someone else approve new vendors? Can the same person create a vendor and enter an invoice for payment? Can the same person enter an invoice and cut a check? Do checks print without a signature on them? Who signs the checks? Is the check stock blank? Is it kept secured? 39
Payroll Are timesheets processed prior to being approved? Can those processing payroll change pay rates? If the reviewer changes pay rate or hours after review, would it be caught? Can those in accounting access the payroll system? 40
Cash Receipts Who receives cash in your organization? Are two employees present when counting cash? Does your organization use duplicate receipts and/or a cash control ll log? Does the person receiving cash have access to record receipts in the I/T system? Does someone outside of the accounting department receive bank statements? Who prepares the bank deposit? How often? 41
How to Identify Embezzlement in Your Employees Significant lifestyle changes Living beyond their means Rarely takes vacation Reluctant to provide information to management Tireless worker, seems indispensable Co workers are intimidated by them Typically, a repeat offender 42
Signs thatembezzlement is Occurring Increasing Accounts Payable or Receivable Expenses unusually high h or large increases Unexplained adjustments to G/L accounts Decreasing collection rates Increased adjustments on bank reconciliation Discrepancies between bank deposits and posting No cash in deposits Unusual payroll increases 43
Fraud Prevention Checklist 1. Is ongoing anti fraud training provided to all employees? 2. Is an effective fraud reporting mechanism in place? 3. Does management make it clear that t fraud will not be tolerated? 4. Are fraud risk assessments performed to identify and mitigate vulnerabilities to fraud? 5. Are strong anti fraud controls in place and operating effectively? 44
Fraud Prevention Checklist (Continued) 6. Can the internal audit department operate without undue influence fromsenior management? 7. Does the hiring process include background checks, drug screening, etc.? 8. Are employee support programs in place? 9. Does the culture promote an open door policy, where employees can speak freely about pressures? 10. Are surveys done to assess employee morale? 45
The OIG Report What they found Variations of the following: Ringleader solicits identifying informationfrom from individuals (often by promising a small portion of the financial aid proceeds and/or from incarcerated individuals). Ring leader completes and submits multiple financial aid applications (usually on line using the Department s FAFSA on the Web application) using the identifiers collected. Ring leader targets institutions with low tuition (i.e. public community colleges) or institutions that offer distance education programs 46
The OIG Report What they found Variations of the following: Ring leader applies for admission i and completes lt registration it ti process at open admissions schools where academic transcripts and test scores are not required Ring leader participates in just enough online instruction to qualify for a disbursement of financial aid for the term or other payment period Schools release financial aid credit balance, after deducting minimal institutional charges Ring leader distributes proceeds to some of the individuals who provided their identifiers Ring leader pockets most of the proceeds 47
The OIG Report What they found As of August 1, 2011, OIG had 100 open fraud ring investigations with 49 additional being evaluated for investigative merits Since 2005, OIG has assisted in the prosecution of 215 participants in 42 different fraud rings resulting in criminal convictions and $7.5 million in fines and restitution 48
The OIG Recommendations Type of Action Recommendation Legis lative Reduce cost of attendance for those enrolled via distance Regulat tory Require institutions to verify identity of those enrolled via distance learning Require institutions to retain IP addresses for those engaged in distance learning courses 49
The OIG Recommendations Type of Action Recommendation Admin nistrative Designate high school graduation status & statement of educational purpose for verification Develop edits to flag potential fraud participants in the Department s Central Processing System and National Student Loan Data System Explore a computer matching agreement with the Federal Bureau of Prisons and State prison systems Establish controls that prevent multiple PINs from being delivered to a single email address without verification of identity Using current regulatory authority, establish repayment liabilities for fraud ring participants that are not prosecuted Ensure that pre trial diversions are recognized as convictions for purposes p of debarment or exclusion Issue Dear Colleague Letter that alerts institutions to the problem of fraud rings and reminds them of their obligations under existing regulations 50