Office of the Utah Legislative Auditor General Fraud Prevention Utah Government Finance Officers Association Spring 2017 Conference
Utah Legislative Auditor General Constitutional Charge and Authority The legislative auditor shall have authority to conduct audits of any branch, department, agency, or political subdivision of this state and shall perform such other related duties as may be prescribed by the Legislature. Statutorily The Office of Legislative Auditor General may obtain access to all records, documents, and reports of any entity that receives public funds necessary to the scope of its duties. have authority to conduct audits of any branch, department, Sources: agency, or political subdivision of this state Utah Constitution Section 33 Article VI Utah Code 36-12-15 Slide 2
Authority and Independence Essential Slide 3
Utah Legislative Auditor General Mission Statement The mission of the Office of the Legislative Auditor General is to provide accurate, in-depth information, objective analysis, and useful recommendations that help legislators and other decision makers: Improve Program Effectiveness Reduce Taxpayer Costs Promote Government Accountability Slide 4
Types of Audits Conducted by Utah Legislative Auditor General Audit Types Economy or Efficiency Program or Effectiveness Financial Informational Compliance Allegation Audit Focus The degree to which resources have been efficiently used to generate output The extent to which the organization s mission, goals, and objectives are consistent with output Completeness and reliability of financial statements, soundness of financial controls The providing of specifically requested information. Evaluation of that information may or may not occur. Administrative adherence to constitutions, laws, and other requirements The extent to which specific allegations are true Slide 5
Our Business Model: Attributes of a Finding Condition What is happening? Criteria What should be happening? Cause What created the condition? Effect What is the impact of the condition? Recommendation What should be done? (corrective or preventative action) Slide 6
Criteria & Effect Relationship Weakest Effect Weakest Criteria Laws or Mission Statements Industry or Professional Standards Historical Data or Goals & Objectives Expert Opinion Prudent Business Practices Auditor Opinion Strongest Effect No Significant Impact Implied Savings Small Dollar Impact Improved Services Large Dollar Impact Loss of Life or Public Danger Slide 7
ACFE s Occupational Fraud and Abuse 2016 Global Fraud Study Study looked at 2,127 cases worldwide, with 1,038 being from the United States. The total loss caused by the cases exceeded $6.3 Billion, with an average loss per case of $2.7 Million. Typical organizations lose 5% of revenues in a given year as a result of fraud. Slide 8
ACFE s Occupational Fraud and Abuse 2016 Global Fraud Study Of the cases involving government, the federal level reported the highest median loss ($194,000), compared to state ($100,000) and local ($80,000). The median loss suffered by small organizations (those with fewer than 100 employees) was the same as that incurred by the largest organizations (those with more than 10,000 employees). Slide 9
ACFE s Occupational Fraud and Abuse 2016 Global Fraud Study Organizations of different sizes tend to have different fraud risks. Corruption was more prevalent in larger organizations, while check tampering, skimming, payroll, and cash larceny schemes were twice as common in small organizations as in larger organizations. Slide 10
Fraud Exists What Can We Do To Make It More Difficult I think organizations have to tailor their compliance programs and their investigative mechanisms to their organizations. There s no One-Size-Fits-All compliance program. --- Leslie R. Caldwell, Assistant Attorney General, U.S. Department of Justice s Criminal Division--- Slide 11
The FIRE Triangle Slide 12
The FRAUD Triangle Slide 13
Fire to Fraud Comparison Slide 14
Fraud Triangle - Incentive Incentive or Pressure: This is often what causes a person to commit fraud. This includes medical bills, expensive tastes, addiction problems, significant financial needs, etc. Often this need/problem is nondiscloseable in the eyes of the fraudster. That is, the person believes, for whatever reason, that their problem must be solved in secret. Incentives to commit fraud can range from dire circumstances, greed, laziness, etc. Utah Medicaid. Slide 15
Fraud Triangle - Incentive Slide 16
Fraud Triangle Incentive: Utah Medicaid Audit found complete lack of oversight and control with fraud, waste, and abuse likely. Estimate: $20 million MORE could be recovered in Utah Medicaid with proper controls in place. Slide 17
Fraud Triangle Incentive: Utah Medicaid Director of Health s Response.. The recommendations we will look at careful and we will implement them whenever we can.... I do not think for a minute that if we recover every inappropriately covered Medicaid service, we would find anything close to $20 million in Utah.... the Utah medical community has a higher ethical standard... I don t think there is as much of it there as has been implied. Slide 18
Fraud Triangle Incentive: Utah Medicaid Office of the Utah Inspector General created as a result of the audit.. Slide 19
Fraud Triangle - Incentive Slide 20
Fraud Triangle - Rationalization Rationalization: It occurs when the individual develops a justification for their fraudulent activities. The rationalization varies by case and individual. Some examples include: I really need this money and I will pay it back Other people are doing it The company owes me People can find a way to rationalize almost anything URS Insider Trading Slide 21
Fraud Triangle Rationalization A Few Good Men Slide 22
Fraud Triangle - Rationalization Slide 23
Fraud Triangle Rationalization: Utah Retirement Systems Asked to conduct an audit of the investment practices of the Utah Retirement Systems (URS). Found asset misclassifications and Chief Investment Officer (CIO) involved in an outside consulting business. Outside activity vaguely disclosed, but nobody questioned it. Slide 24
Fraud Triangle Rationalization: Utah Retirement Systems Turns out, CIO s partner was a URS Board Member, who happened to be an investment advisor for the LDS Church. Front-Running/Insider Trading was occurring. URS now has a full-time Compliance Officer. Slide 25
Fraud Triangle - Rationalization Slide 26
Fraud Triangle - Opportunity Opportunity: Opportunity is the ability to commit fraud. Because fraudsters don t wish to be caught, they must also believe that their activities will not be detected. Opportunity is created by weak internal controls, poor management oversight, and through abuse of power. Fraud cannot be eliminated, but it has to be recognized, and addressed so it can be greatly reduced DABC. Slide 27
Fraud Triangle - Opportunity Slide 28
Fraud Triangle Opportunity: Department of Alcoholic Beverage Control Audit request was for us to look at operations because they had not been audited since the early 1980s, but thought nothing wrong Slide 29
Fraud Triangle Opportunity: Department of Alcoholic Beverage Control Slide 30
Fraud Triangle Opportunity: Department of Alcoholic Beverage Control Selected highlights from first 2 DABC audits: DABC did not adequately consider alternatives to budget cuts & used made up numbers DABC Commission had habitually violated open meeting laws, organization had significant conflicts of interests, and lacked any sort of business planning Slide 31
Fraud Triangle Opportunity: Department of Alcoholic Beverage Control Slide 32
Fraud Triangle Opportunity: Department of Alcoholic Beverage Control Slide 33
Fraud Triangle Opportunity: Department of Alcoholic Beverage Control Selected highlights from remaining DABC audits: Poor management contributed to increased state losses and management tried to conceal the issues DABC had been incompetently managed DABC had been rigging bids and falsifying financial documentation and artificially splitting invoices in violation of state law Business done with DABC Directors son was illegal DABC management failed to ensure oversight of financial affairs Employees and vendors stealing and/or accepting illegal gifts. Other management practices were inappropriate and questionable Slide 34
Looking For Risk/Fraud May Be Difficult Sometimes Slide 35
Looking For Risk/Fraud May Be Difficult Sometimes Reduce fraud potential Look Around Your Organization Look for vulnerabilities/threats Can you follow the documentation Is there separation of duties Is there checks and balances Remember: I think organizations have to tailor their compliance programs and their investigative mechanisms to their organizations. There s no One-Size-Fits-All compliance program. --- Leslie R. Caldwell, Assistant Attorney General, U.S. Department of Justice s Criminal Division--- Slide 36
Tip: Look For Risk Risk: The possibility of an event occurring that will have an impact on the achievement of objectives and it is measured in terms of impact and likelihood FOR MORE INFORMATION Performance Auditing: A Measurement Approach Slide 37
Tip: Do Risk Assessments Risk Assessment: The determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat FOR MORE INFORMATION Performance Auditing: A Measurement Approach Slide 38
Tip: Your Risk Assessment Goal Risk Assessment Goal: To prioritize internal audit activities on the basis of the most significant risks. The risk assessment process entails a systematic review of the risks facing an organization. Slide 39
Tip: Fraud Detection Association of Certified Fraud Examiners Over 40% of all fraud cases were detected by a tip more than twice the rate of any other detection method *. ACFE, tips have been the most common means of detection in every study since 2002, when we began tracking the data. * Employees know where problems are must work with them to help improve * 2014 Report to the Nations. http://www.acfe.com/rttn/docs/2014-report-to-nations.pdf
Tip: Fraud Detection What they willingly contribute Their message Management Policies Criteria What they want you to believe is happening / intend to happen *Mid-level* Cause Documentation What is happening Staff Criteria Allegations What they think is happening
Tip: Where to Look - - Four Pitfalls *We examined 134 of our office s recommendations over a three-year period and found that over 80% of the recommendations could be attributed to one or more of the below four pitfalls. 1. Poor Oversight: Lack of governance and/or inadequate organizational structure 2. Policy and Procedure Failures: Lack of strategic planning 3. Inadequate Performance Standards and Measures: Not comparing to proper criteria 4. Weak Data: Lack of data collection or data collection systems and/or use of unreliable data
Office of the Utah Legislative Auditor General Brian J. Dean, CIA, CFE Audit Manager Utah State Capitol Complex 315 House Building Salt Lake City, Utah 84114 (801) 538-1033 Office Website: www.le.utah.gov/audit/olag.htm