FRAUD SCHEMES WITH RELATED INTERNAL CONTROLS South Carolina HFMA Finance & Reimbursement Forum November 13, 2012
2 Fraud Facts: Estimated loss of 5% of annual revenues to occupational fraud Financial statement fraud is the most costly. Estimated median loss of $1 million Median loss from all fraud types is $140,000 Tips are the number one source for fraud detection ACFE research shows consistently that fraud schemes fall within 3 categories: Asset Misappropriation Corruption Financial Statement Fraud
3 Discovery of Fraud Must Do s Brainstorm about the issue Be aware of opportunities to those who may be tempted Respond to known weaknesses in Internal Control Be careful not to explain away instances of possible fraud as Isolated Instances Remember that people inside the control environment will override controls Pay attention to 3 rd party transactions
2012 ACFE chart 4 Detection of Fraud Schemes Initial Detection of Occupational Frauds
5 Behavioral Patterns Majority of perpetrators fall into the following categories: Accounting Operations Management Business Office Purchasing
6 Perpetrators Position of Perpetrator Frequency
7 Perpetrators Position of Perpetrator Median Loss
8 Perpetrators Age of Perpetrator Frequency
9 Perpetrators Perpetrator s Criminal Background
10 Perpetrators Behavioral Red Flags of Perpetrators Based on Position
11 Healthcare Specifics The cost of healthcare in the United States represents an enormous expenditure by: Individuals Businesses Insurance Companies Government The cost estimate is approximately $2 trillion dollars, annually As a result, Healthcare is an attractive market for fraud and abuse
12 Common Fraud Schemes in Healthcare Misrepresenting Services / Billing for Unnecessary Services Up coding Durable Medical Equipment Abuse Unlicensed Providers Kickbacks for Referrals Doctor shopping / Prescription Fraud Duplicate Billing Waiving Co-Pay / Deductible
13 Victim Organizations Scheme Type by Size of Victim Organization
14 Revenue Cycle Detection and Controls Within the revenue cycle, concern should be given to the following areas where fraud frequently occurs: Lapping Particularly within Nursing homes and Offsite entities False Credits, discounts, and write-offs Collection Agency Schemes Over / Understated Allowances
15 Revenue Cycle - Detection and Controls Lapping False credits / write-offs Symptoms Patient complaints Unexplained aging of receivables Individuals not taking vacations Lifestyle changes Detection Symptoms Patient complaints Unexplained or unusual credits, discounts, or write-offs Discrepancies in receivable confirmations Lifestyle changes Detection Confirmation Review of journal entries Review of reconciling items Review of AR detail Tracing of deposits Confirmation Review of journal entries Review of AR detail Review of Allowances Inspect credit memos
16 Revenue Cycle Detection and Controls Collection Agency Schemes Real Example: Symptoms: Hospital CFO created a fictitious collection agency with commissions paid to the agency and collected by the CFO. Unusual proportion of write-offs Unusual low collection rate Patient complaints Unexplained variances in confirmations This example includes both revenue cycle and disbursement cycle fraud. Detection: Confirmation Change collection agencies
17 Revenue Cycle Detection and Controls AR and Allowances Symptoms: Low reserves for significant payers Increased aging with no increased reserves Changes in case mix with no adjustment to reserves Unusual relationship with respect to reserves and payer mix Detection: Verify patient subsidiary ledgers agree to general ledger control accounts Compare analytical relationships of patient AR accounts to related allowance accounts Verify a plan is in place and documented to review insurance contracts Verify a reasonable allowance methodology is in place that considers changes in payment percentages and payer mix
18 Cash Detection and Controls Symptoms Repeat variances on bank reconciliations Lack of Segregation of Duties Receipts in cash decrease while credit card and check receipts remain constant Differences between daily receipts and bank deposits Detection Independent review of bank reconciliations, including variance and reconciling items Comparison of bank deposits with receipt records Verify and inspect wire transfers Perform surprise audits on petty cash and nursing home funds
19 Purchasing / Payables Detection and Controls Symptoms Increase in payables to favored vendors Vendors with alternate addresses Lifestyle changes of potential suspects Unauthorized payments Copies of supporting documents instead of originals Unusual vendor names and Payees Poor safeguards on unused checks Detection Vouching and tracing Interviews Confirmations Review of Vendor lists Review of Personnel files Review of contracts and bid awards
20 Payroll and Employee Reimbursement Schemes Symptoms Unusual or unexpected variances in payroll expense or hours Checks to employees with minimal or no personnel file Employee complaints about improper withholdings Missing payroll checks Lifestyle changes IRS notices about failure to make timely deposits Variances in travel and entertainment costs Detection Social Security number review Review of payroll register Vouching and tracing Review of payroll checks Review of personnel files
21 Case Results Recovery of Victim Organization s Losses
22 Victim Organizations Interestingly, a poor tone at the top contributed to 9% of all the fraud cases reported to us, but was cited as the primary factor in 18% of cases that resulted in a loss of $1 million or more. This reinforces the importance of a proper ethical tone from management in protecting an organization against the largest frauds those cases that have the greatest potential to cripple the organization s finances and reputation.
Victim Organizations 2012 ACFE Chart 23 Primary Internal Control Weakness Observed by CFEs
Victim Organizations 2012 ACFE Chart 24 Frequency of Anti-Fraud Controls 8
Fraud Prevention Checklist 25 The most cost-effective way to limit fraud losses is to prevent fraud from occurring. This checklist is designed to help organizations test the effectiveness of their fraud prevention measures.
Fraud Prevention Checklist 26 1. Is ongoing anti-fraud training provided to all employees of the organization? Do employees understand what constitutes fraud? Have the costs of fraud to the company and everyone in it including lost profits, adverse publicity, job loss and decreased morale and productivity been made clear to employees? Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely? Has a policy of zero-tolerance for fraud been communicated to employees through words and actions?
Fraud Prevention Checklist 27 2. Is an effective fraud reporting mechanism in place? Have employees been taught how to communicate concerns about known or potential wrongdoing? Is there an anonymous reporting channel available to employees, such as a third-party hotline? Do employees trust that they can report suspicious activity anonymously and/or confidentially and without fear of reprisal? Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated? Do reporting policies and mechanisms extend to vendors, customers and other outside parties?
Fraud Prevention Checklist 28 3. To increase employees perception of detection, are the following proactive measures taken and publicized to employees? Is possible fraudulent conduct aggressively sought out, rather than dealt with passively? Does the organization send the message that it actively seeks out fraudulent conduct through fraud assessment questioning by auditors? Are surprise fraud audits performed in addition to regularly scheduled audits? Is continuous auditing software used to detect fraud and, if so, has the use of such software been made known throughout the organization?
Fraud Prevention Checklist 29 4. Is the management climate/tone at the top one of honesty and integrity? Are employees surveyed to determine the extent to which they believe management acts with honesty and integrity? Are performance goals realistic? Have fraud prevention goals been incorporated into the performance measures against which managers are evaluated and which are used to determine performancerelated compensation? Has the organization established, implemented and tested a process for oversight of fraud risks by the board of directors or others charged with governance (e.g., the audit committee)?
Fraud Prevention Checklist 30 5. Are fraud risk assessments performed to proactively identify and mitigate the company s vulnerabilities to internal and external fraud?
Fraud Prevention Checklist 31 6. Are strong anti-fraud controls in place and operating effectively, including the following? Proper separation of duties Use of authorizations Physical safeguards Job rotations Mandatory vacations
Fraud Prevention Checklist 32 7. Does the internal audit department, if one exists, have adequate resources and authority to operate effectively and without undue influence from senior management?
Fraud Prevention Checklist 33 8. Does the hiring policy include the following (where permitted by law)? Past employment verification Criminal and civil background checks Credit checks Drug screening Education verification References check
Fraud Prevention Checklist 34 9. Are employee support programs in place to assist employees struggling with addictions, mental / emotional health, family or financial problems? 10. Is an open-door policy in place that allows employees to speak freely about pressures, providing management the opportunity to alleviate such pressures before they become acute? 11. Are anonymous surveys conducted to assess employee morale?
FRAUD SCHEMES WITH RELATED INTERNAL CONTROLS South Carolina HFMA Finance & Reimbursement Forum November 13, 2012 Presented by: Jim Creamer, CPA CFE Contact: jcreamer@draffin-tucker.com or cell 229-343-4511