“Fraud and falsehood only dread examination. Truth invites ...

9/10/2010

Using Continuous
Monitoring Tools as Part

of a Fraud Detection
Program

“Fraud and falsehood only dread examination.
Truth invites it.” - Thomas Cooper

Overview

The Problem
Fraud Program Overview
Integrity Checks
Results
Next Steps and Future Vision

The Problem Fraud Program Overview Integrity Checks Results Next Steps

1

9/10/2010

Fraud

The Problem Fraud Program Overview Integrity Checks Results Next Steps

Fraud Statistics 2008 - 2009

- Median loss $160,000
- 25% of nearly 2,000 cases involved a loss of $1 million or more
- Median time before discovery: 18 months
- 80% of fraud perpetrators have no previous fraud convictions
- Internal Audit detected 14% of corporate fraud

Source: Association of Certified Fraud Examiners 2010 “Report to the
Nation on Occupational Fraud and Abuse”

The Problem Fraud Program Overview Integrity Checks Results Next Steps

2

9/10/2010

Impetus For Emory’s Fraud Program

- Over $2 million stolen
- 6 former employees serving jail time (6 months to 7 years)
- Termination of numerous employees
- Significant internal resources diverted to investigations

Top 10 Recent Frauds

1. In town lunches 6. Ghost Employees

2. Personal Travel 7. Set up relative as vendor

3. Conflict of Interest/ 8. SSN Theft
Payments to Not For Profit
9. IPod Lady
4. Oxygen tank sales
10. Former Employee
5. Bonus payments Transactions

The Problem Fraud Program Overview Integrity Checks Results Next Steps

3

9/10/2010

Contributing Factors

Control Weaknesses:
– Authorization and Approval
– Segregation of Duties
– Monitoring

The Problem Fraud Program Overview Integrity Checks Results Next Steps

Emory Fraud Awareness, Prevention and Detection Program

September 1, 2009 to October 1, 2009 to December 1, 2009 to March 1, 2010 to
October 31, 2009 January 31, 2009 August 31, 2010 August 31, 2010

Phase I Phase II Phase III Phase IV
Fraud Awareness Fraud Detection School and Transaction
Business Unit Audit Monitoring
and Detection Data Analysis
Planning

9Develop objective, scope, and 9Design test scripts. ‰Validate exceptions (along ‰Evaluate the population of
approach for program. with supporting test scripts used to support
9Obtain EU and EHC data documentation) at each audits.
9Perform preliminary fraud from FY 2009 and 2010 for School/business unit.
risk (scenarios) assessment. each transaction type. ‰Work with EU and EHC
‰Perform additional management to
9Review and finalize fraud risk 9Run test scripts against investigative review as recommend selected scripts
(scenarios) assessment. data. required. * May require for implementation within
additional resources. their continuous
9Announce fraud program to 9Review results monitoring efforts.
Schools and selected business (exceptions). ‰Identify internal control
units within review scope. enhancements and ‰Develop the monitoring
9Select sample for follow- recommend improvements. test scripts for PeopleSoft.
9Meet with Emory leadership up with respective School
to discuss fraud awareness and or business unit. ‰Report the results to Next Steps
and prevention. Emory leadership.

9Identify, select, and engage
vendor.

The Problem Fraud Program Overview Integrity Checks Results

4

9/10/2010

Continuous Monitoring Tools Considered

Enterprise system reporting
ACL
Continuous Monitoring Tools

ACL Audit Exchange
Oversight
Approva

The Problem Fraud Program Overview Integrity Checks Results Next Steps

We are leveraging a production-ready
Continuous Controls Monitoring Platform

Systems Knowledge Maintenance
of Interface

Record Extract Common Risk and Workflow
& Mapping Data Performance & Platform
Configuration
Rules Models Checks

Extract, Data Reasoning Workflow
Map & Locker & Analytics Engine
Load
Engine Platform
Data & Logs
The Platform

Visual
Reporting /

User
Interface

The Problem Fraud Program Overview Integrity Checks Results Next Steps

5

9/10/2010

Areas of Focus

Transaction Types Scenario’s
P‐Card  • Inappropriate purchases 
  • Split transaction  
Procurement & Payment
  • Fictitious vendors 
• Duplicate invoices 
Travel  • Split transactions 
Payroll & Employee Benefits • Direct charge vendors (travel agency, Emory 

  Conference Center, etc) 
• Patient refunds 

 
• Submission of personal travel expenses 
• Duplicate submission of expenses 

 
• Supplemental Pay 
• Ghost Employee 
• Falsified hours/salary 
• Ineligible dependents 
• Failure to report PTO 

The Problem Fraud Program Overview Integrity Checks Results Next Steps

Visual Risk IQ brought
a defined, iterative process**

Brainstorm

Refine and Acquire and
Sustain Map Data

Analyze Write
and Report Queries

**© Visual Risk IQ, all rights reserved

The Problem Fraud Program Overview Integrity Checks Results Next Steps

6

9/10/2010

Results

The Problem Fraud Program Overview Integrity Checks Results Next Steps

P-Card Issues

ƒ Control design deficiencies ƒTransactions
¾ Changes to purchase limits ¾ Splits
¾ Segregation of duties ¾ Failure to use POs
¾ Improper supervisor reviewing ¾ Gift card purchases
transactions ¾ Potential Fraud
¾ Rogue Websites
ƒ Automated System Controls
¾ Level 3 data overwriting ƒWeekend/Holiday Transactions
¾ Card closure date not captured ¾ Near home
¾ Limited MCC restrictions ¾ Non-Exempt employees
¾ Approvals not used

The Problem Fraud Program Overview Integrity Checks Results Next Steps

7

9/10/2010

Primary Vendors: Sept 1, 2008 – Jan 31, 2010

•Phone/Wireless
•On-line retail (amazon, paypal)
•Food (grocery, pizza, etc)
•Airline
•Retail (wal-mart, target, home depo, etc)

The Problem Fraud Program Overview Integrity Checks Results Next Steps

P-Card Results

Employee Visits to Retail Establishments

5000
4500
4000
3500
3000
2500
2000
1500
1000

500
0

5965 - Retail 5311 - Dept 5947 - Gift 5300 - Wrhse 5942- Book 5310 - Disc 5200 - Home 5411 -
Str Str Str Club Str Str Suppy Grocery

Store

On average, 21 employees purchase items from retail
establishments each day

The Problem Fraud Program Overview Integrity Checks Results Next Steps

8

9/10/2010

P2P Issues

ƒ Duplicate Vendors
ƒ Duplicate Invoices
ƒ Employee as Vendor
ƒ EPLS
ƒ Remit Name/Address Different than Vendor Master
ƒ Sign-on Bonus

The Problem Fraud Program Overview Integrity Checks Results Next Steps

Success Factors/Lessons Learned

Incremental approach/time to complete
Importance of understanding the data and the business process
Data privacy/security concerns
Partner expertise
Reduce false positives
Management support and involvement

The Problem Fraud Program Overview Integrity Checks Results Next Steps

9

9/10/2010

Fraud Program Status

Milestone P‐Card P2P Project Phase Travel Payroll
Patient Refund
SOW Signed 9 9 9 9
Define Tests to be performed/  9 9 9 9 9
Brainstorming Meeting 9
9 9
Acquire Data  9 9 99
Review Exception Reports – Pass 1 9 9 9
Review Exception Reports ‐ Pass 2 9 9 9
Audit Final Review of Exception  9 9 9
Reports 9
Select Sample Transactions 9
Testing Completed
Draft Report

The Problem Fraud Program Overview Integrity Checks Results Next Steps

Future Vision

‰ Development of “audit data warehouse”
‰ Identify routines to be run and frequency
‰ Establish process with management
‰ Development of new integrity checks (new risks)
‰ Need for Data Analyst/Continuous Monitoring Specialist

The Problem Fraud Program Overview Integrity Checks Results Next Steps

10

9/10/2010

Questions

For more information – contact via email at: [email protected]

The Problem Fraud Program Overview Integrity Checks Results Next Steps

Appendix: P-Card Integrity Checks

ƒ Cardholder File Records ƒDuplicate Transactions
¾ Comparison to Employee Master ¾ Same merchant
¾ Unusual limits reference number
¾ Same amount
ƒ Transaction Limits
¾ Single purchase ƒUnusual Purchases
¾ Monthly limit ¾ Weekend/Holiday
¾ MCC
ƒ Split Transactions ¾ Terminated employee
¾ Single cardholder ¾ Leave of absence
¾ Department ¾ Declined transactions

The Problem Fraud Program Overview Integrity Checks Results Next Steps

11

9/10/2010

Appendix: Procure to Pay Integrity Checks

ƒ Vendor Master ƒVoucher/Invoice
¾ EPLS/OFAC ¾ Invoice line exceeds PO
¾ Duplicate ¾ Vendor credit timing
¾ Employee match ¾ Voucher to inactive vendor
¾ Missing information ¾Remit address override

ƒ Purchase Order ƒUnusual Purchases
¾ PO to Inactive vendor ¾ Single employee vendors
¾ PO not completely invoiced ¾Weekend/Holiday
¾ MCC

ƒ Split/Duplicate Transactions

ƒ Patient Refunds
¾ Employee address
¾ Multiple payments

The Problem Fraud Program Overview Integrity Checks Results Next Steps

Appendix: Travel Integrity Checks

ƒ Duplicate transactions ƒTrips by non-active employees
¾ Travel card ƒChange fees
¾ P-card
¾ Expense reimbursement
¾ Direct bill

ƒ Unusual trips
¾ Atlanta not destination or origination
¾ PO not completely invoiced
¾ Flight class
¾ Trips longer than 5 days (and over weekend or holiday)

The Problem Fraud Program Overview Integrity Checks Results Next Steps

12

9/10/2010

Appendix: Payroll Integrity Checks

ƒ Ghost employees/COI ƒKronos
¾ Missing employee master data ¾ Off site clock in/out
¾ Same address (as supervisor ¾ Clocks for LOA or term
or timekeeper) employees
¾ Same bank account # (as ¾ Timekeeper adjustments
supervisor or timekeeper)
¾ Invalid SSN ƒBenefits
¾ No deductions ¾ Unlikely dependents (age)
¾ Comparison W2 dependents
ƒ Unusual payment to Medical Plan dependents
¾ Supplemental payments
¾ Above pay range ƒFalsified Hours
¾ Excessive OT
¾ Shifts longer than 12 hours
¾ Inappropriate Shift diffs
¾ Immediate call back
¾ Limited vacation

The Problem Fraud Program Overview Integrity Checks Results Next Steps

Appendix: Payroll Integrity Checks

ƒ Ghost employees/COI ƒKronos
¾ Missing employee master data ¾ Off site clock in/out
¾ Same address (as supervisor ¾ Clocks for LOA or term
or timekeeper) employees
¾ Same bank account # (as ¾ Timekeeper adjustments
supervisor or timekeeper)
¾ Invalid SSN ƒBenefits
¾ No deductions ¾ Unlikely dependents (age)
¾ Comparison W2 dependents
ƒ Unusual payment to Medical Plan dependents
¾ Supplemental payments
¾ Above pay range ƒFalsified Hours
¾ Excessive OT
¾ Shifts longer than 12 hours
¾ Inappropriate Shift diffs
¾ Immediate call back
¾ Limited vacation

The Problem Fraud Program Overview Integrity Checks Results Next Steps

13