Back to School Issue: Fraud 101
For many of us, late August and early September means one thing: Back to School! In keeping with that theme, this newsletter, Fraud 101, is your intro survey course on fraud. We examine different types of occupational fraud that you might encounter here at UCSF, the risks associated with them and some easy controls and tips for us all to use to prevent, detect and deter them from occurring.
Fraud is “a knowing misrepresentation of the truth or concealment of a material fact to induce someone to act to their detriment” (ACFE). The “knowing” is what makes the action different from human error. It’s also what makes fraud frustrating to us all. How could someone knowingly target senior citizens, take COVID relief funds or misuse a position of trust at work? Experts call this the “trust-trap”. Fraudsters, including corrupt employees, are master manipulators of our trust. We don’t want to believe our co-worker is corrupt, so we simply trust their work or don’t pay close attention.
Echoing the sentiments expressed in the quotes, fraud not only erodes confidence in the manipulated process, but also strikes at the heart of a society, institution or business because it violates our trust. As a result, controls must be implemented to stop others from misusing their position of trust for future gain. This makes organizational culture all-the-more important and tone at all three levels of an organization matters!
If you or your department has questions about fraud, fraud prevention, internal controls, process improvements, or are interested in fraud awareness training opportunities, please contact [email protected]. To report fraud and wish to remain anonymous, please contact [email protected] or universityofcalifornia.edu/hotline.
- The Anatomy of Fraud
- Corruption on the Rise
- Conflicts of Interest: A Persistent Challenge
- Fraud in the Reimbursement for Travel & Entertainment (T&E)
- Bonus Content: Fraud in the News
The Anatomy of Fraud
Fraud occurs when financial pressure and rationalization collide with perceived opportunity. Occupational fraud, which involves employees defrauding their employers, poses a significant risk when individuals facing financial strain may justify fraudulent actions and believe they can avoid detection. Asset misappropriation is the most common type of occupational fraud, accounting for 89% of reported cases. Examples include theft of cash or inventory, tampering with payments, misuse of purchasing cards (P-cards), and exploiting reimbursement systems (like MyExpense) for personal gain.
Dissecting the Fraud:
Fraud investigators use the “Three Cs” framework to understand how fraud occurs:
- Commit: What method was used to commit the fraud?
- Convert: How were the employer’s assets turned into personal benefit?
- Conceal: How did the fraudster hide their actions?
Concealment is critical for fraudsters; whether the fraudulent activity occurs once or repeatedly, the crime must always be concealed. The most common concealment tactics include creating or altering physical and electronic records.
Recognizing Red Flags:
A “red flag” refers to a behavior or action that may indicate fraudulent activity; 84% of fraud cases involve at least one red flag. Common examples include:Unexplained wealth
- Unexplained wealth
- Financial difficulties
- A wheeler-dealer mentality
- Close relationships with vendors
- Addiction
- Refusal to take vacation, or delegate tasks or control issues. This stems from a fear of exposing their fraudulent activities by sharing records and processes.
Preventing Fraud Through Controls:
The most effective fraud prevention tool is the use of management oversight reports and monitoring controls and the perception that actions are being reviewed. Employees who know monitoring reports are scrutinized are less likely to commit fraud for fear of eventual detection. Managers play a critical role in this process, as their review of these reports serves as both a deterrent and a detection mechanism. Close review of the oversight reports can uncover fraudulent activities, and fraudsters often target managers they perceive as inattentive.
Another essential control is segregation of duties—ensuring that no single individual has responsibility for multiple roles within the same transaction. This reduces the likelihood of undetected fraud.
By understanding the anatomy of fraud and implementing these controls, we can reduce the risk of fraudulent activities and protect the integrity of our institution.
Corruption on the Rise
Internal corruption—misuse of one’s position at work—is a growing global issue, accounting for 48% of all fraud cases, according to the Association of Certified Fraud Examiners. While corruption rates are higher in the government sector, health and education sectors are not immune. In fact, corruption combined with billing fraud is on the rise in both sectors as employees find ways to exploit internal billing processes.
Strong Detective Controls Matter
Preventative controls alone cannot stop employees from engaging in corrupt behavior. This underscores the importance of implementing robust detective controls, which help identify schemes such as:
- Bribery
- Illegal gratuities
- Kickbacks
- Bid rigging/manipulation
- Invoice and change order abuse
- Conflicts of interest (especially critical, warranting a dedicated focus. See the next article for more information.)
The Role of Managers in Detecting Corruption
Managers are pivotal in identifying and addressing corruption. A significant number of cases are uncovered through tips from coworkers or through managers’ diligent review of supporting documents and financial transactions. Key insight: According to John Hall, an auditor and fraud investigator with over 40 years of experience, in 90% of the time fraud cases he studied, the controls in place would have worked to prevent it, but human behavior in the moment failed to enforce those controls.
We encourage managers to:
- Build strong relationships with their employees.
- Trust their teams but verify activities regularly.
- Actively listen to reports of suspicious behavior.
- Avoid simply signing reports or clicking the “approve” button. Understand what you’re signing, question the information and any discrepancies (or missing details) and resolve any doubts or concerns before signing and approving.
By fostering a culture of awareness and vigilance, managers can help reduce the risk of corruption. Trust their teams but verify activities regularly.
Conflicts of Interest: A Persistent Challenge
The most important rule to remember: Employees may not make or participate in any procurement decisions if a financial COI exists.
What is a Financial COI?
A financial COI occurs when there is an Employee-Supplier Relationship, which includes:
- An employee (individually or owning more than 10% of a business) seeks to lease, sell goods, or provide services to UCSF.
- A former employee seeks to lease, sell goods, or provide services to UCSF.
- A near relative of an employee (individually or owning more than 10% of a business) seeks to lease, sell goods, or provide services to UCSF, and the employee has any involvement in the procurement decision.
What Employees Must Do
If any of these conditions apply, the employee must remove themselves from all decision-making or positions of influence related to the procurement process. This includes:
- Initial decisions involved in the selection (or hiring) of the near relative or their business as a vendor or contractor.
- Administration of procurement terms, such as processing, reviewing, or approving invoices, purchase or change orders, payments etc., for a near relative or their business.
Who Is a Near Relative?
For procurement decisions, a near relative includes:
- Spouse, child, parent, sibling, son-in-law, daughter-in-law, father-in-law, mother-in-law, brother-in-law, sister-in-law, and step-relatives in similar relationships (by blood, adoption, marriage, or domestic partnership).
Note: The definition of a near relative may change for decisions involving employment or procurement using federal funds. Always verify the specific circumstances to apply the correct policy.
By identifying and addressing COIs early, we can protect the integrity of UCSF’s procurement processes and maintain compliance with UC policies.
Need Help?
If you have any questions COIs in supplier purchases and contracts, please see: https://supplychain.ucsf.edu/purchasing/procurement-policies-and-guidelines/conflict-interest
Fraud in the Reimbursement for Travel & Entertainment (T&E)
While individual cases of T&E fraud may seem minor, it is one of the most common forms of fraud and can add up to significant financial losses and reputational risks for institutions. Moreover, employees who rationalize fraudulent T&E claims are more likely to commit other types of fraud.
Here’s what delegates, reviewers, and managers should know.
Common Types of T&E Fraud
- Duplicate claims: Submitting the same expense in multiple reports.
- Fictitious purchases: Claiming reimbursement for expenses that never occurred.
- Personal expenses: Claiming items for personal use or expenses incurred by others.
- Improper Entertainment meal calculations: Inflating per-person costs by adding names of attendees who weren’t present or splitting the cost with another guest while counting all attendees in the calculation.
- Double reimbursement: Presenters at conferences receive reimbursements from both UCSF and the event sponsor.
- Trip extensions: Expenses claimed for days outside the approved business trip dates.
- Canceled events or returned items: Claiming reimbursement for canceled events (like airline flights) or items returned for credit.
- Improper mileage claims: Claiming mileage for trips shared with another employee or inflating distances by using incorrect locations.
Tips and Red Flags for Reviewers
To minimize risks, reviewers should remain vigilant and follow these best practices:
General T&E Claims
- Verify receipts against MyExpense data fields: Ensure that dates, expense types, amounts, vendors, and cities match between receipts and data entered in MyExpense.
- Check business purpose dates. Expenses should only be reimbursed for days when the travel status is supported by proper documentation (e.g., conference agendas, scheduled meetings, etc.). Compare claim or receipt receipt dates to the travel dates justified by the business purpose documentation. Expenses should only be incurred on days with a valid business justification.
- Supervisor approvals: Reviewers cannot approve reports submitted by or on behalf of a claimant to whom they report or who is above them in the reporting structure.
- Duplicate claim prevention: Claims for the same trip should be included in a single report. Reports with only airfare or lodging should include comments referencing related claims to prevent duplication.
- For flights paid with credit from a canceled flight, ensure that the original receipt from the canceled flight was not also used in a prior reimbursement.
Entertainment Claims
- Guest count verification: Compare the number of attendees listed in the report to the itemized restaurant receipt to ensure names were not added fraudulently.
- Receipt amounts: Ensure the credit card receipt matches the itemized bill. If costs are split between attendees, the per-person calculation should reflect the itemized bill total.
Missing Receipts: Be wary of missing receipts and contact the restaurant if necessary
Mileage Claims
- Correct distance calculation: Mileage is based on the shorter distance between the claimant’s office or residence and the final destination. Commuting distances cannot be included. Many claims incorrectly use the start/end location as the home address.
Multiple Business Purposes
- Claims for separate business purposes must be submitted in separate reports.
By staying alert to these red flags and following these guidelines, claimants, delegates, and reviewers can help mitigate the risk of T&E fraud and protect UCSF’s resources and reputation.
Fraud in the News
Case Study #1: Athletic Director at Florida A&M Indicted for personal expense scam:
The Athletic Director (AD) of Florida A&M turned herself in to authorities who previously announced her arrest as she faces a felony count each of grand theft and scheme to defraud, and four misdemeanor counts of false claims on travel vouchers. The AD is accused of using a university-issued credit card to make wire transfers and cash withdrawals totaling $24,000 at casinos while on “business trips” and also misrepresented the spending as business meals. Similar to reviewers paying close attention to receipts before approving T&E claims, this story also reminds managers of the importance of scrutinizing P-Card transactions.
Case Study #2: University of Iowa (UI) Health Care contractor stole $60,000 worth of inventory.
An UI contractor faces several charges for allegedly stealing and attempting to sell $60,000 worth of medical and construction equipment from the new UI Health Care campus facility. The man, 56, was booked and charged with Ongoing Criminal Conduct, Theft, and several other charges. According to court documents, he used his job as a contractor to access and take medical and construction equipment over a several month period while the hospital was being built. He advertised the stolen equipment as "new" on websites like eBay and Facebook Marketplace and would sell the items at a discounted rate. Departments should be reminded about the importance of having robust inventory controls to track and monitor what they order and consume as well as actively monitoring their property.
Case Study #3: Office manager of Dartmouth College’s student newspaper sentenced to prison after stealing over $223K.
The former office manager of Dartmouth College’s student newspaper was sentenced to 15 months for stealing over $223,000. Prosecutors said the fraudster had full access to all bank, PayPal and Venmo accounts as well as the office debit card. She stole money and made unauthorized transfers from office accounts to personal accounts under her control over four years. This story illustrates the importance of segregation of duties and that one person cannot have control of multiple parts of a financial transaction. Small departments can collaborate with each other to separate responsibilities in financial transactions to maintain some control when resources are limited. This also shows us the importance of having periodic managerial reports that are actively reviewed.
Case Study #4: Auditors found $2M in funds misused by charter school CEO.
A recent audit uncovered evidence that the CEO of the charter school in Louisiana misused $2 million in public funds for personal expenses. The audit report noted that she diverted more than $1.5 million in school funds to accounts she controlled. The remaining $500K was sent to a third party or used to purchase personal items. Credit card records showed she used the school’s P-Card to purchase trips to Egypt and Disneyland Paris, a Land Rover, Tesla and Louis Vuitton bags. This case repeats the importance of making sure departments have control reports for P-Cards, Corporate travel cards and other internal financial transactions and that they are actively reviewed. This also shows that people in leadership positions may misuse their position of trust to take advantage of employees who are afraid to question them. Controls need to be put in place to make sure that even the spending habits of high-ranking administrators are actively reviewed by someone who occupies a similar position of authority.