The Importance of a Fraud &

Misconduct Strategy

NYSICA
March 25, 2004
Presented by:
Christopher J. Rosetti, Partner
BST Advisors, LLC
Forensic Accounting and Investigative Services
 AGENDA:
 Introduction
 Tone at the Top
 Code of Conduct
 Effective Fraud and Misconduct
Strategy
 Best Practices
 Grant Administration

BST Advisors, LLC

2
 Unknown:

 “Confidence and trust are like a

mortal’s need for air. When the
required good is present, it’s never
noticed. When it’s missing, it’s all that’s
noticed”

BST Advisors, LLC

3
 Public Misconduct

XYZ Agency Fails to Curb Fraud

BST Advisors, LLC

4
Audit Risks for the
Public Sector
 The Principal Types
of Fraud

 Bribery
 Conflicts of Interest
 Theft of Money or Property
 Breach of Fiduciary Duty

BST Advisors, LLC

6
 Bribery

Giving or receiving a thing of value to

influence a business decision without the
consent or knowledge of the principal.

BST Advisors, LLC

7
 Conflicts of Interest

An agent taking an interest in a

transaction that is actually or potentially
adverse to the principal without full and
timely disclosure to the principal

BST Advisors, LLC

8
 Theft of Money or Property
 Embezzlement
The defendant took or converted, without the
knowledge or consent of the organization, money
or property of another that was properly entrusted
to the defendant.
 Larceny
Taking and carrying away money or property of
another, without the consent of the owner, with
the intent to permanently deprive the owner of its
use or possession.

BST Advisors, LLC

9
 Breach of Fiduciary Duty
 The principal fiduciary duties are loyalty and care.
 Duty of Loyalty requires that the employee act
solely in the best interest of the employer, free of
any self dealing, conflicts of interest, or other abuse
for personal advantage.
 Duty of Care requires that persons in a fiduciary
relationship must conduct business affairs
prudently with the skill and attention normally
exercised by a person in similar positions.

BST Advisors, LLC

10
 Many technological advances reduce the
audit trail and facilitate perpetration of
sophisticated computer crimes which
siphon funds to fictitious or unauthorized
accounts.
 Internal Control Facts
 Internal control starts with a strong control
environment:
• Management has the proper attitude and
operating style
• Management is the owner of internal control
• Internal controls are built into the business
process

Adapted from the 12/03 issue of Financial & Audit Solutions

BST Advisors, LLC

12
 Tone at the Top
 Is there an ethics/compliance program in place?
 Has it been designed to satisfy leading
governmental models (e.g., federal sentencing
guidelines)?
 Has it been implemented throughout the
organization, are there indicators that it is
operating as intended (e.g., frequency of
training, volume of hotline calls, consistency of
discipline)?
 Has it been effective in achieving compliance
with the organization’s ethical and legal
obligations?
BST Advisors, LLC
13
 An Effective Fraud and
Misconduct Strategy
Strong corporate culture, Effective personnel
values & ethics policies

Fraud\misconduct
awareness

Fraud and
Effective misconduct
Compliance Program reporting and response

BST Advisors, LLC

14
 An Effective Fraud and
Misconduct Strategy (continued)
Strong Corporate Culture with supporting
Ethics and Values
Credible leadership commitment
Corporate Values Statement
Clear and specific Code of Conduct
•Define acceptable and unacceptable behavior
•Address potential ethical dilemmas

BST Advisors, LLC

15
 Effective
Ethics/Code of Conduct
 Helps prevent misconduct
 Detects violations and provides and early
warning system
 Timely and responsible actions help avert
prosecution

BST Advisors, LLC

16
 Code of Conduct Checklist

- Use of equipment (telephone, vehicle,

photocopiers, scanner, supplies, credit
cards)
- Use of the internet during work hours
and/or for non-work related reasons.
- Acceptance of gifts from vendors,
suppliers and contractors

BST Advisors, LLC

17
 Code of Conduct Checklist
(continued)

5. Conflicts of interest (sign form annually):

Having direct or indirect, financial or
otherwise, in any transaction or activity
that conflicts with the proper discharge
of the employee’s duties.
6. Outside employment or dual
employment
7. Confidential information
8. Intellectual property
BST Advisors, LLC
18
 Code of Conduct Checklist
(continued)

9. Use of official position to secure

unwarranted privileges or
exemptions
10. On-site weapons
11. Restricting competition
12. Computer security
13. Time and attendance

BST Advisors, LLC

19
 Code of Conduct Checklist
(continued)

14. Exercising common sense

15. Expense reimbursements
16. Disparaging contractors
17. Illegal betting or gambling
18. Destruction of organizational records

BST Advisors, LLC

20
 Reasons for Failure

The message is not supported by senior

management
The ethics policy/code of conduct does
not provide practical guidance or example
Regular training is not provided
Compliance officer is overburden with
other matters

BST Advisors, LLC

21
 Reasons for Failure (continued)

 People are not aware of the hotline

nor is it used
 Corrective actions are not initiated
 Compliance is not monitored and an
annual report is not issued

BST Advisors, LLC

22
Periodically Reinforce Values

 Annual training
 Annual conflicts of interest affidavit
 Posted flyers
 Reminders with W-2s

BST Advisors, LLC

23
Periodically Reinforce Values
(continued)

 Weekly or monthly email reminders

about policies
 Code of conduct and ethics policy
posted on intranet
 Posters advertising anonymous
reporting mechanism

BST Advisors, LLC

24
 An Effective Fraud and
Misconduct Strategy (continued)
Effective Personnel Policies
 Recruitment screening
 Vacation policies
 Appraisal system and counseling policies
 Employee attitude surveys

BST Advisors, LLC

25
Effective Personnel Policies
Recruitment screening
• Verify identity
• Check qualifications, names of schools
• Probe employment gaps
• Obtain references
Vacation policies and work patterns
• Enforce vacations
Appraisal and counseling
Employee attitude surveys

BST Advisors, LLC

26
Effective Personnel Policies
(continued)

 Background checks
 Social security number verification
 OFAC check
 Media checks

BST Advisors, LLC

27
 An Effective Fraud and
Misconduct Strategy

Fraud\misconduct awareness
 Typical fraud risks
 Common indicators
 Behavioral issues
 Control benchmarking
 Reporting fraud suspicions

BST Advisors, LLC

28
 Quality of Your Fraud and
Misconduct Strategy
 Score each of these on a 1 to 10 scale.
1. What is the quality of your anti-fraud and misconduct
strategy?
2. Is responsibility for managing fraud and misconduct
risk well defined?
3. How clear are reporting channels for reporting
suspicions of fraud or misconduct?
4. Are there clear protections for those reporting fraud
or misconduct?
5. How effective is your fraud and misconduct
awareness program?

BST Advisors, LLC

29
 Quality of Your Fraud and
Misconduct Strategy
 Score each of these on a 1 to 10 scale.
1. How effective is your recruitment screening process?
2. How developed is the understanding of fraud and
misconduct risks facing your organization?
3. How have you matched these risks to controls to see
how they are managed?
4. How effectively does your organization learn from
fraud and misconduct incidents?
5. How aware of fraud and misconduct are head office
and regional personnel?
 What is the total score?
BST Advisors, LLC
30
 Quality of Your Fraud and
Misconduct Strategy (continued)
 How did your organization rate?
• 90 to 100 points = Strong
• 80 to 89 points = Effective
• 70 to 79 points = Needs Improvement
• 60 to 69 points = High Risk
• Below 60 points = Very High Risk

BST Advisors, LLC

31
Indications of Low Fraud and
Misconduct Awareness
No forum where the
subject of the
meeting is fraud and
Do not believe there
misconduct risk.
is a structured way
of assessing risk. No systems on fraud
or misconduct, it is
The organization has not a regular agenda
not considered fraud item.
risks. It trusts its
employees.

The risk section is

People in the business considered a cost driver.
do review fraud and
misconduct, but only in I see the potential fraud
a passive way. risks as nil to small.

BST Advisors, LLC

32
 An Effective Fraud and
Misconduct Strategy (continued)

Effective Fraud and Misconduct

Reporting and Response Program
 Fraud and misconduct reporting channels
 Whistler blower protection and non-retaliation policy
 Fraud and misconduct response plans

BST Advisors, LLC

33
 Effective Fraud and
Misconduct Reporting
and Response
 Questions
• Why investigate?
• When to investigate?
• What to investigate?
• Who should investigate?
• How to conduct investigation?
BST Advisors, LLC
34
 Effective Fraud and Misconduct
Reporting and Response (continued)
Importance of fraud risk management
 Every organization should have a documented anti-fraud strategy
and corporate integrity program. At a minimum it should
include:
• Agency’s stance on fraud and other breaches of company’s
policies and ethical code
• To whom and how should suspicions of fraud or misconduct
be reported
• What will be done and by whom in the case that fraud or
other breaches are suspected
• Employee rights - including limitations on expectations of
privacy and company’s rights to gain access and search all
work areas

BST Advisors, LLC

35
 Effective Fraud and Misconduct
Reporting and Response (continued)

 Why investigate?

• It’s your duty

• It’s the right thing

BST Advisors, LLC

36
 Effective Fraud and Misconduct
Reporting and Response (continued)

 Why it’s your duty

• Organizations have no choice
» 1991 Sentencing Guidelines
» Prevalence of government voluntary
disclosure programs
» Administrative and court rulings

BST Advisors, LLC

37
 Effective Fraud and Misconduct
Reporting and Response (continued)
 Why it’s the right thing
• Best practice
» Conducting internal investigations is the norm rather than
the exception
» 94% of companies responding to 1998 Fraud Survey said that
conducting an investigation was the leading response to the
discovery of fraud
» Assists organizations in determining the extent of potential
civil or criminal liability
» Assists in determining facts, available defenses, and
appropriate response
» Assist in negotiating a favorable resolution or avoiding an
intrusive government investigation

BST Advisors, LLC

38
 Effective Fraud and Misconduct
Reporting and Response (continued)
Why it’s the right thing
 Bottom Line protection
 Deterrence
 Given the cost of fraud, a fraud response is essential
 Recovery
 Asset tracing and recovery

 Insurance coverage

 Public relations
 Permits affirmative, proactive communications strategy

 Avoids charge of cover up

BST Advisors, LLC

39
 Effective Fraud and Misconduct
Reporting and Response (continued)
 When to investigate
• Knowledge of information suggesting reasonable
possibility that a third party and/or an employee
might have engaged in wrongful conduct
exposing the organization to risk of criminal
liability, substantial monetary loss or damage,
injury to its reputation, or other type of significant
harm

BST Advisors, LLC

40
 Effective Fraud and Misconduct
Reporting and Response (continued)
 When to investigate
• Timing
» Decision should be made as soon as possible
» Advantages of early start
 Greater ability to develop appropriate response and defense

 Increases likelihood that corporations can gather information

and interview employees before government
 Enables corporations to qualify for credit for full cooperation
under Sentencing Guidelines
» Importance of Fraud and Misconduct Response Plan as part of a
compliance program
 Corporation needs to be prepared in advance to insure
prompt and appropriate response

BST Advisors, LLC

41
 Effective Fraud and Misconduct
Reporting and Response (continued)

 What to investigate
• Fraud – Internal or external
» Falsification of financial data
» Misappropriation of assets
» Theft or embezzlement

BST Advisors, LLC

42
 Effective Fraud and Misconduct
Reporting and Response (continued)

 What to investigate
• Violations of organization policy
» Examples
 Conflicts of interest
 Policies regarding giving or receiving gifts
 Waste/Mismanagement
 Mishandling of confidential or proprietary
information

BST Advisors, LLC

43
 Effective Fraud and Misconduct
Reporting and Response (continued)
 Who should investigate
• Chief of internal compliance (Integrity Officer)
» An individual should be designated by each organization to whom
all information regarding potential misconduct should be reported
» Responsibility
 To receive reports of fraud or misconduct

 To conduct initial evaluation (refer to either HR or GC)

• General Counsel
» Responsibility
 To determine seriousness of allegation

 To determine scope and direction of investigation

 To consult and advise other relevant executives

 To determine the need for retention of outside counsel

BST Advisors, LLC

44
 Effective Fraud and Misconduct
Reporting and Response (continued)
 Who should investigate
• All internal investigations should
always be directed by counsel
• Principal reason:
» Permits invocation of privilege to protect
the confidentiality of internal
investigative results

BST Advisors, LLC

45
 !!!Assume all Cases
Will End in Litigation!!!

BST Advisors, LLC

46
 Findings Could Result in:

 Civil Litigation
 Criminal Litigation
 No Action

BST Advisors, LLC

47
 False Imprisonment Occurs
When There Is
 An intent to confine
 An act resulting in confinement
 Consciousness of confinement
or resulting harm.

BST Advisors, LLC

48
 Effective Fraud and Misconduct
Reporting and Response (continued)

 How to investigate
• Develop Investigative Hypothesis
» Theory of fraud or misconduct - Extent and elements
» Who may be involved
» Where is the evidence likely to be found
 Documents
 Witnesses
 Individual computers
 Transportable media
 Network servers
• Constantly refine and re-examine

BST Advisors, LLC

49
 Effective Fraud and Misconduct
Reporting and Response (continued)
 How to investigate
• Develop Work Plan
» Consistent with theory of fraud or misconduct
» Identify documents to be examined
» Procedures to be followed

Examples
 Document examination and verification
 Types of analysis
 Manual review
 Gap, variance
 Reconciliation
 Sorting and comparisons
 Trend

BST Advisors, LLC

50
 Effective Fraud and Misconduct
Reporting and Response (continued)
 How to investigate
• Identify potential sources of electronic or voice information and
data
• Examples
» PCs
» Laptops
» Transportable media
» Network servers
» Voice-mails
» Emails
» Recorded conversations – e.g. securities trading
» Video tapes
• Procedures and tools to be used to retrieve electronic and voice
data

BST Advisors, LLC

51
 Effective Fraud and Misconduct
Reporting and Response (continued)
How to investigate
• Identify individuals to be interviewed
» Inside organization
» Outside organization – e.g. vendors
• Develop interview menus
» Order of interviews
» Questions to be asked
• Identify other investigative procedures
» Public database searches
» Data analysis
BST Advisors, LLC
52
Effective Fraud and Misconduct
Reporting and Response (continued)

Respecting employee rights

• Employee’s Duty to Cooperate:
 Duty to cooperate exists in every internal
investigation, unless compliance is
– impossible
– unlawful
– unreasonable

BST Advisors, LLC

53
 Effective Fraud and Misconduct
Reporting and Response (continued)
 Respecting employee rights
 Employee Rights include:
• Contractual Right
Example
» If employee is a member of a union, union contract or
collective bargaining agreement may contain restrictions
on investigation procedures
• Whistleblower laws
» Protect employees who report misconduct to
government from retaliatory action
BST Advisors, LLC
54
An Effective Fraud and Misconduct
Strategy (continued)

Effective Compliance Program

 Standards and procedures that are reasonably
capable of preventing fraud and misconduct
 High-level oversight
 Due care in delegating discretionary authority
 Effective communication of standards and procedures (Training)
 Monitoring and auditing of compliance program
 Enforcement of program through discipline
 Appropriate response upon notification of wrongdoing

BST Advisors, LLC

55
Federal Sentencing Guidelines for
an Effective Compliance Program
High level oversight
Standards of conduct
Communications and training
Compliance auditing and monitoring
Pre-employment screening
Enforcement of standards and disciplinary
actions
Corrective actions taken
BST Advisors, LLC
56
 An Effective Fraud and
Misconduct Strategy (continued)
Culture, values & ethics
 Values statement
 Code of Conduct
 Defining acceptable and
unacceptable
 Addressing ethical
dilemmas Fraud\
awareness
Effective
Compliance Program
 Standards and procedures
 High-level oversight
 Delegation due care
 Training
 Monitoring and Auditing
 Discipline
 Appropriate response
BST Advisors, LLC
Effective personnel policies
 Recruitment screening
 Vacation policies
 Appraisal and counseling
 Employee attitude surveys
misconduct
Typical fraud risks
Common indicators
Behavioral issues
Control benchmarking
Reporting fraud
suspicions
Fraud and misconduct
Reporting and response
 Reporting channels
 Whistle blower protections
 Response plans
57
 Objectives of a Fraud
Response Plan
 Provide a conduit for whistleblowers
 Identify internal affairs personnel
 Outline the manner in which all reviews
should proceed
 Prevent further loss
 Identify high risk areas

BST Advisors, LLC

58
 Objectives of a Fraud
Response Plan
 Respond quickly
 Secure evidence
 Identify parties involved
 Identify loss remedies
 Identify specialists

BST Advisors, LLC

59
 Best Practices (continued)

 Collecting payments with credit cards:

Reduces exposure to cash and transfers
risk to credit card issuer.
 Typical payments: Water rents, sewer
rents, taxes.

BST Advisors, LLC

60
 Best Practices (continued)
 Third party receives complaints about
billing, collections and payments.
 Clerk who issued bills, collected cash and
received complaints misappropriated
$357,000 via a lapping scheme involving
4,000 water utility customers.

BST Advisors, LLC

61
 Best Practices (continued)

Bonding employees:
Estimate the amount and add a cushion
(Nobody steals small amounts)

BST Advisors, LLC

62
 Best Practices (continued)
 Telephone Audits: www.google.com.
Type in telephone number and hit
google search.
 900 calls by mailman during lunch
 Go out an let people know what your
doing. They don’t know who you’re
looking at.

BST Advisors, LLC

63
 Best Practices (continued)
 Checking inventory annually to identify
excess inventory

BST Advisors, LLC

64
 Right to Audit
Obtaining the right:
 Right to Audit Agreement -
on the back of purchase
order or procurement form
 Right to Audit Clause in a
Contract - include language
in the body of the contract

BST Advisors, LLC

65
 Best Practices (continued)

 Compliance audits of purchasing

policies (kickbacks and embezzlements)
 Written policies and procedures

BST Advisors, LLC

66
 The Value of Nothing

 No telephone number is master vendor

file
 Telephone number is the same digit, i.e.
all 9’s
 No address
 No contact person of fed ID #

BST Advisors, LLC P

67
 Grant Administration

 Right to audit
 Purchasing vs. leasing
 Tel Calls
 Travel
 Food Vendors
 Subcontracts
 Employees
BST Advisors, LLC P
68
? ? ?
? ??
? ?
?
? ? ? ? ?
? ?1 ? ? ? ?
?
? ? ?
?
? ? ?
? ?
? ? ?
? ?? ? ? ? ?
?
?
? ? ? ?
? ?
?
? ? ?
?
Questions? ?
?
?
? ? ?
? Chris Rosetti ?
? ? crosetti@bstadvisors.com ? ? ?
? BST Advisors, LLC
? ? ? ? ? ?
26 Computer Drive West
?
Albany, New York 12205
? ? ? ?
? Tel: 518-459-6700 / 800-724-6700  Fax 518-459-8492
?
? ? ? www.bstadvisors.com ? ? ?
? ? ? ?
? ? ?
? ? ? ? ? ? ?
?
? ? ? ?? ?
? ?
? ? ? ? ?
? ? ? ? ? ? ? ?
? ?
? ? ? ? ? ? ? ?
? ? ??
? ? ? ? ? ? ? ?
? ?
?
? ?