FRAUD ON CAMPUS

John F. Riley, C.P.M.

Fraud?

• We are being robbed right now!

• Prove it!

• Prove we are not!

Extent

• Hard to estimate for Higher Education.

• We do not want to talk about it.

– Want our students to think tuition well spent.

– Want our legislators to appropriate more.

– Want our sponsors to fund more research.

– Want our alumni to keep us in the will.

Occupational Fraud 2012

• 5% of revenues, or $3.5 trillion.

• 64% committed by employees.

– Employee $ 60,000

– Manager $180,000

– Executive $573,000

Occupational Fraud 2012

• 77% of all frauds in six departments:

– Accounting

– Operations

– Sales

– Executive, Upper Management

– Customer Service

– Purchasing

Occupational Fraud 2012

• 43.3% of all frauds identified through a tip.

Higher Education

• No real data.

• But, lots of under appreciated people.

• Significant opportunities.

• Complex systems.

• Open access.

• A reluctance to prosecute.

• Or even announce what we find.

Stories

Fax Machines

• Call from local chain store.

• Gave refund on a fax machine.

• But funny feeling about it.

• Got employee’s name.

• Looked at Limited Value Purchase Orders.

• Seventeen fax machines.

• Called department to inventory.

K-Mart

• Call from local K-Mart.

• “Why won’t you people pay your PO?”

• PO Number not one of ours.

• “It must be yours, it’s got Sparky on it.”

Pirates

• Call from department.

• Received a box of two toner cartridges.

• Invoice of $640.

• Already used them.

• Stores price for two was $110.

• Refused to pay, and sent two from Stores.

Thirteenth Floor

• Department called and said to check a

specific person’s travel reimbursement.

• Looked fine.

• Receipts all there.

• Just to make sure, called hotel.

• Only have four floors.

• Receipt was for Room 1313.

Invoice

• I-Pages.

• American Internet Directories.

• Just two of many.

Cashier’s Check

• Bookstore received an order for books.

• To be shipped to Nigeria.

• $8,700 total.

• Credit Card number.

• Not a valid number.

• Customer provided another Credit Card.

• Also not valid.

Cashier’s Check

• Bookstore still trying to help the customer.

• Asked for a Cashier’s Check.

• Received it the next morning via FedEx.

• No watermark.

• Called issuing Bank of America.

• Counterfeit.

• Told the customer his order was cancelled.

Audit Hacker

• Purchasing Card Audit.

• Auditor given system access.

• Noticed cursor moving on its own.

• Audit had disabled all virus protection.

• Immediately notified bank.

• No problems.

Hacker

• An intrusion at a major university resulted

in access to all purchasing card records,

and all travel reimbursement requests,

with SSAN’s.

• Reissue 1,000 purchasing cards.

Property

• Dear Person in Department,

• Where is the $7,590 electric cart you

bought in January?

• And the $40,606 video camera control box

signed out from State Surplus?

• I don’t know is not good enough.

Purchasing Card

• Dear Cardholder, please explain:

– Roomateacess.com, $39.99

– Service Arizona, $222.67

– Victoria Secret, $125.05

• On a Sponsored Account.

Purchasing Card

• “The Service Arizona was, I regret to say,

intentional. The other two were a mistake

as I grabbed the wrong card. My Dean

understands that it was a mistake, and

only asks that it be paid back.”

• “Can you deduct this over my next 6

paychecks?”

Purchasing Card

• “I’m sorry about this and can only hope

that it be handled quietly, and to the

benefit of all parties.”

• Do you think we agreed to 6 payments?

• Or handled it quietly?

Purchasing Card

• Immediately ratted her out to Dean,

Business Manager, Internal Audit, HR,

General Counsel.

• Complete audit of all $14,780 transactions.

• $1,131 were fraudulent.

• $1,131 was recovered,

• Just before employee fired.

Purchasing Card, Part 2

• Administrative Assistant conspired with

faculty member to submit fake computer

invoices to Foundation for reimbursement.

• Some $17,000.

• Also had a Purchasing Card.

• Total spend was $1,308.

• Asked to produce all receipts.

Purchasing Card, Part 2

• Failed to produce receipts.

• Probably because had other things to

worry about.

• We deducted $1,308 from her last

paycheck.

• Prosecuted both.

• Judgment against both.

Purchasing Card, Part 2

• End of the story?

• Hardly.

• Asked what we were doing to prevent this,

and tighten up on Purchasing Card

program.

• How would the Purchasing Card program

prevent someone from sending fake

invoices to the Foundation.

Stores

• Most batteries are sold in December.

• Most flashlights are sold in October.

• How to sell to ASU:

– Doughnuts.

– Hot dogs.

Cash

• Always trying to balance receipts to register to inventory.

• Noticed that ran low on ice at the bar.

• Person would bring in ice from another machine.

• Slipped a bottle of liquor from the package store into the ice.

• Sold over the bar, and the money pocketed.

Cash

• One bottle missing from package store

was not noticeable.

• Money kept from drinks sold not rung

through register.

• Each bartender had locked cabinet.

• Empty bottles tracked.

Cash

• Unannounced cash count of petty cash.

• Contained neatly written IOU.

• Person fired.

Cash

• Unannounced cash count at a Copy

Center.

• $1,100 in the safe.

• In $20’s.

• Proposed termination.

• Hurt back the day before, out on Worker’s

Comp.

Cash

• Went to a hearing.

• Administrative judge did not want to hear

about the $1,100, or the timing.

• Continued the person on Worker’s Comp.

• No longer worked for us.

No Experience Required

• Friend will only hire inexperienced

bartenders.

• Because experienced ones know how to

steal.

• One day, no choice.

• Thought something wrong.

• Could not figure it out.

No Experience Required

• Looked for counting system.

• Could not find one.

• So, asked an investigator to review.

• Sat there for a week as customer.

• Reported that he also had a funny feeling,

but could not see the problem.

• Rings up everything in one of the two

registers.

Moonlighting

• Payment to an individual to maintain

computers.

• Also an employee.

• Did a solicitation.

• Employee won.

• Same hours as regular job?

Mall Vendors

• Local copy center booth on the mall.

• Introduced self as Prof Johnson.

• Do you give rebates on course packs?

• Sure.

Vending

• Gumball type candy machines.

• Arizona Charities.

• No contract.

• And no such entity.

• Confiscated.

Lots of Experience Required

• Wanted a marketer.

• Highly qualified person who had worked at

a radio station.

• Unfortunately, the station had closed, so

now here looking for work.

• Total fabrication.

• Fired when discovered.

Theft from Lockers

• Woman stole credit cards from gym

lockers.

• Nothing special about that.

• Then approached students and said was

investigating the theft.

• And needed to know the account access

numbers.

Purchasing Adventure

• College did an RFP.

• To select next standard server.

• Sent e-mail saying that if firm kept their

local rep, they would not get the business.

• Award announced.

• Call from local rep to complain.

Purchasing Adventure

• Local rep could have grounds for a suit.

• Met with College staff.

• Advised to immediately write to all firms.

• Advised to retain an attorney.

Purchasing Adventure

• College then came back with specs.

• We did solicitation.

• College wanted to make multiple award.

• So they could steer business to favorite.

• When this did not work, College asked if

could buy from State contract.

• Sure.

Another Purchasing Adventure

• On data conversion job, we did a

solicitation.

• Winning firm later released by College.

• College decided could do the job

themselves.

• Then hired three consultants.

• This was not working either.

Another Purchasing Adventure

• Sent us a letter to say a firm was a sub-

contractor in a State contract.

• We issued PO.

• Firm fired three consultants.

• One of whom ratted on them.

• Big audit.

Another Purchasing Adventure

• Over spent $80,000.

• Resignation in lieu of termination.

• Referred to County Prosecutor.

• Not enough to prosecute, but could sue.

• Senior administration asked to prove no

one else doing this.

• New approval policy for IT projects.

Profile of a Fraudster

• Male.

• Intelligent – Challenged by “secure”

systems, bored with job routine.

• Egotistical – Scornful of “obvious” control

flaws, “dumb” managers.

• Inquisitive – would take pride in finding a

computer vulnerability.

Profile of a Fraudster

• A rule breaker – Takes short cuts, self-

justifies breaking rules.

• A hard worker – first to arrive, last to

leave, few vacations.

• Under personal stress.

• Greedy or has a financial need.

• Disgruntled, underappreciated.

• A big spender.

Classic Defenses

• Set the tone.

• Deny opportunity – separation of duties.

• Establish controls.

• Audit.

• Reward vigilance.

• Be skeptical.

Web Resources

• http://www.consumer.gov

• http://www.idtheftcenter.org

• http://www.usps.com

• http://www.bbbonline.com

• http://www.consumerworld.org

• http://www.fraud.org

• http://www.sec.gov

• http://www.acua.org

Perfect Scam

• Want something that does not leave an

audit trail.

• Want cash.

• Less likely to be reported.

• Not too much jail time if caught.

Perfect Scam

• Get blue work shirt and pants.

• Embroider “Bob”.

• Make up receipt forms.

• Go to department.

• Tell them you are picking up computers.

• Get staff person to sign the receipt.

• Give them the copy.

Perfect Scam

• Sell the computers on e-Bay.

• Only slightly below market.

• Make sure you use an escrow account.

• After all, you don’t want to get ripped off.

Perfect Scam

• Person in department only has their own

name on the receipt.

• They might not even report it.

Thanks

• Have fun!

• John.Riley@asu.edu