Extent
• Hard to estimate for Higher Education.
• We do not want to talk about it.
– Want our students to think tuition well spent.
– Want our legislators to appropriate more.
– Want our sponsors to fund more research.
– Want our alumni to keep us in the will.
Occupational Fraud 2012
• 5% of revenues, or $3.5 trillion.
• 64% committed by employees.
– Employee $ 60,000
– Manager $180,000
– Executive $573,000
Occupational Fraud 2012
• 77% of all frauds in six departments:
– Accounting
– Operations
– Sales
– Executive, Upper Management
– Customer Service
– Purchasing
Higher Education
• No real data.
• But, lots of under appreciated people.
• Significant opportunities.
• Complex systems.
• Open access.
• A reluctance to prosecute.
• Or even announce what we find.
Fax Machines
• Call from local chain store.
• Gave refund on a fax machine.
• But funny feeling about it.
• Got employee’s name.
• Looked at Limited Value Purchase Orders.
• Seventeen fax machines.
• Called department to inventory.
K-Mart
• Call from local K-Mart.
• “Why won’t you people pay your PO?”
• PO Number not one of ours.
• “It must be yours, it’s got Sparky on it.”
Pirates
• Call from department.
• Received a box of two toner cartridges.
• Invoice of $640.
• Already used them.
• Stores price for two was $110.
• Refused to pay, and sent two from Stores.
Thirteenth Floor
• Department called and said to check a
specific person’s travel reimbursement.
• Looked fine.
• Receipts all there.
• Just to make sure, called hotel.
• Only have four floors.
• Receipt was for Room 1313.
Cashier’s Check
• Bookstore received an order for books.
• To be shipped to Nigeria.
• $8,700 total.
• Credit Card number.
• Not a valid number.
• Customer provided another Credit Card.
• Also not valid.
Cashier’s Check
• Bookstore still trying to help the customer.
• Asked for a Cashier’s Check.
• Received it the next morning via FedEx.
• No watermark.
• Called issuing Bank of America.
• Counterfeit.
• Told the customer his order was cancelled.
Audit Hacker
• Purchasing Card Audit.
• Auditor given system access.
• Noticed cursor moving on its own.
• Audit had disabled all virus protection.
• Immediately notified bank.
• No problems.
Hacker
• An intrusion at a major university resulted
in access to all purchasing card records,
and all travel reimbursement requests,
with SSAN’s.
• Reissue 1,000 purchasing cards.
Property
• Dear Person in Department,
• Where is the $7,590 electric cart you
bought in January?
• And the $40,606 video camera control box
signed out from State Surplus?
• I don’t know is not good enough.
Purchasing Card
• Dear Cardholder, please explain:
– Roomateacess.com, $39.99
– Service Arizona, $222.67
– Victoria Secret, $125.05
• On a Sponsored Account.
Purchasing Card
• “The Service Arizona was, I regret to say,
intentional. The other two were a mistake
as I grabbed the wrong card. My Dean
understands that it was a mistake, and
only asks that it be paid back.”
• “Can you deduct this over my next 6
paychecks?”
Purchasing Card
• “I’m sorry about this and can only hope
that it be handled quietly, and to the
benefit of all parties.”
• Do you think we agreed to 6 payments?
• Or handled it quietly?
Purchasing Card
• Immediately ratted her out to Dean,
Business Manager, Internal Audit, HR,
General Counsel.
• Complete audit of all $14,780 transactions.
• $1,131 were fraudulent.
• $1,131 was recovered,
• Just before employee fired.
Purchasing Card, Part 2
• Administrative Assistant conspired with
faculty member to submit fake computer
invoices to Foundation for reimbursement.
• Some $17,000.
• Also had a Purchasing Card.
• Total spend was $1,308.
• Asked to produce all receipts.
Purchasing Card, Part 2
• Failed to produce receipts.
• Probably because had other things to
worry about.
• We deducted $1,308 from her last
paycheck.
• Prosecuted both.
• Judgment against both.
Purchasing Card, Part 2
• End of the story?
• Hardly.
• Asked what we were doing to prevent this,
and tighten up on Purchasing Card
program.
• How would the Purchasing Card program
prevent someone from sending fake
invoices to the Foundation.
Stores
• Most batteries are sold in December.
• Most flashlights are sold in October.
• How to sell to ASU:
– Doughnuts.
– Hot dogs.
Cash
• Always trying to balance receipts to register to inventory.
• Noticed that ran low on ice at the bar.
• Person would bring in ice from another machine.
• Slipped a bottle of liquor from the package store into the ice.
• Sold over the bar, and the money pocketed.
Cash
• One bottle missing from package store
was not noticeable.
• Money kept from drinks sold not rung
through register.
• Each bartender had locked cabinet.
• Empty bottles tracked.
Cash
• Unannounced cash count at a Copy
Center.
• $1,100 in the safe.
• In $20’s.
• Proposed termination.
• Hurt back the day before, out on Worker’s
Comp.
Cash
• Went to a hearing.
• Administrative judge did not want to hear
about the $1,100, or the timing.
• Continued the person on Worker’s Comp.
• No longer worked for us.
No Experience Required
• Friend will only hire inexperienced
bartenders.
• Because experienced ones know how to
steal.
• One day, no choice.
• Thought something wrong.
• Could not figure it out.
No Experience Required
• Looked for counting system.
• Could not find one.
• So, asked an investigator to review.
• Sat there for a week as customer.
• Reported that he also had a funny feeling,
but could not see the problem.
• Rings up everything in one of the two
registers.
Moonlighting
• Payment to an individual to maintain
computers.
• Also an employee.
• Did a solicitation.
• Employee won.
• Same hours as regular job?
Mall Vendors
• Local copy center booth on the mall.
• Introduced self as Prof Johnson.
• Do you give rebates on course packs?
• Sure.
Vending
• Gumball type candy machines.
• Arizona Charities.
• No contract.
• And no such entity.
• Confiscated.
Lots of Experience Required
• Wanted a marketer.
• Highly qualified person who had worked at
a radio station.
• Unfortunately, the station had closed, so
now here looking for work.
• Total fabrication.
• Fired when discovered.
Theft from Lockers
• Woman stole credit cards from gym
lockers.
• Nothing special about that.
• Then approached students and said was
investigating the theft.
• And needed to know the account access
numbers.
Purchasing Adventure
• College did an RFP.
• To select next standard server.
• Sent e-mail saying that if firm kept their
local rep, they would not get the business.
• Award announced.
• Call from local rep to complain.
Purchasing Adventure
• Local rep could have grounds for a suit.
• Met with College staff.
• Advised to immediately write to all firms.
• Advised to retain an attorney.
Purchasing Adventure
• College then came back with specs.
• We did solicitation.
• College wanted to make multiple award.
• So they could steer business to favorite.
• When this did not work, College asked if
could buy from State contract.
• Sure.
Another Purchasing Adventure
• On data conversion job, we did a
solicitation.
• Winning firm later released by College.
• College decided could do the job
themselves.
• Then hired three consultants.
• This was not working either.
Another Purchasing Adventure
• Sent us a letter to say a firm was a sub-
contractor in a State contract.
• We issued PO.
• Firm fired three consultants.
• One of whom ratted on them.
• Big audit.
Another Purchasing Adventure
• Over spent $80,000.
• Resignation in lieu of termination.
• Referred to County Prosecutor.
• Not enough to prosecute, but could sue.
• Senior administration asked to prove no
one else doing this.
• New approval policy for IT projects.
Profile of a Fraudster
• Male.
• Intelligent – Challenged by “secure”
systems, bored with job routine.
• Egotistical – Scornful of “obvious” control
flaws, “dumb” managers.
• Inquisitive – would take pride in finding a
computer vulnerability.
Profile of a Fraudster
• A rule breaker – Takes short cuts, self-
justifies breaking rules.
• A hard worker – first to arrive, last to
leave, few vacations.
• Under personal stress.
• Greedy or has a financial need.
• Disgruntled, underappreciated.
• A big spender.
Classic Defenses
• Set the tone.
• Deny opportunity – separation of duties.
• Establish controls.
• Audit.
• Reward vigilance.
• Be skeptical.
Web Resources
• http://www.consumer.gov
• http://www.idtheftcenter.org
• http://www.usps.com
• http://www.bbbonline.com
• http://www.consumerworld.org
• http://www.fraud.org
• http://www.sec.gov
• http://www.acua.org
Perfect Scam
• Want something that does not leave an
audit trail.
• Want cash.
• Less likely to be reported.
• Not too much jail time if caught.
Perfect Scam
• Get blue work shirt and pants.
• Embroider “Bob”.
• Make up receipt forms.
• Go to department.
• Tell them you are picking up computers.
• Get staff person to sign the receipt.
• Give them the copy.
Perfect Scam
• Sell the computers on e-Bay.
• Only slightly below market.
• Make sure you use an escrow account.
• After all, you don’t want to get ripped off.
Perfect Scam
• Person in department only has their own
name on the receipt.
• They might not even report it.