Keeping a Lid on the Cookie Jar Detecting, Preventing, and Mitigating the Risk of Fraud in Grants Management Crowe Horwath LLP © 2017 Crowe Horwath LLP

Session Outline What are Fraud, Waste, and Abuse? Understanding Fraud Motivators and Red Flags Fraud in Federal Financial Assistance and Contracting The Award Administrator’s Role in Fraud Prevention and Detection Mandatory Reporting Requirements Questions

Goals and Objectives Identify factors that increase exposure to fraud, waste, and abuse; Discuss best practices and strategies to prevent and detect fraud, waste, and abuse in Federal programs; and Understand mandatory disclosure requirements.

What are Fraud, Waste, and Abuse?

What are we talking about today? We hear the terms “fraud, waste, and abuse” often, but it is not uncommon for individuals to not understand what is meant by each term. What is Fraud? Depends on who you ask and on the specific scenario! A legal term, such that laymen typically speak to suspected, likely, or possible fraud. Webster’s Dictionary: “Deceit, Trickery; Intentional perversion of truth in order to induce another to part with something of value or to surrender a legal right.” AICPA EDP Fraud Review Task Force: “Any intentional act, or series of acts, that is designed to deceive or mislead others and that has an impact or potential impact on an organization’s financial statements.”

What are we talking about today? (Cont.) If assessing the allowability of legal costs in connection with legal or administrative proceedings, 2 CFR Part 200.435 provides a different definition: (3) Fraud means: (i) Acts of fraud or corruption or attempts to defraud the Federal government or to corrupt its agents, (ii) Acts that constitute a cause for debarment or suspension (as specified in agency regulations), and (iii) Acts which violate the False Claims Act (31 U.S.C. 3729-3732) or the Anti- kickback Act (41 U.S.C. 1320a-7b(b)).

What are we talking about today? (Cont.) How about “Waste”? We typically think of unnecessary or duplicative spending as waste. Excessive payments and compensation may also be considered as waste. And “Abuse”? Government Auditing Standards tell us that abuse… Involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary. Includes misuse of authority or position for personal gain.

How about civil (non-criminal) violations? Most people hear “fraud” and think of criminal violations and penalties, but there are also non-criminal matters to consider. False Claims Act Codified in Title 31, Section 3729 of the United States Code Civil and Criminal Matters Violations include false claims or payment requests, false records or statements, and issues that cause errors in the Government’s receipt of property or money. The Government may be entitled to three times the amount of damages that the Government suffered. Improper Payments Are all improper payments “fraud”?

Fraud’s Organizational Impact ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse found that: Organizations on average lose 5% of revenues to fraud each year. When applied to the projected 2016 gross world product, it translates to $3.76 trillion in fraudulent losses. Is the Government exposed? Absolutely! The median loss for Federal level fraud was $194,000; Median loss for state or provincial level fraud was $100,000; and Median level for local entities was $80,000. Impact of fraud on government projects includes both losses and potentially suspension and debarment.

Fraud Motivators and Red Flags

The Fraud Triangle The Fraud Triangle consists of three main points: Incentives/Pressures- also referred to as Motives- a pressure or a "need" felt by the person who commits fraud. Ability to Rationalize- employees may rationalize this behavior by determining that committing fraud is OK for a variety of reasons. Opportunity- when employees have access to assets and information that allows them to both commit and conceal fraud.

Common Warning Signs Behavioral Red Flags Living beyond their means Financial difficulties Control issues, unwilling to share duties Unusually close relationship with vendor/customer Wheeler/dealer attitude Divorce/family problems Irritability, suspiciousness, defensiveness Addiction problems Unwilling to take vacation days Complaining about inadequate pay Excessive pressure from within the organization Past legal problems Instability in life circumstances Excessive family/peer pressure for success Complaining about lack of authority

Common Warning Signs Financial/Transactional Red Flags Project execution issues and complaints from beneficiaries. Red flags regarding the structure of personnel involved in a transaction, including known relationships. Red flags within the organization’s operations and financial condition (e.g., cash flow challenges). Red flags within the accounting and financial management system, including circumvention of internal controls. Red flags regarding the organization’s financial performance.

What can we do? Most organizations have the greatest control over opportunity. Other components are largely internal to the individual. How does one influence opportunity? Maintaining strong systems of internal control; Providing training options to internal and external personnel; and Setting a standard and expectation of ethical behavior. http://www.acfe.com/rttn2016/about/executive-summary.aspx

Fraud in Federal Financial Assistance and Contracting

Current Fraud Schemes in the United States SOURCE: ACFE Report to the Nations on Occupational Fraud and Abuse

Factors Contributing to Current Fraud, Waste, or Abuse Risk Economic / Revenue Challenges Federal Audit Changes Threshold for A-133 audits has increased to $750,000 (from $500,000) According to the GAO, 5,000 entities will be relieved of the requirement. Entities expending less than $750,000 must make records available for review or audit by the GAO. International organizations, including subrecipients, may not be subject to audit. The threshold for reporting questioned costs has increased to $25,000. Arguably the most significant risk factor: Lack of knowledge and awareness needed to detect errors and noncompliance. This includes: Internal personnel; Audit detection risk; and Adequacy of internal controls implemented by third parties.

Fraud, Waste, and Abuse in Federal Assistance and Contracting Types of Fraud Observed Stringing False Claims / Erroneous Payment Requests Bribery, Kickbacks and Conflicts of Interest Payments for Vendors or Individuals Who Do Not Exist Misallocation of Federal funds / funding non-Federal activities with Federal dollars Drawing down funds in excess of actual cash needs Insufficient supporting documentation Timesheet fraud Eligibility

What can I do as a grants manager? Methods of prevention Establish an environment that prohibits and has zero tolerance for fraud, waste, and abuse; Establish whistleblower protections and ethics/conflict of interest policies, if not already required under applicable regulations; Establish and communicate systems and processes for reporting actual or suspected fraud, waste, or abuse; and Prior to sub-granting funds or issuing contracts, consider conducting: Pre-award surveys and assessments; Risk assessments, including reviews of prior audits and assessments; and Financial system reviews.

The Award Administrator’s Role Methods of detection Conduct internal audits; Utilize external audits; Require follow-up on audit findings and monitoring results, including internal control findings; and Conduct internal and external monitoring. The good news is that some of these methods are required to comply with the Uniform Guidance. Consider: 2 CFR Part 200.303, Internal Control, requires that the non-Federal entity evaluate and monitor its compliance and take action on audit findings; and 2 CFR Parts 200.328, 200.330, and 200.331 all address monitoring requirements applicable to recipients and pass-through entities.

Best Practice: Internal Monitoring Development and implementation of a structured internal monitoring program is recommended. May be risk based Do not automatically exclude programs, accounts, activities that are or may be immaterial to the financial statements Include program, financial reporting and compliance objectives within the monitoring scope Assess whether controls are being implemented as designed and operating effectively Consider risks created by third parties (vendors, customers, service providers) and the effectiveness of controls your organization has in place to mitigate these risks Assess whether or not training is effective and concepts are retained

Guidance on Monitoring Internal Control Systems COSO has developed guidance to help organizations understand monitoring and how effective monitoring benefits the governance process Establish a foundation for monitoring Proper tone at the top An effective organizational structure that assigns monitoring roles to people with appropriate capabilities, objectivity and authority A starting point or “baseline” of known effective internal control from which ongoing monitoring and separate evaluations can be implemented Design and execute monitoring procedures Understand and prioritize risks to organizational objectives Identify key controls that address those prioritized risks Identify persuasive information about the operation of those key controls Implement cost effective procedures to evaluate the effectiveness of those key controls

Guidance on Monitoring Internal Control Systems (Cont.) Assess and report results Evaluate the severity of deficiencies Prioritize deficiencies Report results to the appropriate personnel and the board Take timely corrective actions Follow-up on the effectiveness of the corrective actions

Understanding Mandatory Disclosures

Mandatory Disclosures Codified in 2 CFR Section 200.113 The non-Federal entity or applicant for a Federal award must disclose, in a timely manner, in writing to the Federal awarding agency or pass through entity all violations of Federal criminal law involving fraud, bribery, or gratuity violations potentially affecting the Federal award. What are briberies and gratuities? Be aware of the funding entity’s expectations – and the funding types. Contracts may have additional requirements based on the Federal Acquisition Regulation (FAR). Some award documents may also require disclosures above and beyond criminal items. Involve legal counsel and/or communicate with assigned personnel in your agency to understand the appropriate process.

Fraud Jeopardy!

Employee Fraud Billing Fraud Procurement Fraud 1 2 3

Employee Fraud 1 A recipient implements a procedure that requires receipts prior to reimbursement of meals and travel costs.

Employee Fraud 2 A recipient requires background checks of applicants’ criminal and financial histories prior to hiring them.

Employee Fraud 3 A recipient establishes a policy requiring segregation of duties in cash disbursement and financial reporting activities.

Billing Fraud 1 Agreement officers assign technical reviewers on-staff to review recipients’ reimbursement requests prior to payment.

Billing Fraud 2 As part of the budget process, a prime recipient requires subgrantees to disclose the cost elements that are included within its indirect cost pool.

Billing Fraud 3 After a project has closed out, the Agreement Officer engages an auditor to conduct a final incurred cost audit.

Procurement Fraud 1 An employee code of conduct policy is required to be read and signed prior to beginning work for a recipient.

Procurement Fraud 2 A recipient requires a three-way match prior to authorizing payments to a vendor

Procurement Fraud 3 A recipient implementing an international project requires copies of vendors’ business licenses to be kept on-file by the field offices.

Questions?

Thank you Michelle Blackstock, CPA/CITP Senior Manager Crowe Horwath LLP Direct: 954.202.2924 Michelle.blackstock@crowehorwath.com