What do a private liberal arts college, a public community college and a high-ranking national university all have in common? Each recently reported six-figure occupational fraud losses.
- At Bethany College in West Virginia, a cashier’s office employee is charged with stealing more than $500,000.
- In Pennsylvania, a Harrisburg Area Community College vice president plead guilty to using institutional funds for personal purchases totaling $228,000.
- An administrator at Georgetown University in D.C. embezzled about $390,000, according to a financial disclosure.
While it’s tempting to believe these are isolated incidents, the facts show otherwise. According to the latest “Report to the Nations on Occupational Fraud and Abuse” survey by the Association of Certified Fraud Examiners (ACFE), education is now one of the top five industries for reported cases of occupational fraud.
Further, the five most common types of fraud schemes in higher ed involve billing, expense reimbursements, corruption (including bribery and conflicts of interest), skimming (cash stolen before it’s on the books), and payroll, according to the survey, which reflects the responses of 1,388 certified fraud examiners across 22 industries.
Model policies for campus fraud prevention
These fraud schemes are common in other industries, as well. “Education just doesn’t differ much from other industries in terms of fraud schemes,” says Angela Morelock, a partner in forensics and valuation services at accounting firm BKD.
Although fraud is common, it’s not inevitable. Higher ed institutions with effective fraud prevention controls are already reducing the risks and consequences of fraud. Here are eight effective strategies gained from their experiences to assist your institution with deterring and detecting fraud.
1. Know your enemy.
The No. 1 reason education struggles with a relatively high occupational fraud rate is the perception that the industry is immune, says Kevin Robinson, executive director of internal auditing at Auburn University in Alabama.
But that’s a myth. “Even when an employee is exhibiting behavioral red flags, supervisors frequently say, ‘I’ve known this person, they’ve worked here a long time and they’ve been a good employee,’” says Robinson, who frequently speaks on fraud prevention on behalf of the Association of College and University Auditors. “However, it’s critical for everyone in higher education to understand that a perpetrator can be anyone, including your most recent employee of the month.”
2. Know your role.
While it’s common to assume the job of preventing and detecting fraud falls most heavily on certain individuals or departments—such as those in finance and procurement—in reality, all employees contribute equally. “Every employee, throughout the university, plays a role in having a fraud-free environment,” says Sharon Loiland, controller in the division of finance and operations at the University of North Dakota. Others agree. “It’s everyone’s responsibility to manage resources appropriately,” says Tammy Gourley Birchett, director of systemwide internal audit for the Tennessee Board of Regents. “Everyone needs to take that role seriously.”
This includes understanding the three factors—known as the Fraud Triangle—that are present during the commission of a fraud. They are: the individual feeling financial pressure, rationalization of the deed, and opportunity to commit it.
Vigilance around all three is critical to supporting anti-fraud efforts, explains Allan Bachman, who previously served as director of internal audit at a college in Boston and is currently education manager for ACFE. “For example, any employee can help with the ‘opportunity’ side of the triangle by identifying and reporting processes that appear to lack proper oversight,” he says.
3. Set the tone at the top.
Although everyone plays an anti-fraud role, establishing a fraud-prevention culture is a leadership function that begins at the top of every hierarchy—the institution as a whole, departments within an institution and each office within a department.
“Although it may sound trite, ‘tone at the top’ isn’t just rhetoric,” says Terri Clark, director of fiscal affairs and CFO for the UND John D. Odegard School of Aerospace Sciences. “It’s critical that leadership doesn’t just talk about fraud prevention. They must also follow up by establishing controls and investigating reports of suspected fraud.”
Statistics bear these statements out. For instance, where losses were $1 million or more, “poor tone at the top” was cited as the primary factor in nearly a fifth of cases, according to the ACFE survey.
4. Identify and correct vulnerabilities.
Although most institutions have well-established processes and procedures, few are bulletproof. That’s why every organization should undertake a thorough internal review.
“In higher education, there are many technologies related to financial transactions, as well as numerous payment types and tremendous cyclical payment volumes,” says Jim Gifas, executive vice president and head of treasury solutions at RBS Citizens Bank. “It’s a recipe for disaster in the absence of proper controls.”
The key control to identify and implement for every process is separation of duties. “That’s the most important control,” says Robinson. “Never allow any one person to be in charge of a complete process, or even of multiple steps in a process.”
Another significant—and frequently overlooked—area of vulnerability is athletic booster clubs.
“Although booster club accounts are typically separate from the institution, guess whose name is in the headlines when an incident occurs?” says Morelock of BKD.
5. Formalize anti-fraud policies and processes.
Nothing substitutes for establishing clear, written guidelines on preventing and reporting fraud. This includes defining what could constitute a fraud. For example, failing to turn in receipts may not mean an individual is committing fraud, but it should be questioned.
According to ACFE’s Bachman, a critical policy component is giving internal auditors investigation authority rather than handing off the duty to public safety.
“Public safety personnel have little or no experience with white collar crime or how to investigate it,” he says. “The ideal is a collaboration between the audit staff and public safety as necessary.”
As for the consequences of committing fraud, be direct, Bachman advises. “State very clearly that if you are caught, you will be prosecuted,” he says.
While some may worry that detailing anti-fraud processes might communicate organizational mistrust, UND’s Clark argues otherwise. “We owe it to our employees to have such checks and balances in place to protect them from suspicion,” she says.
6. Establish an anonymous reporting system.
With the ACFE survey showing that almost half of fraud detections result from tips, a safe reporting environment is essential. While most institutions designate specific officials as the point of contact for reporting tips, a more recent trend is establishing a fraud “hotline” with phone and online options.
Some institutions, such as Auburn and UND, use third-party providers for their hotline. Others, including Tennessee, leverage the state auditor’s office. Still others tap the free national crime reporting hotline, WeTip, which is available for anyone’s use.
In addition, many recommend using openness as a strategy. “We emphasize to our employees that administrators are not here to punish and catch,” says Peggy Lucke, UND’s associate VP for finance and operations. “Instead, we’re here to help.”
One example: What should an employee do if asked to participate in an activity that sounds as if it may not be appropriate? “We communicate that we’re always available to discuss the situation with them,” Lucke says.
7. Educate, educate, educate.
No matter how thorough the anti-fraud policy, nothing substitutes for education. For instance, the ACFE survey shows that in 81 percent of reported fraud cases, the perpetrator’s behavior exhibited red flags, Robinson says. “Your employees need to know those red flags to question them and report suspected problems.”
Education options include common sense approaches. In the Tennessee system, it starts with new hire orientation and includes placing updated fraud prevention posters on campuses across the state. “We also supply brochures that departments place within easy access of employees,” says Birchett.
At UND, an online presentation developed three years ago is now required viewing for every employee on an annual basis. “Before, we circulated a video that would arrive at each department every two years or so,” says Loiland. “With the online presentation, we not only know who has accessed it but also whether they’ve taken the test at the end. Supervisors receive a list of anyone who hasn’t completed the training and are expected to follow up.”
If Clark’s department is any guide, the online training is remarkably successful at ensuring compliance. “The first year it was implemented we had about a 90 percent compliance rate,” says Clark.
8. Rinse and repeat.
While regular education for employees may be a no-brainer, each of the other aspects of an effective fraud prevention program must also receive regular attention.
For most institutions, including those in Tennessee, this means that ferreting out vulnerabilities never really stops. “We have a formal procedure for reviewing about a third of major institutional processes every year,” says Birchett. “That means every major process and all subprocesses get reviewed and updated on a three-year cycle.”
It’s a similar story at Auburn, where Robinson also keeps a close eye on external fraud research and then uses it to inform annual internal risk assessments.
Ongoing efforts at the University of North Dakota are similar and include regular professional development for administrators. “Every year I try to attend a half or whole day fraud conference,” says Clark. “I encourage others to go, too.”
Plus, there’s a continuous reminder about how officials feel strongly about fraud. “Our executives make it very evident there’s no toleration of fraud at our institution,” says Loiland of UND.
Overall, formal anti-fraud strategies like those at her institution show positive outcomes. As Loiland puts it, “There’s very little internal fraud here.”
Anne Rawland Gabriel is a business and business technology writer based in the Minneapolis-St. Paul metro area.