The Fraud Examiner
CFE Helps Keep Iconic Publication Free of Fraud
ACFE Member Profile
Philip A. Ciuffo, CFE
Chief Audit Executive
The New York Times
Philip A. Ciuffo, CFE, likes fixing things. As Chief Audit Executive for The New York Times, he ensures that the publication is diligent in their controls in all processes, and in his personal life, he enjoys fixing anything broken around his home. Ever since he began his career in investigating fraud for a major metropolis, he’s approached audits with pragmatism, but does not allow them to color his view on others. He said, “In general, throughout my career, I have found that many people who committed the frauds we investigated were good people who stumbled on hard times, as opposed to those driven by greed.”
How did you become passionate about fighting fraud?
In my first job after graduating from college in the mid-80s I took a position with an audit bureau of a major metropolis. The division I was assigned to mostly conducted audits of vendors who had contracts or service agreements to lease properties, concessions or franchise rights owned by the city. The contracts generally spelled out the terms of a revenue share agreement requiring the vendor to pay the city some percentage of its gross receipts. Our role as auditors was to ensure that vendors complied with contract terms, but more importantly remitted the correct revenue or percentage of gross receipts.
As I began my auditing career doing these types of audits, I quickly learned the games that vendors play in underreporting their revenues and ultimately their fees to the city. The vendors were aware that the risk of being audited was low so they were more inclined to underreport their numbers and pay less.
In one particular case, the city leased land to a parking vendor near a ferry so commuters could park their cars and take a ferry across the river to work. The agreement with the city required the vendor to pay a percentage of the fee collected for each car parking in the lot every day. We decided that we would spend a week doing surveillance of the lot and count the number of cars entering the lot each day. Then we would reconcile our actual count to what the vendor reported on the statement he submitted with his payment. Suffice to say the underreporting of parked cars was egregious and the underpayment to the city was significant.
After several other contract audits over the next year or so revealed similar results, I became interested in fraud and the drivers that cause people to commit fraud. I quickly learned to spot red flags or fraud indicators, and from these early experiences learned how to evaluate what they mean and their impact. It was around this time that I learned about a relatively new designation, Certified Fraud Examiner, and I became one.
What is one of the biggest lessons you have learned since becoming a CFE?
Sometimes the biggest fraud schemes are the simplest ones. Never take anything for granted and never underestimate the bad guys because their livelihood depends on you being asleep at the wheel. Also, don’t discount evidence, even if it appears remote or does not appear to have a connection to your investigation.
What steps led you to your current position?
I have progressed my career at The New York Times from a staff auditor to Chief Audit Executive. I achieved this mostly through hard work, sound judgment and developing excellent working relationships with management. Helping management understand that internal audit is not the “bad guy” in the organization, but a resource that can help ensure controls remain effective and can add value, has enhanced my career. We have experienced a high rate of management requesting our services for assistance with fraud related inquiries and general operations and controls work.
What is your current role and what does it entail?
As the Chief Audit Executive, I am responsible for a team of seven financial and IT auditors. I report to the CFO, CEO and audit committee. My main role is to review and evaluate the effectiveness of the company’s control environment across all lines of business and revenue streams. Every audit we conduct, whether an audit of a new digital revenue stream or the accounts payable and vendor payment process, always includes a review for fraud. We do this through data analytics that are developed and analyzed specifically for that audit. I am responsible, along with General Counsel, for evaluating and investigating all calls that come in to our hotline. We spend a significant amount of time annually auditing vendor contracts and new and developing system implementation projects. We also are responsible for assisting management with its SOX efforts and for assisting our external auditors in various interim and year-end testing procedures.
Not a member? Click here to Join Now and access the full page.