Taking from the Givers: Employee Fraud in Humanitarian Organizations

 

"Sam," a finance assistant for an international humanitarian organization, was a compassionate man who cared for his fellow staff workers. Or so it seemed. He was responsible for processing extra monetary allowances for employees who were compensated for taking assignments deep in rural outposts. His superiors felt he shouldn't be impeded by complicated rules so he could quickly supply the deserving staffers. Unfortunately, he conspired with a bank employee to also supply himself with a little extra money - $120,000 in three years. 

 

Humanitarian organizations are prone to the usual internal-control problems that can lead to fraud. But their management frequently works in crisis mode and often believes that red-tape regulations impede aid to employees and those suffering in far-flung areas. Unfortunately, that attitude can expose organizations to the usual fraudulent foibles. 

 

In addition to the monetary costs, staff members' fraudulent activities have long-term deleterious consequences for the reputation and credibility of humanitarian organizations. Anything that tarnishes their reputations can drastically reduce donor funding. 

 

AUDIT AND FRAUD DETECTION 

In Kautaliya's "Arthashastra," an ancient Indian treatise on politics and government, there's a reference to 40 different types of embezzlements. We've known for centuries that there's no limit on types of frauds; the variations only depend on the fraudsters' misguided ingenuity and imagination. 

 

Many in the field have debated about the extent to which internal auditors share the responsibility for fraud detection. Of course, the discussion heightens when a fraud is discovered in any organization; management wants to know why the auditor hadn't detected the crime earlier. However, the consensus among auditors seems to be that although they have an important role to play in fraud prevention and detection, the primary responsibility is management's. However, as more auditors receive fraud examination training they are able to recognize red flags and detect and deter fraud. Management can only be pleased by that. 

 

Auditors and fraud examiners, through interviews and review of documents, can identify and trace suspicious transactions and payments, test prices and performance, and inspect works and deliverables. Fraud indicators are but clues or hints that a particular area or activity requires detailed inquiry. That inquiry might show all is fine, poor management or negligence, or signs of wrongdoing. 

 

GUT FEELINGS 

I'm presenting some fraud cases that I've been involved in as an auditor for field operations at an international humanitarian organization. (I've conducted audits in Sudan, Chad, Burundi, Kenya, Zambia, Nigeria, Ghana, and several other countries.) I believe they show that healthy skepticism, audit judgment, and intuition are the keys to fraud detection. Audit judgment goes beyond audit programs and data analysis techniques to something quite intangible - that gut feeling that something could be wrong. At that stage, the successful fraud examiner delves deeper, expands the scope of the examination, and makes the necessary detailed enquiries. These cases, obviously, also highlight that auditors and fraud examiners should be alert for red flags at all stages of an audit that might indicate possible wrongdoing. 

 

SYSTEMATIC FRAUD BY FINANCE ASSISTANT 

Getting back to the opening case - the evidence showed that Sam, the finance assistant, perpetrated the fraud by creating fake payment vouchers, subsequently destroying them and then routinely forging signatures on checks to receive the funds through his bank accomplice. The fraudster was able to commit the crime mainly because management gave him several functions, didn't assure that all staffers followed established procedures, and didn't review job performances regularly. 

 

International staff members in deep field operations away from main cities are sometimes entitled to incentives such as additional allowances that vary in amount depending upon the location and hardship conditions. Because many staff members often are posted to these remote areas, the cumulative monthly payments can be substantial for the organization. During the audit planning stage itself, we were struck by the frequency of payments and how often they were charged to accounts payable. So we watched this item as a possible risk area. 

 

We found numerous red flags. Many payment vouchers for disbursing these allowances weren't available in the monthly box files containing vouchers, and we couldn't trace them despite our best efforts. Management's feeble excuse was that the records could've been misplaced while in storage. 

 

Sam was constantly elusive or unavailable when we asked for the missing documents or to meet with him. He was rarely in his office and on several occasions we were told that he had gone to run some errands. When we did get to meet Sam briefly, we noticed that he had the latest satellite and mobile phones, each of which probably cost more than a month's salary. He also owned other expensive toys. 

 

Our review showed that contrary to instructions: (1) the office was using more than one checkbook simultaneously though this was specifically forbidden, (2) a large number of checks weren't in the name of the payee, (3) payees seemed to be approving many payments to themselves, (4) there were discrepancies between the check numbers in the accounting system and those actually used to make payments in the bank, (5) bank reconciliations weren't satisfactorily performed, (6) some checks that had been voided were used for payments (7) there were excessive and unjustified charges to accounts payable accounts and, (8) previous payments weren't recorded on the reverse of authorization document, so the hard-copy records of payments weren't available. 

 

We also saw repeated instances of poor record keeping and deficient supporting documentation for payments. Payment vouchers weren't sufficiently detailed, names of staff members were often incorrectly written, and the months in which the allowances were given weren't noted. Payments for several staff members from many months were often made through the same voucher without sufficient detail in the voucher description, which made the tracing of payments difficult and identification of beneficiaries problematic. 

 

Sam was almost entirely responsible for regulating payments and his work wasn't adequately supervised - a recipe for disaster. And he seldom took accrued leave time. 

 

Using our in-house auditing software, we were able to generate printouts by payee, by account, and by sub-account. It appeared that international staff members had been overpaid by some $76,000 in the three years reviewed. The staff members who were supposed to have received the payments said they hadn't and that the signatures on vouchers appeared to have been forged. We had to confront Sam, but he inconveniently resigned and fled the country. 

 

Further examination and investigation revealed a pattern of abuse, forgery, and collusion with the local bank staff. Sam would ensure that all professional staff members would receive their salaries and allowances on time. After he'd made the legitimate payments, he'd generate new payment vouchers in the names of staff members usually when they were on leave or away from work. He would then forge the signatures of the authorizing or approving officers and the bank signatories on the voucher or checks in which he was shown as the payee. The checks would then be presented to the bank where his accomplice, a bank teller, would approve them for payment. Sam would forge the endorsement of the checks he was supposed to send to the staff members and then collect the payments with the help of his bank accomplice. The investigations division confirmed our findings that he had embezzled about $120,000 over three years. Eventually, Sam was hunted down and arrested, but mysteriously managed to flee once again by using his local influence and connections. We had a watertight case against him, but the organization didn't seriously pursue recovery or initiate action against the bank, which employed his accomplice. This type of fraud could happen again because the organization still hasn't learned its lessons. 

 

In our assessment, Sam was able to commit the fraud because of a combination of factors: 

• As in many embezzlement cases, his department didn't segregate duties and gave him too much authority, responsibility, and trust. He had too much familiarity with all operations, so he was able to cover up his crimes by destroying payment vouchers. 
• Sam was a finance assistant for seven years and didn't rotate into another job because the organization didn't have a policy for routinely rotating employees. 
• Management didn't adequately review Sam's work and should have detected the frequency of payments supposedly made to employees for hardship allowances and how often they were charged to accounts payable. 
• Procedures and controls were consistently circumvented and internal controls were deliberately and intentionally overridden. 
• Management had an entrenched view that this humanitarian organization had to quickly relieve suffering in far-flung areas and shouldn't be impeded by "complicated rules." 

 

We recommended that management immediately (1) reintroduce a diligent and thorough supervisory review of all financial transactions, (2) introduce strict segregation of duties for the finance assistant, (3) keep accounting records secure, safe, and immune from interference or destruction and, (4) entrust state authorities to investigate the role of the bank in the fraudulent payments. Management eventually implemented most of our recommendations. 

 

To review, here were the red flags: 

• Inadequate income to support a lavish lifestyle 
• Excessive familiarity and control over financial transactions with no segregation of duties
• Little leave taken
• Excessive time in the job without rotation to another position
• Institutional toleration of disregard for rules
• Continuous circumvention of systems and procedures
• Obstruction of the audit trail
• The organization operating in a "culture of urgency" 

 

FRAUD IN COMPUTER PURCHASING 

Procurement for humanitarian organizations, particularly in emergency field locations, is a high-risk activity. An audit disclosed that a field office had purchased more than 50 seriously overpriced computers. 

 

We found it initially difficult to collect general procurement data because documentation was inadequate and insufficient. After reviewing the transactions, we determined that in the two years reviewed, 95 percent of the IT procurements were sourced mostly from three firms. The control environment was weak and procurement lists and proper filing systems weren't systematically maintained. So it was difficult to conduct a thorough review, assess the management, and obtain assurance that the process was fair and transparent. Essential documents such as Invitations to Bid (ITBs) and minutes of procurement committee meetings were unavailable. An atmosphere of disorganization in the office enabled the fraud to flourish and remain undetected. Although the organization had entered into a sound agreement with a vendor, the field office had decided to buy locally. 

 

According to information we collected, the some 50 computers were purchased during the period reviewed for about $132,000. The local suppliers sourced the purchases from outside the country, mostly from Dubai. Invitations to bid hadn't been issued to an adequate number of potential vendors to reasonably ensure the receipt of three competitive proposals. 

 

In some cases, submissions to the procurement committee were available, but as it later emerged, they had been manipulated. In one case submitted to the committee, the procurement was made in October 200X and three companies submitted bids. However, two of them were dated March 200X and April 200X respectively, which was long before the particular procurement. Also, vendors submitted offers on various types of laptops or notebooks with different specifications, so there was no "like-to-like comparison." In another instance, when the office asked for bids on laptops it compared two offers for desktops and one for laptops. 

 

Our review showed that, even allowing for differences in make and specifications, the office paid consistently more than market prices for laptops. We estimated that the office could have saved $58,000 if it had purchased the laptops at standard prices or sourced them from the headquarters of the organization. The office initially said it purchased the computers locally because they needed them immediately and couldn't wait for the relatively long lead time for purchases through centralized procurement. The auditors found in the procurement file a written complaint from a former computer vendor who said that his firm hadn't received any orders from the office for some time. 

 

After we collected further evidence, we concluded that one staff member, "Susan," the information services assistant, seemed to have an unusual degree of control over the procurement of computers. Managerial staff heavily relied on her and never questioned her recommendations about computer purchases. Susan had set up three phantom companies that would always "submit" bids and secure computer supply contracts. Once she placed an "order," she would fly in the consignment from the Dubai source. The computers' price would have been heavily marked up before the sale and Susan would pocket the substantial difference between the Dubai prices and the prices at which the computers were eventually sold to the organization. On the face of it, all appeared proper: the paperwork showed invitations to bid, and the procurement committee had considered all offers. But actually Susan had falsified "competing" bid submissions. We discovered that she had listed only post box addresses for the three vendors and no physical addresses. We never reached anybody at the three phone numbers she listed, so they probably didn't exist. Significantly, one of the payments was made in cash to Susan, who had promised to remit it to the vendor. Susan also received the goods on behalf of the organization, which gave her considerable control over several crucial stages. 

 

We concluded that Susan hadn't complied with the organization's procurement rules, supposedly because she urgently needed the computers. Everything pointed to contravention of the procedures and to her vested interests. We recommended disciplinary action and Susan was dismissed. 

 

To review, here were the red flags: 

• Increases in the purchases from certain vendors
• A staff member in a position of trust and possessing great familiarity with all aspects of operations
• Repeated disregard of procurement procedures
• Absence of competitive bidding
• Ability to receive the ordered goods 
• A protest letter from a former vendor
• A staff member in charge says that he or she urgently needs the goods because of supposed emergency conditions 

 

FRAUDS IN MEDICAL MATTERS 

Medical Evacuation 

Approved medical evacuations (MEDEVACs) allow staff members and eligible dependents to secure essential medical care or treatment for illness or injury, which requires medical intervention that is unavailable locally or inadequate. The organization agrees to pay for ticket expenses and costs. If the employee submits hotel and accommodation receipts, a daily subsistence allowance (DSA) is paid to the employee at the full rate regardless of the actual cost of accommodation. This policy creates a financial incentive for extended MEDEVACs in high DSA locations with the possibility of fraud. Because employees often take MEDEVACs to expensive European destinations, the organization pays out costly DSAs especially when the staff members are accompanied by eligible family members or escorts. We were always aware that this was a potentially risky area; the organization paid out nearly $6 million in four years on travel costs and DSAs. 

 

When we visited the country in which the fraud took place, the employees initially found it difficult to collect data on medical evacuations because the unit hadn't maintained the required control sheet for medical evacuations. We found there were some 60 cases of medical evacuations in the two years reviewed and the office paid approximately $100,000 in DSAs. We reviewed a sample of the cases and determined that the office's finance section routinely cleared payments and rarely asked any questions about the quality of supporting documentation because "delicate humanitarian or personal issues were involved." 

 

For the two years reviewed, one staff member, "Kim," went on four MEDEVACs to the United Kingdom for a total cost of $52,048. We discovered three forged and fraudulent hotel receipts. Kim submitted receipts that supposedly showed that she had claimed to have stayed at the Millenium Hotel at 26 Sycamore St. The receipts contained a telephone number and e-mail address. 

 

However, the receipts weren't standard and probably were printed on a computer. We called the telephone number and received only one response, which wasn't from the hotel. The e-mail address wasn't operating. There were subtle differences in the three receipts; different persons signed as cashier and different fonts were used. "Millenium" was misspelled and an Internet search showed the hotel didn't exist. (I guess we could've stopped right there!) No hotel existed at the address Kim gave. 

 

Obviously, the office's finance section should've singled out this case for special review. Kim couldn't resist the temptation of making some easy money. The organization dismissed her. 

 

Fictitious Medical Expense Reimbursement 

The organization's medical insurance plan (MIP) helps subscribers and eligible family members meet the costs of health services, facilities, and supplies. In some parts of Africa and Asia, the cost of medical treatment is disproportionately high when compared to salary scales. This divergence sometimes creates an incentive to obtain fraudulent reimbursements for expensive medical treatment or procedures that never occurred. 

 

During the course of an audit of a country operation, we found that the office hadn't established proper administrative procedures in line with the organization's MIP guidelines for checking and approving claims prior to processing them. We found that many claims for reimbursement didn't mention the nature, date, or detailed cost of the services rendered nor the original prescriptions and required detailed receipts for drugs and medicines. Most claims merely included an invoice and no proof of payment. When there was proof of payment - cash receipts - they only showed the amount paid to the hospital or clinic and no itemization for doctors' fees, medicines, etc. So we couldn't confirm the processed claims' validity and if they were consistent with reasonable and customary costs for similar services in the duty station. 

 

We found that "Vera," a staff member who actually was responsible for administering all MIP claims in the office, had submitted 22 claims in two years for $8,400 for treatment mostly at one hospital. The attached documentation generally contained only hospital invoices with no itemizations. The signature varied on each invoice and many of them didn't bear the hospital's stamp. The hospital said that some of the invoices weren't authentic. 

 

We concluded that the office hadn't imposed any internal controls in the MIP process, which made it vulnerable to misuse and irregularities. Vera's claims weren't independently checked and entered into the system. Of course, the singular weakness was that Vera was responsible for approving and processing her claims. The investigations section confirmed our findings. The organization fired Vera. We recommended careful claims screening and scrupulous certification and approval processes. 

 

LESSONS LEARNED 

Management must be vigilant at all times, demonstrate its unwavering commitment to honest conduct, and unequivocally convey the message that ethics and integrity can't be compromised. The common thread that runs through the cases discussed here was a weak control environment within a "culture of urgency" that allowed the undetected frauds. In complicated cases, fraud examiners should be called in to assist or conduct investigations in a fair, transparent, and competent manner. As with any entity, the organization should always emphasize fraud detection and the right balance between proactive and preventive approaches. Auditors and fraud examiners must function with a sound understanding of the context of the organization's operations and established practices. A fraud examiner can only spot an aberration if he or she already knows the norms. 

 

And most of all - make sure the givers aren't takers. 

 

Krishan Menon, CFE, CIA, LL.B., is an auditor with an international organization. He was with the comptroller and auditor general's office in India for 15 years.   

 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.