Embed Size (px)
Citation preview
The Enemy Within: Dealing with Employee Fraud in Your Pool….
Presentation to AGRiP Fall Educational Forum
October 2015
The headlines…
The call….
“Dubravka—this is Rick. Are you sitting down? We think we’ve discovered something bad. A medical provider
we’ve made about $200,000 worth of WC claims payments to, appears to be
owned by one of our employees.”
What happened? Dept. Dir. WC Claims embezzled over $1
million from Fund’s WC and EB programs. Theft took place over a 10-year period using
three separate theft “schemes” and two fictitious vendors.
Theft went undiscovered despite TASB’s “internal control consciousness”, annual financial audits, and two internal control audits by “Big 4” firm.
The details… In March 2013 staff uncovered evidence of
improper payments in WC claims area. High-level manager had created fictitious
vendors and made payments to himself. Theft uncovered through new process of
verifying vendor 1099 information for IRS reporting.
Further investigation uncovered additional older theft from EB program.
The scope…
Theft from WC program: 2008 until found in 2013 86 payments totaling $514,400 to one vendor Four payments totaling $15,329 to another
vendor Theft from EB program:
2003 through 2005 52 payments totaling $476,630 Payments made on one school district’s and
TASB’s health plan bank accounts
How he did it—WC theft Used large hospital bill report to identify real WC
claimants who had implants. Used that information to enter fictitious medical
bills with appropriate codes for implantables into claims system.
Changed date of service by a few days to circumvent system controls for duplicate payments.
Entered, adjudicated, and released payments after hours.
How he did it—EB theft Identified employees who were no
longer working for District/TASB. Entered payments for services to those
employees into claims payment system using correct medical codes.
Changed address for claimant EOB in the system to own address, so EOB would not go to employee.
TASB’s immediate actions…
Employee placed on leave the day of discovery pending further investigation.
Terminated two days later. Employee admitted making improper
payments to one of the fictitious vendors. Denied making payments to second
vendor.
TASB’s immediate actions…
Hired outside counsel to advise on handling matter.
Outside counsel engaged investigator (retired FBI agent) to conduct full investigation.
Notified law enforcement authorities. Notified TASB and Fund boards. Filed claim with TASB/Fund’s crime
insurance carrier.
After the initial shock…
Outside investigation concluded. No evidence of involvement by other TASB
employees. Information turned over to FBI. TASB staff met with affected district to
advise of issue. Comprehensive review of how theft
occurred.
How on earth could this have happened?
Thief was a long-term employee involved in the design and implementation of the claims system.
Able to circumvent a four-step claims adjudication process due to his position and intimate knowledge of the system.
Employees who suspected something was amiss regarding provider went to him for help. He “handled it.”
How on earth could this have happened?
Unclear if he had inappropriate system access because: System access wasn’t changed after he changed jobs. Had broader access as back-up for releasing claims if
needed. Discovered way to access payments that no one knew
about. No routine reviews of payments initiated and
released by same individual.
Corrective steps taken… Comprehensive review of internal controls
and processes. External experts engaged to evaluate system
set-up and security on all RMS payment systems.
Changes implemented in: Vendor set-up and maintenance process IT system security and set-up Segregation of duties
Corrective steps (cont.)
Outside audit firm engaged to conduct risk assessment for all TASB operations.
Internal audit functions expanded: Annual ongoing internal audit reviews by outside
firm for TASB operations. Fund engaged same outside firm to provide
outsourced internal audit services. Ongoing work to increase everyone’s
awareness of need for strong internal controls.
Corrective steps (cont.)
Developed expanded integrity reporting processes.
Increased focus and training on fraud awareness and TASB’s ethics values.
Reviewed and strengthened policies in other areas susceptible to fraud (vendor relationships, expense reporting, etc.)
The rest of the story… In January 2014, employee pled guilty to 10 counts of
mail fraud. Sentenced in March to 63 months in federal prison plus
full restitution. US Attorney’s office issued press release resulting in
widespread media coverage. TASB posted notice about matter on website. No
reaction from members. Crime policy partially reimbursed for stolen funds. Fund reimbursed District for stolen funds.
Lessons learned… Fraud really can (and does) happen. Deal with that
reality. Collateral damage is as bad as financial damage:
Loss of trust Sense of betrayal Extra work to review processes
Internal controls are EVERYONE’s responsibility, not just Finance Dept.
Maintaining energy and enthusiasm for internal controls can be a challenge over the long haul.
Easy things you can do… Vendor management process
What controls/segregation of duties are in place for vendor set up/changes?
How do you verify validity of vendors? How often do you clean up vendor database?
System set-up and security Decide whose job it is to review and verify system
security. Conduct system access reviews on a regular basis. Implement process for managing access/changes.
Easy things you can do… EMPHASIZE culture of ethics and
integrity Starts at the top Don’t assume people know organizational
values Be prepared
Response plan Crisis communication plan Recovery plan
Finally…
What doesn’t kill you makes you stronger. Today we are better and stronger (and a little wiser, too!)
