There is an urgent question that I don’t think has been asked often enough: Is the conventional professional view of fraud risk broad enough to protect companies from both monetary and non-monetary impact associated with internal fraud?
Most, if not all reports on fraud risk management discuss three easy categories of internal fraud: financial reporting, asset misappropriation and corruption. Then these studies further discuss the secondary category of each fraud category. There is no doubt that these categories are important, but is our view of high-risk fraud categories too limited? Or, are we focusing on the wrong type of internal fraud? Or, the wrong perpetrator?
In previous blogs, I have discussed the fraud risk universe. The purpose of the fraud risk universe is to provide a logical and comprehensive methodology to identify fraud risk facing an organization. First and foremost, the fraud risk universe requires the identification of the offender and victim, followed by the primary and secondary fraud categories. Clearly, there are more fraud categories impacting organizations beyond the big three.
Because most studies and reports focus on internal fraud, most discussions reflect on your company as the victim. But what if the company is the perpetrator of the fraud scheme? Shouldn’t our fraud risk management system also identify and assess this?
I would suggest that the fraud category of “Improperly obtaining revenue” is truly the highest fraud risk category that will have the highest monetary and highest non-monetary impact on your organization. Yet, no one seems to discuss “improperly obtaining revenue” fraud risk category? Why is this?
To illustrate the concept, this blog will discuss Tuna Fish, Opioid’s, Test Cheating Scandal, Environmental Fraud and the False Claims Act.
Tuna Fish Price Fixing
Per the LA Times: The three major household names for can tuna fish plead guilty to criminal price fixing and pay fines of $25 million and $100 million. The CEO of one of the companies is serving 40 months in federal prison.
Clearly management in these companies committed “improperly obtained revenue” fraud schemes. Clearly the monetary impact was huge, although the non-monetary impact seems to be negligible.
Thousands of government entities are suing wholesale and retail distributors and manufacturers of opioids seeking reimbursement for government spending arising out of opioid addictions and overdoses. No need to mention the company names, all are familiar.
The complaints typically allege that the distributors violated the federal Controlled Substances Act by failing to alert the U.S. Drug Enforcement Administration of suspicious opioids purchases such as orders of unusual size, frequency, or pattern. The claims against the manufacturers are based on allegations that the companies exaggerated the benefits of the medication and knew the drugs were being overly prescribed, yet failed to warn doctors of the extremely addictive nature of the narcotics and the need to strictly limit the dose.
The lawsuits also claim the pharmaceutical companies lobbied politicians and doctors to artificially increase the use of opioids and willfully allowed the drugs to enter the black market. For example, in 2012, there were 793 million doses of opioids prescribed in Ohio, which is 60-times larger than the entire population of the state. In 2010, 254 million prescriptions for opioids were filled in the United States, an amount capable of treating every adult in the country 24-hours a day for one month.
Improperly obtained revenue occurs in many ways. And the question that should be asked is did these companies have the proper monitoring systems for opioid distribution? Should the payments and lobbying expenses have raised questions? Or is it simply too difficult to bite the hand that feeds you?
School & Teacher Test Cheating
If you perform a quick search on grade inflation, you will see more schools than you might expected. The various newspaper articles on this subject indicate a common underlying cause: by improving test scores, you improve funding.
“Educators feel that their school’s reputation, their livelihoods, their psychic meaning in life is at stake.” Robert Schaeffer, public education director stated to the NY Times.
In these cases, the perpetrator of the fraud was the schools.
On a related note, what about the college admission scandal? Should the colleges have linked the reason for admission to the events that never occurred?
Theft of Intellectual Property
Last year, of all federal intellectual property cases, damages were awarded in 52% of them, per the report Trends in Trade Secret Litigation Report 2020.
Monetary damages totaled approximately $3 billion, and the five largest awards were each over $100 million. Notably, when reviewing the damage awards by state, a clear trend emerged between the number of cases adjudicated in a particular district or circuit and the average size of the awards.
To obtain a clear picture of the problems in theft of intellectual property, you would need to review the various cases. But maybe, just maybe, the reason for these events can be linked to the absence of sound governance internal controls.
The Volkswagen case maybe the most egregious and visible example of fraud in this category. The company acknowledge their mistakes and has a reserve of $6.7 billion.
The Chevron oil company paid $3 million in fines, agreed to invest $150 million in refinery improvements, and to invest $10 million in environmental projects to resolve allegations that it violated provisions of the clean air act that are aimed at preventing accidental discharge of hazardous chemicals at several of its refineries in California, Mississippi, Utah, and Hawaii. The overall value of the settlement, topping $160 million, is the largest settlement in the EPA’s enforcement of the Risk Management Plan Rule under Clean Air Act Section 112(r). This citation was obtained from a list entitled Top Ten Environmental Fraud Settlements for 2018.
Does the race for market share and profits encourage management to bend the rules?
False Claim Act
The False Claims Act, also called the "Lincoln Law", is an American federal law that imposes liability on persons and companies who defraud governmental programs. It is the federal Government's primary litigation tool in combating fraud against the Government. Source: Wikipedia. (Where would we be without Wiki?)
I site this solely to indicate that companies have attempted to “improperly obtain revenue” from the US government since the civil war, most likely before that.
So what does this all mean?
I ask you, is your fraud risk management system focusing on high risk? Is your annual audit plan focusing on high fraud risk? These are tough questions, but the right questions.
I have intentionally provided a diverse listing of examples on how “obtaining revenue improperly” occurs in different industries and in so many different ways. In each of the examples, the monetary impact was huge. The non-monetary impact may be as well, but I have always felt that judging the true non-monetary impact is extremely difficult. Primarily because how do you judge how the public will react and what will be the duration of the impact? Just ask Wells Fargo Bank!
So here are my thoughts:
- Fraud risk management systems need to broaden their perspective and should include all fraud risks categories facing an organization.
- Fraud risk management should include fraud committed for the benefit of the organization.
- Audit committees must insist that fraud risk management include fraud perpetrated by the organization.
- Chief auditors need to ask themselves: Are we truly looking at all high fraud risk facing our organization?
- Unethical behavior eventually costs a lot of money.
- Remember ethical behavior never goes out of style.
If you have any questions, or need Fraud Training for your team, please connect with me.