Employee Fraud

Employee fraud causes both financial and reputational harm to organizations, loss of employee confidence in the workplace and loss of productivity. Its detection necessitates ongoing vigilance. There are three primary categories of employee fraud: asset misappropriation (embezzlement), corrupt schemes, and financial statement fraud. Most fraudsters are influenced by a combination of factors including: opportunity, the magnitude of the potential gain, and the perceived risk of detection. These motivating factors may be mitigated by the employer / organization creating a ‘culture of deterrence’ to reduce the environmental incentives which facilitate the commission of fraud.
One type of fraud that is increasing in frequency and difficult to detect is benefits fraud. These range from simple one-off fraudulent health and dental claims to more sophisticated schemes involving kickback arrangements involving one or more service providers.

Expected Outcome

Cultivate an anti-fraud culture within the organization by having: 
o        A formal anti-fraud program;
o        A reliable hiring process;
o        An anonymous, confidential reporting system;
o        A fraud response and management protocol that is known and trusted by Boards, volunteers, employees, independent contractors, and learners.

Implement formal strategies to improve the prevention and early detection of:
o        Health and dental benefit fraud;
o        Financial fraud;
o        Procurement and contract management fraud.

Implement formal multifaceted training and education to develop and enhance fraud awareness, early identification, reporting, and expected workplace behaviour.

Definitions and Acronyms

• Client – includes all persons who receive healthcare and related services including patients, residents and persons in-care
• Compensating controls – controls (management, operational, and / or technical) implemented in lieu of a recommended control (e.g., segregation of duties); often used by small organizations and organizations with few employees; 
• Employee fraud - “the use of one’s occupation for personal enrichment through the deliberate issue or misapplication of the employing organization’s resources or assets” (Association of Certified Fraud Examiners, 2022).

Common Claims Themes and Contributing Factors

Health and dental benefit fraud

• Small and large scale fraud perpetrated by employees, spouses, partners, friends, and vendors;
• Fraud schemes frequently uncovered during audits or following media reports of similar schemes in other organizations;
• Kickback schemes related to false claims, exorbitantly priced goods / services (e.g., assistive devices, dental work), unqualified, and / or delisted service providers;
• Employees pressured or influenced to defraud by co-workers;
• Use of benefit package to purchase ‘retail products’ (e.g., non-therapeutic clothing, sunglasses, and footwear);
• Submission of a single claim to multiple benefit providers and insurers;
• Submission of inappropriate claim due to a misunderstanding of the terms and conditions of the benefit package or program.

Financial fraud

• Typically carried out by employees with:
  • Authority to approve payments on behalf of the organization, program, clinic, etc.;
  • Higher levels of access to the organization’s payment systems and / or information technology systems (e.g., ability to alter the accounting records to conceal the theft);
  • Understanding of the gaps and weakness in the organization’s financial controls or information technology design.
• Payments made via internet banking or wire transfers where the usual controls for cheque signing were absent and alternative forms of approval were not required.
• Frequently discovered by: 
  • External and internal audit processes;
  • Internal tips (e.g., concerns brought forth by the Finance Department regarding suspicious invoices such as no Goods and Services Tax (GST) or the Harmonized Sales Tax (HST) on invoices) and employees (e.g., history of urgent payment request; request for cheques versus electronic payment transfers; requested to pick up and / or deliver cheques on behalf of another employee, credentialed staff member, or vendor);
  • External tips (e.g., concerns brought forth by health and dental benefit providers and insurers);
  • Budget reviews; 
  • A change in leadership or restructuring.
• Inadequate or poorly enforced internal controls, often accompanied by:
  • Poor “tone from the top”;
  • Tolerance of known gaps and deficiencies in financial management practices (e.g., no annual audit; failure to follow-up on cash shortages);
  • Lack of or poor fraud detection training for managers and directors;
  • No code of conduct with annual sign-off.
• Costly forensic evaluations of financial irregularities.

Financial abuse of clients

• Therapeutic boundary issues (e.g., volunteers, employees, independent contractors, and learners borrowing money from clients);
• Alteration of personal cheques;
• Altering withdrawal slip of clients who would not have realized the error.

Theft of organizational assets

• Inadequate and / or lack of compliance with the organization’s asset management and tracking program resulting in employee theft and / or reselling of machinery, equipment, and physical assets.

Procurement and contract management fraud

• Intentional employee-vendor collusion or interference with the awarding of contracts;
• Overbilling of invoices with proceeds deposited into the employee(s) account;
• Fictitious vendors, contractors, and shell companies.

Mitigation Strategies

Culture of Deterrence

• Implement a formal best practice anti-fraud program (COSO & ACFE, 2016) (Association of Certified Fraud Examiners, 2016) (Association of Certified Fraud Examiners, 2022) that includes (but is not limited to):
  • Oversight for operational and governance of fraud risks; 
  • Segregation of duties to separate procurement, authorization, and payment approval processes;
  • A code of conduct for Boards, volunteers, employees, independent contractors, and learners (e.g., honesty, integrity, zero tolerance for fraud);
  • Anonymous, confidential reporting (e.g., whistleblower hotline) of potentially fraudulent or ‘suspicious’ behaviour. 
• Ensure anonymous, confidential reporting mechanisms are known by Boards, volunteers, employees, independent contractors, and learners (e.g., whistleblower hotline, procedure for dealing with anonymous letters, including clear direction regarding who such letters should be directed to).
• Implement strategies to detect and investigate early signs / red flags which may be indicative of employee fraud (e.g., staff living beyond their means, working at odd hours, not taking vacation, circumventing security measures, or disgruntled) (Gordon, 2019).
• Conduct background checks (e.g., criminal record and credit checks, internet searches, verification of education credentials, professional designations, and employment references) on prospective employees, credentialed staff, vendors, and contractors (with consent, where necessary), especially those who will be working with cash.

Health and Dental Benefit Fraud

• In collaboration with the organization’s benefit provider(s), implement formal strategies to improve the early prevention and detection of benefit fraud (Bezdikian, 2016) (Canadian Life and Health Insurance Association, n.d.) (Sun Life Financial, n.d.).
• Limit staff and leadership access to benefit utilization reports from benefit providers (need to know basis).

Expense and Payroll Schemes

• Implement industry best practices for segregation of duties for financial related approvals, accounting and reconciliation, asset custody, and database administration; for smaller organizations where compliance with industry standards for segregation of duties may be challenging to achieve, implement formal compensating controls; ensure the compensating controls meet the intent of the original control requirement and provide a similar or higher level of assurance.
• Implement formal strategies to facilitate the frequent review and reconciliation of:
  • The general ledger, especially for adjustments;
  • Payroll to identify potentially fictitious or departed staff;
  • All bank accounts;
  • Corporate credit and purchase cards.
• Conduct annual and random audits of internal controls in line with industry best practices (e.g., external audit of internal controls).

Procurement and Contract Management

(PricewaterhouseCoopers, 2015) (AuditBoard, 2021) 

• Adopt a standardized best practice procurement protocol for contracting and purchasing activities; ensure the protocol aligns with applicable provincial / territorial best practice guidelines and legislation (where in place).
• Adopt a standardized best practice protocol for contract management. 
• Implement formal strategies to ensure reliable invoice processing. 
• Track and regularly update inventory of high dollar value of removable equipment and parts.

Electronic Payments and Cheque Tampering

• Where electronic payment is in place, ensure there is an approval process in place, as well as use of encryption, authentication, and firewalls to secure information. Consider use of electronic fraud detection systems (e.g., email monitoring).
• Implement a formal checking and approval process for when vendor banking information / direct deposit information is changed. 
• Adopt current best practice to reduce cheque fraud (where cheques are utilized). 

Team Training and Education

• Implement formal multifaceted strategies to develop and enhance fraud awareness, early identification, reporting, and expected workplace behaviour.

Incident / Emergency Response

• Adopt a fraud response and management protocol which ensures an immediate and coordinated response for the timely investigation, containment, and remediation of the fraud (Salsbery, 2022) (Carrington & Rebasmen, n.d.) (Deloitte, 2009).

References

Association of Certified Fraud Examiners. (2016). ACFE fraud prevention check-up. 
Association of Certified Fraud Examiners. (2022). Occupational Fraud 2022: A Report to the Nations. Austin, TX.
AuditBoard. (2021). Procurement fraud: How to spot and mitigate it early. 
Bezdikian, D. (2016). Insurance fraud prevention requires joint approach between plan sponsor, insurer. Retrieved from Canadian HR Reporter: https://www.hrreporter.com/news/hr-news/fighting-benefits-fraud/319761
Canadian Life and Health Insurance Association. (n.d.). Help Prevent Benefits Fraud. Retrieved from https://www.clhia.ca/antifraud
Carrington, N., & Rebasmen, M. (n.d.). Responding to fraud: doing nothing is not an option. Retrieved from Deloitte: https://www2.deloitte.com/ch/en/pages/financial-advisory/articles/responding-to-fraud-doing-nothing-is-not-an-option.html
COSO & ACFE. (2016). Fraud Risk Management Guide. Committee of Sponsoring Organizations of the Treadway Commission & Association of Certified Fraud Examiners.
Deloitte. (2009). Fraud response management: Is your organization prepared to execute an efficient and effective response? 
Gordon, D. (2019). Know the red flags of occupational fraud to protect your business. Retrieved from CPA Canada: https://www.cpacanada.ca/en/news/atwork/2019-01-10-fraud-signs
PricewaterhouseCoopers. (2015). Fighting fraud in the public sector III. 
Salsbery, N. D. (2022). Fraud is suspected: Now what? Retrieved from https://www.journalofaccountancy.com/issues/2022/aug/fraud-suspected-dos-donts-auditors.html
Sun Life Financial. (n.d.). Group benefits fraud: A leading edge perspective.