W102: Procurement Fraud Prevention and Internal Controls Pleased to introduce the following panel members – Tom Caulfield, Executive Director Council of the Inspectors General on Integrity and Efficiency – George D. Strudgeon, Audit Director Compliance Assurance, Virginia Auditor of Public Accounts – Matthew Harris, Assistant Special Agent, U.S. Postal Service Office of the Inspector General When you press …………. And money comes out We need to mitigate our risk Risks Concepts • Risks are those activities that could impede the efficient and effective accomplishment of objectives • Risks are identified and assessed for relevance • Risks are analyzed for significance • Controls are then selected to mitigate significant risks • Controls must be periodically tested to ensure that they are in place and working • Controls must evolve accordingly Polling Question 1 From a contracting perspective (pick as many as you’d like) those areas that represent the highest fraud risk in your organization 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Requirements Contract Documentation Contract Type Source Selection Contract Pricing Oversight and Surveillance Inherently Governmental Property Accountability Award Fee Financial Management PROCUREMENT FRAUD PREVENTION AND INTERNAL CONTROLS Procurement Integrity is the state or condition where all phases of obtaining goods and services are performed: honestly, fairly, impartially, legally, and appropriately transparent. Free from Procurement Fraud and Abuse Polling Question 2 • Do your organizations produce ongoing analysis/reporting, metrics or other identified indicators to mitigate risk. • Yes • No PROCUREMENT FRAUD PREVENTION AND INTERNAL CONTROLS PROCUREMENT INTEGRITY CONTROLS PROCUREMENT INTEGRITY CONTROL SYSTEM™ “the aggregate of the organization’s people, processes, procedures, and management systems that are uniquely designed to the organization and provide reasonable assurance regarding the prevention, deterrence, detection, and prompt reporting of procurement abuse, fraud, or noncompliance within organizational procurements*” * Procurement Integrity Consulting Services, LLC PROCUREMENT INTEGRITY CONTROL SYSTEM™ “the aggregate of the organization’s people, processes, procedures, and management systems that are uniquely designed to the organization and provide reasonable assurance regarding the prevention, deterrence, detection, and prompt reporting of procurement abuse, fraud, or noncompliance within organizational procurements*” * Procurement Integrity Consulting Services, LLC PROCUREMENT INTEGRITY CONTROL SYSTEM™ “the aggregate of the organization’s people, processes, procedures, and management systems that are uniquely designed to the organization and provide reasonable assurance regarding the prevention, deterrence, detection, and prompt reporting of procurement abuse, fraud, or noncompliance within organizational procurements*” * Procurement Integrity Consulting Services, LLC Procurement Integrity Controls must operate within an environment committed to procurement integrity! Procurement Integrity Controls can be broadly classified into two categories: Prevention – focused on preventing inappropriate events. Detection – focused on detecting inappropriate events. Operationally focused are ones functioning within the procurement processes and directly affect each individual procurement (i.e. segregation of duties). Governance focused are ones that facilitate the environment for which procurements' occur and function outside of the various procurement processes (i.e. procurement fraud training). Operational Procurement Integrity Controls Operational PIC - Inside the Procurement Processes Procurement Manual Clear and readable manual/guidance/instruction Reference to PI (honest, fair, legal, & impartial) Designating someone responsible to champion these items Description of each procurement type with decision points and responsibility Monetary thresholds for all procurement types clearly identified Etc. Etc. Segregation of Duties Clear description of original need/requirement - requester & approval Verification of requirement's description - author & review Verification of specification's description - author & review Verification of advertisement synopsis - author & review Change order or modification - requester & approval Authorizing for follow-on options - requester & approval Using special procurement authority - requester & approval Any exception to policy - requester & approval Any exception to contract requirements/scope - requester & approval Any equitable cost adjustment - requester & approval Approval on deviation from original cost estimates - requester & approval Governance Procurement Integrity Controls Operational PIC - Inside the Procurement Processes Procurement Manual Clear and readable manual/guidance/instruction Reference to PI (honest, fair, legal, & impartial) Designating someone responsible to champion these items Description of each procurement type with decision points and responsibility Monetary thresholds for all procurement types clearly identified Etc. Etc. Segregation of Duties Clear description of original need/requirement - requester & approval Verification of requirement's description - author & review Verification of specification's description - author & review Verification of advertisement synopsis - author & review Change order or modification - requester & approval Authorizing for follow-on options - requester & approval Using special procurement authority - requester & approval Any exception to policy - requester & approval Any exception to contract requirements/scope - requester & approval Any equitable cost adjustment - requester & approval Approval on deviation from original cost estimates - requester & approval Operationally focused are ones functioning within the procurement processes and directly affect each individual procurement (i.e. segregation of duties). Governance focused are ones that facilitate the environment for which procurements' occur and function outside of the various procurement processes (i.e. procurement fraud training). Tom Caulfield Tom.Caulfield@cigie.gov LinkedIn Polling Question 3 • Has your organization developed and deployed an exception manage tool to track and document those activities targeted as high risk? • Pick yes or no. USING DATA ANALYTICS TO PREVENT AND DETECT PROCUREMENT AND CONTRACT FRAUD ASSISTANT SPECIAL AGENT IN CHARGE, MATTHEW D. HARRIS, PHD OIG Contract Fraud Program OIG Contract Fraud Program When can Contract Fraud Occur? Red Flags Examples • • • • • Lawn service and you’re cutting the grass. Cleaning and no one has shown up in weeks. Snow removal and you’re relying on the sun. Vehicle washing, but your trucks are always dirty. Pest removal, but exterminators either never come or they are ineffective; District still pays them. • Trash removal, but contractor comes at his convenience and charges Postal Service for full load. • Fleet fuel and the costs suddenly skyrocket with all charges at same station, some on Sundays or holidays. • HVAC service, but your A/C or boiler never seems to work, despite visits from vendor Information that can assist in determining fraud • Name of Contract • Date of Bid Opening • Winner and Winning Bids • Losers and Losing Bids • Engineer’s Estimate • Who is Signing the Bid and from what location • Subcontractor Information • Pre-bid Meetings • Time Stamp on Bids • Fax on Bids • Email Addresses • All Address Information Remedies Common Contract Fraud Violations Case Examples Case Examples Five VMF supervisors accepted bribes in exchange for directing $13 million in maintenance work to a contractor. Bribes to one supervisor included thousands of dollars in drinks and lap dances at a local strip club, a $3,000 paver patio installed in his backyard, and the services of a prostitute on a weekly basis. Bribes to another supervisor included more than $65,000 in cash, thousands of dollars in free service work on cars, and a custom-modified, high-performance Ford Pinto How to we prevent it? • Referrals to audit for lower dollar cases • Referral to management to improve processes • Use investigative outcomes to show systemic failures • Catch it at its earliest stages.. Data Mining and Data Analysis Tripwire Concept A tripwire is anomaly detection tool creating a report and notifications after being triggered by a predefined event or set of conditions The tripwire teams are made up of Data Mining Specialists and Investigative Subject Matter Experts Multi-disciplinary success Minimizes manual analysis with computer generated leads to ensure fraud is identified timely, and leads are actionable. Lead SME’s assigned to work with CAPE to enhance data analysis and leads. 34 Interdisciplinary success Contract Fraud TripwiresAnalytics Employees living with or close to or contractor payment address Other planned Tripwires Other data mining projects • Highway Contract Routes • Extra Trip Analysis • Identify high volume of extra trips by employee, facility, HCR, and route. • Failure to pay fringe benefits Other data mining ideas Polling Question 4 Select from this list those indicators your office considers to identify risk before a Contracting audit: 1. The senior leadership tends to transfer to the same office 2. Contracts have significant differences between original award amounts and current or closed amounts 3. Contracting award types appear abnormal (for example, little competitive bidding) 4. Contracts have been awarded to those contactor that may have had questionable relationships with other government agencies 5. Options and extensions beyond contract performance period Results • 158 less hours to close a CF case using Tripwire What does data show us? • Cases opened using data analytics Shorter time from case opening to resolution Higher resolution rate in cases Identifying better cases Spend less man hours investigating cases Improves agent efficiency Higher financial impact from cases using RADR or Tripwires Matthew D. Harris, PhD mharris@uspsoig.gov FRAUD HAPPENS SO PLAN FOR IT ________________________________________________________________________________________ George D. Strudgeon, CPA, CGFM, CGMA, MBA Audit Director, Auditor of Public Accounts George.Strudgeon@apa.Virginia.gov 225-3350 ext. 339 LinkedIn: George D Strudgeon Outline Virginia: Report reasonable possibility of fraud to Auditor of Public Accounts, State Inspector General, and State Police (§30-138 Code of VA) Federal: NonFederal entity reports criminal fraud to feds (§200.113 Uniform Grant Guidance) Virginia: Report convicted felony to Virginia Retirement System (§51.1124.13 Code of VA) “Managers may perceive a conflict between their priorities to fulfill the program’s mission, such as efficiently disbursing funds or providing services to beneficiaries, and taking actions to safeguard taxpayer dollars from improper use.” GAO Recap FRAUD HAPPENS SO PLAN FOR IT ________________________________________________________________________________________ George D. Strudgeon, CPA, CGFM, CGMA, MBA Audit Director, Auditor of Public Accounts George.Strudgeon@apa.Virginia.gov 225-3350 ext. 339 LinkedIn: George D Strudgeon