Friday, June 27, 2008

Can I have a Waverunner with that?

Public sector abuse of P-Cards continues to be rampant.  The Dallas Independent School District, Knox County TN, Wake County NC, and more recently in Georgia, as reported in the Atlanta Journal Constitution.   In this recent Georgia case, an administrator for Georgia Tech used her P-Card to make nearly 3,000 fraudulent purchases totaling more than $300,000.  

The Georgia Tech administrator, Donna Gamble, has pled guilty to 22 counts of mail fraud and theft, and will be sentenced later this month in Federal Court.  Among her unauthorized purchases with federal grant monies included a Waverunner personal watercraft and lawn tractors.

Public and private sector organizations are replacing expensive purchase orders and procurement processes with P-Cards, as the cost per transactions is very favorable.  Aberdeen Research shows that P-Card purchases often cost less than 1/3 the amount of more traditional purchase order and invoice purchases.  Yet these P-Card purchases introduce more risk, and all types of organizations are challenged by how to best control and monitor credit card spend.  

Supervisory review, transaction review by a central p-card administrator, and limiting card usage at certain merchants and merchant types are all controls that organizations use to ensure charges are authorized and in compliance with preferred vendor agreements.   But the news headlines suggest strongly that these controls are not sufficient.

Stay tuned in coming weeks as we look to chronicle other organizations that have implemented continuous controls monitoring for frequent, in-depth, and efficient transaction review.

Joe Oringel
Visual Risk IQ
Charlotte NC, USA

Saturday, June 14, 2008

How to Earn $25 Million Per Year, at Least for a While....

The answer isn't to be an NBA All-Star or an Oscar winning actress. But the good news is a college degree isn't required. Apparently limited Federal oversight over Medicare and Medicaid spending in South Florida has allowed at least one fraudster to "earn" $105 Million over four years before finally getting caught in a recent sting operation.

Clues that led to the prosecution include Department of Health and Human Services include the following:
  • The South Florida region billed Medicare more than $2 billion each year for injectable HIV medications. That figure is 22 times as high as the amount of similar claims in the rest of the country, and is far out of line with demographic data in a population of 2 million people in Miami-Dade County, HHS statistics show.
  • HHS investigators discovered that nearly half of 1,581 medical equipment companies they visited in the Miami area did not comply with basic Medicare requirements to be open during scheduled hours and to have a telephone number.
For more information on the specific case and some of the troubling patterns suggested, read the MSNBC story.

Those of you familiar with Visual Risk IQ's services know that we combine visual outlier analysis with continuous transaction monitoring, primarily for accounts payable, procurement card, and travel and entertainment. But since summer of 2007, we have also been developing a practice in Health Benefits auditing, in partnership with Atlanta-based Thomas Ray and Associates. Stories like this validate our decision to expand our work into this payment stream, as overpayments through errors and fraud seem much greater than with accounts payable.

More to follow this summer as we continue to continue our work in this highly visible expense area.

Joe Oringel
Visual Risk IQ
Charlotte NC 28277

Monday, June 9, 2008

Turning up the heat on FCPA, from Inside Counsel

Ever since my undergrad days at LSU in the mid-1980's, I've thought Internal Audit should report to General Counsel (GC) instead of the CFO. The GC is an advisor to the Board, and who better to provide advice, especially on matters of law and compliance. Because of this belief, I've subscribed to Inside Counsel, which is the equivalent trade magazine for in-house Legal Officers as CFO Magazine or CIO Magazine are for those executives.

This months' issue of Inside Counsel follows trends that we've been hearing throughout the internal audit world. Specifically, that enforcement of the Foreign Corrupt Practices Act (FCPA) is stepping up for large, global corporations, and that this increased focus leads to greater risk, especially those whose internal monitoring programs are judged to be sub-standard. To read the entire article, click through this link

Continuous auditing and monitoring, including monitoring of relationships between suppliers, customers, and employees is not frequent among the Global 1000. But many organizations that do such monitoring are often able to identify risky transactions or relationships well in advance of any regulators. Further, a couple of organizations who are among the leaders in continuous monitoring of FCPA have actually had to implement such programs because the monitoring has been forced upon them by regulators.

So if you're looking for one more reason to experiment with Continuous Auditing or Continuous Monitoring, see the following list of FCPA fines and payments, and ask what you're doing to make sure your organization stays off of this dubious list.

Siemen's $2 BILLION in bribes revealed, settlement pending
Baker Hughes $44 million in penalties paid (charges of bribery in Kazakhstan)
Chevron $30 million in penalties paid (Oil for Food Corruption in Iraq)
Volvo $7 million in penalties paid (Oil for Food Corruption in Iraq)
Flowserve $4 million in penalties paid (Oil for Food Corruption in Iraq)
Ingersoll-Rand $2.5 million in penalties paid (Oil for Food Corruption in Iraq)

As always, comments and suggestions are welcome.

Joe Oringel
Visual Risk IQ, LLC
Charlotte NC, USA