Get Rich Quick: A Case Study of Government Fraud
/In the dynamic world of fraud prevention and detection, Rick Roybal, CFE, CISA, a senior vendor auditor for Matador Services, presented at the 35th Annual ACFE Global Fraud Conference on the topic of “Get Rich Quick: A Case Study of Government Fraud.”
Roybal delved into the complexities of embezzlement through the lens of an intricate case study involving Marzieh Abedin, a former employee of the Oregon Health Authority (OHA).
Understanding Fraud Through What It Isn’t
Roybal began by dismantling common misconceptions about fraud, emphasizing that understanding what fraud is not can clarify its true nature. Fraud is not a one-time occurrence; it often involves ongoing schemes or repetitive actions designed to deceive and gain unfair advantages. Fraud is not committed solely by external parties but often by trusted internal stakeholders like employees, managers or executives. Importantly, fraud is not a mistake or unintentional error. It involves deliberate deception and intentional misrepresentation. Fraud is not easy to detect, as some schemes are sophisticated and can be challenging to uncover. Finally, fraud is not industry-specific, a legitimate business strategy or a victimless crime. Fraud can occur in any industry and harms individuals, organizations and the public.
The Fraud Triangle
Roybal referenced the Black’s Law Dictionary, defining fraud as “a knowing misrepresentation of the truth or concealment of a material fact to induce another act to his or her detriment.” He also explained the Fraud Triangle, which outlines three components driving individuals to commit fraud: pressure, opportunity and rationalization.
Pressure: Financial pressures, such as credit card debt or medical bills, can lead individuals to believe they alone can solve their problems.
Opportunity: Circumstances allowing fraud to occur, like access to funds or weak oversight.
Rationalization: Justifying fraudulent actions internally, driven by personal circumstances or perceived entitlement.
How to Identify an Embezzler
Embezzlers often blend in as trusted employees, frequently being the first to arrive and the last to leave. They may hold leadership positions, which grants them access to exploit organizational control gaps. Embezzlement typically starts with small thefts, gradually increasing as the perpetrator grows more comfortable and confident due to lax monitoring. These individuals exploit weaknesses in accounting methods and inadequate oversight funds and assets.
Case Study: Marzieh Abedin
The session’s centerpiece was the case study of Marzieh Abedin, who exploited her position at the OHA during the COVID-19 pandemic to steal approximately $1.5 million. Abedin was hired as a program analyst in OHA’s COVID-19 Response and Recovery Unit, tasked with submitting and approving invoices from 12 outside entities related to FEMA funds. With a starting salary of $85,000 per year, she was involved in handling substantial federal funds. From the beginning, Roybal believed Abedin was scheming. She exploited the lack of oversight in the procurement process to her advantage.
“She starts figuring out how can I get through it and how can I take money from this organization?” Roybal said. Abedin used various tactics, such as creating fake internet domains and businesses, registering these businesses with stolen identities and submitting false invoices for non-existent services like catering at vaccination sites.
One of her tactics involved setting up a business called Leone Catering. “One of the things that the workers who are working at those vaccination sites need is food,” Roybal explained. Abedin registered the business two months after joining OHA, using her own address while the business was under a stolen identity, ensuring that she would be the recipient of the mail, not the victim whom she stole their identity from. She even created fake email exchanges and invoices to make them appear legitimate.
The investigation uncovered her fraud by cross-referencing catering dates with vaccination site operations, identifying mismatched information on the invoices. Despite her short tenure, starting in March 2021 and being terminated in January 2022, Abedin’s fraudulent activities were extensive. Fortunately, nearly all stolen funds were able to be recovered.
Preventing Shell Company Schemes and Best Practices for Vendor Oversight
To prevent shell company schemes, thorough due diligence is essential. Verify vendor credentials to ensure legitimacy and maintain comprehensive documentation. Regularly monitor company activities to help detect irregularities. Segregating duties in purchasing functions is vital to prevent any single individual from having unchecked control over financial transactions.
Maintaining an independent approved vendor list and training accounts payable (AP) and operations staff to spot false invoices are also crucial. Roybal emphasized the importance of conducting vendor audits to ensure services and goods are accurately invoiced and fostering a culture of transparency and ethics.
Roybal outlined several best practices for effective vendor oversight:
Background Checks: Conduct thorough checks focusing on financial responsibilities and regularly monitor employee activities for unusual patterns.
Vendor Due Diligence: Review a vendor’s background before signing a contract to ensure authenticity.
Fraud Detection Software: Implement software to monitor financial transactions for suspicious activities.
Employee Training: Train employees to recognize conflicts of interest, identify vendor fraud and uphold ethical standards. Periodic training keeps employees informed about the latest fraud detection techniques.
Vendor Audit Program: Establish a robust audit program to regularly verify that goods and services are received as invoices and to validate invoice amounts.
Roybal’s session highlighted the need for vigilance and robust controls to prevent fraudulent activities and maintain high ethical standards. Through comprehensive due diligence, effective training and regular monitoring, organizations can create a strong defense against fraud and ensure operational integrity.