Master Risk Tables

Risks
Red Flags
Best Practices
Duplicate Payments

Disbursements for the same amounts or to the same vendor for the same amount (other than such regularly recurring payments such as insurance or rent) can indicate duplicate payments.

Another Red Flag for duplicate payments is spending in excess of budgeted or normal amounts.

Interestingly, a vendor's failure to claim a discount due might also indicate that he has been paid twice and doesn't want to engender additional review of his account.

Credit balances in the accounts payable subsidiary ledger might indicate a duplicate payment.

Convert payments to ACH or other electronic methods - ACH or electronic payment methods take more time to initially establish compared to simply printing a check to a vendor thus are less likely to include fraudulent transactions.

General Guidance

Fraud involving cash expenditures can involve a great deal of money, and come in a number of forms, many of which are discussed in detail below. After considering the risks, red flags and tools/best practices discussed in this table, you might want to investigate some of the online tools listed to the right.

National Association of State Controllers (NASC) Control Questionnaire for Payables

National Association of State Controllers (NASC) Control Questionnaire for Accounting Systems

Understand the built-in security in your accounting system’s accounts payable module.

Review and rewrite each accounts payable employee’s job description to ensure proper segregation of duties are in effect.

Use a third-party data mining tool to help you analyze your accounts payable transactions on a regular basis.

Have an annual review of your accounts payable function done by an internal control expert.

Kickback Scheme

Consistent preferential (early) payments to one vendor.

Look for invoices that do not have the folds that come from having been mailed. No folds, may point to potential fraud.

Sequential invoice numbers from the same vendor or invoice numbers with an alpha suffix.

Payments made based on copies of invoices, not originals.

Vendor invoices are received by department other than accounts payable (purchasing).

Separate check writing and checking account reconciliation. Never have the person who writes the checks also be the person who reconciles the checking account, this is asking for trouble.

Tax ID numbers on the vendor invoice reinforce the invoice's legitimacy.

Segregate duties between processing of accounts payable invoices and updates to vendor master files.

Misdirected Payments

Payments are misdirected to someone posing as a legitimate vendor. No proper documentation or approval of additions, changes, or deletions to vendor master file.

Vendor addresses do not agree with vendor approval application.

Verify that all changes to vendor records (name, address change, bank account) are submitted by an authorized vendor signatory, and approved by an agency signatory. This is to prevent theft or misappropriation of funds.

Segregate duties between processing of accounts payable invoices and updates to vendor master files.

Non-compliance with State/Local-Wide Central Service Cost Allocation Plans and Indirect Cost Rate Proposals

Unwarranted profitability of internal service funds.

Overpayment

Excessive purchases of unneeded items.

Frequent shipments to P.O. boxes.

Weekend or holiday delivery dates on invoices.

Same person signs both the purchase order and the receipt.

Data analytics for:

  • Vendor Summary Totals – Period Comparison
  • Descriptive Statistics/Benford&s Law Analysis
  • Above Average Payments To A Vendor
  • Duplicate Payment Testing
  • Employee to Vendor Address Match
  • Payments Made After Period End for Valid Liabilities at Period End
  • Identify Exceeded Purchase Orders

Reconcile checking accounts promptly. Allowing time to lapse simply allows more time for fraudulent activity to occur if present.

Keep blank check stock and signature stamps under lock and key. Limit access to check stock to specific individuals.

Centralize your check writing function to minimize the need for review.

Immediately notify your bank of changes in check signature authorizations.

Risks
Red Flags
Best Practices
General Guidance

Fraud involving cash is not uncommon. After considering the risks, red flags and tools/best practices discussed in this table, you might want to investigate some of the online tools, listed to the right.

Money which should be deposited with the government is diverted to the fraudster.

Excessive number of voids, discounts and returns.

Unauthorized bank accounts.

Sudden activity in a dormant banking account.

Taxpayer complaints that they are receiving non-payment notices.

Discrepancies between bank deposits and posting.

Abnormal number of expense items, supplies, or reimbursement to the employee.

Presence of employee checks in the petty cash for the employee in charge of petty cash.

Excessive or unjustified cash transactions.

Large number of write-offs of accounts.

Bank accounts that are not reconciled on a timely basis.

All incoming mail should be opened with two persons present. A receipt log or register tape should be maintained, reviewed and reconciled to the bank deposit. The reconciliation should be done by a person involved in neither the receipting or recording of receipts.

All money should be deposited as quickly as practicable. The person depositing the money should not be a person involved in receiving or receipting the money.

Cash registered should be subtotaled and cash drawers frequently relieved of excess cash. Refunds and voids should require a supervisory signature. In the case of refunds, a customer's signature and contact information should be collected as well.

Whenever a customer questions a balance, indicates that his payment shows as outstanding has been paid, or a licensee complains of not having received a license, the situation should be reviewed to determine whether lapping or skimming has occurred.

Risks
Red Flags
Best Practices
General Guidance

Invoices cannot be traced to shipments.

Multiple payments to single vendor on the same date.

Pattern of purchases just below review level.

Unusually quick turnaround of invoices.

Payment to multiple vendors for same product.

Extreme inventory shortage.

Expenses increase dramatically.

Unexplained rise in cost of goods sold.

Unexplained decrease in gross/net profits.

Excessive materials orders.

Goods not purchased at optimal point.

High level approval of a low level transaction.

Controls:

  • Invoices, purchase orders and receiving reports must be matched before payment issued.
  • Purchasing department should be independent of: receiving, shipping, accounting.
  • Purchases must have management approval.
  • Maintain a current approved vendor list.
  • Use competitive bids for major purchases.
  • Vendor purchases should be reviewed for abnormal levels.
  • Control methods should be implemented for duplicate invoices/purchase orders.


National Medicare Fraud Takedown Results in Charges Against 243 Individuals for Approximately $712 Million in False Billing

Risks
Red Flags
Best Practices
General Guidance

Infrequent bank deposits, allowing cash to accumulate.

Consistent shortages in cash on hand.

Consistent fluctuations in bank account balances.

Closing out cash drawer before end of shift.

Missing items due to physical theft.

Lack of regular physical inventories carried out by independent personnel.

No policy regarding identification, sale, and disposal of obsolete and surplus materials.

Segregate duties between ordering goods and receiving goods.

Segregate duties between receipt of inventory and issuing of materials.

James Madison University (JMU) offers guidance and has a basic receiving report that can easily be replicated

The U.S. Department of Defense (DOD) has a more complex material inspection and receiving report

DOD Fraud Red Flags and Indicators

Risks
Red Flags
Best Practices
Bribery

A public official or employee has a lifestyle that exceeds his or her salary.

Oversight officials socialize with, or have business relationships with, contractors or their families.

Involvement of an unnecessary middleman or broker.

A contracting employee declines a promotion to a non-procurement position.

A contracting employee insists contractors use a certain sub-contractor or broker.

A contracting employee shows a keen interest in the award of a contract or purchase order to a particular contractor or vendor.

A contract change order lacks sufficient justification.

Other inspectors at the job site notice a pattern of preferential contractor treatment.

A code of conduct should be established prohibiting fraternization between government workers and contractors.

A hotline should be established so that violations of the code of conduct and other matters can be reported to the appropriate officials.

Changes in lifestyle or refusals of transfers or promotions should be justified.

Collusive Bidding, Price Fixing or Bid Rigging

Apparent connections between bidders: common addresses, personnel, or telephone numbers.

Different contractors make identical errors on bids.

Losing bidders hired as subcontractors.

Joint venture bids by firms that usually bid alone.

Losing bids do not comply with bid specifications or only one bid is complete and other bids are poorly prepared.

Tailored specifications - Specific or restrictive requirements to restrict eligibility.

Unusual bid patterns - Bids that are too close, too high, in round numbers, or that contain identical winning margins or percentages.

Adequate Vendor Pre-Screening

The Excluded Parties List System (replaced by System for Award Management (SAM))
(Contains parties that are excluded from receiving federal contracts, certain subcontracts, and certain federal financial and non-financial assistance and benefits)
Commodities, Materials, Equipment and Supplies Overcharging

Discrepancies are present between contractor-provided quantity documentation and amounts required.

A refusal or inability to provide supporting documentation.

Photocopies of documentation are submitted when originals are expected.

The contractor resists inspection during the job or delivery process.

Packing lists, bills of lading, other shipping and receipt records have altered or missing information.

Irregularities in standard stationery or other contractor documents that are used to calculate payments.

An unusually high volume of purchases from one vendor.

Invoiced goods cannot be located in inventory or accounted for.

Not taking advantage of contracted discounts or volume purchasing.

The acquisition price is not easily discernable.

Utilization rates should be considered in light of budgeted or originally contracted amounts. Large, unexplained variances should be investigated.

Irregularities of documentation should be examined.

Amounts charged for materials and labor should be checked against the prices offered by other vendors in the area.

Conflict of Interest

Apparent connections between employees and vendors. Common addresses, phone numbers, Tax IDs, ownership interest, etc.

Employee declines promotion from a procurement/contracting position.

Public official discussing employment with current/prospective contractor.

Favoritism shown to a particular contractor or consultant.

Employee socialization with a contractor

Employee acceptance of gifts or travel from a contractor.

Sole source justification.

Adequate vendor screening.

Data analytics.

Formal procurement process.

Require job rotation or cross-training.

Code of conduct.

Ethics & Compliance Toolkit, The Ethics and Compliance Initiative at ethics.org

Use of procurement teams and group decision-making.

Falsified Wages

Large or unusual overtime payments to selected employees.

Large or unusual hours worked in a given pay cycle.

Time card hours differ from job order hours.

Hours on payroll reports differ from time-card hours or job order.

Number of days worked and amount of salary are inconsistent with occupation.

Review of supporting documents.

Adequate time tracking mechanisms.

Authorization and approval of hours worked.

Multiple sources of information.

Fraudulent Billing

Mischaracterized expenses (personal vs. business).

Inflated billing.

Double billing.

No proof of delivery.

Equipment/people not on jobsite.

Fraudulent invoices.

Confirmation of delivery.

Examine invoices and compare to purchase orders.

Develop data analytic scripts for: duplicate payments, invoice matching and purchase order amounts.

Require signed receiving reports.

General Services Administration Procurement Request and Receiving Report Preparation

Defense Procurement and Acquisition Policy, Receiving and Proof of Delivery Reports

Site Inspections: Site Inspection Report Template (by Scribd)

Ghost Employees

No evaluations, raises, or promotion over an extended period.

Terminated employee still on payroll.

Payments to employees not on employee master file.

Employees with duplicate addresses, checking accounts, or social security numbers.

Employees with no withholding taxes, insurance, or other normal deductions.

Employees with P.O. box, drop box address, organization's address, prison address or no home address.

UUnusual work location or no work phone.

No annual/sick leave used over a reasonable period.

Data analysis: payroll reports, data analytics for vendor/employee matches on name/address/TIN/bank account.

Verification of payroll distribution.

Site visits.

Confirmation of employees' identities.

Data analytics run on employee file for matches.

Segregation of hiring and time and attendance duties.

Written management approval for all hires.

Pre-hire background checks required.

Kickbacks or Unlawful "Pay to Play"

Unexplained or unreasonable limitations on the number of potential sub-contractors contracted for bid or offer.

Continuing awards to subcontractors with poor performance records.

"No value-added" technical specifications that dictate contract awards to particular companies.

Non-qualified and/or unlicensed sub-contractors working on prime contracts.

Poor or no established contractor procedures for awarding of subcontracts through competition.

Lack of separation of duties between purchasing, receiving, and storing.

Purchasing/contract employees maintaining a standard of living exceeding their income.

Contract awards over time should be analyzed to determine whether the patterns outlined in the red flags occur.

The specifications and requirements of contracts and RFPs should be examined by a knowledgeable third party to identify the potential existence of intentional omissions.

Procedures should be examined to ensure they provide for fair bidding.

MBE/DBE/WBE Enterprise Fraud

A business owner lacking background, expertise, or equipment to perform sub-contract work.

A situation where employees are shuttling back and forth between prime contractor and a MBE/WBE/DBE business’ payrolls.

Business names on equipment and vehicles have temporary signage covering the legal owner which is not a certified MBE/WBE/DBE.

Orders and payment for necessary supplies made by individuals who are not employed by MBE/WBE/DBE owned business.

A prime contractor facilitated purchase of MBE/WBE/DBE business.

A MBE/WBE/DBE business owner is never present at the job site.

A prime contractor always uses the same MBE/WBE/DBE.

Financial ownership agreements between prime and MBE/WBE/DBE contractors exist beyond the contractual relationship.

Joint bank accounts exist between prime contractor and MBE/WBE/DBE subcontractors.

An absence of written contracts between prime and sub-contractors.

The business registrations of all vendors and contractors should be reviewed.

Patterns of repetitive subcontractor use should be investigated and justified.

Visits to the worksite should be conducted to determine whether any of the red flags are in evidence.

Prevailing Wage Violations

Employee works more hours than specified on certified payroll reports.

Discrepancies between payroll payments and certified payroll.

Inconsistencies in employee job classification.

Discrepancies between union remittances and certified payroll records.

Review cashed checks to determine whether the employer is cashing checks for employees.

Data analysis

Independent verification of job classification.

Employee interviews.

National Association of State Controllers (NASC) Controls Questionnaire for Davis-Bacon

Hotline reports.

Product Substitution

Complaints about quality.

A high rate of rejections, returns, or failures.

Lack of inspection/falsified reports.

A contractor that restricts or avoids inspection of goods upon delivery.

Mismarking or mislabeling of products and materials.

A contractor offers to select samples for testing programs.

A contractor refuses to provide supporting documentation regarding production or manufacturing.

Vendor fails to supply warranty information.

Vendor fails to apply manufacturers’ rebates/discounts toward final costs.

Photocopies of necessary certification, delivery, and production records exist where originals are expected.

Irregularities in signatures, dates, or quantities on delivery documents.

Certifications required in the contract are not signed.

Allegations of bribery of inspectors.

A supplier entertains or provides gratuities to procurement personnel.

Adequate project monitoring and oversight.

Agency verification of inspection reports.

Independent testing program.

Whistleblower mechanism.

Time Overcharging

Unauthorized alterations to timecards and other source records.

Hours and dollars consistently at or near budgeted amounts.

Timecards are filled out by supervisors, not by employees.

Photocopies of timecards submitted where originals are expected.

Inconsistencies between consultants'; labor records and a their employees' timecards.

Frequent payroll adjustment entries with descriptions such as “charged wrong accounts,” etc.

Labor charges with contracts are inconsistent with contract progress.

Personnel files cannot be found or are “found” after a delay.

Lack of a clear audit trail to verify propriety of labor charges.

Job misclassification – apprentice workers billed out at higher rates.

All contracts should allow audits of vendor and supplier books of account.

Audits should be periodically conducted.

Litle or no warning of the audit should be given to the contractor.

Vendor employees should be queried (at the job site, if possible) about the time they actually work.

Risks
Red Flags
Best Practices
Collusion With Employees or Other Vendors on Bids/Awards

Procurement files are missing standard forms and/or signatures.

Competitive process was not followed.

Ensure that all required forms are submitted prior to contract award and verify information provided.

Ensure contracts are awarded in accordance with applicable procurement processes, laws, regulations and sound business practices.

Conflicts of Interest

Failure to file financial disclosure forms.

Employee declines promotions.

Vendor/contractor and employee address/phone match.

Sometimes an employee has a direct or indirect interest in a vendor. This may cause the employee, if he or she is in the position to do so, to favor the vendor or contractor in which he or she has an interest. Conflicts of interest can result in higher contract costs, significant contract changes, and purchases of goods or services not needed.

False Billing

Frequent invoice/voucher errors.

Claims for unallowable costs.

Double counting costs as both direct and indirect.

Unauthorized changes.

Payments made that are unsupported by invoices.

Misdirection- goods or services to be delivered to the business or job site are delivered, instead, to an employee's home.

Double billing.

Improper indirect cost pool components.

Altered/missing documents.

Irregularities between styles/logos found on stationary/invoices/statements.

Documents presented as originals are actually photocopies.

Failure to claim discounts.

 

Any of these red flags can and frequently do point to false billing schemes. It is important that vendor management work with accounts payable to identify and follow up should any pattern of these Red Flags develop. Software exists that can be used to identify some these patterns, such as double billing. Other false billing fraud can be reduced by introducing policies that require expenditures be properly supported by documentation. Segregation of duties and appropriate review of documents by someone outside of vendor management, procurement and accounts payable also make the perpetration of these types of fraud more difficult.

False Pricing Data

Frequent invoice/voucher errors.

Poor cost documentation.

Material mischarging - price.

Material mischarging - quantity.

Material mischarging - quality.

Restricted/delayed access to records.

Some contracts are based upon cost recovery or cost plus profit. A common fraud is to overstate the cost or use of materials. Since costs, prices and quantities are being manipulated (the vendor's records are not being used to produce the invoice), errors are more common than is normal. To cover the manipulation up, a vendor often does not provide appropriate documentation to support the billing and/or restricts access to records. When applicable, contracts should allow the buyer unrestricted audit rights. Also, material utilization rates should be checked against budgets/plans/expectations/industry norms. Prices should be verified against market prices. Goods received should be physically inspected to determine appropriate quality and quantity.

False Time Records

Labor mischaring- time.

Labor mischaring- rate.

Professional fees with large sums charged for "services rendered" but with few details.

Restricted/delayed access to records.

If the actuals are equal to or very close to budget estimates.

Altered time cards.

Time cards filled out by management.

Inconsistencies between time cards and charges.

Job misclassification.

The actual amount of labor that will be required to complete a task is often difficult to predict. When the actuals equal the estimates, it may be a cause to investigate.

Some work needs to be done by licensed professionals. Administrative tasks should not be billed at the professional rate.

When auditing vendor time cards, alterations or execution by managment are both signs of potential trouble. Extend audit procedures to identify patterns of fraudlent activities.

Always require professional invoices to have sufficient detail. Review the detail for reasonableness. If suspicions arise, examine the time sheets or time cards.

Fraudster Tries to Reroute Payments From a Legitimate Vendor

Change in address, bank account info is not signed by an authorized agent of the vendor.

Documents submitted are not on official vendor stationery.

Establish process to verify that all changes to vendor records (name, address change, bank account) are submitted by an authorized vendor signatory, and approved by an agency signatory.

General Contract/Vendor/Procurement/Bidding Fraud

No segregation between contracting, purchasing, receiving, storing, issuing, inspection, etc.

Continued acceptance of high priced goods or services.

Continued acceptance of substandard goods or services.

Numerous/costly change orders.

Contractor inability to perform.

Multiple purchases under bid limits.

Protests.

Failure to use existing contracts.

Off-contract purchases.

Emergency procurements.

Sole source procurements.

Watch for red flags that point to collusion between the vendor and one of the buyer's employees. Both the vendor and the employee overseeing the letting or the administration of the contract should be scrutinized.

General Guidance

Governments purchase vast amounts of goods and services under contracts of one type or another. Due to the vast sums involved and the difficulty in spotting and controlling it, fraud involving adherence to contracts are not unusual.

Ghost Employees

Restricted access to records.

Unexplained unfavorable labor variances.

A ghost employee is the term applied to someone who gets paid, but doesn't exist. In the case of vendor management, a ghost employee is used to increase the cost in cost-plus type of contracts. A check is issued and cashed by another who pockets the money. This type of fraud exists in other contexts where an employee uses a ghost employee to steal from his employer. In the case of vendors, the fraud is perpetrated against the buyer and the vendor pockets the money.

Kickback Schemes

Change in employee lifestyle.

Employee declines promotions.

Socialization between employee and contractor/vendor

Kickbacks involve an employee being compensated for in some way favoring a vendor. There are a number of behavioral indicators, like the red flags listed, that may point to an employee's receiving kickbacks.

Product Substitution

Altered inspection reports.

Poor cost documentation.

Counterfeit labeling.

Missing/altered serial numbers, model numbers or labels.

Significant number of field failures.

Altered/missing/late test reports.

Unexpected or premature part failures.

Restricted access to storage/production facilities.

Restricted/delayed access to records.

Latent defects.

High rejection rates.

Required certifications not signed.

Vendor, not buyer, selects samples for testing.

No warranties provided.

A common fraud scheme involves the delivery of goods of a lesser quality than was contracted for. To reduce the likelihood of this, goods should be inspected for conformity to specifications. In the case of certain types of goods, a chemical, metallurgical or similar type of test will need to be run on a sample to ensure that the product meets specifications.

Progress Payment Fraud

Altered inspection reports.

 

Physical progress inconsistent with billings.

Requests for payments inconsistent with prior cost datapdiv>

Restricted/delayed access to records.

Vendor/contractor resists inspection.

Required certifications not signed.

Contracts spanning months or years generally require that the buyer make payments during the project, before its completion. These progress payments usually match the percentage of the project that has, at the time of payment, been completed. Vendors and contractors have been known to accelerate the payments made to them by misrepresenting the extent of project completion. To ascertain the extent of completion, the purchaser should, as applicable, make inspection visits to the construction or have software projects completed in modules that can be individually tested. In construction, subcontractors produce lien waivers for payments they received and these should be available for review by the purchaser. All contracts should provide provisions allowing inspections, audits and proofs of completion. It is often of value to compare the progress of the current project against similar projects completed in the past. If it seems that billings exceed progress likely to have been made, it is a cause for further inquiries.

Systematic Mischarging

Labor mischarging- extension.

Material mischarging- extension.

Restricted/delayed access to records.

Generally, 3 times 5 equals 15, but sometimes it can be made to equal 16 or 17. Automated billing programs can be altered to make sure invoices are for amounts greater than agreed. The invoices, with refooting, look fine. The way to control this type of fraud is to check, at least on a sample basis, the calculations shown on invoices.
The vendor, contractor, or supplier is getting more than provided for in the contract.

Frequent change orders.

Unauthorized changes.

Rates or prices in excess of contract.

Rates or prices in excess of market norms.

Missing or altered inspection reports.

Undeservedly favorable evaluations of contractors.

Missing/altered serial numbers/model numbers/labels.

Requests for payments inconsistent with prior cost data.

Frequent invoice/voucher errors.

Poor cost documentation.

Claims for unallowable costs.

Little physical progress on contracts when significant costs have been billed.

Material mischarging—price.

Material mischarging—quantity.

Material mischarging—quality.

Labor mischarging—time.

Labor mischarging—rate.

Systemic mischarging—extension.

Double counting costs as both direct and indirect.

Professional fees for “services rendered” with few details.

Altered/missing/late test reports.

Unexpected/premature part failures.

Restricted access to storage/production facilities.

Restricted/delayed access to records.

Inadequate segregation of duties between contracting, purchasing, receiving, storing, etc.

Socialization between employee and contractor/vendor.

Vendor/contractor and employee address/phone match.

Multiple purchases just under bid limits.

Failure to take advantage of existing contracts/off-contract purchases.

A physical inspection should be made of all large or expensive goods that are provided to look for red flags.

All contracts should allow for audit of the provider and for unannounced audits should be conducted.

Vendor Has Committed Fraud in the Past or Performed Less Than Satisfactorily

Vendor is not authorized to do business in your jurisdiction, or is behind on taxes.

Check new vendors for Certificates of Good Standing or Status. These documnets are usually located at a state's secretary of state's office, or department/division of taxation, assessments, corporations.

Establish process to check all bidders/vendors/contractors for state/local debarment or exclusion from federal awards, suspended licenses, complaints from prior customers, etc.

Federal Excluded Parties List System (replaced by System for Award Management (SAM))

List of Individuals/Entities Excluded from Federal Health Care Programs

State of Maine Self Assessment - Procurement/Vendor Suspension-Debarment

Vendor is not Qualified to Perform Work or Provide Product or Service

Vendor suddenly bids on work far beyond previous scope or cost.

Perform background/reference/credit checks on vendors to determine financial capacity to perform work.

Perform oversight of prime/sub/vendor contract requirements to ensure agency gets what it pays for.

Risks
Red Flags
Best Practices
General Guidance

Complaints about quality.

A high rate of rejections, returns, or failures.

Lack of inspection/falsified reports.

A contractor that restricts or avoids inspection of goods upon delivery.

Mismarking or mislabeling of products and materials.

A contractor offers to select samples for testing programs.

A contractor refuses to provide supporting documentation regarding production or manufacturing.

Vendor fails to supply warranty information.

Vendor fails to apply manufacturers’ rebates/discounts towards final costs.

Photocopies of necessary certification, delivery, and production records exist where originals are expected.

Irregularities in signatures, dates, or quantities on delivery documents.

Certifications required in the contract are not signed.

Allegations of bribery of inspectors.

A supplier entertains or provides gratuities to procurement personnel.

Adequate project monitoring and oversight.

Agency verification of inspection reports.

Independent testing program.

Whistleblower mechanism.

National Association of State Comptrollers' Internal Control Questionnaires

Department of Defense's Fraud Red Flags and Indicators

Risks
Red Flags
Best Practices
Bribery

Routinely late and overdue processing of paperwork (excessive lags: stamping the receipt of invoice and checking order received).

Extending or modifying receivable due dates or terms without making necessary disclosures or recognizing an appropriate valuation loss.

Involvement of an unnecessary middleman or broker.

A contracting employee declines a promotion to a non-procurement position.

A contracting employee insists contractors use a certain subcontractor or broker.

A contracting employee shows a keen interest in the award of a contract or purchase order to a particular contractor or vendor.

A contract change order lacks sufficient justification.

Other inspectors at the job site notice a pattern of preferential contractor treatment.

Awareness training.

See the Vendor Debarment page.

Cross-training.

Management oversight.

Make sure awards are decided by committee.

Have an approval process in place that validates every change order request.

OECD (2013), Bribery and Corruption Awareness Handbook for Tax Examiners and Tax Auditors, OECD Publishing

Corruption/Bid Rigging/Kickbacks

Apparent connections between bidders: common addresses, personnel, or telephone numbers.

Different contractors make identical errors on bids.

Losing bidders hired as subcontractors.

Joint venture bids by firms that usually bid alone.

Losing bids do not comply with bid specifications or only one bid is complete and other bids are poorly prepared.

Tailored specifications (e.g., specific or restrictive requirements in files which seems to restrict eligibility).

Unusual bid patterns: too close, too high, round numbers, or identical winning margins or percentages.

Apparent connections between employees and vendors. Common: addresses phone numbers, Tax IDs, ownership interest.

Consistent preferential (early) payments to one vendor.

Look for invoices which do not have the folds that come from having been mailed. No folds, may point to potential fraud.

Sequential invoice numbers from the same vendor or invoice numbers with an alpha suffix.

Payments made on copies of invoices, not originals.

Vendor invoices are received by department other than accounts payable (purchasing).

Adequate vendor pre-screening
Federal Sites:

Check state debarred vendor lists. Also see the Vendor Debarment page.

Do not allow sole-source bid/awards.

Adequate vendor screening.

Data analytics.

Formal procurement process.

Separate check writing and checking account reconciliation. Never have the person who writes the checks also be the person who reconciles the checking account, this is asking for trouble.

Tax ID numbers on the vendor invoice should help you be more comfortable that the invoice is legitimate.

Segregate duties between processing of accounts payable invoices and updates to vendor master files.

General Guidance

As any entity involved in acquiring large amounts of goods and services, governments must, from time to time, contend with those who put their needs before those of the organization. Corruption, bid rigging and kickbacks, individually and collectively, result in higher costs to the purchaser. In the case of governments, the ultimate purchasers are the citizens. Below are red flags that can help identify corruption, bid rigging and kickbacks; to the right is a link to a publication discussing public corruption.

Risks
Red Flags
Best Practices
General Guidance

Frequent errors/corrections of errors on invoices and other documents.

Billing for time - One contract contains names of persons assigned to another contract.

Contractor costs on the fixed price contract are unusually low.

No requests for contract changes on a fixed price contract.

Costs on the cost plus contract are considerably higher than those expected or budgeted.

Cross charging schemes involve a certain manipulation of costs- taking costs from one contract and assigning them to another. This produces errors. Procedures should be in place to look for high rates of errors or corrections related to billings.

Aside from management personnel (included in overhead) and some supervisory personnel (whose time is potentially allocated to several projects), contract personnel do not generally work on several projects at once. Procedures should be in place to see whether contract personnel are billed to more than one contract for the same periods of time.

If there is more than contract being worked on by a contractor (one at a fixed price and the other on a cost plus basis) and the costs of the cost plus contract are high, while those on the fixed price contract are low, it may be an indicator of cross charging. Require that even fixed price contracts are accompanied by contractor statements.

Contract change requests are a common factor on fixed price contracts. A lack of them may indicate that the contract is unusually profitable because costs have been shifted to a cost plus contract.

When the costs of a cost plus contract are considerably higher than expectations, it may be because the contractor has shifted costs from a fixed price to cost plus contract. Evaluate the costs in light of budgeted costs and the costs experienced for similar types of projects.

Risks
Red Flags
Best Practices
Activity Indicative of Potential Fraud

Even dollar transactions.

Incorrect totals.

High standard deviation.

Duplicate transactions.

Unusual time lags.

For duplicate payments, missing check or invoice numbers.

Common with P-Cards and travel expenses.

Purchase orders/invoices where totals are not based on stated unit prices and quantities ordered.

Accounts receivable/payable, P-Cards, travel reimbursements that have unusually high standard deviation values.

Invoices/payments with same vendor invoice number, date and amount.

Payroll payments to same bank account, same date and amount.

Invoice date is prior to purchase order date.

Invoice date is too soon compared to payment date or invoice due date.

The Effective Use of Benford's Law to Assist in Detecting Fraud in Accounting Data, by Cindy Durtschi, William Hillison and Carl Pacini

Bypassing Transaction Authorization Limits
Split transactions.
Look for multiple purchase orders, requisitions and/or invoices where dates are the same or 1-2 days apart.
Conflict of Interest
Employees who are also vendors.

Risks
Red Flags
Best Practices
Charter Schools

Unclear state governance responsibilities with respect to the roles, responsibilities and expectations of charter management organizations.

Fraud in School District Management

Phony vendor invoices.

Non-Compliance with Federal Student Financial Aid
High non-completion ratios.

Risks
Red Flags
Best Practices
General Guidance

Failure to produce required documents when requested.

Documents that appear to be "handmade." Signals may include documents that lack or have ineligible seals, are photocopies, or otherwise appear to be inauthentic.

Inconsistencies in curricula vitae and resumes.

Inability to contact references.

Inability to contact corroborators.

Inability to verify contents of applications.

References should be checked and resumes verified. If representations appear invalid, management should be notified.

Risks
Red Flags
Best Practices
General Guidance

Forging checks payable to cash, oneself, and/or to personal vendors.

Pocketing cash receipts meant for deposit into institutional accounts.

Issuing extra paychecks and/or bonus checks through payroll to oneself.

Submitting fraudulent expense reports for reimbursement.

Submitting fraudulent invoices from phony or legitimate vendors.

Abusing institutional credit card accounts for personal use.

Electronic transfers of institutional funds to personal accounts and/or vendors.

Pilfering institutional equipment and/or inventory.

Unrestricted access to blank checks, signature plates, and check-signing equipment.

High volume of manually prepared disbursement checks.

Paid invoices not properly canceled, allowing for reprocessing.

FEC's Guidance for Political Committees Regarding Embezzlement/Misappropriation

Do not allow a single individual access to all aspects of institutional finances in any given department. Make sure there are divisions of duties, in the finance department in particular.

Regularly rotate responsibilities for bookkeeping personnel.

Require bookkeeping personnel to take time off. Embezzlers often take few or no vacations to safely perpetrate their schemes.

Do not allow bookkeepers to take work home.

Require two signatories on outgoing checks above a certain nominal amount. The signatories should be different individuals from the check preparer.

Examine cancelled checks regularly. One common method of embezzlement involves the forgery of checks. Another is to have them payable to the embezzler or to personal vendors.

Risks
Red Flags
Best Practices
General Guidance

Extraction taxes are but one of the types of fraud that involve Energy and the Environment. Check out the sites listed to the right for more information.

Risks
Red Flags
Best Practices
General Guidance

Document alteration - a document that appears to be altered because it shows different print, contains erasures, or a portion thereof has been deleted or changed with the use of correction fluid.

Forger personality traits: a) never appears in person; b) intimidating and pushy; c) threatens to file an unwarrented complaint against the government; or d) complains about the lack of intelligence amoung the entity's employees.

Signatures: a) the signature bears evidence of having been erased or overwritten; b) there are errors in the signatures; or c) signatures contained in instruments already recorded do not match.

Address is either remote or nebulous: a) a resident of no state or b) P.O. box address maintained in a remote location.

Procedure to be followed in connection with the possibility of a forgery:

  • do not proceed with the transaction;
  • do not record any instrument;
  • do not disburse any funds or proceeds;
  • do not pay or satisfy any lien or encumbrance; and
  • do not accuse or charge any of the parties with the commission or the intent to commit a forgery until investigators have completed their work and the case has been referred to law enforcement.

Risks
Red Flags
Best Practices
Fraud, Waste and Abuse

Inadequate grant monitoring processes.

Unrealistic performance targets.

Lack of risk assessment.

Missing communication channels.

No fraud reporting hotline.

General Guidance

According to Federal Funds Information for States, the federal government provided state and local governments with nearly $729 billion in federal funds in fiscal year (FY) 2016. Government programs are, to a large extent, carried out by grants—the Federal government to state and local governments, state to local governments, governments to private sector contractors, suppliers and vendors, etc. These programs involve vast sums of money. Some of that money finds its way into the pockets of those not intended to receive it. The link to the right provides a tool to evaluate the internal controls over your grant programs. The cells below contain information to help you spot and deter fraud in grant programs.

Grant Purposes Not Being Met

No follow up on grant recipients/subrecipients.

Required reports not received.

Complaints from intended clients.

Perform oversight of prime/sub/vendor contract requirements to ensure agency gets what it pays for. Use onsite visits, milestones achieved or reports filed to check performance/progress before next allotment of funds; inspect goods/services received; compare invoice and purchase order to prevent overpayment.

Perform spot reviews or audits on vendor time sheets in a random sample to ascertain if hours worked match payroll invoices, or do site inspections. Different types of inspection reports can be designed or are available on the Internet.

Site Inspection Template

Matching, Level of Effort or Earmarking Requirements Not Being Met

Requirements are not budgeted in the program.

In-kind contributions not documented.

No monitoring reports in place.

Misdirected Payments

Payments are misdirected to someone posing as a legitimate vendor. No proper documentation or approval of additions, changes, or deletions to vendor master file.

Vendor addresses do not agree with vendor approval application.

Verify that all changes to vendor records (name, address change, bank account) are submitted by an authorized vendor signatory, and approved by an agency signatory. This is to prevent theft or misappropriation of funds.

Segregate duties between processing of accounts payable invoices and updates to vendor master files.

Non-Compliance with Federal Civil Rights and Drug Free Workplace Laws

Irrational employee behaviors.

Unexplained employee absences.

Non-compliance with State/Local-Wide Central Service Cost Allocation Plans and Indirect Cost Rate Proposals

Unwarranted profitability of internal service funds.

Non-Compliance with The Buy American Act

Evidence of foreign-produced materials.

Problems that Could Lead to an Audit Finding Not Addressed Early Enough

Repeat audit findings.

Unallowable costs.

Non-compliance with Treasury/State Agreement (CMIA).

Excess +/- balances of federal cash.

Expenditure of federal funds outside the availability period.

Program income not identified and/or reported

Program is Not Serving the Right Clients/Beneficiaries

Complaints from intended clients.

Recipients and Sub-Recipients Do Not Understand Requirements and Responsibilities

Audit findings that go unaddressed.

Establish process to check all bidders/vendors/contractors for state/local debarment or exclusion from federal awards, suspended licenses, complaints from prior customers, etc.

AGA's Cooperative Audit Resolution and Oversight Initiative (CAROI) Tools

State of Maine Self Assessment

System for Award Management (SAM)

List of Individuals/Entities Excluded (LEIE) from Federal Health Care Programs

Reporting Issues

Inaccurate reporting.

Federal reports filed late or not at all.

No management review of reports.

Related audit findings.

No monitoring of federal requirements for changes.

Sub-Recipients Ineffective in Program Implementation

New subrecipients.

Repeat audit findings.

Risks
Red Flags
Best Practices
Bribery of housing authority employees or subcontractors. Collect Housing Assistance Payment (HAPs) for properties not owned. Someone improperly poses as the legal agent. Accept HAPs for vacant apartments/homes. Having unauthorized persons living in the apartment/home. Using a voucher while receiving rental assistance from another agency.
Renter complaints.
How to report suspected fraud:
Chicago Housing Authority
Client is charged a fee for housing counseling services or charged an upfront fee for services.

Customer is pressured into signing paperwork.

Someone requests an advance fee to stop a customer's foreclosure or to get his loan modified.

Someone guarantees they can stop a foreclosure or modify a loan.

Someone advises a customer to stop paying his mortgage company and pay him instead.

Someone asks a customer to sign over a home deed or sign paperwork he has not read or understands.

Someone claims to offer "government-approved" or "official government" loans. A company asks for personal information online or over the phone.

How to report Mortgage Fraud:
Report Mortgage Fraud to Freddie Mac

HUD employees engage in bribery, contract bid rigging, embezzlement, or alter, forge or destroy records

Missing records.

Individual, groups, or businesses may steal monies from HUD, or waste HUD monies, or exceed the authority granted to them by HUD.
Rent overcharging. Charging for other services (maintenance fees, utilities, other), slot on wait list.
Tenant is charged a higher Housing Assistance Payment (HAP) than HUD authorized.

Missing or inaccurate rent receipt.

Renter complaints.

Criminal offense under 18 U.S.C.287,1343)

False Claims Act fines

Qui Tam available

How to report Housing Assistance Payment (HAP) Rent Fraud

Tenant is charged excess rent for disallowed maintenance or utility costs, for other services, or to be placed on a housing waiting list.

Someone asks for money to help filling out a housing assistance application.

Someone charges for a housing assistance waiting list slot.

Charging more than lease amount for extra services.

No receipt for rent payment.

No receipt or written explanation for maintenance or utility charges.

Post awareness posters with housing fraud red flags:

Tenants falsify income or family size or alter official documents
Suspicious looking documents.

Institute a Fraud Prevention Policy

Require confidentiality statements

Risks
Red Flags
Best Practices
Beneficiaries: False Eligibility Claims
Mismatch of records. Changes/errors involving dependents.
Does an applicant or recipient really live with whom he or she claims to live? Does someone really support the person he or she claims as a dependent? One way to determine this is to require that the beneficiary of certain social services provide proof. This proof could include school records, library cards, utility bills, doctor's bills, etc. All should be required of applicants and all should be reviewed for inconsistencies.

Is someone really disabled? Perhaps a visit to the person's neighborhood is warranted.

Is someone really unemployed? Each year, the recipient should be required to produce, among other documents, copies of his or her tax returns.
Charges for Goods/Services Not Provided
Costs continually higher than those experienced with similar providers coupled with complaints about services.
Verify that the government is getting what it paid for by conducting unannounced spot checks to see whether the government got what it ordered and paid for.
Charges for Goods/Services Provided of Lesser Quality than Purchased
Complaints from consumers, extraordinarily high breakage or maintenance costs.
When food of one quality is ordered and paid for, but food of a lower quality is provided, consumers will complain. If these complaints are frequent, the actual quality of goods / services should be physically sampled. Likewise, when higher-than-normal breakage or maintenance costs are experiences, the goods should be inspected and the service levels questioned.
External Conflicts of Interest
Awards continually made to same subcontractor (particularly in spite of higher costs, complaints about service, etc.).
External conflicts of interest involve parties outside of the government…a contractor and its suppliers or subcontractors. Often, the contractor has an interest in the supplier or subcontractor and always steers business its way. To reduce exposure to these types of frauds, all contracts should allow the government to examine the records of contractors, subcontractors, and suppliers. Representation letters disclosing all conflicts of interest should be required of all contractors / subcontractors / suppliers.
Inflated Headcount
Higher per-facility or per-staff count than similar providers
In some programs, such as school lunch programs, after-school programs and child care, the government sponsor is charged per consumer/participant per day. One way to mitigate losses from inflated headcount fraud is conduct frequent, unannounced visits and perform a physical count of the consumers/participants. Any unexplained deviations in headcount from that generally reported is a cause for concern and possible cancellation of the underlying contract.
Inflated Subcontrator Costs
On cost-plus contracts, higher subcontractor costs than similar providers.
Some human services involve the use of subcontractors/suppliers. These subcontractor/supplier costs and an agreed-upon profit percentage are then passed along to the sponsoring government agency. However, the contractor may defraud the government by claiming its subcontractor/provider costs are higher than those actually incurred. This can be somewhat overcome by adopting some preventive, detective and corrective practices. First, one of the conditions of any contract should be the government's authority to audit, on short or no notice, the contractor's accounting records; the government should take advantage of this authority regulary. Second, another condition of any contract should be that the contractor agrees to engage only those subcontractors/suppliers granting the same audit right to the sponsoring agency.In additon to periodically auditing the contractor's records, subcontractor/supplier accounting records should also be audited and reconciled to the contractor's records. Finally, other frauds listed under the "Business Process" target tab should be considered.
Internal Conflicts of Interest
Awards continually made to same contractor (particularly in spite of higher costs, complaints about service, etc.).
Internal conflicts of interest involve one party on the purchaser's side of the transaction. These generally involve some form of collusion between procurement, purchasing, contract management or payment personnel and a supplier, contractor, subcontractor, etc. The inside person is, in some way, benefitting from directing business toward the outsider. Review bidding procedures; rotate contract management and other personnel; and inquire about the situation.
Mistreatment/Undertreatment
Continual complaints about services.
Frequent complaints might mean trouble. Investigate.

Risks
Red Flags
Best Practices
General Guidance

Information technology has proven itself to be a double-edged sword. On one side, it has enabled us to store, use and examine more information than one would have thought possible just a few decades before. On the other side, it has enabled fraudsters to use its strengths (and its weaknesses) to their own illicit ends.

Logical Access

Anyone can see all electronic information.

Users can access data they should not be able to view.

Monitor displays sensitive information while employees are away from their work area.

Passwords are easily obtained from an issuing source.

Encrypt sensitive data.

Review user access roles for appropriateness and update when duties change.

Terminate access immmediately when employees leave service.

Require session timeouts.

Require mixed use of characters/numbers/letters.

Require frequent changes.

Do not allow passwords to be used more than once.

Physical Access

Easy access to equipment.

Laptops/USB Devices not monitored.

Cleaning crews and visitors can take sensitive documents from workstations.

Photocopies and scans store digital images of sensitive data.

Lock server rooms.

Have a sign-out process.

Encrypt devices.

Identify work areas that need to lock documents away on nights and weekends.

Limit access to removable disks.

Theft of Personally Identifiable Information (PII)
Lack of controls over physical access to IT equipment and logical access to systems.

Establish protocols and department head approval for physical and logical access to information systems and the protection of any Personally Identifiable Information (PII).

State and local governments should consider using the same data requirements that the federal government uses for outside vendors:

Theft or Misuse of IT Inventory

Lack of periodic inventory.

Encrypt and scan laptops/USB devices for improper files before/after each use.

Risks
Red Flags
Best Practices
Accounting Data

Accounting data can be compromised as easily as inventory or cash. Criminals can do considerable financial damage by manipulating accounting records as well as by physical theft.

Protect all servers and computer workstations with passwords.

Hire a third-party network security expert to secure access to files.

Compare internal financial data with bank statements and financial documents to ensure records remain accurate.

Separate duties.

Conduct independent audits.

Prepare internal reports.

Damage

Products get damaged during normal business operations. Some products have a higher risk of damage than others.

High risk damage products need special inventory control policies in place to minimize damage.

General Guidance

Governments have a lot of taxpayer resources tied up in inventories. From nuclear weapons to paper clips, governments are among the largest purchasers and warehousers of goods. These goods are subject theft and misuse. Some tools for mitigating fraud are offered to the right.

Life Cycle/Shelf Life

Product Type: Short or long shelf life. Adopt a First in/First out (FIFO) policy. However, if at any time goods come into the warehouse out of expiration date sequence, a FIFO policy will fail to manage the inventory properly.

Product Cost: High cost of a specific inventory.

Lead time: The time from receipt of an order to the time of delivery. When suppliers are overseas, the lead time in inventory increases.

FIFO policy.

A serial number placed on the external packaging and the actual product itself. This number is used to track items through every move into and out of the warehouse.

In libraries, the call number, or, a new electronic code.

Audio-visual equipment.

Signatures from authorized personnel.

Security guards in front of warehouse or, accompanying the movement or transfer.

Mismanagement

Inventory control manager with few years of experience. Not having clear policies and procedures to maintain the proper inventory levels. Lack of staff training in policies and procedures. Lack of standard operating procedures or handbook that highlights procedures. Not following the guidelines of any pre-existing service agreement.

Auditing on a constant basis and at all levels.

Tracking new product line manually or, with an electronic inventory management system.

Theft/Lost Inventory

Missing items due to physical theft.

Security cameras with recording devices.

Performing regular and random inventory counts to uncover issues of theft or waste quickly.

Security guards.

Separation of duties.

Internal reports.

Good space utilization so that products are not to be moved frequently. This also reduces the labor cost associated with inventory.

Risks
Red Flags
Best Practices
An intentionally or unintentionally weak internal control environment that permits, encourages or disguises fraudulent activity.

Reluctance to provide information to auditors

Managers engage in frequent disputes with auditors

Management decisions are dominated by an individual or small group

Managers display significant disrespect for regulatory bodies

Accounting personnel are lax or inexperienced in their duties

Decentralization without adequate monitoring

Because of management's ability to override and circumvent controls, the threat of management-related fraud is always present and, if it exists, hard to prevent. A code of ethics is one of the tools any organization--private or public sector–should adopt and enforce.

Management does not emphasize the role of strong internal controls

Management does not prosecute or punish identified embezzlers

Management does not have a clear position about conflicts of interest

Highly placed executives are less than prudent or restrained on expenditures for travel and entertainment, furnishings of offices, gifts to visitors and directors, etc.

Internal auditing does not have authority to investigate certain executive activities

Accounting policies and procedures are lax, non-existent, undocumented or unenforced.

Frequent changes in external auditors

Excessive number of year end transactions

Excessive number of management overrides of policies or procedures

No monitoring of effectiveness of internal controls

Low employee morale is pervasive

Unexpected overdrafts or declines in cash balances

Refusal by agency or division to use serial numbered documents if required (e.g. receipts)

Compensation program that is out of proportion to standards

Any financial transaction that doesn’t make sense - either common or business

Contracts that result in no product or service

Missing documents

Management ignores irregularities

Staff is not trained

Lack of oversight

Lack of fraud hotline or a failure to support whistleblower programs

Failure to respond to identified issues

Lack of management understanding or support for systems, processes and controls

No checks and balances

No segregation of duties

Improper use of funds

Subordinates signing for managers

High personnel turnover

Employee overly protective of information or is reluctant to train others

Annoayance at reasonable questioning

Providing unreasonable responses to questions

Refusing vacations or promotions for fear of detection

High employee turnover rate, especially in areas more vulnerable to fraud

Lack of segregation of duties in areas more vulnerable to fraud

Rewriting records under the guise of neatness in presentation

National Association of State Controllers (NASC) Control Questionnaire for Control Environment

Association of Certified Fraud Examiners (ACFE) Management/Key Employee Assessment

When a number of red flags are present, sometimes the best course of action is to notify the entity's external auditors.

Risks
Red Flags
Best Practices
Short Sale Schemes — Usually an alternative to foreclosure when owners are underwater (can only sell their home for less than the balance remaining on the mortgage). The lender agrees to forgive the difference between the sale price and the amount owed to them.

A disproportionately high rate of short sales related to recently made loans.

A disproportionately high number of short-sales on situations involving a first and second lender in which the first lender's note is insured by the government (FHA or VA). Frequently the proceeds come from a credit card cash advance made to the borrower.

When property values collapse, the second lender may have no equity in the underlying property. The second lender's approval, however, might be required for the short sale to be approved. The mortgagee is forced to give money to the second mortgagor to secure approval. This practice results in the amount of insured deficiency being greater than it should and the government insurer absorbing a greater loss.

Some or all of available money should be remitted to the first mortgage holder.

Secure borrower's credit card statements for sizable cash advances.

Risks
Red Flags
Best Practices
Employee Time Reporting Fraud

Inconsistent overtime hours for a cost center.

Overtime charged during a slack period.

Overtime charged for employees who normally would not have overtime wages.

Budget variations for payroll by cost center.

Employees with duplicate social security numbers, names, and addresses.

Falsified Wages

Large or unusual hours worked in a given pay cycle.

Time card hours differ from job order hours.

Hours on payroll reports differ from timecard hours or job order.

Number of days worked and salary are inconsistent with occupation.

Employee works more hours than specified on certified payroll reports.

Review of supporting documents.

Adequate time tracking mechanisms.

Authorization and approval of hours worked.

General Guidance

Payroll schemes are varied and common. Payroll schemes can be carried out by an individual or by two or more people working collusively. Payroll schemes cover both those perpetrated by employees of the victim and those perpetrated by those contracted by the victim. The result is the same — additional, unwarranted cost to the victim. The cells below contain indicators of payroll schemes and steps that can be taken to contain them. To the right is a link to a questionnaire to help reduce the likelihood of payroll schemes.

Ghost Employees

No evaluations, raises, or promotion over an extended period.

Terminated employee still on payroll.

Payments to employees not on employee master file.

Employees with duplicate addresses, checking accounts, or social security numbers.

Employees with no withholding taxes, insurance, or other normal deductions.

Employees with P.O. box, drop box address, organization's address, prison or no home address.

Unusual work location or no work phone.

No annual/sick leave used over a reasonable period.

Data analysis: payroll reports, data analytics for vendor/employee matches on name/address/TIN/bank account.

Confirmation of employees' identities.

Background checks.

Verification of payroll distribution.

Time Overcharging

Unauthorized alterations to timecards and other source records.

Hours and dollars consistently at or near budgeted amounts.

Timecards are filled out by supervisors, not by employees.

Photocopies of timecards submitted where originals are expected.

Inconsistencies between consultants’ labor records and their employees’ timecards.

Frequent payroll adjustment entries with descriptions such as “charged wrong accounts,” etc.

Labor charges are inconsistent with contract progress.

Personnel files cannot be found or are “found” after a delay.

Lack of a clear audit trail to verify propriety of labor charges.

Job misclassification – apprentice workers billed out at higher rates.

Adequate time tracking mechanisms.

Authorization and approval of hours worked.

Risks
Red Flags
Best Practices
Employee Time Reporting Fraud

Inconsistent overtime hours for a cost center.

Overtime charged during a slack period.

Overtime charged for employees who normally would not have overtime wages.

Budget variations for payroll by cost center.

Employees with duplicate social security numbers, names, and addresses.

Risks
Red Flags
Best Practices
General Guidance

Increasing number of complaints about products or service

Increase in purchasing inventory but no increase in sales

Abnormal inventory shrinkage

Lack of physical security over assets/inventory

Charges without shipping documents

Payments to vendors who aren’t on an approved vendor list

High volume of purchases from new vendors

Purchases that bypass the normal procedures

Vendors without physical addresses

Vendor addresses matching employee addresses

Excess inventory and inventory that is slow to turnover

Purchasing agents that pick up vendor payments rather than have it mailed

Unnecessary purchases

Non-compliance with The Buy American Act

Lack of paperwork or certifications with respect to goods covered by the Buy American Act.

P-Cards

Inappropriate segregation of duties.

Purchase/payment limits higher than required.

Refusal of cardholders to accept transfers or promotions.

Increasing costs of supplies from year to year.

Controls over vendor type non-existent.

Risks
Red Flags
Best Practices
Theft of Money, Weapons, or Drugs from Police Property Room by Law Enforcement Employees

Property/Evidence room items do not reconcile to list of entered items.

Evidence room is not secured.

Policies, manuals, training opportunities:

Best practices for securing evidence room against theft:

Risks
Red Flags
Best Practices
Skimming

Infrequent bank deposits, allowing cash to accumulate.

Consistent shortages in cash on hand.

Consistent fluctuations in bank account balances.

Closing out cash drawer before end of shift.

Idaho State Comptroller's Office, First Friday Fraud Facts on Revenue Skimming

Department of Defense: Fraud Red Flags and Indicators

Require daily bank deposits.

Segregate duties between issuing receipts and deposit preparation.

Segregate duties between receiving cash and posting to accounts.

Risks
Red Flags
Best Practices
​IRS-Related Phone or Mail Fraud
Receive a phone call or paper letter via mail from an individual claiming to be the IRS but you suspect they are not an IRS employee.
Phone call:
  • Ask for a call back number and employee badge number.
  • Contact the IRS to determine if the caller is an IRS employee with a legitimate need to contact you.
  • If you determine the person calling you is an IRS employee with a legitimate need to contact you, call them back.
Letter or notice via paper mail:
  • Contact the IRS to determine if the mail is a legitimate IRS letter.
  • If it is a legitimate IRS letter, reply if needed.
  • If caller or party that sent the paper letter is not legitimate, contact the Treasury Inspector General for Tax Administration at 1.800.366.4484.
Abusive Tax Schemes

Tax abuse—even when limited to Federal Income Tax abuse--takes many forms and involves a good number of red flags (too many to list individually in this table). To learn more about this subject, review the appropriate literature listed to the right.

Beneficial Owner Form
This fax-based phishing scam, which generally targets foreign nationals, recurs periodically. It’s based on a genuine IRS form, the W-8BEN, Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding. The scammer, though, invents his or her own number and name for the form. The scammer modifies the form to request passport numbers, information that is often used for account security purposes (such as mother’s maiden name) and similar detailed personal and financial information, and states that the recipient may have to pay additional tax if he or she fails to immediately fax back the completed form.
W-8BEN forms are completed by banks, not individuals.

Forward the e-mail in its entirety to phishing@irs.gov.
General Guidance

The column to the right provides some general information on Federal Income Tax. The cells below provide additional information.

Useful Websites:

How to Report Abusive Tax Promotions and/or Promoters:

  • Complete the referral form which documents the information necessary to report an abusive tax avoidance scheme. The form can be mailed or faxed to the IRS address and fax number on the form.

How to Report Abusive CPAs, Attorneys or Enrolled Agents:

  • Submit suspicious actions by tax professionals to the email address of the IRS Office of Professional Responsibility.

Fraudulent IRS e-Mails and Websites:

  • Contact the IRS at phishing@irs.gov if you receive an e-mail claiming to be from the IRS.
  • IRS Tax Shelter Hotline - The IRS maintains a hotline that people can use to provide information (anonymously, if preferred) about abusive tax shelters. The Office of Tax Shelter Analysis is primarily interested in potentially abusive transactions that may be employed by many taxpayers and could pose a significant compliance risk to the IRS.
  • Reporting abusive shelters, fraud and unscrupulous tax preparers
  • IRS tax scams video
Lottery Winning or Cash Consignment
These advance fee scam e-mails claim to come from the U.S. Treasury Department to notify recipients that they will receive millions of dollars in recovered funds or lottery winnings or cash consignment if they provide certain personal information, including phone numbers, via return e-mail. The e-mail may be just the first step in a multi-step scheme, in which the victim is later contacted by telephone or further e-mail and instructed to deposit taxes on the funds or winnings before they can receive any funds. Alternatively, they may be sent a phony check and told to deposit it but to pay 10 percent in taxes or fees. Thinking that the check must have cleared the bank and is genuine, some people comply. However, the scammers, not the U.S. Treasury Department, will get the taxes or fees.

The U.S. Treasury Department does not become involved in notification of inheritances or lottery or other winnings.

Contact the IRS at irs.gov/contact/index.html.

Refund Scams
This is the most frequent IRS-impersonation scam seen by the IRS. In this phishing scam, a bogus e-mail claiming to come from the IRS tells the consumer that he or she is eligible to receive a tax refund for a specified amount.
Taxpayers do not complete a special form to obtain their federal tax refund — refunds are triggered by the tax return they submitted to the IRS. Contact the IRS at irs.gov/contact/index.html.
Tax Exempt Organization Abusive Tax Avoidance Transactions

Employee Plan Abusive Tax Transactions

Tax Preparer Fraud

A tax return preparer is defined as any person (including a partnership or corporation) who prepares for compensation all or a substantial portion of a tax return or claim for refund under the income tax provisions of the Internal Revenue Code.

Return preparer fraud generally involves the orchestrated preparation and filing of false income tax returns (in either paper or electronic form) by unscrupulous preparers who may claim, for example:

  • inflated personal or business expenses, false deductions; or
  • unallowable credits or excessive exemptions, fraudulent tax credits, such as the Earned Income Tax Credit (EITC)

The preparers' clients may or may not have knowledge of the false expenses, deductions, exemptions and/or credits shown on their tax returns.

Dishonest return preparers use a variety of methods to formulate fraudulent and illegal deductions for reducing taxable income. These include, but are not limited to, the following:

  • Preparing fraudulent Schedule C - Profit or Loss from Business, claiming deductions for expenses that have not been paid by the taxpayer to offset Form 1099, Miscellaneous Income, or income earned from outside employment.
  • Including false and inflated itemized deductions on Schedule A, Itemized Deductions, for charitable contributions or medical and dental expenses.
  • Claiming false Schedule E, Supplemental Income and Loss, losses.
  • Claiming false dependents.

Be careful when choosing a return preparer, make sure you do not hire an abusive return preparer.

IRS Criminal Investigation (CI) reminds you;

  • Taxpayers are responsible for the accuracy of all entries made on their tax returns, which include related schedules, forms and supporting documentation. This remains true whether the return is prepared by the taxpayer or by a return preparer.
  • Be careful in selecting the tax professional who will prepare your return.
  • Avoid return preparers who claim they can obtain larger refunds than other preparers.
  • Avoid preparers who base their fee on a percentage of the amount of the refund.
  • Use a reputable tax professional that signs and enters a preparer tax identification number (PTIN) on your tax return and provides you with a copy for your records.
  • Consider whether the individual or firm will be around to answer questions about the preparation of your tax return, months, even years, after the return has been filed.
  • Never sign a blank tax form.
  • Ask questions. Do you know anyone who has used the tax professional? Were they satisfied with the service they received?
  • Tax evasion is a crime, a felony, punishable up to five years imprisonment and a $250,000 fine.
  • When in doubt, check it out! Taxpayers hearing claims from preparers offering larger refunds than other preparers are encouraged to check it out with a trusted tax professional or the IRS before getting involved.
  • Contact the IRS at 1-800-829-1040.
Theft of Social Security Number

An application for credit is denied.

Unable to obtain a tax return.

Show your social security card to your employer when you start a job so your records are correct. Provide your social security number to your financial institution(s) for tax reporting purposes. Keep your card and any other document that shows your social security number on it in a safe place. DO NOT routinely carry your card or other documents that display your number.

Contact the Federal Trade Commission (FTC) via their website or call 1-877-IDTHEFT (1-877-438-4338); TTY 1-866-653-4261. The FTC website is a one-stop national resource to learn about the crime of identity theft. It provides detailed information to help you deter, detect and defend against identity theft.

Contact the Internal Revenue Service. An identity thief might also use your social security number to file a tax return in order to receive a refund. If the thief files the tax return before you do, the IRS will believe you already filed and received your refund if eligible. If your social security number is stolen, another individual may use it to get a job. That person’s employer would report income earned to the IRS using your social security number, making it appear that you did not report all of your income on your tax return. If you think you may have tax issues because someone has stolen your identity, contact the IRS Identity Protection Unit or call 1-800-908-4490.

File an online complaint with the Internet Crime Complaint Center (IC3).

The IC3 gives victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. IC3 sends every complaint to one or more law enforcement or regulatory agencies that have jurisdiction over the matter.
Victim of Phishing (Internet fraudsters send email messages to trick unsuspecting victims into revealing personal and financial information that can be used to steal the victims’ identity)
Receiving unsolicited emails from IRS.

Email requests detailed or an unusual amount of personal and/or financial information, such as name, social security number, bank or credit card account numbers or security-related information (such as mother’s maiden name) either in the email itself or on another site to which a link in the email sends the recipient.

Dangles bait to get the recipient to respond to the email, such as mentioning a tax refund or offering to pay the recipient to participate in an IRS survey.

The sender's email address does not end in the IRS.gov or Treasury.gov.

Threatens a consequence for not responding to the email, such as additional taxes or blocking access to the recipient’s funds.

Gets the Internal Revenue Service or other federal agency names wrong.

Uses incorrect grammar or odd phrasing. Many of the email scams originate overseas and are written by non-native English speakers.

A link to a fake IRS website is included in the email.
Be Aware of Existing Phishing Scams: "Phishing and Other Schemes Using the IRS Name"

Do not reply.

Do not open any attachments. Attachments may contain malicious code that will infect your computer.

Do not click on any links.

If you clicked on links in a suspicious email or phishing website and entered confidential information, visit the IRS's identity protection page

Forward the email as-is, to IRS at phishing@irs.gov.

After you forward the email and/or header information to IRS, delete the original email message you received.

Send the URL of the suspicious site to phishing@irs.gov. Please add in the subject line of the e-mail, 'Suspicious Website.'

Visit OnGuardOnline.gov to learn what to do if you suspect you have malware on your computer.

Forward the email to your Internet Service Provider’s abuse department and/or to spam@uce.gov.

Risks
Red Flags
Best Practices
General Guidance

Unexpectedly high utilization of materials or supplies.

Unexpectedly high deterioration rates for equipment. Greater than typical repair, maintenance and replacement costs.

Equipment, materials and supplies not available when needed.

Shortages revealed during physical inventories.

Refusal or failure to conduct physical inventories.

Missing money or other valuables.

Materials and supplies should be kept secured and only issued when needed. Smaller office equipment (e.g., staplers) and hand tools (e.g., hammers) should be indelibly marked with the identification of the true owner.

All equipment should be issued on an "as needed" basis. Trip logs for vehicles should be maintained and periodically checked against odometer readings.

Print and copy jobs should require user identification.

Authority to issue materials should be limited; all withdrawals should be recorded.

Policy should require periodic inventories of materials, supplies, equipment, etc. This policy should be enforced by management.

Procedures should require the rapid banking of money. When not banked (i.e., register balances or petty cash), money should be counted at least daily. All cash should be signed for. There should adequate segregation of duties (between receipt, deposit, accounting, etc.).