When you think about fraud, what comes to mind? Money? Scams? If you are like most people, chances are your definition of fraud may not capture the full range of fraud that can occur in a university setting. In this issue of Ethics Matters, we explore what fraud is and how you can identify and monitor some of the highest risk areas in your unit(s). Additionally, we provide resources to assist you in identifying, reporting, and addressing potential fraud.
deceit, trickery; specifically: intentional perversion of truth in order to induce another to part with something of value or to surrender a legal right
an act of deceiving or misrepresenting: trick
Fraud can occur when accounting controls are not working effectively, when there is collusion among parties to a transaction or process, or when there are multiple reporting lines allowing perpetrators to submit separate requests through multiple units.
Identifying and Assessing Fraud
As we explore fraud in the workplace, think about the areas in your unit(s) that pose the greatest risk of fraud. The following examples may help with your assessment:
Financial frauddeals with financial transactions and how money is spent and applied from an accounting perspective. An example is intentionally moving money into an account where it does not belong to spend it inappropriately. Another example is intentionally charging items to an inappropriate account (CFOP) that isn’t reconciled regularly so the charge will go undetected.
Medical fraud includes, but is not limited to, inaccurate billing to insurance agencies, distribution of equipment or medications without proper authorization or payment, and charging patients for services that were not performed.
Time reporting fraud involves misreporting or under-reporting time, such as benefit usage, as well as “ghost-payrolling” where a non-existent employee is added to the payroll and the ghost employee’s salary is funneled to someone else.
Fraudulent disclosure involves intentionally failing to completely or accurately disclose financial interests or conflicts of commitment or interest. The repercussions to the university can be very significant.
False statements involve lying or concealing the truth by making a statement that is knowingly false. Of all of the examples of fraud, this is the one we see most often.
Other examples of fraud that may be more difficult to detect without deeper analysis include:
Inflated pricingoccurs when a vendor wrongfully charges the university a higher price than allowed under the applicable contract. Self-supporting units could potentially commit a similar fraud by wrongfully charging more than permitted.
Duplication of reimbursements occurs when someone seeks reimbursement for expenses already covered (such as taking per diem when the event provides the meal), or submitting the same trip for reimbursement through separate units or at two separate times. Though there are many controls in place to prevent duplication of reimbursements, some people still intentionally seek double payment.
Non-business purchase fraud involves using university resources to purchase goods or services for personal use. This most often occurs in the context of large purchases where the inclusion of one or two non-business items might go unnoticed. University purchases that do not become university property or have a specific university purpose should be evaluated for possible fraud.
Regulatory reporting fraud involves intentionally misstating reports to federal, state or local regulators. A significant amount of university research involves regulatory reporting. Intentional misstatements of spending or falsification of data reported constitutes fraud.
Just because something is inaccurate does not mean the error involves fraud. Sometimes, people simply make mistakes or mistype data. That’s why it is important to report suspected fraud to the appropriate parties who are able to review and determine the true nature of the error. Employees dealing with procurement, reimbursements, and data entry need to be particularly vigilant, as they are often best able to detect the early warning signs of fraud.
Illinois Personal Information Protection Act (PIPA)
You may have heard in the news recently about California's new Consumer Privacy Act, but did you know Illinois already has its own privacy protection act? The Illinois Personal Information Protection Act (PIPA) requires data collectors like the University of Illinois to notify affected individuals when a breach of computerized data "compromises the security, confidentiality, or integrity of personal information maintained by the data collector."
PIPA defines personal information as either 1) an individual's first name or first initial and last name in combination with certain other specified data elements like Social Security number or driver's license number, or 2) a user name or email address in combination with a password or security question and answer allowing access to an online account. If you suspect a breach of personal information has occurred, report it immediately to: