© Grant Thornton LLP. All rights reserved. Time for a Fraud Check-up! Carolinas Health Care System CPE Day November 3, 2014 Presenters: Erik C. Lioy R. Cory Rogers

© Grant Thornton LLP. All rights reserved. Presenting today: Erik C. Lioy Erik is a Grant Thornton Partner and serves as the Forensic and Valuation Services Practice Leader for the Mid-South Market Territory. He is a Certified Public Accountant, Certified Fraud Examiner, and designated as Certified in Financial Forensics by the American Institute of Certified Public Accountants. With over 20 years of experience, Erik brings unique insight to clients and legal counsel in a host of matters including commercial litigation, financial investigations, regulatory matters and fraud prevention. R. Cory Rogers Cory Rogers is a Senior Manager in Grant Thornton LLP’s Forensic and Valuation Services practice located in Charlotte, NC. Cory has over 10 years of experience assisting clients with contract compliance, forensic accounting, and litigation support matters. His clients include both public and private companies in the hospitality, construction, and not-for-profit industries. Contact details T: E: Contact details T: E:

© Grant Thornton LLP. All rights reserved. Learning Objective: Gain an understanding of recent trends in fraud through analysis of the Association of Certified Fraud Examiner's (ACFE) 2014 Report to the Nation and develop practical strategies to manage fraud risk.

© Grant Thornton LLP. All rights reserved. The Effects of a Changing Health Care Environment Health Care Reform RationalizationOpportunity Pressure Internal Controls Ethical Management Compliance Programs

© Grant Thornton. All rights reserved. 4 What are some fraud risks in healthcare organizations? Employee payroll and benefits fraud Theft of equipment, supplies and drugs Patient identity or property theft Cash theft Vendor conflict of interest Fictitious vendors Coding/billing fraud

© Grant Thornton LLP. All rights reserved. Health Care is Different? Do Health Care organizations have significant fraud risk beyond billing fraud?

Industry of Victim Organization 7

Schemes – Health Care 8

© Grant Thornton. All rights reserved. 9 Is fraud worth worrying about?

The Cost of Occupational Fraud 10 OBSERVATION: Almost half of all cases are greater than $200,000

How Occupational Fraud is Committed 11 OBSERVATION: Asset misappropriation is most prevalent

How Occupational Fraud is Committed 12 OBSERVATION: Although not as common as other frauds, financial statement is the costliest

© Grant Thornton LLP. All rights reserved. Key Lessons: Asset misappropriation is most common. What do you have worth stealing? Corruption (bribes and kickbacks) is trending up. How do you manage the risk?  Background checks  Annual certification of business relationships Financial statement frauds remain costliest.

Duration of Fraud Schemes 14 OBSERVATION: Catch it early and save money!

Initial Detection of Occupational Frauds 15 OBSERVATION: Tip lines are the best way to catch a fraud

Source of Tips 16

© Grant Thornton LLP. All rights reserved. Catching the Bad Guys You need a hotline regardless of whether you are public (required by SOX) or private. Open your hotline to customers and vendors. Almost half of all tips come from outside the organization.

© Grant Thornton. All rights reserved. 18 Detecting is good, preventing is better. What internal controls are the most effective?

Effectiveness of Controls 19

© Grant Thornton LLP. All rights reserved. Effectiveness of Controls (in an easier to read format) 1.Surprise Audits 50% 2.Proactive Data Monitoring/Analysis 50% 3.Dedicated Fraud Department, Function or Team 50% 4.Anti-Fraud Policy 50% 5.Fraud Training for Employees 50% 6.Hotline 50% 7.Formal Fraud Risk Assessments 47.8% 8.Management Review 45.8% 9.Independent Audit Committee 41.7% 10.Internal Audit Department 41.7% 11.Job Rotation/Mandatory Vacation 40% 12.Fraud Training for Managers/Executives 38.1% 13.External Audit of ICOFR 37.5% 14.Management Certification of F/S 37.5% 15.Rewards for Whistleblowers 33.3% 16.Code of Conduct 33.3% 17.External Audit of F/S 25% 18.Employee Support Programs 22.2%

© Grant Thornton LLP. All rights reserved. What does a fraudster look like?

Perpetrator’s Position 22

Position of Perpetrator Based on Region 23 OBSERVATION: Rank has its privileges and rewards!

Perpetrator’s Age 24

Perpetrator’s Age 25

Perpetrator’s Gender 26

Median Losses Based on Gender 27

Perpetrator’s Tenure 28 OBSERVATION: Generally, it is trusted, tenured employees who commit fraud

Perpetrator’s Tenure 29

Perpetrator’s Education Level 30

© Grant Thornton LLP. All rights reserved. "Red Flags of Employee Behavior" Living beyond ones means Financial difficulties Control issues, unwillingness to share duties Unusually close association with vendor/customer Wheeler-dealer attitude Divorce/family problems Irritability, suspiciousness or defensiveness Addiction problems Unusual generosity Missing or incomplete documents Refusal to take vacations Past employment-related problems Complains about inadequate pay Excessive pressure from within organization Past legal problems Instability in life circumstances Excessive family/peer pressure for success Complains about lack of authority Conspicuous change in behavior (dominating, absolute behavior)

© Grant Thornton LLP. All rights reserved. Before Approving Invoices from Vendors and Contractors – Good Questions to Ask! How well do I know this vendor or contractor? Do I have first hand knowledge that they even exist? Do I know that they actually provided the goods or services identified in the invoice or other billing statement? Do I know that they are using the correct amounts for price (including unit prices used), sales tax, freight, and other variables that make up the amount invoiced? On what basis do I know that the prices are reasonable in the first place? What standard have I used in determining that the price charged is fair? How do I know that the quantities make sense? On what basis have we agreed to purchase the stated quantities? How do I know that the invoice and other documents are mathematically correct?

© Grant Thornton LLP. All rights reserved. Anti-fraud techniques you can use Create and maintain an ethical culture of doing the right thing All employees should be encouraged to take vacations (40 consecutive hours at one time) Restrict authorization and access to assets (money, inventory, sensitive information, PHI, computer systems) Segregate duties to provide "checks and balances" – no single individual should have control over two or more of the following responsibilities: authorization, custody, recordkeeping and reconciliation Check out first-time vendors Review supporting documentation for all disbursements and check requests – see subsequent slide for tips on approving invoices Watch for "red flags" in employee behavior – see next slide for examples

© Grant Thornton LLP. All rights reserved. What should each of us do? Be concerned and vigilant managers – it's a part of our job responsibilities! Understand the fraud risks in our areas Manage the challenges and exposures that fraud and misconduct present Minimize the opportunities Immediately report suspected misconduct and dishonesty

© Grant Thornton. All rights reserved. 35 What happens when someone is caught?

Behavioral Red Flags Displayed by Perpetrators 36 OBSERVATION: Monitoring employees personal lifestyle is a sensitive issue, but you can't put your head in the sand.

Criminal Prosecutions 37

Recovery of Losses 38

© Grant Thornton LLP. All rights reserved. Questions?

Schemes by Industry 40