Year 14 – 2001 – Fraud Analytics – part 2

The “Big one that got Away” – involved hundreds of millions of dollars in contracts for hardware and software maintenance over ten years.  I ran a couple of tests to highlight red flags related to fraud risks and identified the fraudster a couple of times – but didn’t pursue the issue enough to uncover the fraud.

The first red flag was identified when I performed an audit to determine if we had employees who were also contractors.  This test identified a contracting officer (Paul).  When his manager was asked whether Paul (the employee) had declared that he was also serving as a contractor we were told that our test was inaccurate because Paul was not an employee.  We pointed out that for ten years Paul was: on the organization chart; had employees reporting to him; had an office and phone; had contracting authority and was responsible for a budget.  If he was not an employee then this was an employer-employee relationship which was against policy and a serious risk.  The manager said “not to worry, we will hire him” and did so.  I was told to close the file on the issue.  Strike One.

Later that year, I was purchasing 20 laptops for the audit department.  The contract went to Paul for approval and he called me.  He was combining a bunch of purchase and trying to get a bulk purchase discount and wanted to know if I was willing to include my laptops in the package.  I agreed as long as I got the same quality for the price.  When the laptops arrived they were lower CPU speeds and cost more than what it would have cost me for the better laptops.  I called Paul and complained, but he rationalized the purchase by saying that we did really well on the desktop computers and had to give a bit on the laptops.  I wrote an email to his manager and received an answer that was identical to the verbal response from Paul (obviously Paul had told his manager how to respond – maybe even wrote it for him).  I checked to see if the contractor who supplied the laptops was the same one Paul used to work for – it wasn’t.  (Later I learned that I had not dug deep enough – the firm who delivered on the bulk purchase was a subsidiary of the firm Paul had worked for.)  I was told to drop the issue since apparently our company had done well on the bulk purchase overall.  We never actually verified that we had saved on the bulk purchase.  Swing and a miss – strike two.

The audit plan this year included an audit of contracted software and hardware maintenance.  Computer software and hardware maintenance had been contracted out for 10-12 years.  Numerous contracts totaling hundreds of millions of dollars had been raised and monitored by the responsible contracting officer (guess who?).  So here was another chance to look at the process around IT contracting.

A review of a sample of invoices revealed a $590 charge for the replacement of a computer mouse.  Paul, who had approved the invoice for payment, explained that hardware maintenance could involve many hours of travel to remote offices or minutes for work performed at headquarters, as a result, a standard cost was used and that on average the company benefited from this arrangement.  He also told us that we didn’t understand the complexities of the IT contracts and that we could use of audit resources better elsewhere.

At this time, the team leader left work for personal reasons and the audit was put on hold until another team leader was available.  BTW, we had heard several interesting things about Paul including that he owned several houses, including one with an indoor pool, exercise room, and tennis courts, and 20 or some vintage cars.  All of which are red flags of fraud.  The audit was shutdown – Strike three.

A couple of months later a tip was received by the audit department that had information indicating that Paul was falsifying invoices.  We looked into the validity of the tip by performing a numeric of analytical tests.  One of the tests involved the calculation of labor and material costs for each work order.  This test identified a number of work orders which had labor costs without materials.  Equally odd were work orders with significant material costs and no labor costs.  These were not as expected and further raised concerns about possible fraud.  A review of a sample of invoices for these contracts verified the validity of the tip and caused the audit to enter a different phase – a preliminary investigation fraud investigation.

The auditors reviewed the contracts for software and hardware maintenance to ensure that proper contracting procedures had been followed.  The prime contractor, from whom they received all invoices, was a reputable firm, but they found that many contracts had sub-contractors and even sub-sub-contractors.  A detailed review of the invoices, all approved by Paul, discovered numerous discrepancies including the payment of invoices without any evidence of goods/services having been received, higher than expected charges for standard pieces of hardware (disk drive, monitors, computer mouse, etc.) and other troubling issues.

The auditors worked their way through a complex billing scheme and discovered that Paul had established a company through which millions of dollars in software and hardware maintenance contracts were being funneled.  This company then sub-contracted with other companies who performed the necessary services.  The sub-contractors added their own markup when they billed for the work performed and sent their invoices to the prime contractor, who sent an invoice to the contracting officer.  In some cases there were three levels of markup, with the resulting charges being over 50 percent more than the original cost of the work.

The audit also found that Paul, through a company he had created, was also submitting invoices for work that was never performed and billing for equipment used for contracts with other companies.  These fake invoices were duly processed by a sub-contractor, and sent to the prime contractor, each adding their own markup without questioning if the work had been performed.  The prime contractor then sent them to Paul for certification and payment.

The subsequent forensic audit and criminal proceedings determined that we had been overcharged at least $146M over the last ten years.  While it was difficult to determine how much the contracting officer had personally received, red flags indicated that he had done quite well.  In particular, he owned several houses, including one with an indoor pool, exercise room, and tennis courts, one in the Turks and Cacaos; 15-20 vintage cars; and had taken numerous expensive holiday trips and cruises on a $80K salary.

After the results were analyzed and criminal prosecution initiated, the auditors spent time reviewing what had gone wrong, the control weaknesses, and the red flags that could be used to highlight high-risk contracts in other areas.  A series of computer analysis techniques were used to select high-risk contracts for review by audit on a more continuous basis.


Lessons-Learned: Red flags are often present in cases of fraud.  In this case, Paul was living beyond his means.  He told co-workers several stories such as he had won the lottery; inherited money from an aunt; and invested in technology companies that had done extremely well.  None of these were true, but he always had a plausible answer.  This is often true of someone committing fraud – they will provide answers that have a ring of truth and which may be hard to verify or disprove.  We also found that since he was in a position of trust – he could attack the auditors and try to discredit their work and understanding of the situation.  He also used his superiors effectively – feeding them with information to support his actions.

I also realized that I had backed down too early on a number of the early analysis results.  Partially because, like everyone else, I found it hard to believe that some who had been in a position of trust for such a long time (10 years) could possibly be involved in a fraud of this size.

Lastly, I learned that analysis can (and did) identify symptoms of fraud in the data.  This (eventually) helped to focus the auditors on specific transactions that uncovered the extent and the methods used to commit the fraud.  According to my analysis the fraud totaled cost to $300M; and as a result of the post-fraud analysis, the prime contractor refunded $146M.

This article has 1 Comment

  1. Hi Dave, interesting story, I hadn’t realized you had been involved in this. I was still at the OAG when this happened and I remember having lots of discussions about this case with colleagues.

    I am enjoying your blog, looking for to the other years.

Leave a comment