BBC reports on 3/6 that Oxfam ex-fraud chief admits defrauding charity.
Oxfam, a development charity in England, has revenue of £385.5M (~$645M) in 2012.
The charity’s head of the counter-fraud department pled guilty to embezzling about £62.6K (~US$105K) and will be sentenced May 16.
(Cross-posted from my other blog, Nonprofit Update, since this is useful info for CPAs.)
His scheme?
He formed several false companies and submitted fake bills to the charity for services rendered by the companies, according to the article.
The scheme apparently ran from February through December of 2011. Article doesn’t explain why that is the end of the scheme.
His legal counsel says he had an addiction to prescription pain medicines and his marriage was falling apart. The counsel also says, according to the article, he was admitted to a psychiatric hospital in January 2013.
Thoughts for auditors
The fraud scheme was creation of fake companies (more than one), preparing & submitting fake invoices, and approving them for payment. Didn’t see what the invoices were for, but I’ll guess they billed for professional services.
The brief article gives sufficient coverage to ask a few questions.
Where do you see the three sides of the fraud triangle?
Would you have picked up on that?
What routine procedures in your audits would have detected this fraud scheme?
Answers for non-auditors
Fraud triangle can be seen:
- Opportunity – he had authority to approve invoices. Probably had sufficient authority to approve payments for services that would not be visible to anyone in the accounting function.
- Motivation – Drug addiction. Possibly trying to salvage his marriage by spending money on nice things.
- Rationalization – “I wanna fix” would be sufficient. The addiction or horrible pain of his disintegrating marriage could easily overwhelm any restraint against thinking fraud was wrong.
Assume the invoices actually looked like real invoices, with printed letterhead, professional logo, and legit mailing address. What procedures would reveal that fake invoices from a fake company with a real address and bona-fide approval by an authorized manager are actual fraudulent?
I don’t know.
The auditor’s procedures should include kicking vendor’s tires on a spot basis… Especially in the international development world. As an adjunct to routine vendor invoice transaction testing, select a sub-set of vendors (based on risk and/or sampling), and pay a visit to the vendors. Ensure physical existence, verify that bids and invoices match the prime auditee’s records, and any other tests as appropriate in the circumstances.
Thanks for the comment.
Visiting vendors would be a great surprise audit procedure. Would increase possibility of detecting such frauds. Given the increase in virtual firms and considering use of vendors from across the state or around the country, would be difficult to implement. How would such an approach be applied to professional service providers?
Other out of the box ideas would be doing a cursory internet search. Setting up a fake web site, phone number, and mail drop is easy but still takes time. Creating a wider internet presence would take a fair amount of time.
Thanks again for getting us thinking.