From the ACFE (Association of Certified Fraud Examiners)

Fraud includes any intentional or deliberate act to deprive another of property or money by guile, deception, or other unfair means.

Fraud against a company can be committed internally (also called occupational fraud) by employees, managers, officers, or owners of the company, and can be defined as “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets.” 

Fraud can also be committed externally by vendors (bid-rigging schemes or billing for goods or services not provided), customers (bad checks or falsified account information for payment), and additional threats of security breaches, thefts of intellectual property or proprietary information perpetrated by unknown third parties and hacking, to name a few. 

Why does Fraud Occur? The most widely accepted model for explaining why people commit fraud is the fraud triangle, a combination of Financial Pressure, Rationalization and Opportunity.

Two things you can do to help prevent fraud are to be aware of the behavioral red flags of fraud, and to look for internal control weaknesses in your area of responsibility.

Key warning signs (behavioral red flags) are: Living beyond means, Financial difficulties, Unusually close association with vendor/customer, Control issues/unwillingness to share duties, Irritability/suspiciousness/defensiveness, “Wheeler-dealer” attitude and Divorce/family problems. 85% of all fraudsters displayed at least one behavioral red flag while committing their crimes.

Key internal control weaknesses are: Lack of internal controls, Ability to override controls, Lack of management review, Poor tone at the top, Lack of competent personnel in oversight roles and Lack of employee fraud education.

Unfortunately, fraud happens everywhere. See the below for examples of fraud in Higher Education.
Higher Education Fraud Examples

University of Kentucky ex-employee used $256,000 in school money to pay for 84 iPhones, other tech equipment, travel and additional personal items on University Card. Read more

Former Florida State University finance professor sentenced to prison for intentionally embezzling money from the Student Investment Fund Inc. (SIF), by making a series of transfers totaling more than $650,000 from the SIF to his own personal investment account. Read more

Duke University settles research misconduct lawsuit for $112.5 million. The lawsuit alleged that the university included falsified data in applications and reports for federal grants worth nearly $200 million. Read more
Cyber Threats: Ransomware

Don’t be an easy target for ransomware cyber criminals! The year 2020 was unprecedented for many reasons, one of which was the number of data breaches resulting from cyber-attacks, such as Ransomware. With the growing number of attacks came a change in the complexity of the threats and the emerging trend of greater tactical cooperation among hacker groups and state sponsors; thus, changing the playing field as cyber-criminals work together with support from some international governments.
Policy Spotlight

Information Security Awareness Training: Per University Policy, this is mandatory training for all campus employees who regularly access USA computer networks and systems as part of their job. USA staff (starting on 06/21/2021) and faculty (starting on 09/06/2021) will have 60 days to complete the training. The course provides employees with an understanding of the cyber threats prevalent today, and steps that can be taken to reduce the risk of cyber intrusions.
The South Compass is a joint newsletter from the Offices of
Internal Audit and Compliance at the University of South Alabama.

HELPFUL RESOURCES

Ethics & Compliance Hotline or Direct Dial 1-844-666-3569