To identify some of today’s most common “fraud traps,” we reviewed 57 cases of fraud in the news in the past few years that impacted school districts across the country.
School district fraud can be anything from an employee siphoning off cash to pay for a weekend fishing trip to a complex scheme to divert millions of dollars of district funds into a bogus bank account.
To identify some of today’s most common “fraud traps,” we reviewed 57 cases of fraud in the news in the past few years that impacted school districts across the country. Understanding the latest fraud trends can help school districts avoid these traps by making sure their internal controls are up to date.
Our review illustrated that districts of all size are susceptible to fraud. Smaller schools may not have strong internal controls or sufficient segregation of duties while larger districts have such high volume of transactions and disbursements that fraud can slip through the cracks. We categorized the 57 cases into four categories of fraud and assessed the financial impact for each category.
Misuse of Funds
In one of the most common forms of fraud, an employee used a district credit card or P-card to pay for home improvements, utility bills, gift cards, fuel for personal vehicles, personal travel or other expenses. The most common perpetrators were superintendents, department heads, coaches and principals.
In most cases, the fraud was concealed because the cardholder had complete control over purchases without oversight (authorization, reconciliation and payment processing). In one instance, a cardholder falsely claimed to have submitted an expense report, taking advantage of confusion that arose when the district switched to a remote working environment. In another case, the cardholder allocated the charges across numerous budget codes, making the fraud more difficult to detect. The use of third-party payment processors such as PayPal and Square are being used more frequently to conceal fraudulent purchases with a credit card.
Cash and Checks
When it comes to cash and checks, most of the fraud can be traced to individuals who manage student activity funds, booster funds or campus funds. While the average financial impact was smaller compared to credit card fraud, cash theft and check fraud occurred more frequently as these schemes are more difficult to detect with individuals diverting funds and altering financial records to cover their tracks. We observed examples of employees forging checks, falsifying the check register, as well as using signature stamps to circumvent controls and conceal their efforts.
In many instances, secondary approvals or signatures were not required or the policy was not being enforced, making it easier for the fraud to go undetected.
- Ensure proper segregation of duties: Require secondary approval and/or at least two signatures for all credit card or cash transactions.
- Make sure the district has a robust credit card policy or manual that defines allowable and unallowable purchases. Provide periodic training for cardholders and personnel reviewing expense reports focused on policies and procedures.
- Implement deadlines for submission of receipts and revoke credit card access for non-compliant cardholders. Review and approve all purchases before making payments to the credit card company. For cash transactions, deposits for student/campus funds should be turned in the day of or the day after receipt.
Kickback schemes were the most common type of vendor fraud with superintendents, department heads and board members awarding contracts to vendors in exchange for kickbacks in the form of cash payments, equipment, discounts, or job opportunities.
Often times kickback schemes are difficult to detect. Red flags may include higher costs for services and equipment compared to other school districts or competing vendors as well as evidence of payments being made to vendors without services rendered. Many of the vendors that engaged in kickback schemes had connections to district personnel, particularly employees with decision-making authority in the vendor selection process.
Conflicts of interest
In addition to kickback schemes, we observed vendor fraud related to conflicts of interest between employees and vendors or contractors. Conflicts of interest are not necessarily improper. Issues arise when an individual’s financial interests are not disclosed and the individual influences the selection of a vendor or contractor for their personal benefit. In a typical fraud scheme, a district conducts business with an entity in which a school official or employee has an undisclosed interest, including vendors, construction contractors or subcontractors. The most common perpetrators of this type of fraud include superintendents, board members and CFOs.
- At a minimum, all new vendors should be subject to background checks that discloses ownership, affiliations, litigation, and regulatory or legal violations.
- Purchasing procedures should be divided among several employees and functions rotated regularly (for example, the person ordering services or supplies should not be responsible for approving invoices).
- Ensure transparency in the bid evaluation and selection process for vendors and contractors, and provide an explanation if the lowest bidder isn’t selected. Require annual board training, conflict of interest statements, and other public disclosures.
Seven of the fraud cases we reviewed related to phishing scams perpetrated by external parties to divert payments intended for legitimate vendors, contractors, or bond payments. The average loss in this category was $2.1 million, the highest among the four fraud categories.
As most of us know by now, phishing scams involve email messages directed to employees to perpetrate theft. Fraudsters typically send emails to employees under email accounts disguised as legitimate vendors and request changes to vendor payment instructions on file (e.g., ACH information). In some cases the fraudster will collude with an employee to gain access or information.
Fraudsters often take advantage of the level of transparency required of school districts, especially related to vendors and contractors since purchasing laws require board approval for contracts over $50,000. Many school districts will show payments to vendors and contractors on their website as part of financial transparency initiatives.
Phishing scams have become more prevalent and more sophisticated in recent years with fraudsters quickly moving intercepted funds overseas before the district ever knows the funds were stolen, making it difficult to recover stolen funds even if the perpetrator is identified. In other cases the fraudster was able to avoid detection entirely by using sophisticated software to mask their location and identity. School districts are also reliant upon banks to help detect fraud from phishing scams, as well as insurance policies when recovery is not possible.
- Require dual factor verification of change requests for vendor payment instructions. Contact the vendor using the vendor contact information in the master vendor file to confirm that payment instructions were authorized.
- Restrict access to vendor information and payment instructions.
- Implement mandatory employee training on how to identify email phishing scams. Districts should invest in security awareness and training so that employees are better-prepared to identify and report any suspicious activity.
- Invest in technological controls, including spam filtering and anti-phishing software.
- Implement policies for reporting threats to IT Department and thwarted attacks to law enforcement.
Payroll fraud was less common in the recent cases we reviewed, but it can and does happen. In one case, as part of a ghost employee scheme, a technology employee didn’t show up to work for two years and colluded with a school clerk to clock in. In another case, a payroll supervisor changed names on vendor/employee checks to their name before printing, while posting the correct name in the check register to conceal the fraud. In another case, a payroll clerk received unauthorized overtime by forging the supervisor’s signature. Below is a summary of the six payroll fraud cases we reviewed.
- Segregation of duties: Divide responsibility for entering new employees into the payroll system and payroll processing.
- Promote the use of direct deposit for payroll payments.
- Use electronic timesheets.
- Conduct periodic reviews to identify anomalies such as matching bank accounts for different employees, unusual employee numbers, missing personnel files, etc.
Regardless of the type of fraud, we found that the most common deficiency in district operations and procedures was a lack of segregation of duties. If one employee has authority over all functions, the likelihood of fraud increases significantly. Typically, the fraudster has intimate knowledge of processes allowing him or her to circumvent internal controls (e.g., falsify check register). Fraudsters often target areas where there is less transparency regarding the ultimate recipient of the funds (e.g., credit card purchases, subcontractors, federal funds). A lack of robust policies and procedures, or the lack of enforcement of policies and procedures, were common themes that contributed to the fraud occurrences.
Most fraud doesn’t make the front page or the local news. In fact, most school district fraud goes undetected. Whether it’s an old-fashioned cash transaction or a more modern kind of electronic theft, fraud is an unfortunate fact of life for many school districts. The best way to combat fraud is to make sure you have effective procedures, including checks and balances, in place. Then make sure everyone in the district follows them.