© 2015 Association of Certified Fraud Examiners, Inc. Fraud in Capital Projects and Construction Denise Cicchella, CFE, CIA, CCA, PMP
© 2015 Association of Certified Fraud Examiners, Inc.
Fraud in Capital Projects and Construction
Denise Cicchella, CFE, CIA, CCA, PMP
Fraud in Capital
Projects and
Construction
2015 ACFE
Annual
Conference
Denise Cicchella, CFE, CIA, CCA, PMP
Auspicium, CEO
Agenda
• Phases of Projects
• Risks at each phase
• Opportunities to commit fraud
• Fraud Prevention Controls – Need for
Governance
• Investigation Strategies and Tips
(c) 2015 Auspicium
Capital Projects Defined
• Delivers specific objective
• Often specialized in nature (may not be a
core competency)
• Long-term consequences and impact
• Material investment of capital
• Often high risk
– Impact
– Likelihood
(c) 2015 Auspicium
Examples
• New IT System
– ERP
– Customer Fulfillment
• Development of New Product or Service
• M&A
• New Building or Facility
– Corporate HQ
– Warehouse / shipping facility
– Data Center (c) 2015 Auspicium
Risky Business
• Project Risk
– $$$$$$
– Probability of Failure
– Reputational
• Vendor Risk
• Technology Risk
• Sabotage Risk
• Fraud Risk
(c) 2015 Auspicium
Risk Mitigation
(c) 2015 Auspicium
Phases of a Project
(c) 2015 Auspicium
Decide Design Vendor
Selection Project
Execution Done
Project Life Cycle Activities
• The least is known about the project near its beginning
– Plans to be developed
– Concept that has to develop
• The level of uncertainty and risk is highest at the beginning of the project
– Feasibility
© Auspicium 2015
Decisions…
• New activity (service / product) • New system • New building • New market • Replacement system / building • Acquisition / Merger • Divestiture / Closure
ANY one of which could result in multiple
projects!
© Auspicium 2015
Decide
• Business decision to go ahead with a
project:
– Aligned with corporate strategy?
• Project approval process followed
– Are risks acceptable?
• Is there a trend to how projects are
approved?
– Bias
– Motive (c) 2015 Auspicium
Bias in Decision Making
• Projects chosen not in organization’s best
interest
• Promote self interest
• Poor tone at the top
• Incompetence or fraud?
• Loss of employee morale
• Reputational damage
(c) 2015 Auspicium
Decision Techniques
SWOT
Payback
NPV
IRR
Pros/Cons
(c) 2015 Auspicium
…besides Techniques • Is decision based on:
– Accurate information
– Information from reliable source
– Detailed information
• Are constraints realistic?
– Time
– Cost
– Technical feasibility
• Transparency of decision making
(c) 2015 Auspicium
Identifying Bias & Favoritism
• One: • Project manager always picked
• Type of project always chosen
• Vendor always selected
• Projects chosen against corporate strategy
• Failure to comply with policy
• Decisions overridden
• “Pet Projects” — even if not prime focus of
business
(c) 2015 Auspicium
Actionable Findings
• Failure to comply with policy
– Disciplinary Action
• Trends may trigger further investigations
– COI
– Kickbacks
• Enhance processes
(c) 2015 Auspicium
Project Sabotage
• Purposely harming a project to make it fail:
– Vandalism
– Theft
– Picketing
– Withholding information
– Misleading information
– Friend in front, knife wielder in back
• Proving the wrong project was picked
(c) 2015 Auspicium
Sabotage Happens
• Damaging IT equipment to prevent a new
system from going live
• Planting endangered species on a
proposed site
• Leaking proprietary project information
– To public
– To competitor
• Likelihood increases for sensitive projects
(c) 2015 Auspicium
Sabotage Motives
• Fear of Change
– Unemployment
• Conscience
– Environment
– Government or Corporate Policy
• Financial
– Steer toward alternative action
(c) 2015 Auspicium
Decision-Making Red Flags
COI, Bribes, Kickbacks, and Corruption:
• Costs / Revenue Assumptions • Unsupported
• Skewed
• Ignoring good projects and selecting bad
projects
• Project selection and approval policies not
followed
• Risks understated (c) 2015 Auspicium
Opportunity
• Decisions taken by single individual:
– Site Identification
– Site Selection
– Vendor Identification
– Vendor Selection
• Executive override
• “Bully”
• Trusted Advisor
(c) 2015 Auspicium
Hidden Personal Agendas
• Is it Rose Colored Glasses or Personal
Gain?
• Miscalculations (error or intentional
“mistake”)
• Motive
– Personal gain
• Kickback
• Contracts to related parties
• Future employment
• Property owner
(c) 2015 Auspicium
Design
(c) 2015 Auspicium
What Who
When How
What
• What will the project:
– Cost
– Do
– Be used for
• Expectations
• Key deliverables
• Expertise will be needed
(c) 2015 Auspicium
Who
• Will run the project
– Internal
– External
– Executive Sponsor
• Will govern the project
• Will fund the project
(c) 2015 Auspicium
When
• Will the project finish?
• Are the milestones? • SMART
• Will progress reports be issued?
Dates may be calendar and/or event driven
(c) 2015 Auspicium
How
• Do you see it getting done?
• Does the organization plan on using it?
– Initial purpose
– Re-purposes
– Expansion
• Can we maximize stakeholder
expectations?
(c) 2015 Auspicium
Fraud in Design
• Overly restrictive criteria
• Overstating the probability that a design
will work
• Ignoring risks and barriers to success
• Designing more than is needed
– Gold plating
– Personal agenda
– Expanding project scope
(c) 2015 Auspicium
Key Players
• Design often involves specialists
– Architects
– Lawyer (should be but often done by in-house
counsel)
– Project Manager
– Programmers/Systems Analysts
– Strategic Consultants
(c) 2015 Auspicium
Issues
• “Up Sell” services
– “Extras”
• Inflate work
– >24 hours in day!
• Extreme promises
– “We can install a new system bug free in
three hours”
• Recommending Related Parties
(c) 2015 Auspicium
Vendor Selection Phase • Know expertise of vendors – don’t assume
– Creative Resume Writing
– Bid to find out strategies
– Unqualified but bid anyway
• Results in errors in execution
• Results in change orders
• Identify if vendors are related
• Ensure scope is clear
– If not – here come the change orders
• Do not over rely on contractor (c) 2015 Auspicium
Considerations
• What information/assets does vendor have access to: – What records is the vendor keeping?
– Where is the vendor storing records?
– How are the records being destroyed?
• How is the vendor accessing the site or system?
• How is site/system access monitored and controlled – consider: – New employees?
– Terminated employees?
– Impaired employees?
© Auspicium 2015
Vendor Bidding Frauds
• Collusion
• Bid Rigging
• Price Fixing
• Bidding to Unqualified Vendors
– Under-specializing the specialists
• Overspecializing the Specialists
• Bait and Switch
(c) 2015 Auspicium
Corruption
© Auspicium 2015
Bid Rigging
• Cover pricing: submit a higher price or unacceptable terms, possibly for sub contract
• Bid suppression: agree not to bid or withdraw
• Bid rotation: taking it in turns to win
• Splitting the market: carve out segments of the market or geographic locations
© Auspicium 2015
Preventing Bid Rigging
• Level Playing Field – Defined selection criteria – More then one set of eyes – No single voice – No conflicts of interest
• Approved Contractor’s List – Review – Refresh
• Banned Lists – www.epls.gov
• May be a banned site
© Auspicium 2015
Loose Lips Sink Ships
– Don’t allow the bidding process to be compromised by disclosing bids or insider information
– Policy not to disclose rival bids before opening
– All communication to bidders should be done SIMULTANEOUSLY
– Use of NDAs for internal and external stakeholders
© Auspicium 2015
Know Your Vendor
• Pending Litigation
• Bankruptcies
• Citations – Health
– Safety
– Labor
• Past Performance – Delays?
– Cost Overruns?
© Auspicium 2015
Up-Billing
• “Bait and Switch” personnel
• Promise the President deliver an intern
• Qualifications
• Licensing
• Rates (?)
© Auspicium 2015
Digging up the Dirt
• The Internet has made it easier to uncover background information about people and companies
– Pay to Access Databases
• D&B
• Lexis / Nexis
– Accurent/Relavent
• Hoover’s
• Kroll’s
© Auspicium 2015
More Dirt
• Government Records – Licenses
– Complaints
• Blogs – Current and former employees
– Advocacy groups
• Social Media
• Traditional Media – Newspapers
© Auspicium 2015
Detecting Vendor Problems
• Bid analysis
• Patterns of bidding
• Trends
• Price comparisons
– Benchmarking
– Independent appraisals
• Quick response
© Auspicium 2015
Contract as a Control
• Who writes the contract has the advantage • Don’t accept vendor contracts without challenge
• Make sure contract works for you
• Terms and conditions are added or edited
• Contract matches proposal
• Reviewed by expert
• Keep relationship but stand ground
• Make sure contract terms don’t contradict
(c) 2015 Auspicium
Requirements Not
(Clearly) Defined
• The BIGGEST pitfall
• If the requirement isn’t clearly articulated:
– Undue reliance on vendor to “understand”
– Contract difficult to enforce
– Escalated costs
– Monitoring not possible or difficult
– “Objectives” not met
© Auspicium 2015
Legal Advice
• Internal counsel may not have expertise in
the contract subject matter
– IT
– Construction
• Contract may contain domain-specific
terminology (Lingo/Jargon)
– Hard / soft costs
© Auspicium 2015
Right to Audit
• What records will owners have the right to review
• When does audit right expire
• Where will audit be done
• Who pays for the audit
• Does the right to audit pass to subcontractors
• What will happen in the event of overcharges
• Can you audit records not directly related to the project
– Personnel files
– Administrative records
• OFTEN MISSING!!!!!
© Auspicium 2015
Specific Costs or Calculations
• Labor
• Material
• Equipment (rental)
• Indirect costs
• Unit costs
• Specific calculations
• Profit margins
• Payment to inter-related companies
• Change orders
• Exchange rates © Auspicium 2015
Other Cost Considerations
• Pre-assignment of supplier
• Owner reimbursed items
• Industry inflation
• Trade discounts
• Discount prices
• Hard vs. Soft !!
© Auspicium 2015
Liabilities
• Right of refusal to allow employee / vendor on project
• Confidentiality – IT Security
• Expected behavior protocols & consequences
• Premise rules
• Drug/Alcohol Policy – Testing
– Monitoring
– Screening
– Suspicions
© Auspicium 2015
Substitution Clauses
• “The contractor shall have the right to substitute any materials with a substitute of equal value and quality” – Define value
– Define quality
– Define grade
• Material is not available
• Material is more costly
• Construction requirements
• Changes to building code
• Pricing differentials
© Auspicium 2015
Salvage
• Who owns money collected on sale?
• Who will it be sold to?
• Who does it belong to?
• Disposal (especially IT)
• Retainage of scrap
– Same criteria apply
– What does owner get for routine maintenance
– The more intricate the design, the more scrap
© Auspicium 2015
Early Termination
• For Cause
– Disciplinary
– Performance
• Financial reasons
• Destruction beyond a certain
point
• Sale to another party
• “Just Because”
• Force majeure
© Auspicium 2015
Breach of Contract
• Damages
– Performance
– Team
– Liquidated
• Can contractor cancel?
– With or without cause
• Vendor dismissal
• Finance charge reimbursement
– Delayed start or finish
© Auspicium 2015
Guarantees
• Performance
• Quality of work
• Material
• Equipment
• Extended warranties
• Who pays
© Auspicium 2015
Dispute-Resolution Agreements
• Arbitration
• Litigation
• Mediation
– Who mediates
– Jurisdiction
– Binding versus Non-Binding
– Pre-assigned mediator
• Resolution Protocol © Auspicium 2015
Project Execution
• Most project time
• Most project expenditure
• Anything can go wrong
• MUST BE MONITORED
– Deliverables
– Performance
– Changes
– Key Performance Indicators
– Security (c) 2015 Auspicium
Important Deliverables
• Cost/Budget
• Time
• Scope
• Quality
• Safety
• Other
• Defined and monitored
(c) 2015 Auspicium
Other
Cost
Time
Scope Safe
Quality
Professional Service Frauds
• Working more then 24 hours a day
• “Raises”
• Raises with underpayments
• Everyone appointed as lead
• Highest paid employee does clerical work
• Working without license
– “Borrowing” of licenses
(c) 2015 Auspicium
Inflated Labor
• Overstated hours
• Ghost Employees
– Not there
– On other sites
– Undocumented
• Overtime “mis”calculations
• Equipment operators without equipment
• Pay for training or vacation
(c) 2015 Auspicium
Material & Equipment Fraud
• Ordering for other projects
• Material never shipped to site
• “Nice to have” material
– iPads
– Otter boxes
– Tablets
• Obtaining excess materials
• “Stolen” from site
(c) 2015 Auspicium
Overpayments on Equipment
• Equipment that is idle more then it is used
• Equipment used without operator
• Charging piece by piece
• Charging at wrong rate
• Charging same equipment multiple times
• No credit for returns
(c) 2015 Auspicium
Change Order Abuse
• Execute change and then get approval
– Sometimes OK
• Foundation work
• Stop catastrophe
• Split change orders
• Change order for work in scope
• Fraudulent site conditions
• Price inconsistent with normal work
(c) 2015 Auspicium
The Investigation
• Investigation triggers
– Budget
– Executive Concerns
– Tip
– Observation
– Audit
• Document concerns about the project
• Map key players and relationships
(c) 2015 Auspicium
Investigative Team
• Subject matter expertise
• Determine if experts need to be called in
– What capacity will they serve?
• Investigate and negotiate
• Investigate and litigate
• Investigate only
• Quality (e.g. materials used)
• Legal
– Attorney Client Privilege
(c) 2015 Auspicium
Establish Facts
• Obtain contracts and project charter
• Obtain original investment decision
– Highlight any objectives
– Highlight constraints
• Time
• Money
• Scope
– Compare to actual
– Calculate/ID deviations from constraints
(c) 2015 Auspicium
Interview Key Players
• Executive Sponsor
• Project Manager and Team
• End Users (if at that stage)
• Key Vendors and Subcontractors
– (Should have the right to do so in your
contracts)
• Depending on suspicion, interview most
“innocent” first
(c) 2015 Auspicium
Follow the Money
• Obtain project financials from project
manager and accounting!
• Graph data to identify unusual trends
• Look for money spent “out of order”
– Painting before masonry
• Obtain change order log
• Trends in change orders
• Inappropriate vendors or charges
(c) 2015 Auspicium
Useful Graphs
• Budget to actual
• Timing of expenses
• Expense by:
– Vendor
– Trade / Specialty
– Clusters (Location / Employee / Phases)
• Change Orders
– Root Causes
(c) 2015 Auspicium
Determine Progress…
• What stage of the project life cycle are you
at?
• If work is completed – does it work?
– Quality of deliverables
• Progress to date
– Project Management reports
– Incident reports
– Minute meetings (if kept)
– Test reports and other assessments (c) 2015 Auspicium
Suspects • For vendor(s): similar issues elsewhere?
– May need to assess vendor vetting
– Re-perform (Kroll)
• For employee(s): employment history
• Has organization had similar issues on
other projects?
– Commonalities
• Are there related issues?
(c) 2015 Auspicium
Cost & Invoicing Issues
• Trace invoices:
– Is amount invoiced reimbursable per
contract?
– Is amount invoiced accurate per documented
backup?
– Are invoices submitted in a logical order?
– For reimbursable, is there proof money has
been paid?
– Are invoices submitted timely?
– Do invoices flow one to the other (c) 2015 Auspicium
Investigation Results
• Is it fraud?
– Incompetence
– Errors
– Rush
• Cost Recovery
• Litigation / Disciplinary Action
• Were policies/methodologies followed?
– Possible Improvements
(c) 2015 Auspicium
Questions/Comments
(c) 2015 Auspicium
Denise Cicchella
1-877-550-6802
(201) 835 – 4069
Linked in
© 2015 Association of Certified Fraud Examiners, Inc.
Fraud in Capital Projects and Construction
Denise Cicchella, CFE, CIA, CCA, PMP