Internal Crime: Don't Become a Victim
Internal Crime: Don't Become a Victim
Learn to identify and address the behavioral red flags of theft and fraud.
Alan F. Greggo, C.P.P., C.F.E. Mason, Ohio
We all like to think that our employees are honest and diligent workers. They would never consider clipping the cash drawer or borrowing from the deposit, would they?
The good news is that statistically, 90% of employees are honest and would not enter into fraudulent activity in the workplace. But what about the other 10%? Who are they, and just as important, where do they work?
According to the 2010 “Report to the Nations on Occupational Fraud and Abuse,” a study of reported fraud investigations, 5.9% were employed in the healthcare industry. The median loss from fraud in these cases amounted to $150,000 per case.
The information from this annual study was based directly on investigations conducted by members of the Association of Certified Fraud Examiners (ACFE). Had these examiners not conducted best practice reviews or operational audits, the fraud might have gone undetected for years and cost thousands of dollars more in lost profits. What this means is that the doctor or business proprietor had no idea that a crime was occurring — that is, they never recognized behavioral red flags of fraud perpetrators.
What are the red flags? The “Report to the Nations” explains that living beyond one's means was a behavior present in 43% of cases and resulted in a median loss of $250,000.
Additional red flags include:
► A total of 36.4% of these crimes were committed by employees who had financial difficulties. The median loss in these cases amounted to $111,000.
► Control issues, an unwillingness of employees to share duties, present in 22.8% of cases. The median loss here amounted to $250,000.
► Divorce/family problems, present in 17.6% of cases. The median loss in these cases was $118,000.
Just because an associate may fall into one category doesn't mean he is necessarily involved in fraud. These categories represent a cause for concern about the well-being of the associate. Practice managers should understand that a combination of factors increases the risk of fraudulent activity and is cause to rais awareness for violations of policies, “stretching” the rules and other behavior issues. Awarenes by management and enforcemen of existing policies and procedures helps deter an otherwise good associate from making a bad decision.
Start with the background
Conducting a thorough background check before hiring is ex tremely important because when you start with an honest associate at day one, it makes it much easier to recognize and react to the subsequent appearance of any of the behavioral red flags that were discussed earlier. According to the National Federation of Independent Business (NFIB), the background check should include contact with:
► previous employers
During these communications, the NFIB recommends yo look for signs of stealing or fraud, and consider requesting a police background check.
As a case in point: A few years ago, I was involved in a best practice review of a franchise optometrist and optician's office. They expressed concern regarding the practice's profitability. After two days of crunching the numbers, my team learned the reason the franchise owner wasn't seeing the profit expected: The franchise was making sales goals, but was not realizing the profits from the receipts put in the cash register. The review uncovered plenty of evidence that cash was being removed from the bank deposits before they were placed in the bank.
All evidence found during the investigation pointed to the office manager, who appeared jittery throughout the review.
A police background check of the manager uncovered a three-year prison sentence because this office manager embezzled $300,000 from his previous employer, a doctor's office. Now, three years later at his very next job, he stole $84,000 from this franchise owner, who by the way, did not conduct background checks on his new hires.
Review once a year
I urge every practitioner to conduct an annual checkup of their own office and business practices. Complete a best practice review to audit the movement of cash, checks and credit cards, as well as the controls your practice has established to safeguard your money from when it's received until it's deposited in the bank. The review should examine such areas as bank deposit controls, the physical security of your building and general operational controls. Thorough reviews will evaluate inventory controls, third-party (insurance) processes and follow up. Review of special orders and balances due from the customer accounts are also worthwhile areas to examine.
Consider hiring a consultant and/or anti-fraud professional to manage the review process. Organizations, such as the ACFE (www.acfe.com) offer a number of resources, including a search function to find a local examiner. Regardless of where you search, do your homework to make sure the examiner demonstrates experience in the following areas:
► accounting and auditing
► criminology and sociology fraud investigation
► loss prevention
The ACFE website also offers a downloadable “Fraud Prevention Check-Up,” which can identify gaps in a practice's fraud prevention processes.
While conducting a review, the auditor should also evaluate The Health Insurance Portability and Accountability Act (HIPAA) privacy controls, Medicare controls and human resources procedures. (For more information, see “How Safe Are Your Patient Records” Optometric Management, September 2010.)
If your practice accepts Medicare, you must follow guidelines that are subject to federal compliance inspections. For example, Medicare requires practices follow a record retention policy for all Medicare filings, especially those not filed electronically. Also, be aware that if your practice hires associates, federal guidelines require the completion of an I-9 (Employment Eligibility Verification) form. These documents are subject to inspection by the government, and Uncle Sam may levy penalties if you can't produce the forms or if the forms are missing information.
Have a practice consultant or auditor review each of these areas. The auditors should discuss the results of these reviews with no one but the practice owners and management. (As an aside, the correction of any errors and omissions will save thousands of dollars in future fines. Most fines are levied regardless of whether management understood the audit process. Federal regulators generally show up to audit HIPAA, Medicare or Form I-9 compliance when a customer or employee lodges a complaint.)
If you hire a consultant to conduct a best practice review, request that the review be done in confidentiality. Use the results to assess and reduce risk as well as to improve your practice's compliance processes.
What's your number?
In his book The Survivors Club: The Secrets and Science that Could Save Your Life (Grand Central Publishing, 2010), author Ben Sherwood explains the 10-80-10 theory. This theory holds that in any critical incident, 80% of the people's response is to freeze and wait until a leader emerges. Another 10% of the people emerge as the leader to help the 80% survive or escape to safety. The remaining 10% respond inappropriately — usually in a panic. What allows the 10% who emerge as leaders to remain calm and be recognized as the one to follow? The fact that in any given set of circumstances, these individuals take time to think about what they would do if the unthinkable happened.
Doctors focus on patient care and are not typically experts on business abuses that can occur in the management of their practice. As was noted at the beginning of the article, most doctors wouldn't recognize the signs and would likely lose a lot of profit before the fraud was discovered.
Therefore, if we classify embezzlement and fraud as critical incidents, we must ask: What would happen if a doctor observed a pattern of fraudulent activity or if a federal investigator showed up on the practice door step because of a complaint? Using Mr. Sherwood's theory:
► A total of 10% of the doctors or office managers would panic and act inappropriately.
► A total of 80% would freeze up and not know what to do. They would wait for the leader to emerge.
► A total of 10% of the doctors or office managers would remain calm and formulate a course of action.
In this instance, the “survivability” of the latter 10% is markedly improved. They would initiate an investigation and would cooperate with the federal auditors, knowing that their investigation corrected any irregularities.
Without having thought about the “what if?” questions ahead of time, the practice owner has about a 90% chance of reacting in the wrong manner, thereby increasing the risk that his practice will lose profits.
Occasionally, during a best practice review, a process improvement is uncovered that can result in direct profit recovery or cost savings for the medical practice. This is the most recognizable pay-off for investing in a review. For example, when visiting a doctor's office, I found no follow up on insurance payments due, and the 30-60-90-day aging report was actually a more-than-120-days-aging report. By identifying a process to follow up on collections, this practice was able to realize $65,000.
In conclusion, I ask “Are you ready for the worst?” With a little review, planning and follow up, your practice can be more profitable and more resistant to risks that could drain profit. Review your procedures for fraud, regulatory compliance and effi ciency practices so you are prepared. The small investment is worth the peace of mind. It shows you are prepared to mitigate risks and are on target with regulatory compliance. Office staff can be trained and educated on fraud prevention and proper compliance practices. This means more time for you to concentrate on your patients and giving them the best care possible. OM
||Mr. Greggo is the principal of Profit Rx, an asset protection firm specializing in risk and threat assessment and fraud investigation. He has 30 years of experience with retail and healthcare businesses in loss prevention and asset protection. Contact him at Alan email@example.com, or (513) 236-2642. Send comments on this article to firstname.lastname@example.org.|
Optometric Management, Issue: December 2010