Posted on

IIA Philadelphia and Baker Tilly’s Fraud & Ethics Symposium is Postponed! Stay tuned for the new date.

Register here!

This one day fraud symposium, sponsored by Baker Tilly’s Global Forensic, Compliance and Integrity Services and Solutions Practice Group and hosted by the Institute of Internal Auditors, Philadelphia Chapter, will include topics such as:

  • Culture
  • Current trends in white-collar crime
  • Tone is the middle
  • Policy management
  • Case study on a local fraud

Planned speakers

Jonathan T. Marks, CPA, CFF, CFE, Partner | Firm Leader, Global Forensic, Compliance and Integrity Services and Solutions, Baker Tilly

“Symposium Coordinator, Host, and Moderator”

Jonathan is the firm leader of the global fraud and forensic investigations and compliance practice. He has more than 30 years of experience working closely with his clients, their board, senior management and law firms on global and cross-border fraud and misconduct investigations, including bribery, corruption and compliance matters. He is a well-regarded author and speaker, who has gained international recognition for developing thought leadership that has enhanced the profession.

Niki A. den Nieuwenboer, Assistant Professor of Organizational Behavior and Business Ethics, The University of Kansas School of Business

“Tone in the Middle”

We know that leadership matters in fostering ethical conduct at work. However, the focus is often on top level managers and their “tone at the top.” The role of middle managers has remained somewhat of a mystery until now. Niki den Nieuwenboer will discuss her recent study that examined a case where middle managers, in response to upper management pressures, coerced front-line employees to deceive upper management about their performance. She will spotlight the creative role that middle managers played in finding ways to cheat, and discuss implications for ethics management and fraud prevention.

Elizabeth Simon, CPA, CFEDirector, Ethics & Compliance for Cox Communications

“Mapping Ethical Risk in Your Organization”

The new DOJ guidance on effective compliance programs is full of requirements to assess risk and manage the compliance program through a risk-based method.  Culture is also of importance, and ensuring a culture of compliance is emphasized in the guidance.  Having a compliance risk methodology that incorporates compliance, ethics, and culture to identify areas of risk is key to ensuring limited resources get directed to the right place.

Edwin J. Broecker Partner, Quarles & Brady 

“Investigations: Strategies to avoid common pitfalls”

Conducting an effective and thorough investigation into alleged wrongdoing has always been a hallmark of an effective compliance program. Unfortunately, many of the investigations fail to achieve their intended results.

Ed Broecker will address some of the common pitfalls to avoid in conducting an internal investigation. The session will discuss initial intake and appropriately triaging the allegation and developing the correct team and work plan to conducting interviews. The discussion will also address report writing and determining the root cause. This session will highlight many of the shortcomings in an investigation and offer practical suggestions for addressing them including issues around bias, privilege, confidentiality/privacy and reporting back to the complainant.

Michael Rasmussen – GRC Pundit and

Andrew Fletcher, Partner, Blank Rome

“The Code of Conduct – Effective Policy Development and Management”

The Code of Conduct sets the tone and reinforces the importance of conducting business within the framework of professional standards, laws, and regulations, together with policies, values, and standards.  It outlines the values and behaviours that define how organizations do business. It holds people accountable to be open-minded and responsive and to give their best.

Policies & procedures must be in place to safeguard and educate staff, to protect the organization against unnecessary risk, ensure the consistent operation of the business, uphold ethical values of the organization, and to defend the organization should it land in turbulent legal waters.

However, effectively developing and managing policies is easier said than done.

Good policies generally are –

  • Written in clear, concise, simple language.
  • Policy statements address what is the rule rather than how to implement the
  • Policy statements are readily available to the campus community and their
    authority is clear.
  • Designated “policy experts” (identified in each document) are readily
    available to interpret policies and resolve problems.
  • As a body, they represent a consistent, logical framework for organizational action.

in practice, we know that ad hoc or passive approaches mean that key policies are outdated, scattered across the business, and not consistent– resulting in confusion for recipients; and an insufficient level of governance and reporting for auditors and regulators.

It is no longer enough to simply make policies available. Organizations need to guarantee receipt, affirmation AND understanding of policies across the business.

To consistently manage and communicate policies, organizations are turning toward defined processes and technologies to manage the Policy lifecycle. The continual growth of regulatory requirements, complex business operations, and global expansion demand a well thought-out and implemented approach to policy management.

Attendees will be guided through a discussion on how to develop and implement an effective policy management process within their organization.

policies graph

Matt Kelly  Compliance Expert and Author

“Whistleblower Activity: What’s Good, What’s Real, What Matters”

Compliance and audit professionals all talk about the need for a strong culture of whistleblower encouragement and protection. This session will review what some new data tells us about whistleblowing and corporate culture, and how risk assurance functions can develop a healthy appreciation for internal reporting.

  • How do levels of internal reporting correlate to corporate performance?
  • What types of whistleblower allegations are most likely to be true?
  • How should boards and risk assurance functions handle whistleblowing, based on what the data tells us?

This session will explore some of the data that professor Kyle Welch has been crunching, and some of the counter-intuitive findings he’s dug up. Then talk about how those findings would color what compliance, audit, and anti-fraud people do for investigations and working with senior leaders to cultivate a strong internal speakup culture.

Greg Paw Partner, Freeh Sporkin and Sullivan

Greg will be speaking about the latest updates related to Bribery and Corruption and how Internal Audit should be working with Compliance.

Register here


Jonathan Pic

Register here!

Location Exelon Hall – Just enter the building lobby at 23rd and Market Street and follow the signs down the stairs to Exelon Hall.  No building access is needed for access to the hall.

Continuing Professional Education Credits – The Philadelphia Chapter of the Institute of Internal Auditors is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:

*Speakers and Topics may change due to a variety of factors.  We will do our best to adhere to the agenda.


Posted on 1 Comment

Speaking and Training on Fraud, Compliance, Ethics, and More…

Welcome to my site. I have spoken and been the keynote speaker for many conferences, including the ABA, ACC, ACFE, IIA, and IMA to name a few. I have designed customized training for the board, senior leadership, legal, compliance, internal audit, and others for some of the world’s largest organizations.

“I have had the pleasure to hear Jonathan Marks speak on a number of occasions. …most recently at a Fraud conference sponsored by the Long Island Institute of Internal Audit. Jonathan gave a dynamic and engaging half day presentation on fraud in financial reporting. He engages his audience with his expertise and knowledge of risk management, fraud and internal audit. His ability to share his experiences in fraud investigations over the past thirty years coupled with his interactive approach with his audience made for a compelling and memorable presentation.” Chief Audit Executive 

If you are interested in booking me for your next event or need customized training, please email me with the date or dates, location and address of presentation, the audience make-up, the subjects you would like covered, and the duration of the talk or training.

I have provided you with some Selected Training Programs (See below) and please peruse my blog posts for some additional topics and ideas. Keep in mind I speak and provide training on most anything related to governance, risk, and compliance, with a focus on fraud and forensics.

I will do my best to get back to you quickly.

Thank you!


Jonathan Pic

Jonathan T. Marks, CPA, CFF, CITP, CGMA, CFE and NACD Board Fellow

Selected Training Programs

Management Override of Internal Controls

The risk of management override of internal controls to commit fraud exists in any organization. When the opportunity to override internal controls is combined with powerful incentives to meet accounting objectives, senior management might engage in fraudulent financial reporting. This session will examine management override, focusing on the differences between the override of existing controls versus other, more prevalent breakdowns. It will also explore actions to help mitigate the threat of management override, approaches to auditing for management override and the psychology behind management’s override of controls. You Will Learn How To:

  • Identify red flags of management overriding controls
  • Ascertain an approach to auditing for management override
  • Assess the latest trends and research regarding management override of controls
  • Develop a better fraud risk assessment that highlights areas and gatekeepers that might have a greater chance of overriding controls.

Operationalizing Compliance – Master Class with Tom Fox, Esquire

The Master Class developed by Tom Fox, provides a unique opportunity for any level of FCPA compliance practitioner, from the seasoned Chief Compliance Officer (CCO) and Chief Audit Executive (CAE), Chief Legal Counsel (CLO), to the practitioner who is new to the compliance profession.

If you are looking for a training class to turbocharge your knowledge on the nuts and bolts of a best practices compliance program going forward, this is the class for you to attend. Moreover, as I limit the class to 20 attendees, you will have an intensive focus group of like-minded compliance practitioners with which you can share best practices. It allows us to tailor the discussion to your needs. Mary Shirley, an attendee at the recent Boston Master Class said, “This is a great two-day course for getting new folks up to speed on what matters in Compliance programs.

Tom Fox is one of the leading commentators in the compliance space partners with Jonathan T. Marks to bring a unique insight of what many companies have done right and many have done not so well over the years. This professional experience has enabled him to put together a unique educational opportunity for any person interested in anti-corruption compliance. Simply stated, there is no other compliance training on the market quite like it. Armed with this information, at the conclusion of the Doing Compliance Master Class, you will be able to implement or enhance your compliance program, with many ideas at little or no cost.

The Doing Compliance Master Class will move from the theory of the FCPA into the doing of compliance and how you must document this work to create a best practices compliance program. Building from the Ten Hallmarks of an Effective Compliance, using the questions posed from the Evaluation of Corporate Compliance Programs and the FCPA Corporate Enforcement Policy as a guide, you will learn the intricacies of risk assessments; what should be included in your policies and procedures; the five-step life cycle of third-party risk evaluation and management; tone throughout your organization; training and using other corporate functions to facilitate cost-effective compliance programs.

Highlights of the training include:

  • Understanding the underlying legal basis for the law, what is required for a violation and how that information should be baked into your compliance program;
  • What are the best practices of an effective compliance program;
  • Why internal controls are the compliance practitioners best friend;
  • How you can use transaction monitoring to not only make your compliance program more robust but as a self-funding mechanism;
  • Your ethical requirements as a compliance practitioner;
  • How to document what you have accomplished;
  • Risk assessments – what they are and how you can perform one each year.

You will be able to walk away from the class with a clear understanding of what anti-corruption compliance is and what it requires; an overview of international corruption initiatives and how they all relate to FCPA compliance; how to deal with third parties, from initial introduction through contracting and managing the relationship, what should be included in your gifts, travel, entertainment (GTE) and hospitality policies; the conundrum of facilitation payments; charitable donations and political contributions, and trends in compliance. You will also learn about the importance of internal controls and how to meet the strict liability burden present around this requirement of FCPA compliance.

Ethics and Governance Training

This session will cover how ethics is key to good governance and how governance fits into your anti-fraud program. Moreover, we will explore the components of a Sample Code of Ethics, the cost of ethical lapses, organizational situations that encourage bad behavior, the new ethics paradigm, and how to spot a moral meltdown.

Corporate Governance During a Crisis

We also discuss leading practices in crisis management and present several scenarios allow the participant(s) to work though mock crisis scenarios. For example, in your first week at your company, you just received information about an alleged massive fraud and you are now in a crisis. In this session, members of the audience will play different roles within the company (members of the board, legal department, managers, etc.) to have a discussion, including:

  • What type of crisis plan do you have, if any?
  • What to do and how to formulate a plan of action?
  • Who to call first, how to prioritize tasks, and where to prioritize resources?
  • Who (internal and external players) to get involved and when to get them involved
  • What data is needed when a crisis hits?
  • How to prepare for the media and when to reach out?
  • How to communicate with customers, vendors and suppliers, regulatory agencies, and other parties?

Fraud Risk Assessment Process and Guidance

Many professionals struggle with developing a fraud risk assessment that is meaningful. We discuss the objectives of a fraud risk assessment, the components of a fraud, and key considerations for developing an effective assessment. Then we explore the sources of risk, the fraud risk universe, and some of the key components of the assessment. Lastly, we walk through the key steps in the assessment process and walk through a sample fraud risk assessment that considers COSO’s Principle 8, which contains considerably more discussion on fraud and considers the potential of fraud as a principle of internal control.

FCPA (Bribery and Corruption): Building a Culture of Compliance

This session covers why compliance is important and the new guidance issues by the DOJ. We also explore current regulatory enforcement trends, whistleblowers Under Dodd-Frank, the U.S. Federal Sentencing Guidelines, risk-based third-party due diligence, way to thwart an investigation, differences and similarities between the FCPA and the U.K. Bribery Act, successor liability, and provides the participant with a proven 13-Step Action Plan.

Fraud Investigations

Knowing what to do when an allegation of fraud is presented is critical. Failing to understand the process could jeopardize the ability to prosecute wrongdoers. This session discusses why investigations are important, inherent risk and exposures, the types of investigations: internal and independent, board considerations, triaging an allegation, investigative challenges, and keys to running a successful investigation, and why root cause analysis should be considered after completing the investigation.

Third Party Risk Management and Oversight

Third party risk is the biggest nemesis when it comes to FCPA violations. This session discusses the key components of a compliance program and why it needs to be evolving to meet the business and compliance challenges, which are constantly occurring across the globe. We explore the latest DOJ guidance on the evaluation of corporate compliance programs. We build our discussion on the foundation of the key steps to be included in a third-party risk management program and cover some of the red flags of agents and consultants.

Putting the Freud in Fraud: The Mind Behind the White Collar Criminal

To properly fight corporate fraud we need to understand how a fraudster’s normal differs, so executives, managers and board members can develop more effective anti-fraud programs that take into account the behavioral and environmental factors that are common in cases of white-collar crime. By establishing an environment in which ethical behavior is expected — and by understanding how white-collar criminals look at the world differently — it is possible to begin closing the gaps in internal controls, develop a proactive fraud risk assessment and response program and significantly reduce the financial and reputational risks associated with fraud.

In this session, we take a closer look at the personality traits of individual perpetrators of massive fraud.

  • Discuss the basics of profiling and identifying elements of behavior common among white-collar criminals.
  • Discover what role company culture plays in the commission of fraud.
  • Hear cutting-edge ideas and methods to help detect and deter fraud.

Fraud Overview

This session is a “nuts and bolts” discussion about fraud and responding to fraud in an effort to reduce the incidence of fraud and white-collar crime. We go into the characteristics of fraud, who commits fraud, the fraud triangle and Pentagon™, the components of fraud, the regulatory environment & the focus on increased personal responsibility, internal controls to deter and detect fraud, and anti-fraud programs.

Triaging a Whistleblower Allegation

As corporations continue to adopt whistleblower programs, many find themselves struggling to manage burgeoning caseloads. As a result, serious internal fraud investigations can be delayed (with mounting losses) while less consequential complaints are being investigated. The lack of a timely, systematic and repeatable process for evaluating and prioritizing whistleblower tips, which can also expose an organization to increased regulatory risk. While there is no single, “right” method for following up on whistleblower complaints, this session discusses Why Investigating allegations or tips are important, why timeliness matters, investigation challenges, and provides the participant with a sample approach.

Skepticism: A Primary Weapon in the Fight Against Fraud

What happens when we don’t ask why? Professional skepticism occurs when those responsible for fighting fraud take nothing for granted, continuously question what they hear and see and critically assess all evidence and statements. This session we discuss the role of independent reviewer or inspector, particularly of your own assumptions, whether you are placing undue weight on prior risk assessments or discounting evidence inconsistent with your expectations, and pressures placed on you to truncate procedures or make unwarranted assumptions to beat time constraints.

Root Cause Analysis 

The regulators are expecting more today and want to know that your remediation efforts are not treating the symptoms), but rather the root cause(s).

Root cause analysis is a tool to help identify not only what and how an event occurred, but also why it happened. This analysis is a key element of a fraud risk management program and is now a best practice or hallmark of an organizations compliance program. When able to determine why an event or failure occurred, it is then possible to recommend workable corrective measures that deter future fraud events of the type observed. It is important that those conducting the root cause analysis are thinking critically by asking the right questions (sometimes probing), applying the proper level of skepticism, and when appropriate examining the information (evidence) from multiple perspectives.

This program is designed to introduce the common methods used for conducting root cause analysis and to develop an understanding of how to identify root causes (not just causal factors) using proven techniques. In addition, we will demonstrate how to initiate a root cause analysis incident exercise and work with senior management, legal, compliance, and internal audit on an appropriate resolution. We also introduce the “spheres” acting around the “meta model of fraud” and how to use those “spheres” in the root cause process. Finally, this program will present the “three lines of defense”, which provides the audit committee and senior management with a better understanding where the break downs occurred.

Posted on

Fraud: Department of Justice (DOJ) Announces Procurement Collusion Strike Force


It has been highlighted by some studies that Procurement fraud is the second most frequently reported form of economic crime behind asset misappropriation.

Procurement fraud is the act of gaining a dishonest advantage by abusing a position of decisive power in the procurement process; either by the individual responsible for this position in his or her own action, or by those seeking to win the opinion of that individual, resulting in a decision of benefit to themselves. Procurement fraud may be committed by procurement officers, vendors, or subcontractors, but always involves the act of collusion in order to obtain the unmerited advantage.  Fraudsters use the procurement process as part of their scheme to further their own interests in lieu of serving the interests of the procuring company.

Consider the internal risk of this type of fraud: ill-gotten financial gains come in the form of kickbacks to the Fraudster who in this example is the buyer, for selecting the suppliers’ bid which is often not in the best interest of the company.  Procurement fraud is also an external risk.  Vendors may work together to create the illusion of competition, thus fooling the procurement officers into accepting a bid above fair market value.  The scope of procurement fraud is widespread, global and not limited to certain categories, companies, or geographies.

Deeper Dive

Some report that approximately 30% of organizations have experienced procurement fraud, and that it was most common during the solicitation phase.  During this time, vendors may collude with each other or with procurement officers in various ways that compromise the fairness of the bidding process and potentially result in improperly awarded contracts and/or higher contract costs.  Those “holding all the cards” during the solicitation phase, make the process extremely susceptible to unethical behavior.

It is important to remember that even after the contract has been awarded, the potential for fraud is ever-present. For example, a vendor could:

  • Charge more than the contractually agreed price and hope the overcharge goes unnoticed.
  • Submit duplicate invoices in the hopes that both invoices are processed.
  • Deliver non-conforming goods or services of lower value, quantity or quality than specified in the contract.
  • Exploit the change order process to perform services not specified in the contract or to artificially inflate the contract value over time.
  • Work in collusion with an insider to submit bogus invoices for goods not delivered or services not provided by the vendor.

According to a Global Economic Crime survey, the sectors reporting the most procurement fraud were state-owned enterprises (SOE’s), followed by the energy, utilities and mining; engineering and construction; and transport and logistics industries.

More likely than not, factors driving the increase in procurement fraud schemes include an increase in public tender processes, companies changing and expanding their global supply chains, and a rise in outsourcing.

On November 5th, the Department of Justice announced the formation of the new Procurement Collusion Strike Force (PCSF) “focusing on deterring, detecting, investigating and prosecuting antitrust crimes, such as bid-rigging conspiracies and related fraudulent schemes, which undermine competition in government procurement, grant and program funding”.

The Strike Force is an inter-agency partnership comprised of prosecutors from the Antitrust Division, and prosecutors from thirteen (13) U.S. Attorneys’ Offices.  Aiding in the prosecutors’ efforts are investigation partners such as the Offices of Inspector Generals from the Department of Justice, Department of Defense, U.S. Postal Service, and General Services Administration Office. The Department of Justice’s announcement proclaimed that investigating and prosecuting those who “cheat, collude and seek to undermine the integrity of government procurement” will have more to concern themselves with when executing their crimes. Prosecutors and investigators alike expressed enthusiasm to be working as a part of this new team.

gavel and money

Bribery and Antitrust

An effective method to detect bribery schemes is to analyze contract awards for unusual patterns or anomalies. For example: correlating contract awards to financial transactions may identify instances where fraudsters attempt to conceal their behavior.  You may not see a check cut from the organization directly to the person they’re bribing, but a closer look may uncover patterns like excessive meetings, gifts, meals, and entertainment during the time period of awards.  Data analytics can also be used to detect instances of price-fixing, bid-rigging, and/or market division or allocation fraud schemes.

In simple terms, bid rigging is a fraud scheme which involves intentional manipulation of the bidding process. It often involves an agreement among competitors as to who will be awarded the contract.  The bidders may agree in advance who will submit the winning bid. The purchaser is then provided with a bid amount higher than what the competitive market generally produces, which results in an overpayment for goods or services. There are four basic schemes involved in most bid-rigging conspiracies:

  • Bid Suppression:  In this type of scheme, one or more competitors agree not to bid, or withdraw a previously submitted bid, so that a designated bidder will win. In return, the non-bidder may receive a subcontract or payoff.
  • Complementary Bidding: In this scheme, co-conspirators submit token bids which are intentionally high or which intentionally fail to meet all of the bid requirements in order to lose a contract. “Comp bids” are designed to give the appearance of competition.
  • Bid Rotation: In bid rotation, all co-conspirators submit bids, but by agreement, take turns being the low bidder on a series of contracts.
  • Customer or Market Allocation: In this scheme, co-conspirators agree to divide up customers or geographic areas. The result is that the co-conspirators will not bid or will submit only complementary bids when a solicitation for bids is made by a customer or in an area not assigned to them. This scheme is most commonly found in the service sector and may involve quoted prices for services as opposed to bids.

Note: Subcontracting arrangements are often part of a bid-rigging scheme. Competitors who agree not to bid or to submit a losing bid frequently receive subcontracts or supply contracts in exchange from the successful low bidder. In some schemes, a low bidder will agree to withdraw its bid in favor of the next low bidder, in exchange for a lucrative subcontract that divides the illegally obtained higher profits between them. 

Almost all forms of bid-rigging schemes have one thing in common: an agreement among some or all of the bidders which predetermines the winning bidder and limits or eliminates competition among the conspiring vendors.  Indicators of collusive bid-rigging schemes include:

  • Be aware of bids for goods or services for which the pool of qualified prospective bidders is small but maintains a large control of the market share.  These bids are at higher risk for vendor collusion.
  • Also be mindful of bids for standardized goods or services.  If there are no differentiating factors among the various proposals aside from price, there is a much greater risk of collusion.
  • When vendors collude with one another, similarities may exist in the bids submitted to the procuring company.  For example, pay attention to similarities in the mailing addresses, email address domains, or courier account numbers.  Take a look at the properties of an electronic document to see if similar authors appear.
  • Observe the behavior of vendors when undergoing the procurement process.  The communication or action of the bidding vendors can be very telling.  Remember social engineering is a tool available to both sides!

Price Fixing schemes often impact the procurement process when business is conducted through purchase orders or direct purchases. Price fixing occurs when competitors agree to raise or fix their prices for their goods or services, set a minimum price that they will not sell below, or reduce or eliminate discounts.  Indicators of these types of schemes include:

  • Look for situations where competitors always announce their price increases at the same time for the same amount, or staggered price increases with an established pattern or frequency, often times creating the appearance of who is going to be first to increases prices.
  • Look for competitors reducing or eliminating discounts at about the same time.
  • Generally, be alert to situations in which all prices seem to be uniform and all suppliers refuse to negotiate those prices.

dominoes and red one.jpg

Methods to Deter & Detect Procurement Fraud

An effective way to deter and detect fraud is to develop a thorough understanding of the business environment, the risks impacting the achievement of the business’ strategic goals, and the implementation of a holistic fraud risk management program.  Once the risks are identified, I would also strongly encourage the use data analytics, combined with proper training, internal audits, and compliance reviews to support and supplement the fraud risk management program.

Other practices that could help detect fraud include, but are not limited to:

  • Ensuring transparency from everyone and apply the right amount of skepticism, always!
  • Maintaining, restricting access to, and auditing a valid master vendor list.
  • Performing proper due diligence during supplier onboarding.
  • Referring to debarment sources of blacklisted suppliers.
  • Performing peer grouping to determine if a supplier fits an appropriate profile for a contract.

At Baker Tilly we can assist any organization with your fraud risk management and anti-fraud programs and controls.  This includes services to detect, deter, respond, and remediate instances of fraud. Our team of experts is well positioned to investigate and remediate suspected instances of procurement fraud, which includes the ability to conduct a root cause analysis to determine the cause of the misconduct.  The DOJ has deemed a company’s efforts to properly remediate and identify root cause as a best practice and often provides credit to those companies who engage in such activities in the event of a criminal prosecution resulting from procurement fraud.  The DOJ also looks highly upon companies with robust third party risk management programs, which can also be used to mitigate the risk of procurement fraud.

Our team of highly-skilled professionals use advanced analytics, such as predictive modeling, to help identify attributes or patterns that are highly correlated with known fraud, even complex and emerging patterns of fraud. Moreover, we use text mining as an effective tool to identify red flags of procurement fraud or antitrust violations.

I often say, “Analytics can answer questions that manual or ad hoc methods would generally miss – it’s the ‘silent whistleblower!’”

plan miss


Many organizations miss the mark when it comes to managing the procurement process. Some are quite good!

It’s starts with a well-written code of conduct, and includes strong policies, proper internal controls (note: segregation of duties is a pervasive issue), robust third party risk management program, training, and monitoring.

I’m not surprised by the DOJ’s initiative and commend them in the fight against public procurement crimes.  We recommend organizations review their compliance program, supply chain, and procurement process for risks and opportunities for enhancements.

We welcome your thoughts and comments.

Now, for tomorrow!


Jonathan T. Marks, CPA, CFE | Firm Leader

Paul Zikmund

Melissa Dardini

Members of Baker Tilly’s Global Fraud and Forensic Investigations, Compliance, & Security Services

Our team focuses on the intersection of where strategy meets execution, so that we can  enhance and protect our clients’ value.”

trio jonathan paul melissa.PNG
Copyright 2019
Posted on

Niki A. den Nieuwenboer will be kicking off the 2020 IIA Philly Fraud Symposium sponsored by Baker Tilly – Mark your calendars for March 20th!


We just confirmed our first awesome speaker Niki A. den Nieuwenboer, Assistant Professor of Organizational Behavior and Business Ethics at The University of Kansas School of Business.

Niki A. den Nieuwenboer

You all should know that leadership matters in fostering ethical conduct at work. However, the focus is often on top level managers and their “tone at the top.” The role of middle managers has remained somewhat of a mystery until now.

Niki den Nieuwenboer will lead a robust and enlightening discussion on her recent study that examined a case where middle managers, in response to upper management pressures, coerced front-line employees to deceive upper management about their performance.

She plans on spotlighting the creative role that middle managers played in finding ways to cheat, and discuss implications for ethics management and fraud prevention.

Stay tuned for more announcements about the symposium line-up and registration information as we round out the day!




Jonathan T. Marks, CPA, CFE

Posted on 1 Comment

A Violation of Trust: Fraud Risk in Nonprofit Organizations

tornado money.jpg

The risk of fraud is a serious concern for all types of enterprises, but fraud can be particularly damaging to a nonprofit organization, for which a damaged reputation can have devastating consequences.

The Costs of Fraud in Nonprofit Organizations

According to the 2018 global fraud study by the Association of Certified Fraud Examiners (ACFE), the typical organization loses an estimated five (5) percent of its annual revenue to fraud. The ACFE reported that private companies suffered the greatest median loss, at $164,000; however, nonprofit organizations had the smallest median loss of $75,000. For some a $75,000 this may be insignificant, but for many nonprofits, financial resources are extremely limited and a loss of $75,000 can be particularly devastating.

Beyond the immediate financial loss, however, an even greater potential cost of fraud to nonprofit organizations is the reputational damage that can occur. Because most nonprofits depend on support from donors, grantors, or other public sources, their reputations are among their most valued assets. In addition, fraud in nonprofit settings often garners unrelenting negative media attention.

Vulnerability to Fraud

Nonprofits can be particularly attractive targets for fraudsters. Executives who are passionate about their agencies and their missions are naturally trusting of others who share their interest- or who pretend to. Moreover, board members and executives who are dedicated and talented in their particular fields may not be well versed in financial issues and internal controls.

In addition, nonprofits of all sizes may have only limited resources available to address internal controls. This makes them vulnerable to an employee who could recognize this lack of controls and use it as an opportunity to override controls, if they even exist, to commit fraud.

As the Center for Audit Quality has noted, “fraud cannot occur unless an opportunity is present. Opportunity has two aspects: the inherent susceptibility of the [organization’s] accounting to manipulation, and the conditions within the [organization] that may allow a fraud to occur.” In addition, the opportunity for fraud is also affected by an organization’s culture, a factor that is often overlooked.

The very nature of some nonprofits also makes them tempting targets. Many nonprofits distribute grants, scholarships, awards, or other types of financial aid to outside agencies or individual recipients. This opens yet another door for potential abuse or misappropriation and requires even more oversight to make sure funds are not being misappropriated. In addition, nonprofits tend to have large amounts of cash and checks coming in from various sources, making them vulnerable to skimming (when an employee accepts payment from an outside party but does not record the sale and instead pockets the money) or cash larceny (when an employee steals cash and checks from daily receipts before they are deposited in the bank).

Struggling agencies also frequently experience relatively high staff turnover, making training and adequate segregation of duties more difficult. Finally, many nonprofits depend heavily on volunteers and other community members, which can further complicate efforts to establish or maintain internal controls. It is important to remember that internal controls provide only reasonable—not absolute—assurance that the objectives of an organization will be met. As a result, no organization, even one with the strongest internal controls, is immune to fraud.


How Fraud Occurs and Why

While nonprofit organizations present particular temptations to fraudsters, the actual fraud schemes they might face are common to all types of organizations. Fraud schemes in nonprofits can include check fraud, embezzlement, ghost employees, expense fraud, misappropriation of funds for personal use, fictitious vendor schemes, kickbacks from unscrupulous vendors, and outright theft of cash or assets—to name a few.

One area in which nonprofit organizations seem particularly vulnerable is billing schemes, in which an employee fraudulently submits invoices to obtain payments he or she is not entitled to receive. According to the most recent ACFE survey, billing schemes were among the most common fraud methods in the cases studied for the 2012 report.

Billing schemes often involve the creation of a shell company. In such a fraud, a dishonest employee sets up a fake identity that bills for good or services the organization does not receive. In some instances, goods or services may be delivered but are marked up excessively, with the proceeds diverted to the employee.

Other scams include pay-and-return schemes that cause overpayments to legitimate vendors. When an overpayment is returned, it is embezzled by the employee. Another favorite is simply ordering personal merchandise that is inappropriately charged to the organization.

Common incidents and warning signals or red flags of potential billing fraud include but are not limited to:

  • Unfamiliar vendors
  • Invoices for unspecified or poorly defined services
  • Vendors that have only a post-office-box address
  • Vendors with company names consisting only of initials (many such companies are legitimate, of course, but fraudsters commonly use this naming convention)
  • Sudden increases in purchases from one vendor
  • Vendor billings issued more often than once a month
  • Vendor addresses that match employee addresses
  • Large billings that are broken into multiple smaller invoices that will not attract attention
  • Internal control deficiencies such as allowing a person who processes payments to approve new vendors

These warnings or red flags can be organized into four general categories (below) and can help in the design of internal controls and monitoring procedures –


  • Transactions conducted at unusual times of day, on weekends or holidays, or during a season when such transactions normally do not occur
  • Transactions that occur more frequently than expected — or not frequently enough
  • Accounts with many large, round numbers or transactions that are unusually large or small
  • Transactions with questionable parties, including related parties or unrecognized vendors
  • Misclassification of transactions


  • Missing or altered documents
  • Evidence of backdated documents
  • Missing or unavailable originals
  • Documents that conflict with one another
  • Questionable or missing signatures

Lack of Controls

  • Unwillingness to remediate gaps
  • Poor “tone from the top”
  • Inconsistent or nonexistent monitoring controls
  • Inadequate segregation of duties
  • Lax rules regarding transaction authorization
  • Failure to reconcile accounts in a timely manner


  • Financial difficulties or generally living beyond one’s means
  • Divorce, family problems, or addiction problems
  • Past employment-related or legal problems
  • Overly or suddenly charitable
  • An unusually close association with vendors or recipients of grants or services
  • Control issues and a general unwillingness to share duties
  • Refusal to take vacations
  • Irritability or defensiveness
  • Complaints about inadequate pay, lack of vacation, or comp time
  • Complaints about lack of autonomy or authority

It is also worth noting that fraud is not about obstruction; rather, it is about deception, deflection, and persuasion. When fraudsters or white-collar criminals are profiled, they often are found to be anxious, secretive, moody, hot-tempered, friendly, outgoing, and passionate. They often are good salespeople and will say what people want to hear in order to build rapport and gain trust. Moreover, often there are other warning signs or red flags hidden in plain sight…such as living beyond one’s means, having financial difficulties, maintaining an unusually close association with vendors, or exhibiting excessive control issues, which generally will not be identified by traditional internal controls. It is important to maintain a healthy level of skepticism and always remember that trust is a professional hazard; if you do not verify information, you could become a victim.

fraud tile.jpg

Some Common Frauds Schemes*

  • Skimming — Cash is stolen before the funds are recorded in the accounting records
  • Credit card abuse — Perpetrators either use organization-issued credit cards for personal use or use donor credit card numbers
  • Fictitious vendor schemes — Perpetrators set up a company and submit fake invoices for payment
  • Conflicts of interest — Board members or executives have hidden financial interests in vendors
  • Payroll schemes — Continued payment to terminated employees, overstatement of hours, or fictitious expenditure reimbursement
  • Sub-recipient fraud — Abuses by a sub-recipient entity include intentional charges of unallowable costs to the award, fraudulent reporting of levels of effort, and reporting inaccurate performance statistics and data
  • Deceptive fundraising practices
  • Misrepresentation of the extent of a charitable contribution deduction entitlement, misrepresentation of the fair market value of donated assets, and failing to comply with donor-imposed restrictions on a gift
  • Fraudulent financial reporting
  • Misclassifying restricted donations to mislead donors or charity watchdogs, misclassifying fundraising and administrative expenses to mislead donors regarding funds used for programs, and fraudulent statements of compliance requirements with funding sources
Source: ACFE

Implementing Controls

As with all risk issues, the ultimate responsibility for identifying gaps and developing fraud controls rests with management. To meet this responsibility, management should avoid complacency and not assume that if fraud occurs “the auditors will catch it.” Although having an annual audit is a good anti-fraud control, by the time an audit uncovers a fraud scheme, it is usually too late to prevent the financial and reputational damage that will follow.

Most board members and executives of nonprofits do not think as fraudsters do, which is a good thing. Unfortunately, this can make it difficult for them to develop controls that help reduce their organizations’ exposure to fraud risk. A critical step in the process of developing an effective fraud risk management program is assessing the board’s own skills and capabilities and deciding where professional help is most needed. The board is ultimately responsible for oversight of the organization’s risk management efforts, which senior management is then charged with carrying out.

Anti-Fraud Principles

Here are some important principles to keep in mind as you work to refine the anti-fraud control policies at your organization:

  • Form an effective and empowered audit committee or equivalent. One of the most important attributes of the audit committee is complete independence from management. In addition, the committee should be authorized to hire outside counsel and other advisers to assist it in discharging its responsibilities. Although your circumstances may warrant a larger committee, a committee of three to five members is generally workable and optimal for most nonprofits. At least one audit committee member should be a financial expert, but individuals with nonfinancial skills and expertise are also needed to provide additional perspective.
  • Establish and enforce a system of effective controls. Combinations of internal and cultural controls form the core of an anti-fraud program. Internal controls limit opportunities to hide the fraud trail and can discourage all but the most arrogant fraudsters. Common tools include security and access controls, such as dual authority or monetary authorization limits, as well as audits, inspections, and transaction monitoring. The recent ACFE survey pointed out that the presence of anti-fraud controls is notably correlated with significant decreases in the cost and duration of occupational fraud schemes.
  • Establish the right tone from the top. Mere mechanical compliance with internal controls can still leave the organization vulnerable, which is why the attitude and actions of management are so important. Actively and visibly promoting a culture of integrity and ethics will embolden honest employees to put a stop to fraud. Most organizations find that a strong ethical environment encourages self-policing, thereby increasing the level of oversight far beyond what internal control methods alone provide.
  • Provide a clear process for reporting suspicious behavior. Over the years in which the ACFE has been conducting its global fraud studies, the most effective means of detecting fraud has always been tips. In the most recent study, tips were responsible for uncovering nearly three times as many frauds as any other form of detection such as management reviews, surprise inspections, audits, or surveillance devices. While some nonprofits use a third-party hotline service for reporting suspicions about fraud, creating a culture where employees know that the nonprofit’s reputation and mission depend on their willingness to report suspicions of fraud is less costly and may be equally effective.
  • Develop a response plan in case deterrence fails. In spite of everyone’s best efforts, fraud still can occur. In many cases, the initial reaction of executives or board members is to confront the suspected fraudster outright or, if there is doubt, to begin collecting paper or electronic evidence. All too often, these are exactly the wrong things to do and could compromise an organization’s ability to prosecute. Confronting a suspected fraudster without adequate evidence is not only awkward and legally dangerous; it can also alert the suspect to cover his or her tracks. On the other hand, surreptitiously examining computer links and email archives could compromise the evidence and imperil the integrity of a formal investigation, making conviction and recovery more difficult. To avoid these various unintended consequences, nonprofit organizations should develop appropriate strategies in advance to deal with specific types of fraud or other misconduct. The protocol for dealing with an employee suspected of cheating on an expense report is different from that for an executive involved in a conflict of interest.
  • Confront the issue openly and directly. Perhaps the most common impulse when fraud is detected is to dismiss the offender, limit the damage, and hope the story can be kept quiet. This too is likely to fail. Eventually, word of the fraud gets out and the associated rumors are likely to be exaggerated, causing even more reputational damage than would have been done if the board had simply been forthright.

Suspect Fraud, Now What?

When the organizational suspects that fraud is occurring within their organization, they have a number of options. They can choose to do nothing, either to avoid the bad publicity or in the hope that the problem will disappear on its own, they can attempt to handle the issue internally, or they can engage outside investigators and/or forensic accountants to probe the issue more deeply.

The wisest course of action is the last one – to engage a team of forensic experts. These teams consist of a range of professionals such as lawyers and experienced fraud & forensic investigators. These experienced professionals can help identify how the loss occurred, identify “leakage” or others areas not originally thought to be an issue, preserve any available evidence, quantify the loss, control the flow of information and, in many cases, help stem the loss. The forensic team will then be able to aid the board of directors or governing body in enhancing their governance framework and fraud risk management program to help protect and preserve the organization.

Other Possible Issues

Improperly using organizational funds for personal benefit could challenge your tax exempt or 501(c)(3) status. In addition, depending on the circumstances it could trigger a violation under the False Claims Act** (Lincoln Law – 31 U.S.C. §§ 3729 – 3733.).

The above should be discussed with a competent attorney.

A Combination of Deterrence and Detection

As important as it is to respond quickly to fraud, avoiding the situation in the first place is the best plan of all. Although it is unrealistic to expect to completely eliminate the risk of fraud, the governing body and executives in a nonprofit organization can take effective steps to minimize the risk.

By establishing an environment in which ethical behavior is expected, closing gaps in internal controls, and developing a proactive fraud identification and response program, nonprofits can hopefully reduce the financial and reputational risks associated with fraud.

Lastly, larger organizations should strongly consider emulating Sarbanes-Oxley or SOx best practices. For example: Require the principal executive and financial officers of the nonprofit organization to certify the annual financial statements and Form 990 are accurate and complete and the organization has maintained adequate internal controls.


I welcome your thoughts and comments and please realize many of this can be applied to a for profit organization.



Jonathan T. Marks, CPA, CFE


*Not a complete list.

**The Justice Department reported its 2018 fraud statistics showing $2.8 billion in recoveries under the False Claims Act.  While this number is staggering, fiscal year 2018 recoveries were down from than $500 million from fiscal year 2017.  Nonetheless, companies in the healthcare, defense and financial industries continue to face significant False Claims Act risks.

Baker Tilly
Adapted from an article I wrote at my prior firm, Crowe
Section 302 of the Sarbanes-Oxley Act of 2002
Mike Volkov


Posted on

PHorensically Speaking Podcast Feed is Live!

With the help from a true friend, Tom Fox, I am entering the world of Podcasting.

I will be developing at least three Podcasts per month that will focus on pervasive governance and fraud issues impacting Boards and their organizations.  One objective is help the practitioner go from detection to prevention, if possible, so that a crisis can be thwarted.

Click here for the Podcast feed. I welcome your feedback and suggestions.






Jonathan T. Marks, CPA, CFE

Posted on

Baker Tilly’s 2019 Effective Governance and Compliance Roundtable Series – May 1, 2019 – CPE Event in Philadelphia -Using Continuous Auditing and Monitoring in the Fight Against Fraud

Register here! See below for details!

On May 1st, join Baker Tilly for our next topic: Using Continuous Auditing and Monitoring in the Fight Against Fraud with our discussion leader, Robert Mainardi.

Organizations are under increasing scrutiny regarding ethical lapses and allegations of fraud. Fiscal year 2018 was a record-breaking year for the U.S. Securities and Exchange Commission’s whistleblower program, as more and more individuals have been coming forward with allegations of impropriety.

It is critical for organizations to have processes in place to triage an allegation, investigate, remediate, evaluate and then enhance their governance, risk management, compliance and internal audit programs. Failure to conduct an appropriate investigation may lead to significant exposure and disruption to the organization.

Event information

Wednesday, May 1

Baker Tilly Philadelphia Office

1650 Market St., Suite 4500

Register here!


Registration/Breakfast: 8 – 9 a.m.

Program: 9 – 11 a.m.

Who should attend?

Chief audit executives, chief risk officers, general counsel, chief legal officers, controllers, CFOs, COOs, CEOs, board members, VPs of audit, internal auditors, compliance practitioners, anti-fraud specialists.k

Discussion Leader – Robert Mainardi, CIA, CRMA, CFSA – Author of “Harnessing the Power of Continuous Auditing: Developing and Implementing a Practical Methodology”, will be presenting at Baker Tilly’s Philadelphia Office on May 1, 2019.

Host and ModeratorJonathan T. Marks, Partner

With the focus on internal controls and monitoring today many are being scrutinized and judged by regulators and others whenever results are presented. Regulators have used the failure to institute appropriate internal controls alone as the basis of the enforcement actions.

One of the significant challenges facing internal audit, compliance, enterprise risk management teams, and management is being able to understand what continuous auditing and continuous monitoring is and how the approach can be used effectively to mitigate risk, including fraud.

This two-hour session will explore what an internal control is and the best practices for using both continuous auditing and continuous monitoring, which are different, and how to transcend that knowledge in the fight against fraud. Specifically, we will provide an executive overview of the differences, keys to the methodologies, and practical guidance on how to operationalize both.

We will also facilitate a discussion around the obstacles attendees may be facing and provide suggested solutions on how to overcome those challenges. Your investment in this session will help ensure you’re developing proper methodologies that will save numerous hours of potential rework, stand scrutiny, and possibly improve the overall governance, risk management, and compliance processes.

Information about CPE eligibility

There are no prerequisites for this seminar, and advance preparation is not required. There is no cost to attend this seminar.

CPE credit: Two (2) hours total credit

Field of study: Regulatory Ethics

CPE host: Kendra Bergin

A certificate of completion will be emailed to you four to six weeks following the event.

For more information regarding administrative policies such as complaint and refund policies, please contact Heather Eggers at 608 240 2522.


Baker Tilly Virchow Krause, LLP is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:

Posted on

Hidden Assets and Illegal Payments


Hidden assets are assets not properly disclosed in normal situations. People have always hidden their wealth or ill-gotten gains for a variety of reasons.  Although not discussed herein, remember money laundering  (a process by which criminals disguise the original ownership and control of the proceeds of criminal conduct by making such proceeds appear to have derived from a legitimate source) is a common technique used by criminals and others to hide their ill-gotten gains.

Louisiana, USA

Stuffed animals, loose bricks in basement walls, mattresses, caves, hollow tree trunks, holes in the ground, safe deposit boxes, and some of the craziest places imaginable have provided hiding spots.  Today, hiding assets may be a much more sophisticated endeavor, often involving investments, banks, and overseas financial transactions. Investigators should consider using a defined process or approach to pursue matters that involve a search for hidden assets, ill-gotten gains, and illegal payments. This writing outlines a suggested approach (see diagram below) and focuses on building a financial profile for an individual, but can be used with some modification for an organization too!



hidden assets marks 2019

Building a Financial Profile

When conducting a search for hidden assets, ill-gotten gains, or illegal payments, the investigator should establish a financial profile for the target(s). The financial profile is essentially a financial statement with some modifications and additions. It shows what the target earns, owns, owes, and spends at any given point, or over a period of time; it reflects the subject’s income, expenses, assets, and liabilities. That is, it shows the target’s financial condition.

Colorful overlapping silhouettes of black or African American women.

The target’s financial profile usually contains information that can identify the movement of cash or other assets of value. The financial profile usually indicate where the source(s) of the target’s income and where it is going  or expenses.

The financial profile can serve various purposes. It can be used to establish the level of criminality, to build evidence to support litigation, to identify fund transfers between entities, and so on.


The investigator can establish a target’s financial profile directly or indirectly (circumstantially).

A direct approach employs direct evidence demonstrating a target’s financial standing and profile. That is, it uses the target’s financial records (general ledgers, tax returns, bank statements, credit card statements, and other financial transactions processed by third parties) to determine the subject’s financial condition. Note: if a target is uncooperative, some of the financial records more likely than not will require a subpoena, so please check with your legal counsel.

When tracing financial transactions using a direct method, the investigator uses the information in the target’s financial records to establish the financial profile, which is then used to identify the target’s accounts, assets, and expenditures. And once these items are identified, he obtains and uses them to trace back the source of funds in each.

Said differently, under the direct approach, the investigator traces funds the target used to purchase assets or make deposits back to his source.

In some matters, direct evidence demonstrating a target’s financial standing and profile may not be available to the investigator.  In such cases, the investigator can use an indirect method, utilizing circumstantial evidence to analyze the target’s financial information. Indirect methods analyze the relationship between a target’s receipt and subsequent disposition of funds.

The indirect approach can reveal that a target has more money available than can be accounted for from legitimate sources. In addition, evidence that the target lives beyond his/her means and, therefore, must have had unexplained income, could be admissible in court. Such evidence can also be used to corroborate the testimony of co-conspirators as circumstantial evidence of the underlying offense or as evidence to impeach testimony that denies the offense.

Street in backlight with bokeh, lensflares and sunbeams

Where to Begin?

Consider first examining tax returns and related documents to look for possible clues as to the possible existence of hidden assets. The return can provide a roadmap to the discovery of income earning assets and asset sales. The return should also tell you the source of income, whether its interest, dividends, rental income, and a gain or loss from the sale of a stock. Each page of the tax return should be carefully examined for information – Caution: sometimes tax returns are not complete and accurate!

Other clues could come from looking at:

  • Cancelled checks, and who the check was payable;
  • Insurance policies, to see what assets are insured, or are no longer insured;
  • Search in the County records for property deeds and records – look for quit claim deeds, which is a legal instrument that is used to transfer interest in real property possibly to a family member or friend to be hidden;
  • By examining pension, profit-sharing, custodial accounts, credit cards, loans, leases, and other obligations (mobile phone accounts, country club dues, vacation clubs, etc.), for transfers, pre/over payments, or other odd activity; and
  • If a there is a business or a number of businesses, remember that cash can be skimmed and used for salaries to phantom employees or payments to bogus vendors.


Bribery and other forms of corruption are especially likely to involve some type of hidden assets, as they can help disguise illegal payments.  When planning your next Anti-bribery and Corruption (ABAC) risk assessment, review, internal audit, or due diligence, consider adding asset sales and purchase transactions to the work plan. These transactions are likely to be scrutinized by U.S. regulators if your organization ever comes under scrutiny. Moreover, from an internal perspective, they present an opportunity to examine your business under other-than-ordinary-course-of-business circumstances.

Underground economic activity exists for four key reasons: to escape taxation and regulation, and to further criminal conduct and corruption!

Also, when speaking with my good friend Tom Fox, he reminded me that properly designed internal controls around the treasury and accounts payable functions are critical.  Why?  They help ensure that payments are being made to legitimate third parties and not an anonymous or shell corporation that could be used as a source for making illegal payments.

full house.jpg


Those hiding assets are more likely than not trying to escape something or do something illegal (e.g. regulation, a decision, a pending decision, or pay a bribe) and look for vehicles with the following key characteristics to hide or conceal assets:

  • Liquidity
  • Lack of traceability
  • Security
  • Accessibility

I welcome your thoughts, comments, and suggestions.







Jonathan T. Marks, CPA, CFF, CFE



Posted on

Fraud tip Friday! The Grand Illusion

If you think Good Tone or Conduct from the Top means you have an ethical environment, guess again!

Some of your people are up to no good.

  • Train and design controls using red flags;
  • Develop robust monitoring and feedback procedures;
  • Triage allegations appropriately;
  • Investigate promptly and appropriately;
  • Ensure you remediate based on the root cause(s) and not the symptoms; and
  • Get a quality Fraud Risk Assessment for the Holidays – available here!

Happy holidays and to a great 2019!


Jonathan T. Marks, CPA, CFF, CPA

Posted on

Collusion, Conflicts of Interest, and Corruption!

Corruption can take many forms, but its root cause could and often does include a conflict of interest of some sort and possibly collusion.

OECD states, Conflict of interest occurs when an individual or a corporation (either private or governmental) is in a position to exploit his or their own professional or official capacity in some way for personal or corporate benefit.

The most commonly known fraud involving collision is bribery – something given to influence a specific act to happen – whether given after an act has been performed or made to obtain a future benefit or information. Where there is collusion there may also be a conflict of interest. While this type of fraud doesn’t necessarily involve a distinct third party, it does involve the employee in a role other than as an employee.

This is where an employee colludes with another party (whether from outside or inside the business) to use his role as an employee to obtain a personal benefit.

Frauds that involve collusion usually occur off the books. That is, usually no activity needs to be concealed or hidden in business records.Based on the above, it should be obvious that conflicts of interest can present significant fraud and other risks for corporations, government agencies, fiduciaries, customers and suppliers.

The following ICC Guidelines and a consultation with an experienced fraud examiner can help in fighting wrongdoing.


Recently, the ICC released its Guidelines on Conflicts of interest. As will most guidelines these should be viewed as a tool and can be applied to all organizations – public, private, and not for profits.

The International Chamber of Commerce (ICC) recommends that enterprises closely monitor and regulate actual or potential conflicts of interest, or the appearance thereof, of their directors, officers, employees, agents and representatives and make sure they don’t take advantage of conflicts of interest of others.

Section II of the Guidelines provide among other things a definition of a conflict of interest, with explanatory notes and a description of three types of conflicts with examples. I also provide you with a definition from the New York Stock Exchange’s Corporate Governance Rules below. I suggest reading both.

There is also discussion in Section III of the Guidelines on communication and training, evaluation of a policy on conflicts of interest (with a description of the key elements of a policy), and how to prevent, manage and mitigate conflicts.

The publication concludes by describing four “dilemma” scenarios that can be used as a training aide.

Fraud Risk

Inherently, conflicts of interest schemes are one of the most difficult areas of fraud to detect, investigate, and obtain adequate evidence. Improper investigations can create counterclaims and civil actions against organizations and professionals.

Common conflicts of interest schemes include:

Purchase schemes, which involve the over-billing of a company for goods or services by a vendor in which an employee has an undisclosed ownership or financial interest

Sales schemes, which involve the underselling of company goods by an employee to a company in which the employee maintains a hidden interest

When it comes to detecting conflicts of interest schemes, it’s usually a the failure to disclose because:

Employees, directors, or others don’t understand the potential seriousness of having a conflict of interest or the company’s policy relating to it.

The employee, director, or other party is deliberately trying to conceal or hide the conflict. There shouldn’t be any reasons for employees and others not declare conflicts of interest, assuming they have read the policy and are made aware of their responsibilities.

Other Risks and Activities

Leadership that is controlling or domineering can operate with a long-term view, in alignment with others’ interests.

There can be several risks from controlling or domineering leadership, including the potential for conflicts of interest and abusive related-party transactions that are often difficult to detect, assess, and investigate.  

Why? Because many people have a difficult time avoiding conflicts of interest, they are usually secretive, and the financial or other benefits more often than not are hidden, albeit sometimes in plain sight, but nonetheless can put the individuals involved and their company at risk of regulatory scrutiny and reputational harm.

The New York Stock Exchange’s Corporate Governance Rules defines conflicts of interest as the following:

“A conflict of interest occurs when an individual’s private interest interferes in any way ̶ or even appears to interfere ̶ with the interests of the corporation as a whole. A conflict situation can arise when an employee, officer or director takes actions or has interests that may make it difficult to perform his or her company work objectively and effectively. Conflicts of interest also arise when an employee, officer or director, or a member of his or her family, receives improper personal benefits as a result of his or her position in the company…. The company should have a policy prohibiting such conflicts of interest, and providing a means for employees, officers and directors to communicate potential conflicts to the company.”

I have found the types of activities that can create a possible conflict of interest include:

    Nepotism is the practice of giving favors to relatives and close friends, often by hiring them
    Cronyism is the appointment of friends and associates to positions of authority, without proper regard to their qualifications
    Self-dealing is a situation in which someone in a position of responsibility in an organization has outside conflicting interests and acts in their own interest rather than the interest of the organization

The ICC Guidelines have some examples in Section II that I suggest you review too.

Sarbanes-Oxley (SOx)

For those subject to SOx, in addition Sections 302, 906, and 404, several other sections of SOx relate to internal controls and corporate governance.

Section 406: code of conduct and ethics Section 406(c) requires all US-listed companies to maintain a code of conduct applicable to all directors, executives, and employees with the definition of “code of ethics” as stated in this section. The NYSE Corporate Governance Rules (Provision 10) also require a company to adopt and disclose its Corporate Governance Guidelines and Code of Business Conduct and Ethics.

The code of conduct must be publicly available and must define conflicts of interest, illegal and improper payments, anti-competitive guidelines, and Foreign Corrupt Practices Act (FCPA) compliance, as well as acceptable dealings with employees, suppliers, customers, investors, creditors, insurers, competitors, auditors, and so forth.


Conflicts of interest can be problematic if not understood and managed appropriately.

Conflicts of interest increase the risk of bias and poor judgment because of the obligation to two or more competing interests and usually never end well for those that have consciously avoided the company’s business practices and ethics.

When it comes to fraud risk management, compliance and internal audit need to understand conflicts of interest and address them accordingly.

All conflicts of interest must be documented in writing! This really helps if there is ever an issue, because you can show the regulators the company is proactively dealing with these issues.

I welcome you thoughts, comments, and suggestions.


Jonathan T. Marks, CPA, CFF, CFE