Archive for the ‘Fraud’ Category

Fraud & Embezzlement 2.0

Tuesday, February 16th, 2016

As Certified Fraud Examiner Bryant Truitt, CEO of Brytan & Associates, Inc., tells audiences and clients, you can’t prevent fraud and embezzlement from happening.

Why do people steal from you? Look at the triangle above: pressure, opportunity, and rationalization. You can slow it down and better protect your non-profit if you know where to look and what to do.

Join Mr. Truitt to find out how you can stay ahead of this constant threat to your organization’s financial well being from individuals and gangs. Learn the who, what, when, and where your vulnerabilities are, why non-profits are easy targets, and how you can be better prepared and stay on guard without losing the essence of why you are a nonprofit serving others.

Those of you who got to hear Mr. Truitt two years ago will appreciate the new information he brings as well as reminders of those things that are easy to forget when fighting fraud, embezzlement, waste, and abuse.

CPE credit available upon request. Hosted by TeamNFP with support from your Abila MIP & your TeamNFP Business Partner.

Originally presented: Feb. 2016

Slides: Fraud 2.0 Webinar Feb 2016


No Victims: What CFO’s Need to Know About Fraud & Embezzlement

Wednesday, February 18th, 2015

Bryant Truitt, CEO of Brytan & Associates which has provided practice management assessments for healthcare providers, nonprofits, and other organizations for 18 years, is a busy speaker. As a Certified Fraud Examiner, he has been much in demand because of the rise in fraud and embezzlement by employees.  He was gracious to share how nonprofits can minimize their risk although total prevention is impossible — the crooks just change venue and what they do. Learn what to look for and what to do to keep your revenue out of the wrong hands.

Presenter: Bryant Truitt, Brytan & Associates, Inc.

Originally presented Feb. 2014

What CFO’s Need to Know About Fraud Webinar Slides


Disaster Recovery Should Be Top Of Mind

Friday, April 11th, 2014

Have you given any thought to how long it would take to recover from a server disaster?  Have you actually exercised your recovery plan?  You do have a recovery plan, right?

I have had the misfortune to be involved with two MIP customers who have had such disasters only to discover that there was no backup from which their MIP data could be restored.

In one case, the user had just never tested the usefulness of the backups being made by trying to restore from one of them. When the time came that they were needed, the backups were found to be corrupted beyond repair.

In the other case, the IT staff in charge of backup management incorrectly believed that the MIP data was on the server drive on which they concentrated all their other program data (so that they could focus their back up efforts there and ignore the C: drive). They believed that only system files resided on their server’s C: drive. They were sure that they would always simply recover their C: drive by installing Windows and SQL Server and all would be well. But as you know (or should know), your MIP Organization database is managed in a folder about four levels deep from SQL Server in the Program Files folder tree on the server’s C: drive. At install time, the user has control of where the MIP Share folder will be stored, but none over where the actual database files (.mdf and .ldf) are stored.

Now the IT folks could certainly take the time to detach those files, move them to an appropriate location of their choice, and then reattach them there. But almost no one knows this is necessary.

Does your IT staff know this?

Why not put this down and pick up the phone and find out?

Disaster stats should encourage you to focus on your own disaster recovery plan

  • 6% of all PCs will suffer an episode of data loss in any given year.
  • 31% of PC users have lost all of their files due to events beyond their control.
  • 34% of companies fail to test their backups, and of those that do, 77% have found tape back-up failures.
  • Companies that aren’t able to resume operations within ten days (of a disaster hit) are not likely to survive. (Strategic Research Institute)
  • Every week 140,000 hard drives crash in the United States. (Mozy Online Backup)
  • Simple drive recovery can cost upwards of $7,500 and success is not guaranteed.

Excuses for not conducting a disaster recovery test and having a plan are inexcusable when you have the facts.

There are a lot of reasons a nonprofit doesn’t have a disaster recovery plan or even test. Time or fear of failure or lack of knowledge or money shouldn’t stop you.

Maybe you hadn’t thought about how many ways data loss can occur. Wikipedia lists five major causes and over fourteen different examples:

  • Intentional Action
    • Intentional deletion of a file or program
  • Unintentional Action
    • Accidental deletion of a file or program
    • Misplacement of CDs or Memory sticks
    • Administration errors
    • Inability to read unknown file format
  • Failure
    • Power failure, resulting in data in volatile memory not being saved to permanent memory.
    • Hardware failure, such as a head crash in a hard disk.
    • A software crash or freeze, resulting in data not being saved.
    • Software bugs or poor usability, such as not confirming a file delete command.
    • Business failure (vendor bankruptcy), where data is stored with a software vendor using Software-as-a-service and SaaS data escrow has not been provisioned.
    • Data corruption, such as file system corruption or database corruption.
  • Disaster
    • Natural disaster, earthquake, flood, tornado, etc.
    • Fire
  • Crime
    • Theft, hacking, sabotage, etc.
    • A malicious act, such as a worm, virus, hacker or theft of physical media.

The cost of a data loss event is directly related to the value of the data and the length of time that it is needed, but unavailable. These costs include:

  • The cost of continuing without the data
  • The cost of recreating the data
  • The cost of notifying users in the event of a compromise

You really must be vigilant.

Do you have a disaster recovery plan for multiple disasters?

It’s spring (hopefully) and the winds and weather are still a big problem. Do you have a plan for disaster recovery if you lose your data because of hail or tornado or flood or another act of God? This article by Lindsey Farber in Forbes gives you some great ways to stay ahead of good ole Mother Nature. According to Farber,there are three big benefits to disaster recovery testing that may inspire you to take action:

  1. Clarity of Expectations
  2. Clarity of Assumptions
  3. Clarity of Ramifications

I encourage you to read the article at http://www.forbes.com/sites/sungardas/2014/04/10/how-to-multiply-the-effectiveness-of-your-disaster-recovery-testing/. Then test to find your weaknesses and fix the problems or have an offsite, maybe in the cloud, contingency.

You can’t afford (nor can those you serve afford) to have your nonprofit dead in the water! So, go take care of this before it’s too late.


LEIE Exclusions: Make Sure You Don’t Hire Them!

Wednesday, March 5th, 2014

Office of Inspector General expects you to be careful in who you hire.

LEIE? (no, not the dreaded highway in NYC)

Since fraud was the topic of our recent webinar, it seems natural to turn our attention in this month’s blog topic to one of  importance to all our clients in the health care sector.  The folks at HHS maintain a list of “excluded” people and entities who have distinguished themselves for this treatment by such actions as having been convicted of Medicaid fraud.

From the Office of Inspector General, US Dept of Health & Human Services on their “Background Information” page: (http://oig.hhs.gov/exclusions/background.asp):

“OIG has the authority to exclude individuals and entities from Federally funded health care programs pursuant to sections  1128 and 1156 of the Social Security Act and maintains a list of all currently excluded individuals and entities called the List of Excluded Individuals and Entities (LEIE). Anyone who hires an individual or entity on the LEIE may be subject to civil monetary penalties (CMP).”

“To avoid CMP liability, health care entities need to routinely check the LEIE to ensure that new hires and current employees are not on the excluded list.”

The current list (updated monthly, most recently in January at time of this writing) contains more than 50,000 entries. If you only have a dozen or fewer names to compare to this list, there is a facility on their web site in which you can manually input the names you want to check. (See the link in the right margin of their site titled “Online Searchable Database.”) But if you have a much larger list, this is prohibitively time-consuming and error-prone.

Fortunately, the entire LEIE is made available through the “LEIE Downloadable Databases” link.

On that page you you will find, under the heading LEIE Database, the most recently updated list of excluded individuals and organizations. This month, for example, it is call “01-2014 Updated LEIE Database: EXE|ZIP.” By clicking on the letters “ZIP” at the end, you can download that list.

Unfortunately there is no guidance on how to compare the names on that huge list to your own list to find the matches. So users may be challenged if their spreadsheet and/or database skill aren’t up to the task of making this relatively easy.

The short story is that we have helped with this and can offer assistance to you, as well.

In the case of our most recent client, a user of MIP Payroll, the longer story is that we were able to make them self-sufficient at the task of finding all the matches in their list of more than 300 employees. We left them with instructions that take them through opening the database in excel and eventually populating a table in their MIP database. Then they run a query we saved for them that pulls all the matching names from their employee table (along with the dates of birth and Social Security Numbers they’ll need for the REAL matching exercise on the website).

If you are spending hours at this task each month, ask your Business Partner or call us for some assistance. Lots of them have the skills needed to give you this same level of service.

This needn’t be a task that consumes much more than half an hour or so. And it should be a great relief to your CEO, General Counsel, and Board to know that you are taking the necessary steps to eliminate the risk of being subject to those civil monetary penalties!


Q’s Tips: Protect Your SA Password

Wednesday, November 13th, 2013

Q Recommends MIP’s SafeKey Feature to Help Protect Your SA Account from Fraud & Embezzlement

The SQL Server on which you host your MIP database needs to be secure from those who seek to make unauthorized changes in pursuit of various fraud strategies.

For most of you, this isn’t a major concern. Your IT staff installed the SQL Server and the MIP software and the related system credentalslare under their safe protection.

But many of you may have performed the installation yourselves, or delegated it to the “techie” on your accounting staff.  When the SQL Server was installed, it required the set-up of the “sa” (system administrator) account and the creation of the password for it. That user account name and password must be stored safely. If you aren’t sure where it is, ask your IT staff (if you have one and your business partner if you don’t) to be sure and change that password and to secure it carefully so that none of the accounting staff have access to it. This should reduce any worries you have about fraud or embezzlement and it will definitely please your auditors.

If you’ve been using that account to gain access to the MIP data with SQL Management Studio, Access, or any other external software, have no fear. You can still use those tools, but DO NOT use your sa account for such access. Using  this account gives you “WRITE” access that can result in unintended changes to the data you view!!

Instead, use the MIP SafeKey feature. It will provide you with credentials that will allow you to connect to that data with only READ authority; no WRITING. If you have any questions about SafeKey, give your Business Partner a call.

Final Word

Passwords are precious don’t let just anyone have them. Remember, your computers don’t really recognize the person who puts them in and gains access to your accounts. Make sure it’s just you or authorized personnel only!

(TeamNFP Founder Robert Q Johnson was one of the early developers of MIP and has long been famous for his “Q’s Tips”. We share them with our Certified Business Partners and now are sharing them with everyone. We hope you find them helpful.)


Crowdfunding & NonProfits

Tuesday, November 5th, 2013

Crowdfunding Bible is a useful resource to understand this new option for nonprofit fundraising.

“Crowdfunding” or “crowd funding” is defined in Wikipedia as “the collective cooperation, attention and trust by people who network and pool their money and other resources together, usually via the internet, to support efforts initiated by other people or organizations.”

It’s is a new trend that’s taking off for nonprofits that was just discussed at the Abila MIP User Conference. Just like for for profit businesses, it’s important to recognize it’s not a funding panacea and it works more easily if the non-profit has established its brand. The brand name reduces the risk for donors who want to make sure their money will be used appropriately.

Probably, it’s easier in other ways for nonprofits because the staff of nonprofits, especially the executive team, are used to interacting with donors. This is a new problem for startup for profit businesses who can be frustrated by the time it takes them to respond to their “donors” better known as “investors” instead of spending it on their business.

One thing both nonprofits and for profit businesses must to be aware of are the laws that surround these funds. It’s a relatively new area and so case law is scarce. Nonprofits can expect more laws and regulations and need to keep on top of them. Although this is not meant as legal advice, we do recommend you speak to your lawyer as well as your accountant about crowdfunding— and keep talking if you use this as a way to raise funds. Make sure everyone stays current. Comment on proposed laws where appropriate.

We do also encourage you to buy and read The Crowdfunding Bible by Scott Steinberg or download it for free at his website. Its focus is on for profit businesses but will give your nonprofit some great information.

Just as with any donor funds, nonprofits also need to be watching for the potential of fraud and embezzlement. TeamNFP will be providing a free webinar on this issue through its Certified Business Partners. Be sure to contact your MIP partner for dates and to reserve a spot. If you don’t have an MIP partner, please check out our partners. Also ask them for a demo of our Positive Pay TM8 4.0 and Check Clearing TM8 1.1 to help you and your bank prevent fraud.


Fraud Hits Nonprofits Hard — Are You Safe?

Friday, November 1st, 2013

IRS Form 990 entries can signal fraud

If you thought your nonprofit was safe from fraud and embezzlement, think again. According to a Washington Post article, thousands of nonprofits have found “diverted funds”. The Association of Certified Fraud Examiners ranked charities, religious organizations and social services as #19 in their 2012 report of Occupational Fraud & Abuse with median losses amounting to $85,000. (more…)


Protecting Your NonProfit Name in New Domain Game

Wednesday, October 30th, 2013

Guard your nonprofit brand. Photo by CarbonNYC

Our posts are about productivity, reducing waste, and preventing fraud. But we just ran across this initiative of the Better Business Bureau on brand security and we wanted to share it.

There is a potential threat to your nonprofit from the imminent release of over one thousand generic top level domain names (gTDLs). The Nonprofit Committee of the International Trademark Association (INTA) presented a webinar on these topics on September 10, 2013. It talked about the threats, brand protection measures your non profit should take, and brand protection measures that are available.

We encourage you to hear the recorded webinar by going here. Then take action. Don’t leave yourself open to imitators and brand thieves.

We also encourage you to keep up to date on the Better Business Bureau’s advice for nonprofits and donors.