Fraud Case Study: Tales of Fraud in the IT Department

Tales of Fraud in the IT Department 

Fraud is a significant concern for organizations, with reported cases and financial losses steadily increasing according to the Federal Trade Commission. In 2021, consumers reported losses exceeding $5.8 billion, a staggering 70% increase from the previous year. 2022 numbers are still being calculated, but the trend of rising fraud cases persists annually.

Employee fraud spans various forms, ranging from small instances like expense report manipulation to larger-scale embezzlement. Instances of fraud can persist over extended periods, leaving businesses perplexed about its onset and duration. Often, fraudsters are caught not by the act itself, but due to their escalating greed for increased gains.

RadiusPoint, specializing in Telecom and Utility Expense Management, has encountered numerous instances of fraud. Some cases have been proven and prosecuted by authorities, while in others, suspicions of employee fraud have led to discreet dismissals once RadiusPoint delves into telecom and IT expenses and contracts. The company has also provided documentation and insights to prevent fraud within IT departments or telecom services.

What Kind of Fraud Can Be Lurking in Your IT Department?

Wireless device usage continues to surge annually, fueled by wearable devices and remote work policies that often provide employees with wireless phones, iPads, or similar devices. For large organizations, adding wireless devices is routine, facilitated by negotiated contracts offering discounted purchases and waivers for early termination fees.

In a striking case, RadiusPoint uncovered internal fraud amounting to over $350k tied to monthly wireless device purchases at a healthcare organization. An IT employee exploited the system by purchasing Apple iPhones and iPads through the company account, setting up monthly services under the corporate account, and then selling these devices for personal gain. The scheme involved ordering devices, arranging services, and coding the costs to a specific Cost Center with the manager’s approval. The employee then canceled these accounts without incurring early termination fees, leveraging the negotiated contract terms. The fraudulent activity went unnoticed until RadiusPoint raised concerns about unassigned devices and an outsider inquiring about the excessive device offloading. More than 700 devices were ordered in a short span, resulting in losses for the company, including device costs, the first month’s service, and the ETF.  The case gained traction with the involvement of the Department of Justice, leading to the prosecution of the former employee.

Another form of fraud, albeit harder to substantiate, involves a recurring pattern where the approving party consistently selects the same vendor for significant contracts and receives kickbacks in return. This type of fraud poses challenges in proof and often leads to the discreet dismissal of the involved employee. In a recent case of this form of fraud, RadiusPoint conducted an audit for a multi-location healthcare equipment organization, examining data circuits, invoices, and contracts. This revealed multiple contract violations spanning various years and locations, encompassing data circuits, Sonet rings across cities, and an MPLS platform. Initially, the audit led to recovering $300K in contract violations and overcharges from the vendor. Subsequent audits expanded to other services and contracts, uncovering an additional $250K in discrepancies. The employee responsible for negotiating and approving these contracts discreetly vanished from the company.

How Can You Bolster your IT Department’s Defenses Against Fraud?

Establishing a standardized workflow would have significantly mitigated fraud and theft risks. However, several additional policies could reinforce the legitimacy of vendor orders:

  1. Implementing a uniform Workflow for ordering new services.
  2. Mandating cost center and individual assignments on vendor order forms.
  3. Introducing a secondary approval process for equipment orders.
  4. Verifying equipment purchases through monthly reporting by your TEM provider.
  5. Ensuring monthly documentation from vendors for new equipment or services approval.
  6. Sending RFPs to multiple vendors for side-by-side evaluations of proposals.
  7. Sharing agreed-upon contract rates with the team handling monthly invoice validation.
  8. Requiring Quarterly Business Reviews to validate billed rates accuracy.

While no plan is foolproof, adhering to specific purchasing and contracting policies can significantly diminish the risk of fraud. RadiusPoint can assist by scrutinizing your invoices and contracts for any potential concerns.