Duke’s Devil is in the Details
On March 25, 2019, Duke University entered into a settlement agreement to pay over $100 million related to claims that it had falsified medical research data in an effort to win and maintain environmental and health research grants from various federal agencies. The alleged falsified data was purportedly linked to one researcher in the Pulmonary Division, Erin Potts-Kant, who was terminated by Duke in 2013 for misuse of grant funds. A former research analyst, Joseph Thomas, discovered the allegedly falsified data while employed by Duke, conducted his own investigation, and brought a qui tam action on behalf of the government.
Thomas contended that Potts-Kant’s misconduct spanned multiple years and, during that time, no one reviewed the data she produced for accuracy or compared it against the raw data stored by the lab machines. According to the complaint brought by Thomas, Duke received 53 grants totaling approximately $112 million that were based on the Potts-Kant’s falsified data. Thomas also claimed that the fabricated research results were used to co-author 38 scientific papers and journal articles, which have subsequently been cited in 417 scholarly articles.
Prior to the allegedly fabricated research results coming to light, Potts-Kant was charged with embezzlement in 2013 for carrying out a fictitious expense reimbursement scheme and for using her Duke issued Purchase-Card (p-card) to make an unacceptable purchase, which were both linked to grant funds. The fictitious reimbursement scheme purportedly involved Potts-Kant making personal online purchases and producing fabricated invoices for scientific equipment and supplies in order to submit for reimbursement. Using her p-card, Potts-Kant allegedly purchased all the alcohol and meals for a group of personnel that went out to dinner and indicated that “No one looks at the invoices.” The reimbursement scheme was discovered during a cost-savings analysis of lab equipment and supplies. The p-card incident was claimed to have been reported to a business manager but no action was taken.
There are several takeaways from the chain of events above.
- Organizations should empower employees to raise issues to the appropriate parties and have proper reporting mechanisms in place to do so.
According to the Association of Certified Fraud Examiners (ACFE) 2018 Report to the Nations, tips are the most common fraud detection method; therefore, the presence of a proper reporting mechanism is a valuable tool to identify potential fraud. These mechanisms may include a hotline, web-based form, or email address. Employees should also have the option to report to a direct supervisor or decision-maker. As such, organizations should communicate policies that encourage employees to notify the appropriate party of potential wrongdoing and also provide employees a sense of protection from retaliation.
- Appropriate controls should be established and implemented related to p-cards issued by organizations, especially when tied to government funded money.
In order to reduce the opportunities for, and likelihood of, p-card abuse, organizations may consider implementing some of the following controls:
- Submit p-card purchases along with supporting documentation, to a direct supervisor for review and approval. Receipts should be provided to indicate what items were purchased, and the supervisor should assess for appropriateness and reasonableness.
- After approval from the direct supervisor, p-card purchases should be reviewed by a second supervisor/manager outside of the employee and supervisor’s department. Items included on supporting documentation (i.e., receipts) should be reviewed for reasonableness and for compliance with internal and external regulations for the use of the funds.
- A monthly reconciliation should be performed by accounting personnel/p-card coordinator, in which supporting documentation is compared against the p-card monthly statement. Items to reconcile will include appropriate approvals, dollar amount, vendor name, and purchase date.
- Purchases should be restricted to specific merchants that are relevant to the employee’s department and role.
- If an employee is caught committing some type of fraud, no matter how small, it is imperative to assess everything the employee has had a role in and whether further risk exists.
The assessment should be conducted by an independent party and not an employee’s direct supervisor. If additional misconduct is found, an organization needs to evaluate the risk of the additional misconduct and get an independent party involved to ensure the proper steps are taken. In this instance, it does not appear that Duke fully assessed the ramifications of the former employee’s actions. The independent party can be internal or external to the organization, such as the general counsel’s office, internal audit, or even a consultant reporting into the general counsel’s office.
Occupational fraud can be committed by employees at any level and, as seen with the Duke incident, organizations may suffer significant ramifications as a result. Not only can an organization be impacted financially, but fraud can damage an organization’s reputation. For these reasons, it is important that organizations establish and implement proper controls and empower employees to raise concerns of potential wrongdoing. If an employee is found to have perpetrated some type of fraud scheme, the organization should make sure that other areas influenced by the employee were not compromised. With appropriate controls in place, an organization can reduce the opportunities for fraud and protect its assets and reputation.