Empowerline Reaches Milestone

The OIG hotline--Empowerline--recently reached the milestone of 300 contacts since its inception on January 30, 2006.  Although we can’t give a prize to the 300th caller, we can tell you about the type of people who call Empowerline, the nature of the concerns they express, and what happens when they call.

Who Calls Empowerline?

Many of the people who call Empowerline choose to remain anonymous so we don’t know their identities.  However, we can tell you the type of person we think they are. 

“In the April 2007 issue of the OIG Connection, we talked about why people commit fraud and the fraud triangle--opportunity, pressure, and rationalization,” says Inspector General Richard Moore.  “I’d like to suggest a whistleblower triangle.”

“We have found several recurring critical factors in people who call us,” Moore says.  “First and foremost, they believe what they are doing is right.  Secondly, they have to feel safe.” 

How many times have you sat in a meeting where you know that everyone in the room disagrees with the decision being made, but no one will say anything?  What makes it your responsibility to speak up?  Fraud and waste are not victimless crimes.  Everyone at TVA and all the TVA ratepayers are victimized any time TVA is cheated or money is wasted.  Reporting your suspicion could save TVA millions of dollars.

You’ve all read about famous whistleblowers such as those in Enron.  Did you know we have whistleblowers at TVA who also have made significant contributions?  Unfortunately, we can’t tell you about them or specifically what they’ve told us, because we take whatever steps are necessary to protect their identities, but the person standing next to you may be an unsung hero.

What Concerns Do Callers Raise?

Examples of the matters reported to us include the following.

• Thefts such as a $3,000 welder, copper wire, tools, and other TVA equipment.
• Vendor overcharges, including a belief that one vendor routinely submitted overcharges and billed for ghost employees.
• A concern that TVA threw away millions of dollars of spare parts that would have to be re-stocked.
• Individuals who receive workers’ compensation benefits for total disability while at the same time working at other jobs.
• A TVA manager doing business with a shop owned by his family members.
• A TVA employee who sells drugs.
• A physician who charges inflated amounts to assist workers in pursuing questionable workers’ compensation claims. 

What Happens When You Call?

“People who call the OIG want to make a difference,” Moore says, “and we’ve tried to make it easy to call us.”  The OIG has established a hotline that is available 24/7 by phone or web.  It is answered by an outside contractor to further protect your confidentiality.  You can call 1-877-866-7840 or go to www.OIGEmpowerline.com.  “It’s easy to be anonymous,” adds Moore, “and we'll take your concern seriously whether or not you leave your name.” 

Even if your identity is anonymous, you can communicate further with the OIG through a tracking number that will be assigned to you.  “There is no way anyone can know who the tracking number is assigned to,” Moore assures.  “The number is given to the caller solely for their use in checking back to see what the OIG has posted under that number.  We try to respond to everyone who contacts us to let them know how their concern was handled,” Moore adds.  “While we don’t have the resources to investigate every issue raised to us, we ensure every matter is heard by the appropriate parties, and we track resolution of each concern.”

Self-Reporting Fraud Gives Contractors Another Option

Can a company be held responsible for acts committed by one of its employees even if the company explicitly prohibited the conduct?  It may not seem fair, but the answer is yes.  A company can be held both civilly and criminally responsible for the acts of its agents, even if the company took affirmative steps to prevent that conduct.

Contractors obviously are in the best position to first identify possible fraudulent actions in their company.  Because they may be held liable for that conduct, however, it appears they have little incentive to self-report when they suspect their employees may have violated the law. 

TVA has tried to encourage self-reporting.  Under TVA’s Supplier Code of Conduct, which is included in all TVA contracts, suppliers are encouraged to contact the OIG to report suspected fraud, waste, or abuse affecting TVA programs or operation.  As you might expect, however, contractor calls to self-report fraud are few and far between.

Faced with this dilemma, the OIG looked at what other agencies are doing to encourage contractors to self-report.  We found two separate approaches--requiring self-reporting in the contracts themselves and providing incentives for self-reporting.  We decided to adopt both approaches.

First, at our request TVA is adding language to major contracts that require contractors to self-report suspected criminal activity.  This requirement is consistent with a proposed new Federal Acquisition Regulation that also would require notification whenever a contractor becomes aware of a violation of federal criminal law.  Both Procurement and Commercial Operations and Fuels have been extremely supportive in getting this language added to new contracts.

Second, like other agencies such as the Environmental Protection Agency, Health & Human Services, and the Department of Defense, we are offering incentives for self-reporting, as further explained below.

Incentives for Self-Reporting Contract Fraud

Incentive #1 If the OIG accepts a contractor into the Self-Reporting Program and the contractor promptly and fully refunds to TVA the amount of any overpayments that TVA made to the contractor, the OIG will recommend the following.

• That the Department of Justice (1) grant transactional immunity to the company for self-reporting illegal activities and (2) not pursue any civil False Claims Act action.
• That TVA not terminate the contract for default or recommend debarment based solely on the self‑reported activity.
• That TVA not consider the fraudulent conduct as a negative evaluation factor when deciding on any future contract awards.

Incentive #2 The OIG generally will allow a contractor accepted into the Self-Reporting Program to conduct an internal investigation, which the OIG will then quickly verify instead of the OIG conducting the entire investigation itself.

Requirements for Acceptance Into Self-Reporting Program

For a contractor to qualify for the incentives of the Self-Reporting Program, the following conditions have to be met.  

• The OIG had not received or developed information about the activity before it was reported, and the disclosure was not triggered by the contractor’s recognition that the underlying facts were about to be reported to the OIG by a third party or that TVA or another agency was about to discover them.
• The disclosure was made on behalf of the business entity itself.
• The contractor took prompt and complete corrective action, including disciplinary action and restitution where appropriate.
• The contractor promptly and completely reported the matter after discovery.
• The contractor provided full, continuing, and complete cooperation to the OIG throughout the investigation.

A contractor may be removed from the program if the contractor stops cooperating with the OIG investigation or takes other action inconsistent with the purpose of the program.

More information about the OIG’s Self-Reporting Program can be found on the OIG web page.

What Does the Popular Television Show, CSI, Have to Do With the OIG?

With the explosion of shows like “CSI,” “Forensic Files,” and “The First 48” populating TV screens throughout the country, we can easily imagine a murder victim in a sterile exam room lying under the exacting eye of a forensic scientist picking them apart in order to put their story together.

Through this all-important reconstructive process, criminal investigators are often able to solve the mystery of whodunit, when they did it, and how they did it faster than ever before.  And, because DNA doesn’t lie, jurors often accept the findings as fact bringing justice swiftly to the killer.

What does the OIG have to do with forensics you might ask?  A lot actually.  Only the crime isn’t murder, the body isn’t human, and the forensic examiner is a computer guru.

What happens when the OIG hires Inspector Gadget?  It’s a match made in OIG heaven.

Resident Inspector Gadget Curtis Phillips--also known as Special Supervisory Agent Phillips--works with computers almost as much as people.  Phillips’ forensic activities focus on microchips and megabytes rather than teeth, bone, and hair; but he is able to reconstruct a person’s computer activities just as the medical examiner reconstructs a person.

His locked room contains tools, programs, and equipment that few people will ever have access to.  It is here that potential evidence of crimes committed by TVA employees or contractors can be uncovered byte by byte.

Looking at lines and lines of computer code may sound mundane, but not to Phillips.  Each component of code can be as revealing as a molecule of DNA evidence.  Phillips is limited in what he can say regarding the methods he uses to find out what’s on people’s computers.  Suffice it to say, Phillips can retrace almost anything someone has created using a TVA computer.

“All of the OIG investigators use computer forensics now to further their cases,” Phillips noted.  “Without this vital piece, many cases would be incomplete.”

Fish Are Not the Only Ones Threatened by Fishermen

Remember when fishing, spear-fishing, and SPAM referred to a water sport and canned ham?  Nowadays, phishing, spear-phishing and SPAM are dangerous games than can cost you your very identity.

So, when did fishing turn criminal?  When it went cyber.

In these computer crimes, people have become the phish and the phishermen are technologically advanced criminals looking for free money by taking on your identity. The internet is their sea where opportunities abound to reel in unsuspecting computer users.  There is a one in four chance you can become a victim of a cyber crime according to consumer reports which also projects that more than $7 billion has been lost in U.S. dollars during the past two years to computer crimes.

The 2007 Cyber Security Summit that took place October16 and 17 at The University of Tennessee in Knoxville was designed to educate network administrators on how to protect their phish from predators looking for their bank account information.

“The scams that are out there now have gotten incredibly sophisticated in recent years,” said Phillips.  “Now you can receive an e-mail offering you a low interest credit card that looks like it came from your bank and a lot of people will take the bait.”

This on-line phishing scheme involves on-line criminals making a copy of an e-mail sent out by a legitimate banking institution and changing the web links so that when people click on them and input their bank account and other personal information, they will actually be revealing that information to criminals.  “With a name and a social security number, you can get pretty far in stealing someone’s identity and ultimately their money,” Phillips noted.  “Spear-phishing involves targeting specific people, such as CEOs whose identities are already known to the criminal.”

Head of the Federal Bureau of Investigation Cyber Division and keynote speaker Jim Finch explained the process of victimization that takes place in an internet scam.

The cyber criminal creates malicious computer code and embeds it in an e-mail attachment that is sent out via mass e-mailing or SPAM to a large number of computer users.  The messages the receiver may get can range from, “You have won a seven-day vacation to Hawaii” to “Let us help you debug your computer.”  Once the user opens the attachment, the malicious code is downloaded on to their computer.

“It then phones home or beacons to its creator,” Finch explained.  The code is often designed to record key strokes so the criminal can get identity and ultimately bank account information that the user keys in.  The criminal can also create code that accesses the user’s contact list or address book and sends phishing e-mails to all of his or her computer contacts.  Since the e-mail looks as if it was sent from the user who is already an established contact, people are more likely to open the malicious attachment.

“People can be the greatest risk to a strong information security system,” Finch added noting that social engineering and other scams are really just “good ole fashioned deception.”

This was the third Cyber Security Summit hosted by TVA’s Information Services, TVA OIG, The University of Tennessee, the Fountainhead College of Technology, and the Federal Bureau of Investigation.

In continuing our series on fraud, this edition of the OIG Connection will focus on what to look for in suspected cases of fraud and how to report them.

Fraud--It's Easier to Spot if You Know What to Look For

Business-related fraud losses in this country are reported to total more than a trillion dollars a year with four out of five companies being victimized in the past year.  In a recent global survey, risk consultant Kroll, Inc., found that one in ten large business enterprises lose more than $100 million annually due to fraud with larger companies losing six times more money than smaller ones.

Federal agencies are also at a high level of risk for fraud with the United States Department of Justice reporting that in 2006 alone it recovered $43.1 billion in connection with fraud and false claims against the government.  In a 2003 survey involving only U.S. companies, KPMG found that three out of four of the companies surveyed reported they had experienced an instance of fraud.  Some 72 percent of U.S. organizations reported that in 2006 they experienced attempted or actual payment fraud involving corporate purchasing cards.  Past convictions for purchasing card misuse demonstrates TVA’s vulnerability to this particular type of crime.

With billions of dollars a year in procurement and voluminous activity in the high risk area of construction, TVA has significant exposure to the potential of fraud and waste.

“Fraud is defined as any intentional or deliberate act to deprive another of property or money by deception or other unfair means,” said Nancy Holloway, OIG Senior Special Agent.  “Waste has more to do with an exorbitant overuse of TVA resources, such as unnecessary or excessive spending on supplies, equipment, or other business necessities.  Waste does not always involve intentional deception that personally benefits someone the way fraud does.”

“Fraud costs companies a tremendous amount, but with some notable exceptions, the companies can often survive the loss,” Holloway added.  “It’s the people who commit the fraud that usually end up losing everything financially, reputation-wise and often relationally too.  It’s not uncommon for spouses to leave their husband or wife after they have been charged with or convicted of fraud.”

But despite the risks, people still gamble they won’t be caught.  “They live double lives,” Holloway said.   “It’s often hard to tell, much less believe, your friend or family member is involved in any kind of crime whatsoever, but about 88 percent of people who commit fraud have no criminal background.”

“Sometimes the problem in spotting fraud involves our own beliefs especially around authority, Holloway explained.  “Many of us have been taught to respect and trust people in authoritative roles.  What we need to realize is that the people in those roles are susceptible to temptation just as any of us would be and they too need to be held accountable for their actions.”

Because fraud is often something employees don’t know how to look for, Holloway teaches the possible signs of fraud including:

• Billing rates or prices in excess of contract terms
• Estimates presented in an unclear way
• Costs billed that were not incurred or allowed on the contract such as freight, taxes, or fees
• An unusual number of credits or adjustments
• A lack of documentation for services rendered or products delivered
• Duplicate billings for the same service
• Altered documents
• Frequent complaints by users of suppliers or services
• Complaints by other vendors
• Vendors offering gratuities, gifts, or bribes
• Verbal agreements outside of contract terms

Holloway detailed some of the fraud cases at TVA that included people in authoritative roles.  One involved a Browns Ferry Nuclear Plant custodial supervisor who was sentenced for fraud because he was receiving kickbacks from a telemarketer for purchasing supplies at five to ten times the normal cost.

Another involved a TVA line foreman sentenced to six months in federal prison for using a TVA gas card to purchase about $45,000 in gas for others.  The foreman would provide gas to others at TVA’s expense in exchange for cash.  For example, if someone wanted $10 in gas, the foreman would offer to provide $20 in TVA-purchased gas in exchange for the $10 in cash.

Holloway cautions that almost anybody, whether in a role of authority or not, can succumb to fraud if the right circumstances exist.  Some circumstances that make companies vulnerable to fraud include:  geographical distribution, a large number of employees, recent downsizing, a transient work force, extensive use of contract employees, complex IT arrangements, complicated processes, and time pressure.

“Two fraud schemes we see repeatedly at TVA,” Holloway explained, “involve incorrect cost charging and product substitution."  One example involved a vendor charging for emptying industrial-sized garbage containers at a TVA facility.  Suspicions were raised when TVA employees realized the vendor was charging for emptying every container every time they were on site.  Based on employee tips, the OIG opened an investigation, and TVA recovered more than $500,000.

“Another scheme involved purchasing coal from a company that mixed substitute product called ‘petcoke’ with actual coal,” Holloway added.  TVA employees were the first to discover the substitute product, and several companies have been convicted as a result of this scheme.

“Without the help of TVA employees in that and other cases,” Holloway said, “we would never have known about the fraud and TVA would not have recovered millions.”

What YOU Need to Know and Do

• Fraud can be very subtle--often looks like a mistake.
• YOU are the eyes for detection (Frontline).
• Be skeptical (Trust but Verify).
• Know the contract terms and conditions.
• Review supporting documentation.
• Don’t “rubber stamp” approvals.
• Look for fraud Red Flags, trends, and outliers.
• Report any POTENTIAL fraud.