Fraud risk and ten red flags to assess risk levels within your institution

Detecting and preventing fraud in higher education

How colleges and universities can recognize and reduce fraud risks to enhance fiscal resiliency

As the firm leader of Baker Tilly’s global fraud and forensic investigation, compliance and integrity services practice, Partner Jonathan T. Marks has seen just about everything during his career. Marks has spent more than three decades investigating and advising on risk, governance, fraud, compliance and misconduct in various industries, including higher education.

Marks recently joined our Higher Ed Advisor podcast for an eye-opening conversation with host, Higher Education Practice Leader Dave Capitano about why fraud occurs in higher education. They discuss the leading warning signs of fraud risk, internal and external pressures leaders face that may lead to committing fraud and the frameworks for detecting and preventing fraud at institutions. Marks also shared examples about how proactively engaging with a fraud specialist helped one institution prepare for and manage fraud risks now versus reacting to a crisis tomorrow.

Because no two colleges or universities are alike, Marks takes a surgical approach to fraud and forensics in the higher education environment. He seeks to understand an institution’s culture, operations and barriers to success as he creates a risk profile and attempts to understand what is truly taking place on campus.

How and why fraud happens in higher education

Fraud occurs in higher education due to many reasons, including internal and external pressures that colleges and universities face in a highly competitive industry that is experiencing the need to transform at a rapid rate. Institutional leaders are under significant pressure to increase enrollment despite budget limitations, support student needs with thinning resources, uphold a positive reputation, maintain or improve rankings and meet overall fiscal targets, among a number of other obstacles. Additionally, many institutions have decentralized operations with weak or no internal controls in place – no one to conduct timely reviews of critical information, no clear segregation of duties and no continuous auditing or monitoring programs to detect red flags or worse, fraud.

Institutional integrations

Consolidations between institutions can complicate matters as well. In any transaction where two entities are merging systems, people and operations, “there is an opportunity to sweep things under the rug,” notes Marks. Merger situations can be high-risk and should be closely examined under the right microscope – both before and after the combination. “In fact, the post-merger integration is where issues commonly arise,” he points out. After an institutional integration, it is important to observe and ask questions, such as: how have the schools blended? Is there one culture, or two? Are pervasive issues existing in the combined entity? Then, Marks advises, use the feedback from the answers to these and other questions, along with supplemental information, to recalibrate the overall organization-wide fraud risk landscape.   

These risk factors should be viewed under the mindset that consolidations put additional pressure on college and university leadership and employees. Oftentimes, leadership feels a need to justify why they made a major decision, such as a consolidation, while employees naturally feel compelled to justify their post-integration roles, particularly in comparison to their counterpart at the other institution. This type of anxiety, at times, can lead to riskier or unethical behavior, or even fraud.

Vendor fraud

Reports show that vendor fraud (both in higher education and across commercial industries) is another area that has seen a recent uptick. Everything from shell companies and conflicts of interest to pay-to-play schemes has crept into the higher education space, oftentimes leaving organizations scrambling for answers to problems that were not anticipated.

Marks explained, “If vendor activity is not properly monitored or if risks are not easily understood, those risks come back to haunt management.” This demonstrates the critical role that internal controls, monitoring, reporting and effective governance play not only in deterring vendor fraud but all types of fraud.

Assessing fraud risk: ten red flags to determine an institution’s risk level

As part of the comprehensive podcast discussion, Marks outlined ten red flags to look for when assessing risk or examining potential fraud in higher education:

  1. Management style: is it autocratic or is it participative? If one individual leads all institutional operations, then that typically poses a higher risk of fraud.
  2. Management orientation: is the institution power-driven or achievement-driven? Power is like fire; useful but can also be dangerous.
  3. Distribution of authority: is it centralized or decentralized? In a combination between institutions, the authority distribution can have a very different look pre- and post-integration.
  4. Planning: Is the institution’s planning mindset generally more short-term or long-term? Short-term mindsets often come with a higher level of risk.
    Note: “Short-termism” is a conscious decision by management to take positions that will have a positive impact in the near future, knowing that such positions could harm the long-term health of the organization.
  5. Data: can the institution accept being ranked No. 2 or No. 4, or is it consumed with being No. 1? Is the institution constantly endeavoring to be better than someone else or striving to improve overall?
  6. Performance measurement: do leaders take a qualitative or quantitative approach, or both? How is the institution measured? Is it profit-focused or student- and mission-focused?
  7. Management strategy: is the institution managing by crisis or by objective? Managing by crisis typically is a riskier strategy for an institution.
  8. Reporting: is the institution reporting by exception or by routine? How is the communication, transparency and flow of information within the organization?
  9. Policies and rules: are they rigid and strongly policed, or are they fairly and consistently enforced? 
  10. Overall satisfaction perspective: what is the overall attitude of the institution and how are they perceived? How happy are the employees? How happy are the students? Sometimes asking the simple question, “Are you happy?” can tell institutional stakeholders and constituents everything they need to know about the organization.

As a key part of the conversation, Marks noted that red flags are not necessarily bad. The healthy way to regard red flags is by simply viewing them as observable events that cause an institution to take pause or consider digging a little deeper. Observing multiple red flags increases the level of potential fraud risk, but generally, institutions should treat red flags as a reason to stop, pause, understand why the red flag exists and use them as an opportunity to enhance internal controls and training that should help minimize risk.

For more information about detecting and preventing fraud risk in higher education, or to learn how Baker Tilly can help your institution proactively manage fraud risk, contact our team.

Beer flight with pretzels
Next up

Distressed companies searching for answers find a solution in Baker Tilly