• Home
  • >
  • Blog
  • >
  • Fraud Indicators and Red Flags, Part 1

February 17, 2025

Fraud Indicators and Red Flags, Part 1

red flag

Part 1:  When Audit Managers Knowingly Skew Audit Results


Written by Carl J Byron, CCS, CHA, CIFHA, CMDP, CPC, CRAS, ICDCTCM/PCS, OHCC and CPT/03 USAR FA (Ret)

Fraud cannot be eliminated. No system is completely fraud-proof, as any system can be bypassed or manipulated. However, it can be detected early by paying greater attention to common fraud indicators. This article follows a road less-traveled by discussing the potential of audit managers knowingly skewing audit results causing unintended consequences within what appears to be a well-functioning compliance program.

Introduction & Defining Terms

The Office of Inspector General (OIG) provides compliance guidance documents for healthcare provider use.  There are also self-reporting mechanisms in place to report overpayments on the OIG website (Self-Disclosure) and Self-Referral Disclosure for voluntary self-reporting of overpayments on the Centers for Medicare and Medicaid Services’ (CMS’) website.  Detecting these errors resulting in potential overpayments is typically accomplished through efficient auditing and monitoring programs coordinated under the direction of the organization’s Compliance Officer or Compliance Department.  But is the oversight of the audits manipulated to achieve particular performance goals? Could it result in the “cobra effect” (explained further below). Is anyone monitoring the integrity of the Audit Managers?

fraud prevention

Tons of information can be found on the Internet, books, articles, etc. on fraud detection and prevention in healthcare.  Typical publications and investigative reports illustrate involvement of providers, executives and even lower-level employees. 

But there is nowhere near the focus on mid-level managers; those who are the go-betweens of the C-Suites and Internal Auditors and their immediate supervisors. Because the monetary variance with the executives/owners is so different, they are left out.

In my experience, it appears that the mid-level fraud aspect is recognized primarily by two government entities, one federal and one state, which will be referenced throughout this article. The list of terms and definitions used throughout are below for reference.

Cobra Effect- a situation where an attempted solution to a problem inadvertently makes the problem worse due to unintended consequences. 

Conspiracy- Britannica defines conspiracy as “in common law, an agreement between two or more persons to commit an unlawful act or to accomplish a lawful end by unlawful means.The Law Dictionary defines Criminal Conspiracy as “A combination or confederacy between two or more persons formed for the purpose of committing, by their joint efforts, some unlawful or criminal act, or some act which is innocent in itself, but becomes unlawful when done by the concerted action of the conspirators, or for the purpose of using criminal or unlawful means to the commission of an act not in itself unlawful.”

Indicators and Red Flags- For the purpose of this article the two terms are used synonymously: Signs of deception or suspicious aspects of behavior or misrepresentations that can lead to illegal payments or claims. 

Perverse Incentive(s)- An incentive (reward or motivation) that unintentionally leads to negative or undesirable outcomes.

Plausible Deniability- Although this can be found in dictionaries there is no official, or even strictly legal definition. An explanation is far more effective. By far the best is the updated July 17th, 2022 article in The Law Dictionary2. It is not nearly as neat as one would expect; but the article displays how fraudsters who game the system apply this in their daily activities:

“Plausible deniability is defined by the dictionary. But it’s not technically a legal term or defined in any legal documents. Which makes it a much looser term than it sounds. On top of that, plausible doesn’t mean trustworthy, possible, or even likely. Plausible means you could conclude that something might or might not be possible. But usually theoretically, superficially, or suspiciously. It doesn’t necessarily have to be a “reasonable” conclusion, either. In its broadest sense, the term usually points to a lack of proof. After all, innocent until proven guilty is the backbone of our legal system. So, if there’s no proof, it’s plausible they could deny it.”  The definition continues to state “Essentially anything illegal or unethical that can be explained away under an innocent and probable guise – true or otherwise – falls under plausible deniability. Even if the plausibility of the denial is suspicious. However, in the ‘60s, the CIA took the term and expanded on what plausible deniability means to them. And the CIA’s version is the one that became popularized.  To the CIA, it’s the act of withholding information from senior officials to protect their higher-ups in the event the information becomes public. Whether the information was actually withheld or not matters little in court if there’s no proof to the contrary.”  The Law Dictionary Article goes further and indirectly shows us the dangers posed by managers who use it:

While it might seem like a minor tweak, the CIA’s definition puts blame on subordinates. This blame swap alleviates pressure on more senior officials. Which you may or may not frown upon.  And I get that. Most people expect superiors to be held accountable for the actions of the subordinates. But if they have plausible deniability, the senior officials can’t be held accountable. This is true even if the actions clearly only benefit the superior who “wasn’t” in the know.  It also applies if an implication was made that spurred on illegal or unethical actions. An example would be a sinister comment in a suspicious tone followed by an equally suspicious exaggerated wink. That is, providing the superior can write it off as a misunderstanding.  However, in cases where someone genuinely didn’t know something was happening, they can’t reasonably be held accountable for the other person’s actions. Regardless of management practices and chains of command, if someone really doesn’t want you to know something, they’re really just not going to tell you. Famously, Ollie North (Lt. Col. Oliver L. North from the Iran-Contra scandal) called this situation “absolute deniability.” Ollie’s argument was if you’re genuinely not aware of or did not do something, that’s not plausibility – it’s just not a thing.

This seemingly convenient loophole is meant to uphold the burden of proof. And – before you cry outrage – the burden of proof is for your benefit as well. So, it’s kind of important if you care about your rights. However, that’s not typically how we think of plausible deniability. And that’s certainly not how we’ve seen it pan out in the political or corporate arena. Real-world plausible deniability can (and does!) encompass things like thinly veiled threats, false advertisements, sexual harassment, stalking, discrimination against legally protected characteristics like race, age, gender, and sexual orientation, as well as a slew of other instances.”

question mark

Why Focus on Mid-Level Audit Managers?
The Data Speaks for Itself!

The Association of Certified Fraud Examiners (ACFE)1 conducts biannual surveys of its members and one of the questions is what effect the perpetrator’s position has on fraud. ACFE graciously has given me permission to use their surveys and data for this publication.

Since the surveys began in 1996, questions on the survey focused on fraud committed by position. Three positions were given by respondents:

  1. Executives/owners;
  2. Employees; and
  3. Managers.

A recurring trend emerged. The trend breaks down generally (but consistently):

  • Executives/owners account for the least number of cases but the most losses in money.
  • The employees by contrast account for the greatest number of cases but the least amount of monetary losses.
chart graphic

But the surprising result, given the relative scarcity of information, was on managers.

  • In every survey conducted, the ACFE found managers account for fewer cases than employees; but 250%-300% monetary losses.

The Data Speaks

Data gathered in 2018 was a sign of things to come. The ACFE survey found most perpetrators were either employees (41.2%/median loss of $50.000.00) or managers (39.5%). But the median loss due to managers was $150,000.00: 3 times that caused by employee fraud.

In the ACFE’s 2020 survey employees accounted for median loss of $60,000.00 and managers, $150,000.00 or 2.5 times that of lower-level employees.

Forward to 2022 and employees accounted for median loss of $50,000.00. Managers again took a far larger proportion of median losses, totaling $125,000.00 2.5 times that of employees. In the 2022 survey the ACFE also stated “Frauds committed by higher-level perpetrators also typically take longer to detect.” “One of the challenges of dealing with fraud committed by high-level perpetrators is that these individuals often have the ability to evade or override controls that would otherwise detect fraud. Additionally, fraudsters in positions of authority might bully or intimidate employees below them, which can deter those employees from reporting or investigating suspected wrongdoing. Both of these factors might contribute to the longer duration of frauds committed by high-level employees.”

The ACFE has completed its 2024 survey, with the following results:

  • Employee fraud caused a median $60,000.00 loss; whereas
  • Managers caused a massive $184,000.00 median loss.

In addition, the ACFE reported based on the surveys and monitoring over time, “Similarly, fraud cases perpetrated by individuals at higher levels of authority took longer to detect. The median duration of frauds perpetrated by employees was only 8 months…while frauds committed by mid-level managers had a median duration of 18 months….” (All figures and quotes used with permission of the Association of Certified Fraud Examiners).

NOTE: There are two reasons to retro back to 2018. One was to show the timespan and consistency of results. But the second is to show that the data was consistent even during the pandemic and afterwards. This opens an area gaining scrutiny: fraud committed in the remote workplace.

In the case of healthcare coding and documentation auditors, the primary directive is to ensure documentation is true and accurate: and that claims submitted reflect the work that was in fact accomplished and specific codes are correct for encounters. When claims become involved, there will always be a financial element.  However, performance and upward mobility within the organization becomes a component for dishonesty within mid-level audit management. Although most motivation to commit fraud is financial, coding and documentation audit manager performance is often based on coordinating information down for improved accuracy and upward to demonstrate the audit program is working.

A bigger issue is that red flags were unreported or intentionally misrepresented at a level beyond the auditors. This is where the mid-level leadership can be most dangerous as they form the “solid floor” to the corporate officers for upward transmission of information, and ostensibly a “Communications ceiling” for the auditors and their supervisors, ensuring information goes down to the respective components.

Guidance from the Department of Defense Inspector General (DoD IG)

In its current guidance Fraud Detection Resources for Auditors3, there is a subsection titled Management Related Fraud Indicators. This is interesting because of the mass availability of information singling out executives and employees but little recognizing mid-level involvement. The DoD IG opens the subsection with a key statement:

“Management sets the tone of an organization through its control environment. An organization’s control environment is the foundation of all other internal control components. An organization’s control environment includes integrity and ethical values, management philosophy, organizational structure, and self-governance. For a DoD contractor, active participation in a compliance program, integrity reporting, and the DoD Voluntary Disclosure Program are key parts of its control environment. The control environment provides both discipline and structure to the organization; therefore, auditors must consider management characteristics and influence over the control environment not only as fraud risk factors but also as fraud indicators along with the general and audit specific fraud indicators.”

fraud magnifier

Several of the sixteen indicators are reviewed below.

Fraud Indicators listed by the DoD IG4

Detect an inappropriate or unreasonable argumentative attitude?

  • Failure to display and communicate an appropriate attitude regarding the importance of internal control, including a lack of internal control policies and procedures; ethics program; codes of conduct; self-governance activities; and oversight of significant controls

This can be noticed by something as easily overlooked as never mentioning them. More importantly managers have oversight and execution authority of those internal controls. They have the ability to withhold and interpret the controls to their benefit at the cost or suppression of the auditors they are tasked to oversee. They may withhold compliance training, guidance, manuals or conferences on the controls and processes reporting or proliferate “training” of their own to such an extent the auditors become separated from compliance knowledge or reporting routes.

  • Displaying through words or actions that senior management is subject to less stringent rules, regulations, or internal controls than other employees.

At meetings managers will not mention who they answer to, or how. They stay silent on their responsibilities for compliance.

  • Hostile relationship between management and internal and/or external auditors. This would include domineering behavior towards the auditor, failure to provide information, and limiting access to employees of the organization.

In some ways this is a continuation of the indicator above: but is an escalation as now the manager is forcing an adversarial relationship, hoping to bring it to a confrontational level and the manager will feel justified in disciplining the auditor for insubordination or drive the auditor out of the organization completely.

  • Failure to establish procedures to ensure compliance with laws and regulations and prevention of illegal acts.

One of two things, or both, will occur: the managers will make themselves the only contacts to raise concerns or even ideas. The DoD IG, DHHS OIG and government contractors have complaint and whistleblower processes in place but if they are not enforced, investigated and confidentiality strictly adhered to, the auditor’s chances of a peaceful resolution are slim to none. Fraudulent managers know and exploit this and it is another tool in their scheme to silence a problematic voice in their environment.

  • Indications that key personnel are not competent in the performance of their assigned responsibilities.

This is one of the more common non-financially driven fraud motives; an audit manager will not have the training, experience or credentials of auditors they oversee. The manager cannot ask the right questions but feels their position is threatened by superior knowledge which can result in closing lines and compliance avenues of communication.

incompetent

When the manager is incompetent to fill the role, every red flag is fair game. 

In addition, they justify their actions by telling themselves only they deserve the position: not even necessarily that they earned it. In one of the cases below, two managers are conspiring against the audit team.  The two managers involved did not even have certified auditing credentials, such as the Certified Healthcare Auditor (CHA) offered by AIHC.

In one case, the company had been in trouble with CMS several times. A current manager with no auditing credentials was emplaced to oversee random audits of Medicare claims: but audits quickly discovered that same manager was responsible for 84% of the continuing errors and retrospective audits showed the same manager was responsible for much of the trouble uncovered by CMS auditors previously.

  • The manager attempted to redirect the audits but the audit supervisor did have auditing training and defended the auditor and had already hammered out a solid audit plan and methodology, which the company’s compliance director and CMS approved; and she checked every item audited as a check-and-balance.
  • Soon the auditor and supervisor learned the company began getting serious inquiries from CMS about the managers’ lag time submitting the compliance audits and eventually they “had to downsize” right when another sanction appeared looming.

In total 9 people were downsized in the space of a week and in the middle of the “pack” or team were the auditor and supervisor. This experience exposes two glaring problems with manager fraud.

  1. The manager was untrained and did not know how the audit was built and demanded items with a certain ID (hers) be left out of all audits. Random means random-you cannot pick and choose which items you audit or report. It skews results and becomes a targeted audit: a type no recognized auditing organization allows when a statistically representative general sample is demanded.
  2. The manager did not understand what a universe or statistically significant sample was, or simple formulas for calculating them. The manager also did not understand the old axiom “numbers don’t lie”. The manager constantly attempted to reword, reinterpret or omit fact of the audits when the audits had to be reported to the executives. During a meeting the supervisor and auditor attempted to explain how CMS and the DHHS OIG used their statistical auditing system, called RAT-STATS. The outcome was no response and orders to continue with targeted audits.

Just as widespread, but carrying much higher risk: a manager can never be allowed to oversee and influence an audit where they have a direct stake in the audit outcome. No audit will be trusted. This goes back to the indicator about managers creating a hostile environment: they will have results altered by bullying, threatening or confounding the auditor or do it themselves and through use of plausible deniability draw suspicion on the auditor.

If there is conspiracy between the manager and the reporting executive or body, the damage goes from probable/possibly mitigated to unacceptably high risk. In this company there was conspiracy but CMS uncovered it later. I do not know what happened to the two collaborators but I do know the Compliance Officer, who saved the company multiple times from CMS prosecution, was let go not long after the auditor and the supervisor.

  • Undue interest and micromanagement. We live in the information age, where information travels almost as fast as thought (or at least as fast as typing skills). Managers who demand inclusion on all Emails, regardless of topic are suspect, especially when a seemingly unrelated Email is sent only to a coworker and a harsh Email from the manager is the result. The danger signs are clear. The Email never went to the manager-how did he or she intercept it? The Email was unrelated to any sensible matter the manager would be involved in-let’s say in this case I asked a teammate for a copy of a pdf document because in my thousands of emails and e-files I couldn’t find it. Then, why was I criticized?
  • A manager that claims disinterest or having no knowledge about a sensitive or high-profile issue in which you would expect management involvement. An auditor informs the manager the electronic system that pulls visits for audit has been only pulling specific dates or codes (remember, depending on the data, the system may be running its own targeted audit). The manager tells you offhandedly to “just do the audit”. Or you tell the manager coders are assigning codes specifically prohibited (let’s say they’re CMS-only codes) on commercial claims. The manager doesn’t even say thanks: just like “I’ll look into it if I have time”.
  • Failure to effectively follow-up on recommendations resulting from external reviews or questions about financial results. Failure to follow up on any serious concerns or recommendations from the audit team. This couples with the hostile work environment: rather than follow up professionally the managers criticize the auditors.

Thomas P. DiNapoli, State of New York Comptroller Red Flags for Fraud5

Several of these management level indicators were further detailed in a guidance recently released by the State of New York Comptroller in his fraud guidance Red Flags for Fraud, under Management Red Flags. Mr. DiNapoli states the problem slightly differently:

  • Managers engage in frequent disputes with auditors.

This can be read differently than the DoD IGs indicator in that here the manager instigates and maintains irritating, false or adversarial confrontations to bait the auditor into a situation which the manager can accuse the auditor of being insubordinate, or keep the auditor confused or confounded about what the manager “wants”. This can flow into appeals if the manager oversees challenges to the auditor’s findings. The manager will overturn the auditor’s error and use such vague or meaningless rationale that the auditor is forced to contact the manager and is sharply rebuked (again, the manager has avoided dealing with the auditor and supervisor). This tends to make the auditor continue contact, attempting to get a clear answer. Each time the manager increases the inflammatory rhetoric or vague verbiage and a cycle has begun. This is the entrance of a behavior/methodology addressed below - plausible deniability.

The Comptroller’s report also specifies a red flag related to indicators in the DoD IG guidance:

  • Management decisions are dominated by an individual or small group”.

Managers who are willing to retaliate without cause yet staunchly refuse to discuss their perceived “problems” with the auditor and the supervisor and never forward concerns through the chain of command are dangerous: they keep vital information from the executives and compliance/fraud investigators above or laterally while oppressing their subordinates and keeping them uninformed. In scenarios I present later I cover operations where managers are in a conspiracy: if concerns or perceived negative information is communicated the managers meet with each other and no one else.

Mr. DiNapoli also saw the red flag he made independent of others:

  • Manager reluctance or refusal to provide information to auditors and their supervisors”.

This links directly to multiple red flags in several ways. As mentioned appeals results will be intentionally confounding to the auditor which puts the entire power of the outcome in the hands of the manager. The problem escalates when the manager(s) are the first and highest reporting entity who receive audit reports. I have seen cases where information and/or data in an audit report was manipulated or deleted and conspiring managers made claims the auditor was remiss: which went into their records for future “disciplinary actions”. In one example even if the auditor keeps the reports in her or his e-files after a short amount of time the reports are deleted. The file is there in name but can neither be opened nor retrieved. This can tie in to the hostile work environment: the manager chastises an auditor for “errors”: but either never provides specific, official guidance or provides “guidance” of the manager’s making (a guidance was talked about at a meeting but never entered in an official manual).

Inconsistent, vague or implausible responses arising from inquiries or analytical procedures.

Mr. DiNapoli’s red flag above shows us officials do recognize the use of plausible deniability. In the manager’s sphere of influence this needs to be closely scrutinized by the executives and auditors: but especially compliance.

A red flag, actually two, were further noted by Mr. DiNapoli but are closely related:

  • There is a weak internal control environment; and
  • Decentralization without adequate monitoring.

This may be the most important red flag there is: every other indicator or red flag can be built from it. The managers scrutinize the auditors-but who is scrutinizing the managers? This gives fraudulent managers 2 key openings.

First: when not monitored consistently managers can manipulate almost anything: documents, conversation records, even information that goes up and/or down the leadership structure. Many boards and even civil courts will not allow mobile phone records because they can easily be manipulated.

Second, they can target any perceived threat or opposition without question or investigation. This is where auditors who attempted to resolve problems locally become whistleblowers. They attempt to use the reporting systems in place but because the managers failed to forward concerns to the reporting body above them the concerns never go up. In addition, with decentralization the higher authority often incorrectly trusts the manager because the “information” sent to them never covered complaints. Even worse, if the higher authority was part of the hiring process they have motivation to hide a potential hiring error.

Last in this group is a red flag usually associated with embezzlement, and often with employees: but it can happen in any setting, at any level where an individual wants absolute restricted control of information. This red flag is refusing vacations or promotions for fear of detection. Let’s expand an example from above:

  • The manager demands inclusion on all Emails and intercepts irrelevant Emails and rebukes the auditor.
  • Now let’s add that the manager is on vacation: and the Emails are still being intercepted whether relevant or not. The outcome is the same: criticism of the auditor for asking a question. Is the manager embezzling?

As auditors we cannot know that. So how is this a red flag? Because the manager still has a chokehold on information flow. Let’s extend this: the manager is on vacation and your team is informed to contact her or his peer, another manager in the same position. You do as instructed, and either the manager on vacation answers your Email: the other manager answers your Email but states he or she will meet with the other “to discuss”; and no one else. Or worse the manager on vacation calls you and the conversation becomes adversarial.

Another red flag: the use of plausible deniability

Some may think this is a term straight out of Hollywood but it is still very real whether the fraud is primarily to protect a position or financially motivated. No matter which red flag or indicator we cover, plausible deniability is guaranteed. A case I know of is a manager, contacting only an auditor who has raised several concerns, stating “your insubordination will not be tolerated. Any further complaints will result in your discipline and we will make sure you get written up”. The supervisor hears of it and speaks to the manager. The manager replies with “I never said that. I simply stated I needed more detail in the concerns your auditor was voicing”. It is believable (as far as it goes): but is a fabrication of what was said, actually saying nothing, and again is cutting off lines of communication. Another example is the Email intercepts I mentioned. A question gets asked. And the manager states “I was on PTO. I wasn’t even in the office”. The auditor has the response from the intercepted Email but the manager followed up with a phone call-the auditor’s word against a higher level authority. Or, the manager was careful but knew full well the adversarial position regularly taken against the auditor. The response Email will be vaguely worded or gray enough where “That’s not what I meant” could be viewed as a reasonable answer. A manager who uses plausible deniability regularly will have their own dictionary of denials at the ready.

Manager Red Flags in the Remote Environment

The pandemic forced remote work on many organizations; and many continue to use this scenario as they are taking second looks at potential savings. For the cost of X number of computers for remote workers, and evaluating in-person or in-office time now from a part-time view organizations are seeing potential cost savings in everything from previously assumed overhead such as electricity to space lease or rental and parking.

What would we term this relatively new motivation for fraud? I would say we call it decentralization. And because of this decentralization, the incentive to commit fraud increases; and involves every red flag and indicator we have discussed. In the office environment an auditor could find someone, even if a peer to relate problems to. Remote work by its nature separates people. Or, as the managers see it, isolates them. And some preliminary information I have seen this isolation is making employees at almost every level suffer. But how will a manager use this, and remote work in general to keep their position unquestioned.

This case encompasses both incompetent managers and remote fraud: but there are more angles to the remote aspect so I will put it here. Two managers had been hired recently: neither had certified auditing or compliance training, and the reason they were hired was never made clear. “New” processes were initiated but were not released to the audit team until significantly later with no feedback allowance; what CMS would term a “comment period”. Concerns were voiced but harshly rebuked; and auditors were singled out for disciplinary Emails only to them, sometimes also to the supervisor. Meetings with them, the supervisor and auditor were refused. When an auditor voiced concerns again the managers waited 6 months: then complained to an external manager and demand without cause the auditor be disciplined.

The two managers made it clear no auditee was to receive ≥ 10 errors: and if the auditor stood their ground and the audit went to appeal, or the auditee complained to them directly, the auditor would be disciplined and errors in the report overturned in favor of the auditee. This causes a serious compliance problem: the auditee does not dictate the rules, or any aspect, of an audit. This is a red flag not found easily but applies universally: the auditee cannot, under any circumstances be allowed to dictate the rules of the audit.

The overarching rule here is covered by every recognized auditing body I know of and simply put, an audit is governed by rules, regulations and laws-not the auditee. This is a point strongly made during my Certified Healthcare Auditor training.  If an auditee is allowed to determine parameters of an audit the audit becomes immediately suspect and the auditors vulnerable to fraud investigations against them. In this case conspiracy extends beyond the two cooperating managers: they have now allied with the auditees, who will likely not “turn on them” as a quid pro quo.

Concerns had been voiced for several months audit results were being skewed: the conspiring managers told the auditors they had no choice. But a record was kept of a random sampling of several months’ audits in a specialty area: and of 100 total visits, 90 were of a type with such limited codes it was nearly impossible to make mistakes. A third of those were postsurgical visits where not only the procedure codes were limited (to 1 only); the diagnosis codes were also severely limited to 1-2 codes only. And this is regardless of the documentation. For practical purposes it is almost impossible to arrive at 90 single-type visits with such mandatory restraints on code choice. Targeted audits have a place: after random audits have been completed, aberrations found and concentration needs to be more focused. But if an organization’s policy is random audits only, the manager has much to answer for.

This case fits in several categories and could be covered deeper in each: but now the managers’ game has an added dimension mentioned previously. When the managers knowingly skew the results of the audits, and the audits are government, meaning they will be compiled and presented to Congress, the managers have added collusion to their list of illegal behaviors.

Conclusion

By their nature auditors (and their oversight bodies) are adversarial. The auditors need to find errors to improve accuracy and reporting-and the auditees want to look the best because their throats are on the line when budget cuts come. Using plausible deniability the managers claim “We’re remote: we have no influence on the auditees, and we have records of reports filed. If anyone is acting maliciously it is the auditors.” Because of the remote workspace, decentralization and lack of strong internal controls the managers have avoided a problematic scenario.

About the Author

Carl J Byron, CCS, CHA, CIFHA, CMDP, CPC, CRAS, ICDCTCM/PCS, OHCC and CPT/03 USAR FA (Ret)
Carl is a coding and documentation auditor for the Defense Health Agency (DHA), a government agency that provides health care to the military.  Previously, his background includes HCC auditing for CMS, coding and auditing for a large global healthcare network, a compliance educator and speaker for AIHC and currently volunteers as a subject matter expert for AIHC, a non-profit licensing/certification partner with CMS.

References

1.  Association of Certified Fraud Examiners
     https://www.acfe.com/fraud-resources/report-to-the-nations-archive

2.  Plausible Deniability Definition, Examples, & Laws
     Powered by Black’s Law Dictionary, Free 2nd ed., and The Law Dictionary
     https://thelawdictionary.org/article/plausible-deniability/

3.  DoD IG Fraud Detection Resources for Auditors
     https://www.dodig.mil/Resources/Fraud-Detection-Resources/Fraud-Scenarios/

4.  DoD IG Comprehensive List of Fraud Indicators
     https://www.dodig.mil>Audit>Indicators Only

5.  Thomas P. DiNapoli, State of New York Office of the State Comptroller-Red Flags for Fraud
     https://www.osc.ny.gov/files/local-government/publications/pdf/red_flags_fraud.pdf

Copyright © 2025 American Institute of Healthcare Compliance All Rights Reserved

Share 0
Post 0
Share 0

TAGS

Compliance, Health Care Fraud, Leadership
Verified by MonsterInsights