Fraud Indicators and Red Flags, Part 3

Part 3: When Unscrupulous Managers Turn Auditors Against Their Coworkers or Teams   

Written by Carl J Byron, CCS, CHA, CIFHA, CMDP, CPC, CRAS, ICDCTCM/PCS, OHCC and CPT/03 USAR FA (Ret)

We Recommend Reading Part 1:  When Audit Managers Knowingly Skew Audit Results and Part 2: When Criminal Behavior Infiltrates Your Audit Program. This final article in the Fraud Indicators & Red Flags series addresses potential outcomes when lead audit managers sabotage the audit process due to being insecure or due to the need to secure power in their position.

Introduction

In the first two articles over mid-level fraud indicators, we covered signs and solutions to the problem individuals. In this article we cover signs and methods to address auditors who have been “turned” into internal threats or “moles”; informing on their coworkers and/or teammates.

When unscrupulous managers or audit leads act alone or in a conspiracy to maintain their position, they will employ many short-term tactics. Because they have to constantly defend their activities, they will not think in terms of strategies except in some form of escape plan (covered in part 2). Managers or lead auditors who target subordinates to become informants stands alone, both in severity and damage to good employees and ultimately the organization: mid-level leaders targeting individual subordinates they have found to be malleable, weak, or easily intimidated/worn down. This is especially damaging to teams as cohesiveness and trust are critical to their work.

How Employees Are Turned

Retaliation

According to the U.S. Equal Employment Opportunity Commission (EEOC), “The most frequently alleged bases of discrimination were retaliation (39.2%), sex (35%), disability (34.3%), and race (16.8%). At the end of FY 2023, the EEOC had 227 merits cases on its active district court docket, of which 95 (41.8%) were class or systemic cases. Mar 27, 2024”. In the realm of equal opportunity, we tend to think of discrimination in its most well-known forms: employment discrimination because of your race, color, religion, sex (including pregnancy, transgender status, and sexual orientation), national origin, disability, age (age 40 or older), or genetic information. However, many cases have been litigated where an employee was retaliated against by a superior for voicing concerns, ethical complaints and maltreatment because of their job functions. To "discriminate" against someone means to treat that individual differently, or less favorably, for some reason.

While close timing between the allegation of retaliation and the manger's action can display retaliatory motive, there have been cases in which years have passed and other evidence established that the employee's prior activities set off the manager's action. Even minus close proximity timing, other relevant facts may include verbal or written statements; comparative evidence that a similarly situated employee was treated differently; falsity of the employer's ostensible reason for the adverse action or uncovered plausible deniability; or any other evidence from which an inference of retaliatory intent could be assessed. From the EEOC’s perspective, retaliation can take numerous forms: reprimand the employee or give a performance evaluation that is lower than it should be; engage in verbal or physical abuse; increase scrutiny; make the person's work more difficult; to name a few.

Managers find ways to retaliate against subordinates for bringing forward worries about fraud or questionable conduct. Rather than listening to the employee, who is normally an expert, many employers instead resort to various forms of blaming the messenger, and good employees are often fired, moved, or blackballed/driven from the healthcare arena for their willingness to speak up.

As in the parts 1 and 2, information is limited how mid-level administrators target individuals: but there are a number of recurring behaviors and types of bad actors who seek to isolate and “turn” auditors against their coworkers and teams.

Decentralization and Isolation

These arise from the same flaw(s) in any system but are used differently by the fraudster in a leadership capacity. The managers in question exploit the trust and lack of supervision of their activities: what controls may exist can be overridden (technology) or deflected (manipulating reports, meeting statements, etc.). Information asymmetry is used to manipulate technological data and remove negative information from reports, information the auditor will never see. If or when inquiries arise plausible deniability is used and the lack of oversight fully exploited.

There are two environments managers or audit leads use to isolate subordinates they wish to control: the office setting and the remote workforce.

In the office, if an auditor voices concerns or acts in a manner the manager sees as threatening or the manager has found to be easily influenced the manager may move the auditor away from coworkers or teammates or vice versa; move the team to other offices. The auditor now has no one they trust or can communicate with easily, directly and, critically, confidentially. Movements are harshly scrutinized and timeframes are strictly set to further control movement and communications. This isolation can be further abused by either the manager promising to put the team back together if the auditor “behaves”: or, the auditor is now so isolated maltreatment can be carried out at the manager’s will and the auditor turned to report what the manager wishes to hear when the audit team meets and works. Either way the team has been effectively infiltrated.

In the remote environment the manager already exploits information asymmetry but now, since the audit team cannot see each other at any point (in my experience Zoom and visual-virtual meetings do not fill the void of direct interaction), pressure can be put on individuals in turn and cracks either caused or taken advantage of. When conspiring managers work together and keep unrelenting pressure through implied or real threats (as viewed by the targeted auditor) and they force the auditors to only communicate with them individuals can feel lost and without options.

Bullying and Disrespectful Behavior:

Unfortunately, these behaviors have no direct legal protection: unscrupulous managers know this. They use both a combination of Game Theory and perverse incentives against individuals and together bullying and disrespectful behavior can wear an auditor down making them more malleable to turn against their team. Because of scarcity of information and similarities in definitions, bullying in this article is synonymous with disrespectful behavior, as they are virtually identical in practice.

An August 11, 2020 article in Forbes magazine titled The Differences Between Workplace Bullying And A “Hostile Work Environment” put the problem of protection against bullying as follows: “What then separates, on the one hand, a workplace that is miserable due to a boss who is a jerk to the entire staff and, on the other hand, a Title VII hostile work environment claim? The key is that the abusive conduct must be related to the employee’s race, sex, religion, etc. (otherwise known as a protected characteristic) in order for the mistreatment to be unlawful under Title VII and related laws. For example, if a manager has everyone walking on eggshells because they yell constantly and set unattainable goals/deadlines—but this abuse is directed to all employees—then this is not illegal under Title VII. If, however, the supervisor treated only female employees this way, then these women could pursue a hostile work environment claim if the inequity is based on their sex.”

For disrespectful behavior I direct the reader to a 2017 article published by The National Institute of Health: Disrespectful Behavior in Health Care-Its Impact, Why It Arises and Persists, And How to Address It—Part 2 by Matthew Grissinger: “Health care organizations have fed the problem of disrespectful behavior for years by ignoring it, thereby tacitly accepting such behaviors.  The health care culture has permitted a certain degree of disrespect while considering this a normal style of communication. Studies have shown that disrespectful behaviors are tolerated most often in unfavorable work environments, but it is unclear whether poor working conditions create an environment where the behaviors are tolerated or if the dis respectful behaviors create the unfavorable environment.

Organizations have largely failed to address disrespectful behavior for a variety of reasons. First, the behavior typically occurs daily but often goes unreported due to fear of retaliation and the stigma associated with “whistle blowing.” Disrespectful behaviors are difficult to measure, so without robust systems of environmental scanning to uncover the behavior, concerned leaders may be ignorant of the problem.  Leaders may also be unaware of the behavior if managers shield them from this information because they view it as a personal failure. If disrespectful behaviors are known, leaders may be reluctant to confront individuals if they are powerful or high-revenue producers, or they may not know how to handle the problem. It’s not a topic taught in training programs, so leaders may hesitate to take on a problem for which there is no obvious solution.”

The Workplace Bullying Institute (WBI), established in 1997 tackles the issues of prevention and protection against bullying. Since their institute began they have been “advocates for anti-workplace bullying legislation in the U.S. having introduced the Healthy Workplace Bill in California in 2003 and 31 other states and two territories since, WBI, in collaboration with David C. Yamada, Professor of Law, Suffolk University Law School, Boston, now brings forward an alternative model bill the Workplace Bullying Accountability Act (WBAA).”

The WBI has the most widely adopted definition of workplace bullying: “Workplace bullying is defined as an “abusive work environment” characterized by: repeated verbal abuse; conduct that is threatening, intimidating or humiliating; defamation of one’s reputation; work sabotage, undermining performance; and/or orchestrated ostracism.”

The WBI identifies multiple types of bullies:

• The Constant Critic: “This one draws its targets behind closed doors. There they can threaten and intimidate without witnesses. Most shocking is that they target the most competent, veteran, go-to worker and claim that that target is incompetent. The stunning big lie freezes the target. If they are ever reported, they deny what they said and did. To HR, it becomes a she said/she said unsolvable problem. Their favorite tactic is to manufacture a false performance appraisal.”

We immediately see use of plausible deniability. If the manager is investigated they have a story ready-made, which can neither be proven nor disproven. No matter who gets involved the manager can always fall on “That’s not what I meant”; and so on. Because so much work is done remotely today this bully can plan and plot, and “test the waters” to find who the best targets are.

This bully will also take full advantage of information asymmetry. They make themselves, or them and a conspirator, the sole reporting avenues for all work, reports and performance evaluations. With decentralization and lack of robust controls documents will be manipulated, changed or deleted and the target sees no options. The bully may also have the ability to remove or corrupt auditor files. They cover two bases by verbally ordering the team to never report concerns or problems to each other or their supervisor: they strangle open communications. Their second layer of concealment is that the team will recognize the statement as an order and any attempt to circumvent or jump over them will result in accusations of insubordination. Since the manager controls upward information flow they can report what they choose, in what manner they choose. This creates and sustains an adversarial relationship between the manager(s) and the team and initiates the isolation stage of their scheme.

• The Two-Headed Snake: “One moment your lunch buddy and a hugger. Right after, they stab you in the back. They are intent on controlling your reputation. To destroy it, they either start, or fail stop, rumors about you. This critter is very difficult to catch unless someone tells you what the snake has said about you.” This type includes the manager who either is friendly/polite, or says nothing: then months later you get a call from a superior informing you they were approached by the manager and a complaint lodged.

The two-headed snake also heavily exploits plausible deniability. This bully will do two things simultaneously: negatively/falsely report the auditor’s performance to their superior(s) and to the executives and omit reports and concerns voiced by the auditor completely: and be professional to the superiors they report to but harsh and untruthful to the auditor.

• The Gatekeeper: “The Constant Critic and Two-Headed Snake do things to people. They commit acts of omission. Gatekeepers bully by withholding resources you need to succeed. Their dirty tricks are acts of omission. What do you need? Time to do the job? It’s denied by an impossible deadline. Information? You are blocked from using computers and search services. Furthermore, your colleagues have been ordered to not help you with anything. New job and you need training. No training for you. No budget. Though the department party is paid for. Need light duty coming back from surgery as the doctor ordered? No way. Management knows best and if you don’t return immediately to full duty, you will be fired.”

The auditor victimized by this type of bully actually may have immediate options to “return fire”. In parts 1 and 2 we covered fraud red flags and indicators of managers: and behaviors recognized by both the DoD IG and The State of New York Comptroller were withholding information. If the auditor feels there is no other starting point this can be immediately reported and investigated.

The WBI also has a position statement which encompasses, to a large extent, traits discussed in parts 1 and 2: “We believe a majority of bullies adopt the tactics of bluster and bravado as a cover, a mask, for some underlying deficiency. In other words, bullying is a compensatory set of behaviors meant to overcome something lacking — technical competence, empathy, or even fraud and theft.” This statement highlights another recognized red flag: Indications that key personnel are not competent in the performance of their assigned responsibilities.

If you as an auditor feel bullied, you are not alone. In an online survey conducted by the WBI some concerning numbers appeared:

• falsely accused someone of “errors” not actually made (71%)
• stared, glared, was nonverbally intimidating and was clearly showing hostility (68%)
• discounted the person’s thoughts or feelings (“oh, that’s silly”) in meetings (64%)
• used the “silent treatment” to “ice out” & separate from others (64%)
• exhibited presumably uncontrollable mood swings in front of the group (61%)
• made up own rules on the fly that even she/he did not follow (61%)
• disregarded satisfactory or exemplary quality of completed work despite evidence (58%)
• harshly and constantly criticized having a different ‘standard’ for the Target (57%)
• started, or failed to stop, destructive rumors or gossip about the person (56%)
• encouraged people to turn against the person being tormented (55%)

The last bullet point is exceptionally worrisome in the context of this article.

Being Selectively Unreachable:

When auditors are in the middle of their work, they often need rapid response from leadership to assist in problems, questions or the usual suspect, the “speed bump”. Especially in the remote environment managers will use these two ways: first they will be unreachable-period. And they will force the auditor to only approach them. Or they could call the auditor and demean them over the phone for their lack of knowledge knowing even if the behavior is reported likely no one will accept a phone call alone as evidence. But the manager will be faster than lightning to reprimand the same person. A chokehold has been put on communication but only to the individual. This causes tremendous stress and increases uncertainty because the auditor knows what awaits if he/she asks peers or an immediate supervisor for help and it gets discovered.

How to Spot the Informant

The auditor who bad actors have turned has several elements: was the auditor a good productive team member or was he/she already sarcastic, pessimistic or argumentive? On top of that, is the employee in an office setting or remote?

The Good Employee/The Unwilling Informant:

This is the majority of informants. In the office this may be visible early such as the example of the manager moving the team out or moving the auditor far away from the team. The remote environment is much more complicated for the team and much easier for the bad manager. The team does not see each other: as we have discussed communications have been forced to only the toxic manager so interactions between team members is tightly controlled: when an auditor has been targeted and pressure repeatedly put on the one auditor what communications take place do not allow the team to see potential effects. As discussed earlier even if the individual attempted to communicate directly with an immediate supervisor (but below the manager’s level) and the supervisor approached the manager, a plausibly deniable statement was ready.

The Not-so-Good or Easily Turned Employee:

There was already some real or perceived wrong by the individual and the manager’s insertion to further their “game” was not entirely unwelcome. In the office setting this might be dealt with by the meetings called by the bad actor(s): they want the team to feel their power and, not uncommonly, keep the team off balance and perhaps even maintain a certain amount of fear. The team will see the individual and either by statements made, favoritism shown by the bad actor toward the individual or other observed actions the team can as a collective element see a problem on the horizon. If the disgruntled auditor is separated from the team withholding information can go both ways and damage minimized. If the auditor remains with the team the team can collectively watch for signs such as excessive complaining and arguing, even over small points; complaining about being uninformed by the team; undermining team efforts to improve work, conditions or reporting functions; and disengagement from the team (good auditors can act this way as well: remember they do not want to be controlled and this may be an attempt to clue in the team).

With good and bad auditors, the remote environment complicates things-a LOT. Now the team does not know when the manager contacts the informant auditor, or about what. Meetings are remote and again the team cannot see each other (these managers do not use visual-virtual media for their meetings: it is another means to isolate individuals). The individual can even go so far as to start and maintain low level conflicts between her/himself and other members (as the bad managers do by initiating and maintaining disputes and adversarial relationships with the team).

An important behavior to look for is territorial behavior. Remember this individual was not unreceptive to the manager’s insertion into their work environment: they will do what they can to ensure no other team member discovers the alliance.

Other ways bad managers isolate good auditors have been discussed: but as they are more than likely indicators of fraud, they have more immediate avenues for elimination. They include Excessive control/micromanagement and forcing all control into the hands of 1-2 individuals; unclear expectations/vague “guidance” (withholding official or clear guidance they do not want known or applied).

Solutions

First and always at any sign of trouble even if only suspected document, document, document and wherever possible make bullet points tying complaints to a specific noncompliance, such as carrying on continuous disputes with the auditor and give official links to the guidances you used or attach them as Exhibits. Try to keep date-time groups as accurate as possible; and who said what when. Document what routes were attempted and what results were.

Most managers and lead auditors are ethical, hardworking and care deeply for their subordinates and the organization. The bad actors are the minority. When concerns arise about managers behaving fraudulently or antagonistically toward an auditor and their supervisor or the team another manager must be found who can address the situation and stay the course of reporting with an individual and/or the entire team. When the bad actors show themselves go to the good people and seek pathways to resolution. These people should be sought out by the team early and included in meetings if possible: or at the very least independently communicated with by a trusted teammate. This way communications are open, honest and in all likelihood big problems can be averted if the direct reporting mechanisms fail. A manager who is willing to isolate and turn an employee is not on the job for the right reasons: so, we can infer some form of fraud is taking place: financial, position protection or something else. It must be addressed quickly.

Even if a team member is believed/known to be an informant I still recommend sequestered team meetings. These are two-edged swords: the informant can report information the team shares which they rather the bad manager not be privy to: at the same time meetings can include “project assignments” or additional duties assigned to each member-the supervisor will likely be the lead for this. The supervisor can then contact each auditor individually with specifics added to their assignments. After a time, consistencies will appear because the manager(s) will micromanage everything and the informant will have shown her/his hand somewhere. In the office setting the team will need to look for more visible signs, as listed above.

The supervisor or first line leader can work directly with the informant. An unwilling participant in any fraudulent enterprise will likely want their position betrayed: they respect their team and want no part of whatever the manager is up to. Reporting safety nets and protections must be offered: confidentiality must be strictly adhered to: and the promise made of rapid action must at all costs be kept.

No solution has value unless there is a structure in place to proceed with it. Most big organizations have a hotline: whether via telephone or email the hotline must be reviewed regularly and every concern addressed. Unlike most systems if an auditor has been unwillingly turned against their team and the supervisor is assisting in the reporting process there should be an avenue for immediate supervisor/trusted individual input. Secondhand information may not be ideal but likely the auditor-informant (called a relator) is scared, stressed and afraid of retaliation, possibly including against their team. If first line leaders have enough tenure, they will likely know a peer in compliance or risk evaluation and rather than indirect communications, they can expedite the relator meeting directly with a party who has the authority to kickstart the resolution pathways. If possible, a direct internal line of reporting is advised. If the organization is big enough there may be an Ombudsman’s office to help pave the way.

Compliance and human resources cannot sit on their hands: but many departments either failed to believe the relator, initiate a serious investigation, or adhere to strictest confidentiality. Because these fraudsters know and game the system they will know as long as they refrain from certain behaviors and statements, civil rights type arguments will find little traction. The relators know this also: and if they are willing to come forward, they must have airtight guarantees of confidentiality-of the case they have reported and their identity and work environment.

Fraudster managers will “lock up” as many avenues of communication as they can internally and depending on their current tenure other sections, perhaps even compliance has been duped or kept so inaccurately informed they trust the manager(s) too much (again, information asymmetry and plausible deniability).

It is also recommended external avenues be established such as an attorney’s office, the contracting organization if the entity is a government contractor, or even an Arbitrator who can direct concerns efficiently and timely to the correct people. These are not recommended as first paths. However, if a relator has any doubt about their safety, then external measures should be established. Therefore, the team, again perhaps the Lead or supervisor should establish an external compliance “escape route”.

Now the deep dive: if any breach of process is suspected or prior attempts at resolution have failed. This is not recommended but may be necessary if the people reported to do not behave in a manner fitting the complaint. The relator has attempted internal controls and found them ineffective, even with as clear documentation and reporting as possible. This action comes with serious risk, there is no doubt: but resolution was honestly attempted and failed. Advise the addressees the relator is willing to take the case as high as necessary, even to the federal level.

My recommendation would be to word it as an advisory: “I have told you what I know, I expect proof of response within X# of days. If I hear nothing, or I receive any indications my confidentiality has been breached I reserve the right in accordance with (company, contractor) policy to report this to all authorities concerned with this matter. I am making a final attempt to resolve this problem locally and it is hoped at this point my concerns will be taken seriously. But if not, when reported to federal authorities the matter is out of our hands.” This statement will be taken seriously as intended: you have an argument and we need to address it, and you consider it very important. Or they could view it as a threat. Officially reporting the manager should be enough and the receiver(s) of the report should not need an advisory statement like this: you reserve this powerful addition to inform the receivers that you will see the matter through until a conclusion is reached and closed. So, it is up to the relator and any ally he/she may have to determine where in the process this goes-but have it ready. The relator has reported it at the lowest possible level: he or she must now commit to reaching as high as necessary to ensure all parties are dealt with and corrective changes made.

Conclusion

The vast majority of mid-level leaders are ethical and know their success relies on the true, realized accomplishment of the audit team below them. Attempting to turn a good or bad employee will never cross their minds because they hold themselves to a higher standard; and know deep inside that open communication delivered concurrently to all team members will achieve the highest rates of success.

Even where fraudulent managers exist these ethical managers will be as intolerant of their antics as the auditors. They will likely be an effective early avenue of reporting even if others who should be directly involved have failed.

Unfortunately, the damage mid-level fraudsters cause far exceeds the number working in the healthcare arena. Systems, processes and departments (i.e. Compliance) exist only to be disregarded and outmaneuvered: and individuals are expendable at any point so their illegal enterprise will survive. Elimination will only be achieved by teams and individuals willing to report them and defend their peers, and team cohesiveness strong enough to let each member know they are trusted and the team as a unit will support and if necessary, defend them.

About the Author

Carl J Byron, CCS, CHA, CIFHA, CMDP, CPC, CRAS, ICDCTCM/PCS, OHCC and CPT/03 USAR FA (Ret)
Carl is a coding and documentation auditor for the Defense Health Agency (DHA), a government agency that provides health care to the military. Previously, his background includes HCC auditing for CMS, coding and auditing for a large global healthcare network, a compliance educator and speaker for AIHC and currently volunteers as a subject matter expert for AIHC, a non-profit licensing/certification partner with CMS.

Copyright © 2025 American Institute of Healthcare Compliance All Rights Reserved