News from the NSF Office of Inspector General

www.oig.nsf.gov/oignews

The Office of Inspector General will issue this newsletter periodically to report the results of recent audits, investigations, and other work related to NSF's programs. Our intent is to help members of the research community become more aware of the types of problems that may be found during an audit or investigation, as well as measures that may be taken to prevent them.

In This Issue - August 2003

South Pole Systems Are Hacked
University Administrator Pleads Guilty
Fraudulent Payroll Checks Discovered During Training
University Improves Accounting for Cost Sharing

:: South Pole Systems Are Hacked ::
“I’ve hacked into your server,” read the e-mail to the U.S. Antarctic Program’s Operations Center. “Perhaps Russians are interested in your servers, or perhaps I’ll sell the CD’s to a newspaper.” The e-mail contained confidential data from the system that confirmed the hacker’s claim. The hacked computer systems were linked to the Station’s network, to which life support and other mission-critical systems were also connected. NSF took immediate steps to secure the system and prevent further intrusions. Our office promptly contacted the FBI and worked closely with its agents to help solve the case. The trail led to a cyber café in Romania where the suspects were already the targets of other FBI investigations. A search warrant of their residence turned up the e-mail account that was used in the extortion attempt. The case was cited by the FBI as an example of the close coordination between agencies, and sometimes governments, that is necessary to defeat cyber criminals.

:: Research Center Administrator Pleads Guilty ::
The Assistant Director of Administration for a southwestern research center was sentenced to 3 years probation, 150 hours of community service, and ordered to pay $19,871.63 in restitution after pleading guilty to submitting fraudulent travel reimbursements. NSF has also debarred the individual for 3 years. The crime was uncovered when the center received an anonymous tip and conducted an investigation. The center has strengthened internal controls by establishing the following policies: 1) travel reimbursements are audited monthly, 2) reimbursement requests pertaining to conferences are verified and reviewed to ensure minimal stay, and 3) reimbursement requests from authorized delegates require the signature of the Principal Investigator.

:: Fraudulent Payroll Checks Discovered During Training ::
A university employee who handled timecards for her department fraudulently endorsed and cashed 40 payroll checks worth $23,375 payable to temporary employees. The university terminated the employee and returned the funds to the grants. NSF debarred the individual for a period of two years. The individual had arranged for the extension of the employee termination dates and then submitted false time sheets. Ironically, the scheme was uncovered when the transactions were chosen as examples to be used to train new employees with responsibility for payroll processing.

To address control weaknesses, the university reported implementing: 1) internal training for department payroll administrators, 2) countersignatures by the academic department manager after review and approval by the laboratory administrator or principal investigator, and 3) the mailing of all university W-2 forms directly to employees’ homes rather than internal distribution. Additional improvements underway at the university include mandatory direct deposit of payroll, expansion of a new automated time and attendance system for departments that are heavy users of temporary employees, and new on-line processing technology implementing an automated authentication process for signature authorizations.

:: Awardee Institution Improves Accounting for Cost Sharing ::
After a recent audit found that a university had commingled cost-shared expenditures with other expenses unrelated to NSF projects, NSF performed an on-site review of the university’s corrective measures to ensure that its accounting system was capable of managing and tracking cost-sharing commitments. The review confirmed that the university has implemented:

a system to link the cost-sharing accounts with project accounts on each award that requires cost-sharing;
a system to document and support cost-shared labor costs claimed with after-the-fact labor distribution reports;
policies and procedures to monitor subaward cost sharing, and to certify cost sharing to NSF on an annual basis; and
a subcontract agreement that requires subrecipients to account for, document, report, and certify annual cost-sharing contributions to the university.

NSF is also encouraging the institution to conduct periodic site visits of subrecipients and limited-scope audits of their administration of Federal awards.

To report a possible instance of fraud, waste, or abuse pertaining to NSF programs or awards, please call our hotline at 1-800-428-2189 or contact us at oig@nsf.gov. For more information about OIG activities, visit our website: oig.nsf.gov

If you would like to continue receiving the NSF OIG Newsletter but would prefer to receive the plain text version or if you do not want to continue receiving the newsletter, email your request to oig@nsf.gov