We recommend reading Part 1: When Audit Managers Knowingly Skew Audit Results and Part 2: When Criminal Behavior Infiltrates Your Audit Program. This final article in the Fraud Indicators and Red Flags series addresses potential outcomes when lead audit managers sabotage the audit process due to being insecure or due to the need to secure power in their position.

In the first two articles on mid-level fraud indicators, we covered signs and solutions to the problem individuals. In this article, we cover signs and methods to address auditors who have been “turned” into internal threats or “moles”—informing on their coworkers and/or teammates.

When unscrupulous managers or audit leads act alone or in a conspiracy to maintain their position, they will employ many short-term tactics. Because they have to constantly defend their activities, they will not think in terms of strategies except in some form of escape plan (covered in Part 2). Managers or lead auditors who target subordinates to become informants severely damage employees—typically targeting individual subordinates they have found to be malleable, weak, and/or easily intimidated/worn down—and ultimately the organization. This is especially damaging to teams as cohesiveness and trust are critical to their work.

How Employees Are Turned

Retaliation

According to the U.S. Equal Employment Opportunity Commission (EEOC), “The most frequently alleged bases of discrimination were retaliation (39.2%), sex (35%), disability (34.3%), and race (16.8%). At the end of FY 2023, the EEOC had 227 merits cases on its active district court docket, of which 95 (41.8%) were class or systemic cases" (Mar 27, 2024). In the realm of equal opportunity, we tend to think of discrimination in its most well-known forms: employment discrimination because of race, color, religion, sex (including pregnancy, transgender status, and sexual orientation), national origin, disability, age (40 or older), or genetic information. However, many cases have been litigated where an employee was retaliated against by a superior for voicing concerns, ethical complaints, and maltreatment because of their job functions. To "discriminate" against someone means to treat that individual differently, or less favorably, for some reason.

While close timing between the allegation of retaliation and the manager's action can display a retaliatory motive, there have been cases in which years have passed and other evidence established that the employee's prior activities set off the manager's action. Even without close-proximity timing, other relevant facts may include verbal or written statements, comparative evidence that a similarly situated employee was treated differently, falsity of the employer's ostensible reason for the adverse action or uncovered plausible deniability, or any other evidence from which an inference of retaliatory intent could be assessed. From the EEOC's perspective, retaliation can take numerous forms: reprimand the employee or give a performance evaluation that is lower than it should be; engage in verbal or physical abuse; increase scrutiny; make the person's work more difficult—to name a few.

Managers find ways to retaliate against subordinates for bringing forward worries about fraud or questionable conduct. Rather than listening to the employee, who is normally an expert, many employers instead resort to various forms of blaming the messenger, and good employees are often fired, moved, or banned/driven from the healthcare arena for their willingness to speak up.

As in parts 1 and 2, information is limited on how mid-level administrators target individuals, but there are a number of recurring behaviors and types of bad actors who seek to isolate and “turn” auditors against their coworkers and teams.

Decentralization and Isolation

These arise from the same flaw(s) in any system but are used differently by the fraudster in a leadership capacity. The managers in question exploit the trust and lack of supervision of their activities; what controls may exist can be overridden (technology) or deflected (manipulating reports, meeting statements, etc.). Information asymmetry is used to manipulate technological data and remove negative information from reports, information the auditor will never see. If or when inquiries arise, plausible deniability is used, and the lack of oversight is fully exploited.

There are two environments that managers or audit leads use to isolate subordinates they wish to control: the office setting and the remote workforce.

In the office, if an auditor voices concerns or acts in a manner the manager sees as threatening or finds to be easily influenced, the manager may move the auditor away from coworkers or teammates or vice versa—even move the team to other offices. The auditor now has no one they trust or can communicate with easily, directly, critically, and confidentially. Movements are harshly scrutinized, and timeframes are strictly set, to further control movement and communications. This isolation can be further abused by either the manager promising to put the team back together if the auditor “behaves,” or since the auditor is now so isolated, maltreatment can be carried out at the manager's will, with the auditor reporting what the manager wishes to hear when the audit team meets. Either way, the team has been effectively infiltrated.

In the remote environment, the manager already exploits information asymmetry, but now, since the audit team cannot see each other at any point (in my experience, Zoom and visual-virtual meetings do not fill the void of direct interaction), pressure can be put on individuals in turn, and cracks either caused or taken advantage of. When conspiring managers work together and keep unrelenting pressure through implied or real threats (as viewed by the targeted auditor) and they force the auditors to only communicate with them, individuals can feel lost and without options.

Bullying and Disrespectful Behavior

Unfortunately, these behaviors have no direct legal protection; unscrupulous managers know this. They use both a combination of game theory and perverse incentives against individuals; together, bullying and disrespectful behavior can wear an auditor down, making them more malleable to turn against their team. Because of scarcity of information and similarities in definitions, bullying in this article is synonymous with disrespectful behavior, as they are virtually identical in practice.

An August 11, 2020 article in Forbes magazine, titled "The Differences Between Workplace Bullying and a 'Hostile Work Environment'” put the problem of protection against bullying as follows: “What then separates, on the one hand, a workplace that is miserable due to a boss who is a jerk to the entire staff and, on the other hand, a Title VII hostile work environment claim? The key is that the abusive conduct must be related to the employee's race, sex, religion, etc. (otherwise known as a protected characteristic) in order for the mistreatment to be unlawful under Title VII and related laws. For example, if a manager has everyone walking on eggshells because they yell constantly and set unattainable goals/deadlines, but this abuse is directed to all employees, then this is not illegal under Title VII. If, however, the supervisor treated only female employees this way, then these women could pursue a hostile work environment claim if the inequity is based on their sex.”

For disrespectful behavior, I direct the reader to an article published by The National Institute of Health, "Disrespectful Behavior in Health Care - Its Impact, Why It Arises and Persists, And How to Address It—Part 2," by Matthew Grissinger: “Healthcare organizations have fed the problem of disrespectful behavior for years by ignoring it, thereby tacitly accepting such behaviors. The healthcare culture has permitted a certain degree of disrespect while considering this a normal style of communication. Studies have shown that disrespectful behaviors are tolerated most often in unfavorable work environments, but it is unclear whether poor working conditions create an environment where the behaviors are tolerated or if the disrespectful behaviors create the unfavorable environment" (2017).

Organizations have largely failed to address disrespectful behavior for a variety of reasons. First, while the behavior typically occurs daily, it often goes unreported due to fear of retaliation and the stigma associated with “whistleblowing.” Disrespectful behaviors are difficult to measure, so without robust systems of environmental scanning to uncover the behavior, concerned leaders may be ignorant of the problem. Leaders may also be unaware of the behavior if managers shield them from this information because they view it as a personal failure. If disrespectful behaviors are known, leaders may be reluctant to confront individuals if they are powerful or high-revenue producers, or they may not know how to handle the problem. It's not a topic taught in training programs, so leaders may hesitate to take on a problem for which there is no obvious solution.

The Workplace Bullying Institute (WBI), established in 1997, tackles the issues of prevention and protection against bullying. Since their institute began, they have been “advocates for anti-workplace bullying legislation in the U.S., having introduced the Healthy Workplace Bill in California in 2003 and 31 other states and two territories since, WBI, in collaboration with David C. Yamada, Professor of Law, Suffolk University Law School, Boston, now brings forward an alternative model bill the Workplace Bullying Accountability Act (WBAA).”

The WBI has the most widely adopted definition of workplace bullying: “Workplace bullying is defined as an 'abusive work environment' characterized by: repeated verbal abuse; conduct that is threatening, intimidating, or humiliating; defamation of one's reputation; work sabotage, undermining performance; and/or orchestrated ostracism.”

The WBI identifies multiple types of bullies:

• The Constant Critic: “This one draws its targets behind closed doors. There, they can threaten and intimidate without witnesses. Most shocking is that they target the most competent, veteran, go-to worker and claim that that target is incompetent. The stunning big lie freezes the target. If they are ever reported, they deny what they said and did. To HR, it becomes a he said/she said unsolvable problem. Their favorite tactic is to manufacture a false performance appraisal.”
  
  We immediately see the use of plausible deniability. If the manager is investigated, they have a ready-made story, which can neither be proven nor disproven. No matter who gets involved, the manager can always fall on, “That's not what I meant,” and so on. Because so much work is done remotely today, this bully can plan and plot and “test the waters” to find who the best targets are.
  
  This bully will also take full advantage of information asymmetry. They make themselves, or themselves and a conspirator, the sole reporting avenues for all work, reports, and performance evaluations. With decentralization and a lack of robust controls, documents will be manipulated, changed, or deleted—and the target sees no options. The bully may also have the ability to remove or corrupt auditor files. They cover two bases by verbally ordering the team to never report concerns or problems to each other or their supervisor; they strangle open communications. Their second layer of concealment is that the team will recognize the statement as an order and any attempt to circumvent or jump over them will result in accusations of insubordination. Since the manager controls upward information flow, they can report what they choose, and in what manner they choose. This creates and sustains an adversarial relationship between the manager(s) and the team and initiates the isolation stage of their scheme.

• The Two-Headed Snake: “One moment your lunch buddy and a hugger. Right after, they stab you in the back. They are intent on controlling your reputation. To destroy it, they either start or fail to stop rumors about you. This critter is very difficult to catch unless someone tells you what the snake has said about you.” This type includes the manager who either is friendly/polite or says nothing; then months later, you get a call from a superior informing you that they were approached by the manager and a complaint lodged.
  
  The two-headed snake also heavily exploits plausible deniability. This bully will do two things simultaneously: negatively/falsely report the auditor's performance to their superior(s) and the executives, omitting reports and concerns voiced by the auditor completely, and be professional to the superiors they report to but harsh and untruthful to the auditor.

• The Gatekeeper: “The Constant Critic and Two-Headed Snake do things to people. They commit acts of omission. Gatekeepers bully by withholding resources you need to succeed. Their dirty tricks are acts of omission. What do you need? Time to do the job? It's denied by an impossible deadline. Information? You are blocked from using computers and search services. Furthermore, your colleagues have been ordered to not help you with anything. New job and you need training. No training for you. No budget. Though the department party is paid for. Need light duty coming back from surgery as the doctor ordered? No way. Management knows best and, if you don't return immediately to full duty, you will be fired.”
  
  The auditor victimized by this type of bully may actually have immediate options to “return fire.” Parts 1 and 2 covered fraud indicators and red flags of managers, as well as behaviors recognized by both the DoD IG and The State of New York Comptroller, as withholding information. If the auditor feels there is no other starting point, this can be immediately reported and investigated.

The WBI also has a position statement, which encompasses, to a large extent, traits discussed in parts 1 and 2:  “We believe a majority of bullies adopt the tactics of bluster and bravado as a cover, a mask, for some underlying deficiency. In other words, bullying is a compensatory set of behaviors meant to overcome something lacking— technical competence, empathy, or even fraud and theft.”  This statement highlights another recognized red flag: indications that key personnel are not competent in the performance of their assigned responsibilities.

If you feel bullied as an auditor, you are not alone.

In an online survey conducted by the WBI, some concerning numbers appeared among respondents:

• 71% falsely accused someone of “errors” not actually made.
• 68% stared, glared, were nonverbally intimidating, and were clearly showing hostility.
• 64% discounted the person's thoughts or feelings (e.g., “Oh, that's silly.”) in meetings.
• 64% used the “silent treatment” to “ice out” and separate from others.
• 61% exhibited presumably uncontrollable mood swings in front of the group.
• 61% made up their own rules on the fly that even he/she did not follow.
• 58% disregarded satisfactory or exemplary quality of completed work despite the evidence.
• 57% harshly and constantly criticized having a different "standard" for the target.
• 56% started or failed to stop destructive rumors or gossip about the person.
• 55% encouraged people to turn against the person being tormented.

The last bullet point is exceptionally worrisome in the context of this article.

Being Selectively Unreachable

When auditors are in the middle of their work, they often need rapid response from leadership to assist in problems, questions, or the usual suspect, the “speed bump.” Especially in the remote environment, managers will use these two ways: first, they will be unreachable—period. And they will force the auditor to only approach them. Or, they could call the auditor and demean them over the phone for their lack of knowledge, knowing that even if the behavior is reported, it is likely that no one will accept a phone call alone as evidence. But the manager will be faster than lightning to reprimand the same person. A chokehold has been put on communication—but only to the individual. This causes tremendous stress and increases uncertainty because the auditor knows what awaits if he/she asks peers or an immediate supervisor for help and it gets discovered.

How to Spot the Informant

When bad actors have turned against an auditor, reflect to determine if the auditor was a good and productive team member, or was he/she already sarcastic, pessimistic, and/or argumentative? On top of that, is the employee in an office setting or remote location?

The Good Employee/The Unwilling Informant

This is the majority of informants. In the office, this may be visible early, such as the example of the manager moving the team out or moving the auditor far away from the team. The remote environment is much more complicated for the team and much easier for the bad manager. The team does not see each other; as we have discussed, communications have been forced to only the toxic manager, so interactions between team members are tightly controlled. When an auditor has been targeted and pressure repeatedly put on him/her, what communications take place do not allow the team to see potential effects. As discussed earlier, even if the individual attempted to communicate directly with an immediate supervisor (but below the manager's level) and the supervisor approached the manager, a plausibly deniable statement was ready.

The Not-so-Good or Easily Turned Employee

There was already some real or perceived wrong by the individual, and the manager's insertion to further their “game” was not entirely unwelcome. In the office setting, this might be dealt with by the meetings called by the bad actor(s); they want the team to feel their power and, not uncommonly, keep the team off balance and perhaps even maintain a certain amount of fear. The team will see the individual and, either by statements made, favoritism shown by the bad actor toward the individual, or other observed actions, the team can, as a collective element, see a problem on the horizon. If the disgruntled auditor is separated from the team, withholding information can go both ways and minimize damage. If the auditor remains with the team, the team can collectively watch for signs, such as excessive complaining and arguing, even over small points; complaining about being uninformed by the team; undermining team efforts to improve work, conditions, or reporting functions; and disengagement from the team. Good auditors can act this way as well—remember, they do not want to be controlled, and this may be an attempt to clue in the team.

With good and bad auditors, the remote environment complicates things—a lot. Now, the team does not know when the manager contacts the informant auditor, or about what. Meetings are remote and, again, the team cannot see each other (these managers do not use visual-virtual media for their meetings; it is another means to isolate individuals). The individual can even go as far as to start and maintain low-level conflicts between him/herself and other members—as the bad managers do by initiating and maintaining disputes and adversarial relationships with the team.

An important behavior to look for is territorial behavior. Remember, this individual was not unreceptive to the manager's insertion into their work environment; they will do what they can to ensure no other team member discovers the alliance.

Other ways that bad managers isolate good auditors have been discussed, but as they are more than likely indicators of fraud, they have more immediate avenues for elimination. They include excessive control/micromanagement, forcing all control into the hands of one to two individuals, and unclear expectations/vague “guidance,” withholding official or clear guidance that they do not want known or applied.

Solutions

First and always, at any sign of trouble, even if only suspected, document, document, document, and, wherever possible, make bullet points that tie complaints to a specific noncompliance, such as carrying on continuous disputes with the auditor, giving official links to any guidance you used or attaching them as exhibits. Try to keep the date-time groups as accurate as possible, and who said what and when. Document what routes were attempted and the results.

Most managers and lead auditors are ethical and hardworking and care deeply for their subordinates and the organization. The bad actors are the minority. When concerns arise about managers behaving fraudulently or antagonistically toward an auditor and their supervisor or the team, another manager must be found who can address the situation and stay the course of reporting with an individual and/or the entire team. When the bad actors show themselves, go to the good people and seek pathways to resolution. These people should be sought out by the team early and included in meetings if possible, or, at the very least, independently communicated with by a trusted teammate. This way, communications are open and honest, and, in all likelihood, big problems can be averted if the direct reporting mechanisms fail. A manager who is willing to isolate and turn an employee is not on the job for the right reasons, so we can infer some form of fraud is taking place—financial, position protection, or something else. It must be addressed quickly.

Even if a team member is believed/known to be an informant, I still recommend sequestered team meetings. These are two-edged swords; the informant can report information that the team shares, which they would rather the bad manager not be privy to, or, at the same time, meetings can include “project assignments” or additional duties assigned to each member—the supervisor will likely be the lead for this. The supervisor can then contact each auditor individually with specifics added to their assignments. After a time, consistencies will appear because the manager(s) will micromanage everything and the informant will have shown his/her hand somewhere. In the office setting, the team will need to look for more visible signs, as listed above.

The supervisor or first-line leader can work directly with the informant. An unwilling participant in any fraudulent enterprise will likely want their position betrayed; they respect their team and want no part of whatever the manager is up to. Reporting safety nets and protections must be offered, confidentiality must be strictly adhered to, and the promise made of rapid action must be kept.

No solution has value unless there is a structure in place to proceed with it. Most big organizations have a hotline; whether via telephone or email, the hotline must be reviewed regularly and every concern addressed. Unlike most systems, if an auditor has been unwillingly turned against their team and the supervisor is assisting in the reporting process, there should be an avenue for immediate supervisor/trusted individual input. Secondhand information may not be ideal, but it may be likely that the auditor-informant (called a relator) is scared, stressed, and afraid of retaliation, possibly including against their team. If first-line leaders have enough tenure, they will likely know a peer in compliance or risk evaluation, and, rather than indirect communications, they can expedite the relator meeting directly with a party who has the authority to kickstart the resolution pathways. If possible, a direct internal line of reporting is advised. If the organization is big enough, there may be an ombudsman's office to help pave the way.

Compliance and human resources cannot sit on their hands, but many departments either have failed to believe the relator, initiate a serious investigation, or adhere to the strictest confidentiality. Because these fraudsters know and game the system, they know that as long as they refrain from certain behaviors and statements, civil rights arguments will find little traction. The relators also know this and, if they are willing to come forward, they must have airtight guarantees of confidentiality—of the case they have reported and their identity and work environment.

Fraudster managers will “lock up” as many avenues of communication as they can internally and, depending on their current tenure of other sections, perhaps even dupe compliance or keep it so inaccurately informed that the managers are trusted too much (again, information asymmetry and plausible deniability).

It is also recommended that external avenues be established, such as an attorney's office, the contracting organization if the entity is a government contractor, or even an arbitrator who can direct concerns efficiently and timely to the correct people. These are not recommended as first paths. However, if a relator has any doubt about their safety, then external measures should be established. Therefore, the team, again perhaps the lead or supervisor, should establish an external compliance “escape route.”

Now the deep dive, which might be required if any breach of process is suspected or prior attempts at resolution have failed. This is not recommended but may be necessary if the people who receive such reports do not behave in a manner fitting the complaint. The relator has attempted internal controls and found them ineffective, even with as clear documentation and reporting as possible. This action comes with serious risk, there is no doubt, but a resolution was honestly attempted and failed. In this case, the relator is advised to take the case as high as necessary, even to the federal level.

My recommendation would be to word it as an advisory, something to the effect of: “I have told you what I know, and I expect proof of response within [number of] days. If I do not receive a response, or if I receive any indication that my confidentiality has been breached, I reserve the right, in accordance with [company/contractor]'s policy, to report this to all authorities concerned with this matter. I am making a final attempt to resolve this problem locally and expect at this point that my concerns will be taken seriously. If not, it will be reported to federal authorities, and the matter will be out of our hands.” Essentially, you have a concern, it is important, and it needs to be addressed. This statement should be taken seriously—as intended—or it could be viewed as a threat. Officially reporting the manager should be enough, and the receiver(s) of the report should not need an advisory statement like this; you reserve this powerful addition to inform the receivers that you will see the matter through until a conclusion is reached and closed. So, it is up to the relator and any ally he/she may have to determine where in the process this goes—but have it ready. The relator has reported it at the lowest possible level; he or she must now commit to reaching as high as necessary to ensure all parties are dealt with and corrective changes made.

Conclusion

The vast majority of mid-level leaders are ethical and know that their success relies on the true, realized accomplishment of the audit team below them. Attempting to turn a good or bad employee will never cross their minds because they hold themselves to a higher standard and know deep inside that open communication delivered concurrently to all team members will achieve the highest rates of success.

Even where fraudulent managers exist, these ethical managers will be as intolerant of their antics as the auditors. They will likely be an effective early avenue of reporting, even if others who should be directly involved have failed.

Unfortunately, the damage that mid-level fraudsters cause far exceeds the number working in the healthcare arena. To fraudsters, systems, processes, and departments (i.e., compliance) exist only to be disregarded and outmaneuvered, and individuals are expendable at any point, so the fraudsters' illegal enterprise will survive. Elimination of fraudsters will only be achieved by teams and individuals willing to report them and defend their peers. Team cohesiveness must be strong enough that each member knows they can trust that their team will support and defend them, if necessary.

Carl J. Byron, CCS, CHA, CIFHA, CMDP, CPC, CRAS, ICDCTCM/PCS, OHCC, and CPT/03, USAR FA (retd.) 

Carl is a coding and documentation auditor for the Defense Health Agency (DHA), a government agency that provides healthcare to the military. His background includes HCC auditing for CMS, coding and auditing for a large global healthcare network, and as a compliance educator and speaker for AIHC. He currently volunteers as a subject matter expert for AIHC, a non-profit licensing/certification partner with CMS.