Friday, February 01, 2008
Scamming an Automated Process
"D-O-C-U-M-E-N-T" checklist I devised a year ago to ensure consistency and completeness in the review.
I'm going to use the checklist myself to set an example for the students. My story is from last August and concerns a scam by two South Carolina women who took advantage of a US Defense Department automated procurement and payment system to defraud the government out of over 20 million dollars.
The original news story was probably this press release from the Department of Justice but I first read about it in The Economist when it was reported in a story called "Creative Billing."
D -- data types and document types (paying special attention to the former when they are used across the latter as the "glue" to connect processes)
The story revolves around invoices for shipping costs. The invoices were for staggering amounts of money – the article mentions 4 of them, one for $998,798 and three others all greater than $400,000. The goods that were shipped cost almost nothing; the nearly million dollar shipping bill was for sending two 19-cent lock-washers to Iraq.
O -- organizational transactions and processes (the "business processes", described coarsely like "drop shipment" or precisely like "PIP 3A4")
The scam worked because the Defense Department used an automated purchasing and payment system that paid invoices automatically. It isn't a bad process to pay on receipt of the bills once they are reconciled with orders, but there should have been some better auditing of the numbers.
C -- context (types of products or services, industry, geography, regulatory considerations -- the ebXML "context dimensions" described in section 8.2 of Document Engineering)
The context of this story is the war in Afghanistan and Iraq, and the concern that Defense Department bureaucracy might slow the resupply of items needed by the army. The DOD has gotten lots of bad press about soldiers not having the right body armor and equipment (like the famous "Hillbilly Armor" episode when a soldier criticized =Defense Secretary Rumsfeld), and it is easy to understand why the purchasing and payment people at the DOD would try to speed up their processes so they’d not get blamed.
U -- user types and special user requirements (these are "people" user types)
The most central "users" of the system in this story were its "abusers," twin sisters Charlene Corley and Darlene Wooten, whose company committed the fraud by submitting the fake shipping bills totaling $20.5 million. Charlene will be spending 40 years in prison, but not with Darlene as a cellmate because Darlene killed herself when the government was closing in on them.
M -- models, patterns, or standards that apply or that are needed
The story reports that "the Pentagon has tightened its payment procedures in response to the sisters' scam." The business rules that they were following were simply too weak – the disparity between the cost of the goods and their supposed shipping costs should have triggered an audit.
E -- enterprises and eco systems (e.g., trading communities, standards bodies, other frameworks that help scope the case study)
The company had the clever name of “C & D Distributors” because those are Charlene's and Darlene's initials. It is hard to believe that this is the only case of fraud because thousands of firms must have used the Pentagon's purchasing and payment system.
N -- the needs (business case) driving the enterprise(s)
Wars are expensive to fight… and you'd hate to have to stop chasing the bad guys around Falluja because you're out of machine screws and lock washers. But it is more interesting to look at the needs that were driving the twin sisters to steal from the government. Because Charlene and Darlene were from South Carolina, the Economist used the popular Southern phrase that they were in "high cotton" after buying four beach houses, ten cars, boats and lots of jewelry.
T -- technology constraints and opportunities (legacy or interoperability concerns from existing technologies or implementations; new or improved processes or outcomes enabled by technology)
There was little mention of the technology used by the government. It would be great if the Defense Department would follow the lead of the Danish government, which requires all invoices to be submitted electronically using the Universal Business Language standard. That story is in the reading list for my lecture this coming Monday.