CFE Shares Unique IT Challenges and Most Memorable Case

MEMBER PROFILE

Shannon Grayer, CFE, CBM, CCEP
Head of Ethics and Compliance Investigations, CSRA Inc.

Shannon Grayer, CFE, CBM, CCEP, may have earned his CFE more than a decade ago, but his passion for learning more about the world and fraud examination has never waned. The head of ethics and compliance investigations for CSRA Inc. has lived in multiple countries, stays abreast of technological advancements in the IT industry and works with major players in U.S. national security. When he’s not on the job, you might catch him at a show or museum in the Washington, D.C. area.    

How did you become passionate about fighting fraud?
Back in the early 2000s I was a postal inspector for Canada Post Corporation in Vancouver, focusing on physical security and investigation such as theft of mail. One day, our main inspector for fraud-related matters unexpectedly left the organization. There was no natural replacement at the time, so I was placed in the role. As luck would have it, I took to the role like a duck to water — I truly enjoyed uncovering misconduct and making a real difference for the organization. Not long after, I started studying for my CFE Exam and came to the realization that I had genuinely found my calling.

What is one of the biggest lessons you have learned since becoming a CFE?
Never stop learning because life never stops teaching. In this type of work there are new surprises every day — some of which I suppose I could write a book about, though I’m not convinced everyone would believe it. The learning keeps me on my toes, happy and humble. In this broad, ever-evolving field even the experts can stand to learn a few new tips and tricks.

Do you face any unique challenges working for an IT company?
CSRA Inc. provides IT services to U.S. government clients in national security, civil government, health care and public health. Our largest market, national security, includes the U.S. Department of Defense, U.S. Homeland Security, U.S. Army, U.S. Air Force and intelligence agencies. We do work in our nation’s infrastructure, in training and education, in cybersecurity and much more.

As a “pure play” government IT services provider, we have an array of government standards we must adhere to and various critical agency regulations that we are required to comply with. I look at it as a tiered view in which everyone at the company needs to meet laws, government regulations, and company policies and expectations. 

Moreover, as with any IT company, the environment is fast-paced. The challenge is to remain flexible and willing to adapt. Additionally, it is key to have a thirst for knowledge since new service offerings and products appear. You need to familiarize yourself with what is current and upcoming. Questions or concerns that I am often asked to address can range from issues of ethical business practices and compliance to financial, safety and security and human resources matters.

What is a memorable case or project that you have worked on?

Several years ago, an IT program manager (responsible for developing proofs of concept and managing tools to show customers best-in-class implementation) hired a partner using a third-party payment provider (Company X). Over the course of a year, the program manager routed more than half a million dollars in investment funding (i.e., discretionary monies he managed) through Company X.

Of note, the many small-value purchase orders for this project did not reference the actual partner engaged to perform the effort (Company Y). Moreover, the referenced deliverables were very vague, with labels such as “project management,” with no measurable milestones or engagement details. Over the course of the year the project manager told his manager that Company X — where the funds flowed through — was doing a tremendous job.

Near the end of the year, the project manager was reassigned to a new manager, who noticed an odd name on the purchase order where it mentioned the true company performing work (Company Y). Realizing that Company X was simply a pass-through, the new manager did some sleuthing and found a contact email similar to the name of the project manager. The new manager escalated the issue to my team for investigation.

The investigation revealed the project manager had siphoned the entire half a million dollars to pay for his personal desires and interests including opening a nightclub and having expensive affairs with multiple women. The employee was terminated and criminally charged, and ultimately restitution was ordered.

This case was particularly impactful to me personally because two years later the (now former) employee reached out to arrange a meeting with me. In that meeting the former project manager revealed how personally devastating the intervening two years had been from a financial and emotional perspective. However, his purpose in contacting me was actually to thank me for treating him with dignity throughout the investigation even though he had done terrible things and destroyed his until-then promising career. He said he appreciated my professionalism and respectfulness, despite the “crook” he had become at the time. It was a truly unforgettable meeting, and one which not many investigators get an opportunity to be part of.

When I speak on this case, I often like to point to the old F.M. Hubbard quote, “Honesty pays, but it doesn’t seem to pay enough to suit some people.”

What activities or hobbies do you like to do outside of work?

I enjoy live music of all kinds and that’s one reason I truly enjoy the D.C.-Maryland-Virginia area. I’ve found there are many diverse music venues in this region so I am never at a loss for good shows. I have also become somewhat of a museum enthusiast since there are so many wonderful galleries around this area. Plus I am a bit of sports junkie (go Hawks!)  

Read Shannon's full interview on ACFE.com.