The DiSabatino Construction Company was awarded a Master Services Agreement (MSA) by AstraZeneca to be the sole construction company at its U.S. Headquarters in Delaware. The MSA permitted the AstraZeneca project engineer (Mitchell Guard) to initiate construction projects at the site. Those projects would be led by David Ragnolia, who was the DiSabatino foreman and supervisor.

DiSabatino Construction performed several construction projects at the AstraZeneca HQ. Allegedly, it also performed several “significant home improvement” projects at the home of Mr. Guard, according to this story at DelawareOnline. The story reported that a state investigation into the situation revealed that—

… Ragolia ‘instructed DiSabatino employees and other subcontractors to make significant home improvements to Guard’s residence over a period of time, and that DiSabatino employees and subcontractors were assigned to work full time at the residence from March 2010 through July 2010 to complete the work’. … As work was completed, Ragolia told contractors to submit invoices and receipts to DiSabatino Construction, then he billed AstraZeneca for materials and labor at Guard’s home.

Apparently, AstraZeneca determined that it had a problem on its own. The story reported that “an internal audit and investigation … revealed evidence of an improper financial relationship” between the two. AstraZeneca notified the Delaware Attorney General’s Office, which launched its own investigation, culminating in the arrests of both Guard and Ragnolia. The DelawareOnline story reported that “Each is charged with felony theft of more than $100,000 by fraud and felony conspiracy, punishable by up to 17 years in prison. The state also seeks full restitution.”

So here’s the thing: We have often advocated that once the subcontract has been established, the role of acquisition professionals is largely over, and they need to get out of the way of the technical folks who need to manage the work. Whenever we do so, we always get strident feedback about how the procurement folks are the interface between the two entities. We hear “But what about changes? Who manages them after award?” Those are fair points; normally, we acknowledge them but maintain our position on the matter. We challenge people to “think outside the box” of how it’s always been done, and seek to streamline and innovate, and to focus on where the value-add is to be found.

But nobody has ever stood up and asked about internal controls related to fraud prevention. Nobody has ever challenged our thinking on the basis that moving acquisition folks off their current role(s) related to post-award subcontract management removes a control and permits the technical folks to engage in wrongful actions in cahoots with the subcontractor. But it’s true and we all need to keep that fact in mind.

Simple segregation of duties is the key. The same person (or function) should not both order goods and services and approve payment for those same goods and services. In this case, it appears that the AstraZeneca project engineer did both.

To its credit, AstraZeneca identified the problem and moved to fix it. We also hope they consider how to better implement controls in the future, so as to prevent similar occurrences.

And all of us need to keep in mind that, as we look for opportunities to streamline and innovate processes and procedures, we cannot overlook fundamental concepts such as segregation of duties. We need to minimize the opportunities for our employees and the subcontractors/suppliers that they manage to collude together, to the detriment of the entity that employs us and pays the bills.