Anita Bernadette Calhoun, Cfe, Crcm, Cerp Email and Phone Number

• Responsible for developing and maintaining the risk management and oversight programs for internal fraud at Discover• Responsible for the implementation of the programs’ governance frameworks, risk methodologies, and compliance assessments• Responsible for managing the policies and standards team for the Information Risk team.• Provides consultation on risk areas to the business, as well as designing and overseeing an education and awareness risk program.• Develops, leads, and executes internal fraud risk management initiatives/projects with a focus on operational risk oversight, continuous improvement, increased engagement of business partners, and compliance with relevant laws, regulations, and guidance.• Develops and maintains compliance methodologies and assessments to ensure business internal fraud practices comply with applicable law, regulation, and regulatory expectation.• Develops strategic partnerships with internal and external stakeholders, to include vendors, partners, industry groups, and regulators to ensure effective internal fraud risk management efforts and program enhancements that support the overall enterprise wide mission.• Oversees legal and regulatory compliance programs for internal fraud across the enterprise, to include testing and attestation. Develops policies, standards, and promotes risk management.• Oversees policy and standards administration• Provides timely coaching, feedback, and direction to employees to help them develop their capabilities and enable them to perform to their potential.• Consults to the business and drives engagement.

• Managed compliance department personnel, including providing training and feedback. Maintained responsibility for the overall integrity and quality of the work product.• Verified that operating units are compliant with all appropriate local, state, and federal regulations through the execution of the compliance testing program, establishment of testing plans, collaboration with business management to identify compliance issues and corrective action plans, and preparation of compliance report to communicate the scope and severity of concerns identified to the applicable level of management. • Collaborated with various level of management within the areas of responsibilities, including the risk functions within the first line of defense. Evaluated and tested the adequacy of business processes and practices with respect to risks, controls, and regulatory requirements, identifying gaps and issues.• Maintained a high level of awareness and knowledge of regulatory compliance requirements. Supported compliance management in developing, implementing, and maintaining an enterprise-wide compliance program and culture of compliance.• Monitored and validated status of corrective actions taken by business partners to remediate concerns.• Created and maintained testing work papers and supporting documentation. Drafted written reports regarding compliance testing results.• Presented findings, potential risks, and recommendations to Legal, Compliance Advisory, Center of Excellence, and Line of Business partners for corrective action.

• Led and executed moderate to high risk or complexity reviews in a matrixed environment and communicate emerging risks to management• Escalated potential issues, identified potential corrective actions, and followed through on reporting and resolution• Ensured all documentation is completed and retained (testing schedules, testing templates, workpapers, deferrals, and deviations) • Consulted on and implemented initiatives with moderate to high risk and served as an internal interface with the business regarding risk management • Demonstrated an understanding of the Annual Plan and associated risks• Led and executed testing, according to internal policies, in an effective manner to ensure testing activities are completed on schedule• Provided thoughtful, credible challenge internally to the lines of business and corporation• Assessed, documented, and communicated emerging risks and identified issues to management and risk partners in a timely manner • Ensured swift testing, related issue and corrective action identification, reporting, escalation, and resolution • Led the team with integrity and created an environment where the team members feel included, valued, and supported to do work that energizes them • Accomplished management responsibilities which include providing ongoing coaching and feedback, recognizing and developing team members, identifying and managing risks, and completing daily management tasks

DUTIES PERFORMING:• Planned audit engagements• Identified inherent risk and control objectives• Drafted audit deliverables defined in the audit methodology• Performed audit testing and worked with Company management during audit• Drafted communications and reports• Coordinated and participated in client meetings• Conducted detailed audit workpaper reviews• Developed and presented training material• Maintained up-to-date knowledge on legal and regulatory issues that affect the Company• Used automated software tools and keep abreast of current technology in the department and in client areas• Collaborated effectively, developed and managed effective relationships with key stakeholders, including various levels of management throughout the enterprise and external auditors to foster and promote Internal Audit’s reputation as a value-added business partner• Partnered with Legal, Finance, Compliance, Risk Management and other control groups establishing strong work relationships, while maintaining independence

DUTIES PERFORMED:• Designed quality review programs for various business areas• Collaborated with other business areas to develop a quality control program • Identified and remediated quality issues and gaps in business processes, procedures, and systems• Identified and documented risks, controls, and best practices across the organization• Analyzed and evaluated trends, identified control gaps, and recommended routine and non- routine solutions, including procedural changes• Developed and delivered training to peers and business areas

DUTIES PERFORMED:I led and conducted risk-based audits which tested departments, functional areas and processes for compliance with regulations, policies and procedures. The audits included:• Reviewing the suitability of the business control design• Conducting Risk Assessments• Describing areas where no preventive or detective controls exist• Determining the scope for the review• Documenting testing by creating and completing workpapers• Managing work assignments of other employees• Reviewing documentation for logical and grammatical errors• Identifying reportable issues of dimensions of risk• Establishing ownership of issues• Communicating findings to process owners and others verbally• Enhancing processes, controls and efficiency by recommending corrective actions• Writing comprehensive reports summarizing the background, scope and findingsSIGNIFICANT ACHIEVEMENTS:Generally, improvement suggestions to remediate audit findings were well received and implemented by management. In turn, the effectiveness of the control increased, the process was improved, and associated risks were simultaneously minimized. During the course of conducting a routine review, I noticed statements in the contract were not consistent. One section could have led a borrower to believe payments were not required after an event transpired. A correction to the wording was made which reduced the potential for collection issues on future contracts.My independent research to self-educate on methods of using IDEA software enabled me to train co-workers and improve departmental productivity.

DUTIES PERFORMED:• Established, monitored, analyzed and reported metrics for Program Integrity, Privacy and Compliance activities• Assisted in implementing the Program Integrity and Compliance functions in Georgia for Beacon Health Options• Served as the primary resource and contact in Georgia for concerns of fraud, waste and abuse • Conducted data mining was done to investigate, prevent and monitor providers• Coordinated activities with The Department of Behavioral Health and Developmental Disabilities (DBHDD) to ensure adequate coverage of provider reviews, but eliminate duplicate efforts between the entitiesTo ensure compliance at the Georgia Collaborative Administrative Services Organization office, I: • Conducted HIPPA and 42 CFR Part 2 walkthroughs• Provided immediate feedback to employees to reinforce compliance or as notification that corrective action was needed• Maintained a database to track individual employee violations involving confidential information • Recorded information to use when recommend personnel action if an employee exceeded the threshold of violations• Provided training on privacy, personal health information (PHI), personally identifiable information (PII), fraud, waste and abuse by holding meetings and emailing newsletters• Communicated instruction and updates to increase awareness and assist with state and federal compliance; The Director provided feedback on the training meetings stating the sessions were the “most fun compliance trainings” he had attended. SIGNIFICANT ACHIEVEMENTS:I identified opportunities for improvement, and assessed the effectiveness of corrective actions. This included escalating two issues of confidential information being transmitted in an unsecured manner. The paths were secured immediately. As a result, it prevented future transmissions from resulting in a breach, fines, reputational harm and threatening the viability of the business.

DUTIES PERFORMED:I assisted in the performance of financial and medical audits of providers suspected of having committed Medicaid fraud, waste or abuse. Case work was performed as a team with an attorney, investigators, nurse investigator and intelligence analyst. I was the investigative auditor on the team who performed tasks including: • Researching policy, utilization questions and information in sources such as GAMMIS• Obtaining and reviewing business and personal financial records of providers • Analyzing claims from the Department of Community Health and managed care organizations• Using Excel and Rat-Stats to obtain samples of data• Identifying the amount and types fraud• Conducting interviews with providers, employees, Medicaid recipients and others• Preparing written reports, charts and graphs to communicate findings• Executing search warrants and on-site reviews• Handling civil and criminal cases• Working cases involving allegations of abuse to at-risk (elderly and/or disabled) Medicaid recipientsSIGNIFICANT ACHIEVEMENTS:I assisted with Georgia Medicaid cases that led to the prosecution of $2.3 million of fraudulent payments, ordered restitution of $2.1 million and prison sentences totaling 21.5 years.I was selected and served as a data analyst with the National Association of Medicaid Fraud Control Units (NAMFCU) which collaborates with other state units to deter some of the largest and most insidious health care provider frauds, recover program dollars, punish corrupt practitioners, and prosecute those who abuse or neglect nursing home residents.

DUTIES PERFORMED:I reviewed mortgage files for quality assurance, misrepresentation and risk assessment. My duties included:• Analyzing mortgage files for completeness and accuracy by examining applications, credit histories, income documents, title searches, title policies, appraisals, etc.• Investigating any misrepresentation of income, employment and occupancy to resolve any transaction component indicating a potential for fraud• Documenting the review, reporting any loan quality trends• Initiating actions to mitigate losses, including drafting re-purchase lettersSIGNIFICANT ACHIEVEMENTS:By performing the duties of my job, I was able to provide assurance that the mortgages met Fannie Mae’s loan criteria and individual loan product guidelines. As a result the risk of a loss from fraud was greatly reduced.

DUTIES PERFORMED:I performed internal audits, conducted fraud investigations, and delivered training. During the course of this work, I gained experience working with personnel at all organizational levels to develop functional solutions to challenges faced.I was one of 19 employees in the United States that performed operational audits in field offices. I was frequently one of a handful of auditors selected to perform SOX reviews and internal audits at the corporate headquarters. Audits consisted of performing a risk analysis, developing a testing plan, completing testing and reporting on compliance with company policies, state and federal laws. I also trained new field auditors. I handled fraud investigations. Responsibilities included: maintaining confidentiality as appropriate, reviewing documentation, conducting interviews including asking hard questions and reporting the results of the investigation. To aid in training employees in operations, I developed and conducted management and employee training meetings on compliance, risk analysis and process improvements. I also trained new district managers on performing independent reviews. SIGNIFICANT ACHIEVEMENTS:I identified risks to achieving company goals, issued improvement recommendations, trained others which led to improved compliance. I identified fraudulent loans, reducing the possibility losses from a continued pattern of such activity.

DUTIES PERFORMED:I managed a financial services branch before being promoted to Field Auditor. I supervised up to 3 employees. As a manager, I:• Monitored and directed branch activity for profitability• Analyzed reports to improve loan production and collections• Developed personnel through recruiting, selecting, hiring, supervising, training and evaluating employees• Promoted the business by sourcing retail dealer business, handling complaints, providing training and participating in various community groups• Collected accounts via skip tracing, collection letters, telephone calls, field calls and legal actionsSIGNIFICANT ACHIEVEMENTS:I achieved and maintained the lowest delinquency for branches in the state of Georgia. I identified that a retail merchant did not accurately represent the amount and source of down payments amount when submitting applications for approval.

DUTIES PERFORMED:As a branch manager trainee, my functions included business development, delinquency control and providing branch support. To do this, I:✔Sourced, processed and evaluated risk to underwrite applications✔Performed skip tracing, inside and outside collection activities ✔Provided customer service, safeguarded cash and maintained reports.SIGNIFICANT ACHIEVEMENTS:I was recognized for contacting the most customers on a daily basis, achieving and maintaining the lowest delinquency for branches in the state of Georgia.