Real solutions to win the fight against improper payments and fraud, waste, and abuse
Federal CFO Insights
Federal agencies continue to make great strides to reduce improper payments and to mitigate the risk of fraud, waste, and abuse. Despite these efforts, the improper payments consistently remain a government-wide issue due to many reasons, such as the complexity of the payments and the balancing act that federal agencies need to perform to make timely payments while verifying all information are accurate before payment.
What can agencies do now to prevent improper payments?
With these increased legislative requirements and enhanced data transparency, federal agencies’ CFOs will have more resources to monitor and review funding under their improper payments programs. Due to the extensive changes in the data reporting structure and lack of guidance, the DATA Act will be gradually implemented at federal agencies.
The the following three actions can help strengthen federal agencies’ strategies to mitigate the risks of improper payments:
- Fraud risks assessment techniques for managing risks in a holistic framework
- Continuous monitoring using data analytics with current data systems and using the Do Not Pay portal
- Root cause analysis techniques to identify and implement effective corrective action plans
Implementing a framework for managing fraud risks in federal programs
The US Government Accountability Office (GAO) framework provides an agency’s leadership with guidance on how to effectively employ risk management activities through four steps:
Commitment: Leadership is key in demonstrating integrity and setting the tone to create a fraud detection culture rooted in the organization. A commitment should be made by senior leadership to the prevention, detection, and response to fraud, creating a culture dedicated to managing and combatting risks facing the agency from the top-down.
Assessment: CFOs should consult with internal and external stakeholders, such as general counsel or contractors, who may be able to provide additional insight into potential fraud risks threatening the program. No two programs will be alike in the inherent risks threatening an agency; therefore, each risk assessment must be tailored based on the program. To fully assess and understand the fraud risks, the following actions should be considered:
- Identify inherent fraud risks affecting the program
- Assess likelihood and impact of inherent fraud risks
- Determine risk tolerance
- Examine the suitability of existing fraud controls and prioritize residual fraud risk
- Document the program’s fraud risk control
Design and implementation: After fraud risks are identified, a strategy should be designed to mitigate these risks with the focus again placed on the prevention of the assessed risk. A fraud response plan should also be developed which may include accepting, reducing, sharing or avoiding the risk. Control activities should be evaluated, and costs and benefits should be reviewed to determine a balance between successfully executing the goals of the agency and effectively managing this risk. CFOs should work to identify the amount of risk they are willing to accept when evaluating the controls to be implemented. Effective implementation relies on the involvement and collaboration of those involved at all levels.
Evaluation and adaption: The creation and implementation of a strategy relying on control activities designed to combat fraud risks, and the commitment to understand, monitor, analyze, and adapt to the ever-changing threat environment, both internally and externally, when deployed strategically, may allow an agency to take steps to mitigate the likelihood of fraud occurring. CFOs must understand, however, that risk cannot be completely eliminated, and controls must be evaluated to achieve an equilibrium of effective use of resources to prevent, deter, and respond to fraud while achieving the goals and missions of an agency.
As the risk environment evolves, fraud risks should be continuously monitored, and feedback should influence the controls and framework in place.