The Fraud Reduction and Data Analytics Act, signed into law in June 2016, requires the Office of Management and Budget to set guidelines for agency identification and assessment of fraud risks and the design and implementation of controls to prevent them. These guidelines must incorporate the leading practices in the Government Accountability Office’s Framework for Managing Fraud Risks in Federal Programs. The act also requires OMB to lead interagency coordination among agencies to share and promote best practices in the law’s implementation.
Agencies are grappling with the practicalities of implementation of the new law. Given the variability in fraud risks, fraud risk management must take place at different levels within an organization. And because fraud risk assessments are relatively new, taking an incremental approach makes sense.
One way to approach the new mandate is for cabinet-level leadership to direct components to assess overall fraud risks and develop a prioritized list of programs based on the inherent risks they identify. For example, within the Veterans Affairs Department, the Veteran’s Health Administration’s fraud risks might rank higher in potential consequence than those identified by the Veterans Benefits Administration. If that turned out to be the case, the VA administrator could direct the VHA to conduct a comprehensive fraud risk assessment, develop a risk profile and come with a response plan. After the agency develops the process, tools and templates for carrying out the risk assessment and developing a response, lessons learned from implementation can benefit the approach taken in the next-highest risk program.
Another approach organizations might take is to look at high-risk processes within an agency or component. For example, an agency like the National Science Foundation may assess processes in place to oversee grantees across all of its programs and identify risks and tailor response strategies to them. As the fraud risk management process is developed, the activities can be incrementally applied to other areas of the agency. It’s important to note that the Fraud Act and GAO’s Fraud Risk Management Framework apply not only to financial fraud, but fraud that impacts operations and the organization’s reputation. While beneficiary fraud may pose the largest risk based on the level of funding, internal fraud—such as purchase card, travel card or even telework fraud—can also pose significant risk.
Congress established robust annual reporting requirements in the Fraud Act. Many agencies are unclear what to include in such reports. Below are some considerations for how to approach these requirements at different levels of government.
Ideally, at the cabinet level, the department would develop a high-level fraud risk profile that assesses risks across components, prioritizes them and designates entities to address them. This would provide a useful snapshot of the department’s fraud risk.
At the component level, agencies could develop more detailed fraud risk profiles. These profiles would identify programs with the highest risks, describe them and detail planned actions to mitigate them. This can serve as a blueprint for incoming component agency heads to understand the extent and nature of fraud risks across the programs, how mature the responses are, and where to focus fraud prevention efforts.
In some cases, it may be necessary to develop fraud risk profiles for specific programs, especially the very largest ones. These include major benefit programs, such as those administered by VBA or the Disability Insurance program managed by the Social Security Administration. It could even apply to major grant-making and large contract programs. These face significant fraud risks, so risk assessments and profiles at the program level are appropriate.
The Fraud Act requires the creation of a working group to share financial and administrative controls, best practices and techniques for detecting, preventing and responding to fraud. It gives the group specific responsibility for developing and sharing data analytics techniques. The working group provides an excellent opportunity to share and leverage expertise across the government and beyond. Similar working groups for other purposes, such as implementation of the 2014 Digital Accountability and Transparency Act, have been key tools in successful interagency coordination. One model to consider emulating is the current sharing of data analytics techniques among inspectors general.
The Fraud Act provides an excellent opportunity for the federal government to take a proactive approach to managing and mitigating fraud risk. With the right focus and implementation strategy, agencies can reduce fraud in their programs and bolster faith in the government’s ability to protect tax dollars. Likewise, the Fraud Act provides an opportunity for OMB to establish anti-fraud working groups that will help agencies leverage what is already working. With more than $140 billion in improper payments made annually, the effort would be well worth it.
Linda S. Miller, a former senior official at the Government Accountability Office, is a director with Grant Thornton Public Sector’s Fraud Risk Assessment practice.