Criminals Steal Billions From Government Every Year; Here’s How to Prevent It

A risk-management framework is an essential starting point.

Fraud is a persistent and growing problem for government programs. It costs taxpayers billions of dollars and erodes public trust in government institutions. In fiscal year 2014, the government paid out nearly $125 billion improperly, nearly $20 billion more than it improperly paid out the previous year. Certain programs, such Medicare and Medicaid, are especially vulnerable to fraud given the large amount of funds available to eligible beneficiaries. As a result, these programs have been the victim of large and highly publicized fraud schemes. In June 2015 alone, 243 people were arrested in 17 cities for allegedly billing Medicare for $712 million worth of patient care that was never provided or unnecessary.

Combatting fraud typically is seen as the responsibility of inspectors general, and indeed, IGs are fighting the good fight every day to detect fraud schemes and recover fraudulent payments. But this “pay and chase” model is inefficient. In an environment of increasingly limited government resources, anticipating fraud and preventing it before it occurs is one of the biggest cost savings opportunities federal agencies have.

To effectively combat fraud, we must take a risk management approach. Not all fraud risks are equally as likely to occur and some would have more devastating consequences than others if they did occur. Thus, taking a strategic approach to identifying the particular fraud risks a program faces and assessing their potential likelihood and impact allows program managers to identify where the program is most vulnerable and to close the gaps proactively. This requires program managers and agency leaders, who traditionally have focused on delivering services, to take a more active role in ensuring program integrity.

To this end, in July 2015, the Government Accountability Office issued the Framework for Managing Fraud Risks in Federal Programs. The framework guides program managers in establishing robust fraud risk management systems that, if implemented effectively, can stop fraud before it happens. It outlines the steps federal managers can take around four key areas:

1. Demonstrate a commitment to fraud risk management. Make sure efforts to fight fraud have executive sponsorship, are part of the organizational culture, and are led by a designated entity within the program office.

2. Conduct a fraud risk assessment for each program. This should be tailored to the program or components and involve relevant stakeholders. As part of this risk assessment, GAO calls for agencies to determine risk tolerances and develop a fraud risk profile.

3. Implement a strategy focusing on prevention. This includes developing a fraud response plan and considering the costs and benefits of related control activities.

4. Evaluate outcomes based on risk. Thus, managers may adapt activities based on data analysis and real-time monitoring of fraud trends.

GAO’s fraud framework also identifies some control activities that are considered leading practices, such as the use of hotlines, fraud awareness training and data analytics. Data analytics, when used to predict patterns of behavior that can indicate the potential for fraud, hold particular promise as a tool to prevent fraud and safeguard taxpayer dollars.

Some agencies have already begun considering how they can incorporate the principles of GAO’s fraud framework into their operations and have found it useful in helping them to comply with the revised Federal Internal Control Standards, which now call for agencies to conduct a fraud risk assessment as part of their internal control program. In fact, Congress saw the proactive management of fraud risks as such an important effort that lawmakers introduced a bi-partisan bill, the Fraud Reduction and Data Analytics Act of 2015, to codify the fraud framework in statute. (The Senate unanimously passed the legislation in April; it now awaits action in the House). In addition, the Office of Management and Budget has incorporated adoption of GAO’s fraud framework into its revised Circular A-123, which also calls for an enterprise risk management approach for government operations more broadly.

In a resource-limited environment, it is crucial to use risk analysis when making decisions about where to allocate scarce resources—agencies can’t afford not to. Until recently, the public sector has taken a “pay and chase” approach to fraud and improper payments. Adoption of the principles outlined in GAO’s fraud risk management framework has the potential to significantly improve the efficiency and integrity of federal programs.

Linda Miller is an assistant director with the Forensic Audits and Investigative Service team at GAO, and led the development of GAO’s Framework for Managing Fraud Risks in Federal Programs.