Agencies are often reluctant to proactively manage fraud, possibly because they have no idea how big a problem it is.
Fraud is an invisible threat to federal, state and local government. From organized criminal rings systematically bilking agencies out of millions of dollars to unscrupulous vendors rigging the contracting process to individuals lying on benefits applications, fraud threatens the integrity of every public institution. Yet government agencies are often reluctant to proactively manage fraud, possibly because they have no idea how big a problem it is. Thus, in many managers’ eyes, fraud prevention doesn’t seem like a wise financial investment. Yet even conservative estimates of potential fraud loss point to substantial savings associated with effective prevention measures.
How big is the problem?
Collectively, government revenues total about $3.3 trillion. While no one knows the full scope of losses associated with fraud, some well accepted industry estimates can help determine a ballpark. According to the Association of Certified Fraud Examiners’s “Report to Nations,” the average organization loses 5 percent of its annual revenue to fraud. Certain industry groups have calculated fraud estimates for their sectors, which can help agencies estimate their own losses. For example, the Coalition Against Insurance Fraud estimates that Fraud accounts for 5-10 percent of claims costs for U.S. insurers and nearly one-third of insurers say fraud was as high as 20 percent of claims. Health care fraud estimates range from about 3 percent of national health care spending to as high as 10 percent. Given the uncertainty around these estimates, 5 percent seems like a reasonable estimate. Applied to total government revenues, this translates into an estimated $165 billion in taxpayer money being stolen by fraudsters every year.
Risk Management Requirements
The 2016 Fraud Reduction and Data Analytics Act requires agencies to establish financial and administrative controls to identify and assess fraud risks and design and implement control activities to prevent, detect, and respond to fraud, including improper payments. The previous year, GAO released its “Framework for Managing Fraud Risks in Federal Programs,” which provides guidance for developing a comprehensive fraud risk management system.
GAO’s framework identifies leading practices for managing fraud risks in four broad areas: 1) a commitment to creating a culture that is conducive to fraud risk management; 2) assessment of fraud risks; 3) design and implementation of effective controls to address the highest priority risks; and 4) ongoing evaluation and adaptation of these efforts. The framework encompasses control activities to prevent, detect, and respond to fraud, with an emphasis on prevention, as well as structures and environmental factors that help managers mitigate fraud risks.
Return on Investment
The ACFE “Report to Nations” calculates the cost savings related to various fraud prevention activities. For example, risk assessment translates into a 38 percent reduction in loss related to fraud; having a dedicated fraud team results in a 33 percent reduction of fraud loss; and proactive data analytics results in a 52 percent reduction in fraud losses. Taken together, fraud prevention activities can cut fraud losses, on average, about 40 percent.
Many of the activities the ACFE lists are relatively inexpensive to employ, particularly as they relate to the return on investment. GAO’s framework offers guidelines for developing a fraud risk management program, such as establishing a dedicated office or individual, conducting regular risk assessments to understand the biggest vulnerabilities, prioritizing risks based on the likelihood of the fraud scheme occurring and the impact if would have if successful, and implementing cost-effective controls to mitigate the highest priority risks. GAO also recommends using cost-effective fraud analytics, such as anomaly detection, to identify fraud more efficiently.
It’s easy to see how cost effective these measures are. For example, the Agriculture Department, with an annual budget of $144 billion in 2018, should expect to lose about $7 billion annually to fraud, based on the ACFE estimates. Putting in place a comprehensive anti-fraud program would yield a return of approximately $2.9 billion annually. Even if the department spent $2.9 million on its antifraud program, the agency would save 1,000 times as much as it invested.
And for the behemoth Defense Department, whose 2018 budget was just under $650 billion, taxpayers are likely losing as estimated $33 billion to fraud. A comprehensive anti-fraud program would return approximately $13 billion in taxpayer dollars on the investment.
Maybe it’s time for agencies to rethink their investment in preventing fraud.
Linda Miller leads Grant Thornton’s Fraud Risk Mitigation Practice. She was the principal author of GAO’s “Fraud Risk Management Framework” and served on the task force that developed the COSO/ACFE “Fraud Risk Management Guide.”