By John L. Guerra
Editor, GRC & Fraud Software Journal
Federal, state and local government agencies performed significantly worse on fraud detection and mitigation than private sector organizations.
That’s the conclusion of a new ACL customer survey from the Vancouver-based risk management software provider. The company polled risk and fraud managers to help ACL better understand the business side of controlling fraud.
The ACL survey showed that:
- Less than one third of government respondents said they detect the majority of fraud in their systems
- Fewer than half of the government respondents said detected fraud is ever reported
- Fewer than 30 percent of anti-fraud recommendations are fully acted upon by government agencies.
GRC & Fraud Software Journal recently talked to Dan Zitting, ACL’s Chief Product Officer, about ACL’s fraud survey. We wanted to find out how state and local agencies can improve their fraud detection and mitigation game.
Question: What does the 2017 Fraud Survey from ACL indicate to you?
Zitting: We see government agencies performing less effectively than the private sector on fraud detection and mitigation. The answers we hear from government agencies and other public organizations were quite far off from the private, commercial sector.
Clearly, the private sector believes they are doing a better job. Some 42 percent of private entities say they detect the majority of fraud in their organizations – compared to less than a third of public respondents who say they detect the majority of the fraud in their organizations.
Some 60 percent of the private organizations said they report fraud, while less than half of the government agencies polled say they report it.
Question: What kind of fraud detection and mitigation challenges do governments face?
Zitting: The question is, is fraud a bigger problem in the government sector or are government agencies less able or willing to mitigate risk? Are government agencies less transparent in the reporting of fraud? Or is it a combination of these things?
ACL’s survey found a lot of variations among federal, state and local governments. Federal agencies certainly might have tighter controls through internal auditing and oversight from the Office of Inspector Generals in each agency, but the opportunity on the fraud triangle is much bigger in the federal government. Federal agencies must protect millions of financial transactions each week sent through myriad channels to individual beneficiaries, vendors, and state and local governments.
It’s nearly impossible to completely halt fraud in such large entitlement programs as Medicare, food stamps, and unemployment insurance. Both federal and state agencies must have at least some automated systems to flag the public’s attempt to defraud federal programs. Agencies also must protect themselves against internal fraud, such as employees receiving kickbacks from vendors. That is another big category of internal fraud.
Internal fraud is a big problem for state, county and local governments. A good example is a local government employee using his tax-payer funded purchase card to buy gas for his personal vehicle. When you multiply the number of individuals with government purchase cards in an agency, undiscovered fraud can add up.
Question: Are state and local governments up to date in their risk and fraud systems?
Zitting: Smaller governments and local agencies often have only an individual or a small audit group with oversight. They literally sit at a table and pore over boxes of financial records, comparing paper credit card receipts, bank statements, purchase orders – the process is very slow.
Time is of the essence. You want to flag potential fraud as soon as someone gives it a shot. As employees or outsiders test the fraud detection system and no control picks up on it, fraudsters become more and more brash.
Question: Some local and state agencies without the resources to audit their own books rely on state government auditors who annually review each agency’s financial reports.
Zitting: Because an auditor general’s office staff has limited time, they can’t check every detail of every financial report generated by every state agency, they may only review key parts of reports and not drill down.
In any given year, agencies can manually audit only 5 or 10 percent of what should be reviewed. The answer is simple: Find some software tools that can look over everything automatically, finding the red flags throughout all the agency’s electronic records.
Question: Why aren’t local agencies investing in automated auditing and fraud mitigation tools?
Zitting: Tight budgets. The agency head tells the budget director, ‘Our budget is frozen, we can’t afford it.’ When one state or local agency employee can steal hundreds of thousands of dollars in just a few months, however, automated fraud systems quickly pay for themselves. What is the cost of not having that tool? Having no idea of where the money is going.
We start with a quick-win scenario if a given agency isn’t mature with its fraud work. We run a sample of their purchase card records on our software. We get them starting to find red flags immediately. That’s how we build support for these programs. We can apply it to other areas of concern, such as inventory control, showing them how we can spot theft of parts and other items from their warehouses.
Question: How does an agency find a vendor?
Zitting: These agencies can outsource fraud mitigation to a third party vendor or the agency auditor can link to a company like ACL through the cloud and manage his agency’s auditing, risk and fraud prevention functions in-house.
An audit or fraud software vendor, such as ACL, first reviews the process the government agency has in place, whether manual or automated, and interviews the audit staff to determine inefficiencies in the present workflow. We then develop automated ACL solutions so agencies can quickly spot and halt fraud.
It takes only a little bit of software technology to automatically sift through employee transactions for irregularities, for anomalies. For instance, government agencies have rules in place for what purchase cards can be used for. If the agency bans a class of employees from purchasing airline tickets using the government purchase card, for instance, the software can search for the word “airline tickets” in transaction histories and pull up every instance of those purchases. If someone outside that class of employee has bought tickets with the card, a flag will pop.
Automated searches for transactions that occur outside regular business hours, such as weekends and holidays, is another way to flag suspicious transactions. You can also ask the system questions, such as, is one employee class outspending all its peers?
Data analytics capability is vital. You can download a month, or a year’s worth of financial transactions posted to a specific purchase card account. Using data analytics you can parse the data in countless ways. It goes way beyond key words and dates. Fraud usually involves more than one person at the till; usually several people work together, such as an employee with a relative who is a vendor. You need data science to catch those complex relationships among fraudsters, their banks, and other individuals.
The U.S. Government Accounting Office estimated that fraud and bad payments cost government $135 billion in 2015. It’s time to seek an automated solution.