Fraud and the Role of Internal Controls
Fraud is defined as “perversion of truth” or “false representation of fact” where the government is a victim. Obviously the fraudster hopes to gain at the expense of the government.
Most fraudulent activity in the Federal government does not make national news or the front page of the Washington Post. Therefore, we are not aware of most of it. If you read the semi-annual reports of the Federal inspectors general, however, you can start to get a sense of the magnitude of fraud. It is not small.
One notable case at NASA involved a large batch of bolts and fasteners that had been sold as scrap by NASA when they did not meet quality standards. Enter the fraudsters: an enterprising couple bought the scrap, and then turned around and sold it back to NASA by falsifying quality test results on the items. At the couples’ new “residence” they were able to contemplate their shrewd business deal (residence provided free of charge, courtesy of the Federal prison system!).
How Do We Prevent Fraud in the Federal Government?
There is only one way: with properly designed and operating internal control systems. Everything an entity does happens through its internal control systems, basically its policies and procedures, including those checks and balances built into our automated systems. Some controls are preventive – like matching of purchase card requests against “Do Not Buy” lists. And some controls are detective – like reviews of purchase card statements after purchases to determine if purchases were legitimate.
Do We Have the Proper Balance of Preventive and Detective Controls?
Some Federal managers believe we do not – and that the ratio might be 7 to 3, detective to preventive. That ratio should be flip-flopped: 70% preventive and 30% detective. We should put more effort into designing and implementing controls to prevent fraud than into those that just catch it after the fact.
How Do We Ensure That We Have the Proper Controls in Place to Prevent – and Catch – Fraud?
The best way is to raise the consciousness about controls of all types in our Federal agencies. This can best be done as a part of the legally mandated annual assessment of internal control that culminates in a statement of assurance on internal control by the head of the agency to the president and the Congress.
Fraud will never go away and all of it cannot be prevented. The Federal government is too big and complex to expect there will be no fraud. But every agency and every employee can mitigate fraud occurrences and impacts. In fact, they have a responsibility to do so. Employees at ALL LEVELS need to be educated and trained in all aspects of internal control, but especially where there is a risk of fraud.
I love this topic. Thank you for this. The Inspector General routinely conducts audits, either randomly or if there are indicators present that something isn’t right, or in response to a complaint or a report that there may be some acts of fraud. Executives/managers over programs should also employ internal controls. Checks and balances added to a program’s processes to deter any potential fraud. I do not believe that most employees set out to defraud. Some may even accidentally notice vulnerabilities in a system, which eventually lead to fraud. But if organizations employ, like you say here, carefully designed internal control systems, the propensity for there to be any wrongdoing diminishes greatly. Management Concept’s Cleve Pillifant touched on this topic in the August 28, 2015 article titled, “Integrating Internal Controls with Best Practices.” That was a great article on the topic and is an excellent companion piece to this one. It drew largely from the GAO Green Book, Standards for Internal Control in the Federal Government, gave a number of insights. I previewed it and thought enough of it to download it for my own use. The key takeaways for me were: (1) regularly monitor programs under your responsibility; and (2) routinely assess the risk or potential for risk. I’d also add that these two things, as well as managing internal controls, isn’t just the responsibility of the management. Each employee has a role in this. I’m always interested in this topic, and appreciate seeing new content about internal controls.