A field employee routinely expenses out more than they were charged for business travel, pocketing the difference. A procurement officer funnels business to friends and family, using shell companies and fake addresses as a cover.
While there may be a dedicated department or team assigned to detect, investigate, remediate fraudulent activities like these across a public sector agency or organization, most managers and supervisors likely just see instances of potential criminal activity as isolated issues, anomalies and perhaps being irrelevant overall to their day-to-day mission until something similar affects their own area.
It’s time to look at fraud differently. What may appear isolated on the surface can introduce risk across the entire organization.
Simply put: Fraud risk is enterprise risk.
Improper payments and payment errors are a critical part of that risk. In the public sector, they can result from fraud, but also from weak controls, duplicate payments, payments to ineligible recipients missing documentation or simple data entry mistakes. And because their volume is so high across government programs, they are not just a payment-integrity issue — they are an enterprise risk that affects operations, oversight, compliance and public trust.
Not only do the dollars lost to these individual incidents add up, fraud weakens public sector institutions’ internal operations, damages their reputations, and effectively reduces their ability to achieve their missions. Here’s how.
Catch more fraud faster
See how analytics helps teams spot duplicate payments, bad claims and vendor red flags before losses grow.
Let’s face it; fighting crime is a time- and labor-intensive affair. Agency fraud teams must constantly scan operations for anomalies, collect evidence on red flags, prepare reports for auditors and leadership — all while keeping up with evolving regulations and capturing lessons learned.
If they’re doing this work by hand via disparate spreadsheets and systems, it becomes even more cumbersome and costly. One government IT leader told us that their department manually reviewed over 20,000 transactions each month. With that volume, they are only able to do a cursory review, it makes it difficult to pinpoint fraud and eats up valuable staff time.
In fraud detection, false positives come with the territory, especially as guardrails and controls tighten in response to rising risk. Unfortunately, this may require legitimate beneficiaries in the public sector ecosystem to take extra steps and endure longer timelines to receive the services they rightly deserve.
The inevitable (and understandable) complaints and appeals that result in further increase internal workloads. When these grievances become public, they can quickly tarnish an institution’s reputation.
Taxpayers, benefits recipients and other stakeholders expect public sector institutions to run like well-oiled machines, with funds going to the right place at the right time, for the intended services and in the correct amounts.
Reports of fraud confound these expectations.
“Every dollar loss undermines confidence,” Tiffany Robinson said during a webinar with FedInsider about her experiences as national identity theft coordination with IRS Criminal Investigations.
This wasn’t the only hindrance Robinson brought up.
“People are less likely to follow regulations if they believe others are exploiting loopholes,” she said, adding that such vulnerabilities extend to internal operations as well. “Improper payments create inconsistencies in enforcement, which makes it harder for agencies to maintain uniform standards.”
Keeping oversight up to standard has always been critical for public sector organizations, which must comply with a growing list of frameworks and regulations to avoid fines, avoid risking claw-backs and maintain their standing.
For federal agencies and those state and local agencies that administer federal funds, these include OMB A-123 for internal controls, Uniform Guidance, audit readiness and anti-fraud and payment integrity activities. In higher education, boards and accreditors are asking tougher questions about fraud as well as AI, cyber, accessibility and reputational risk.
The pressure is on for public sector agencies or organizations to demonstrate that they’re on top of risk across the enterprise, with a push toward continuous monitoring and automated detection.
Which leads to our final, and most powerful, connection between individual fraud cases and enterprise risk.
Intentional deception (e.g., fake claims, stolen identities) represents just one way public sector institutions lose money. Innocent mistakes and mismanagement also add up to billions in waste each year.
All types of fraud and waste require a similar approach to detection with common elements: internal controls, monitoring (ideally continuous and automated) and evidence collected across critical systems. In addition, they require management through automated workflows, audit reports that come from a single source of truth and proactive, documented remediation.
You can see such an approach in action at the Oregon Secretary of State, specifically how its Audit Division uses Diligent’s ACL Analytics solution to assess fraud risk and the effectiveness of its fraud detection and prevention controls.
“It’s a great tool for managing things. It’s a great tool for strategic planning, for analyzing data,” said a key official that leads fraud analysis for the state. “You can spend an hour or two and find literally millions of dollars in a large state program of waste, fraud and inefficiencies.”
The takeaway for your organization: strong fraud detection contributes to strong overall audit management. What’s more, if you’re moving fraud management forward with AI, automation and advanced analytics, you can scale this infrastructure across the enterprise into IT security, third-party security and more.
Diligent's ACL Analytics empowers public sector audit, risk, and compliance teams to automate testing, analyze 100% of their data and detect issues before they become costly problems, with advanced and no coding options. Its three-step process enables you to:
Recurring analytics, control checks and quick anomaly detection reduce manual labor and errors while guided workflows connect power users and newcomers alike. Throughout, every prompt, test and result is logged for auditability and compliance.
See Diligent’s audit-strengthening power in action. Schedule a demo today.
Enterprise data risk management: A framework for board-level oversight
Explore the essential framework for enterprise data risk management that transforms board oversight into a strategic advantage. This article delves into regulatory expectations, operational implications, and practical guidance to build a governance structure that meets SEC requirements and protects your organization from liability. Discover how Diligent can empower your board to navigate the complexities of data risk with confidence.
