And with an accelerating move toward reducing the size of government through contracting and privatization, along with the increasing likelihood of trillions of dollars in new infrastructure investments in coming years, the opportunities for procurement fraud are only likely to grow.
Data analytics is a powerful tool to help identify possible procurement fraud, but it is only the first step in mitigating the problem. Once an indicator of fraud is identified, the good news is that you are well ahead of those taking an ostrich approach. The bad news is that just because you found an indicator doesn't mean you've stopped fraud or lessened the overall risk of it.
Your analytic tests are likely to produce a spreadsheet full of indicators of potential fraud. That's daunting enough. But if you work in internal audit, you are also likely now tasked with bringing these indicators to the table with the owners of the organization's business processes. That can result in your team being perceived as an adversary, critiquing and finding fault with their work. Instead, consider the opportunity to collaboratively work alongside process owners and management, using the fraud-mitigation process to help them deliver their programs more efficiently.
It's also important to remember that simply reporting a fraud indicator -- or actual fraud, for that matter -- does not mean that the responsible process will be fixed automatically. It's quite common for that vulnerability to remain in place, allowing for more fraud to occur. That makes establishing positive relationships with management and process owners even more critical.
Identifying what seems like a mountain of fraud indicators does not mean that your government or agency is rife with fraud and corruption. Nor does it mean your work is complete. Incorporating four simple steps will help more effectively manage the mitigation process:
1. Weed out false positives. When you start analyzing the data, it is not unusual to find that more than half of the indicators of possible fraud are false positives. An indicator could be the result of a poor or ineffective control, such as a lack of separation of duties for specific tasks. Invite process owners' input to identify the root cause of a false positive in order to fix it and prevent someone from taking advantage of it in the future.
2. Prioritize the highest-risk areas. Now that false positives have been removed, the list should only include true potential fraud indicators. However, the amount may still be overwhelming. This is where it's important to identify the organization's highest-priority risks, not only helping the investigation team know where to start but also focusing and accelerating the process.
3. Actively monitor your controls. After addressing a list of fraud indicators, it can be tempting to wait a year or more until your next audit to run these analytics tests again. Instead, establish a proactive process, using carefully chosen technology, to quickly address fraud indicators in a timely manner. It is in this step that the early groundwork of establishing collaborative relationships with management and process owners really pays off: They are likely to be more willing to establish monitoring as an operational function managed by their own departments.
4. Automate your follow-up process. How do you track who has been notified, what evidence is required, who needs to be reminded, who has already sent data? Following up on every fraud indicator will seem like an administrative nightmare of emails and spreadsheets. It's important to find a tool to help create a more sophisticated workflow to manage and follow up on fraud indicators with process owners. If your analytics find duplicate vendors in the system, for example, the workflow tool can send automatic notifications and reminders to the manager responsible. Make this process transparent for management by providing on-demand dashboards that help to provide assurance that potential risks are being mitigated.
Every public official lives in fear of opening the morning paper and seeing headlines about fraud perpetuated against government. And this kind of theft of government resources probably can never be eliminated entirely. But it can be combated effectively. With effective procedures in place, organizations can create assurance systems that better protect taxpayer dollars and bolster the public's trust in the governments that serve them.