Our New Framework for Managing Fraud Risk

fraud framework thumbnailNobody likes being ripped off, including Uncle Sam. Federal programs face a litany of fraud-related challenges. What can government managers do to better manage fraud risks? For starters, learn about our new fraud risk management framework, a comprehensive set of leading practices to help federal managers mitigate fraud and protect the integrity of hundreds of billions in taxpayer dollars.

Fighting fraud requires a delicate balance.

On the one hand, federal managers must meet their programs’ missions to quickly deliver critical services and financial assistance to beneficiaries. On the other hand, they must take care to ensure that money and other benefits go only to those eligible. Recognizing this balance, our framework is built around 3 core activities:

  1. Prevent fraud. Stopping fraud before it happens, by strategically evaluating risks and closing vulnerabilities, is much more cost effective than simply trying to recoup funds lost to fraud (say, disability benefits already paid to a fraudster).
  2. Detect fraud. However, fraud can occur in even the best-designed programs. Therefore, it’s important to continuously monitor potential fraudulent activity and use data analysis and other tools to uncover existing fraud and deter future schemes.
  3. Respond to fraud. Finally, investigating potential fraud and imposing fines, disciplinary actions, and prosecutions not only punishes fraudsters, but discourages future nefarious activity. Programs should also use the results of investigations and other findings to enhance applicant screenings and fraud indicators.

fraud risk framework

(Excerpted from GAO-15-593SP)

Easier said than done? These steps can help.

Of course, fraud management doesn’t happen in isolation. A program’s larger environment, including its budget constraints and other risk-management initiatives, can affect how managers address fraud.

The framework outlines clear steps federal managers can take to perform the above core activities successfully within their existing environments:

  1. Demonstrate commitment by making sure efforts to fight fraud have executive sponsorship, are part of the organizational culture, and are led by a designated entity within the program office.
  2. Tailor fraud risk assessments to each program, involve relevant stakeholders, and determine risk tolerances.
  3. Implement a strategy focusing on prevention, developing a fraud response plan, and considering the costs and benefits of related controls.
  4. Evaluate outcomes based on risk and adapt activities based on data analysis and real-time monitoring of fraud trends.

Finally, fraud management efforts should be continuously monitored and feedback obtained through data mining, reporting mechanisms, investigations, and other efforts.


  • Questions on the content of this post? Contact Steve Lord at lords@gao.gov.
  • Comments on GAO’s WatchBlog? Contact blog@gao.gov.
Image | This entry was posted in Fraud and tagged , , , , , , , , , , , . Bookmark the permalink.