Source: GAO. | GAO-15-593SP
Evaluate outcomes using a
risk-based approach and
adapt activities to improve
fraud risk management.
Conduct risk-based monitoring
and evaluation of fraud risk
management activities with a
focus on outcome measurement.
Collect and analyze data from
reporting mechanisms and instances
of detected fraud for real-time
monitoring of fraud trends.
Use the results of monitoring, evaluations,
and investigations to improve fraud
prevention, detection, and response.
Design and implement a strategy
with specific control activities
to mitigate assessed fraud risks
and collaborate to help ensure
effective implementation.
Develop, document, and
communicate an antifraud strategy,
focusing on preventive control
activities.
Consider the benefits and costs of
controls to prevent and detect
potential fraud, and develop a
fraud response plan.
Establish collaborative
relationships with stakeholders
and create incentives to help
ensure effective implementation
of the antifraud strategy.
Commit to combating fraud by creating
an organizational culture and structure
conducive to fraud risk management.
Demonstrate a senior-level commitment
to combat fraud and involve all
levels of the program in setting
an antifraud tone.
Designate an entity within the
program office to lead fraud
risk management activities.
Ensure the entity has
defined responsibilities and
the necessary authority to
serve its role.
Plan regular fraud risk
assessments and assess risks
to determine a fraud risk profile.
Tailor the fraud risk assessment
to the program, and involve
relevant stakeholders.
Assess the likelihood and impact
of fraud risks and determine risk
tolerance.
Examine the suitability of existing
controls, prioritize residual risks,
and document a fraud risk profile.
E
N
V
I
R
O
N
M
E
N
T
E
N
V
I
R
O
N
M
E
N
T
M
O
N
I
T
O
R
I
N
G
A
N
D
F
E
E
D
B
A
C
K
M
O
N
I
T
O
R
I
N
G
A
N
D
F
E
E
D
B
A
C
K
Prevention
DetectionResponse
E
V
A
L
U
A
T
E
A
N
D
A
D
A
P
T
D
E
S
I
G
N
A
N
D
I
M
P
L
E
M
E
N
T
C
O
M
M
I
T
A
S
S
E
S
S
A Framework for Managing
Fraud Risks in Federal Programs
July 2015
Highlights of GAO-15-593SP, a
Framework for Managing Fraud Risks
The Fraud Risk Management Framework and Selected Leading Practices
To help managers combat fraud and
preserve integrity in government
agencies and programs, GAO identified
leading practices for managing fraud
risks and organized them into a
conceptual framework called the
Fraud Risk Management Framework
(the Framework). The Framework
encompasses control activities to
prevent, detect, and respond to fraud,
with an emphasis on prevention, as well
as structures and environmental factors
that influence or help managers achieve
their objective to mitigate fraud risks.
In addition, the Framework highlights
the importance of monitoring and
incorporating feedback, which are
ongoing practices that apply to all four
of the components described below.
What GAO Found Why GAO Did This Study
Fraud poses a significant risk to the integrity of federal programs and erodes public trust
in government. Managers of federal programs maintain the primary responsibility for
enhancing program integrity. Legislation, guidance by the Office of Management and
Budget (OMB), and new internal control standards have increasingly focused on the
need for program managers to take a strategic approach to managing improper payments
and risks, including fraud. Moreover, GAO’s prior reviews highlight opportunities for
federal managers to take a more strategic, risk-based approach to managing fraud risks
and developing effective antifraud controls. Proactive fraud risk management is meant
to facilitate a program’s mission and strategic goals by ensuring that taxpayer dollars and
government services serve their intended purposes.
The objective of this study is to identify leading practices and to conceptualize these practices
into a risk-based framework to aid program managers in managing fraud risks. To address this
objective, GAO conducted three focus groups consisting of antifraud professionals. In addition,
GAO interviewed federal Offices of Inspector General (OIG), national audit institutions
from other countries, the World Bank, the Organisation for Economic Co-operation and
Development, as well as antifraud experts representing private companies, state and local audit
associations, and nonprofit entities. GAO also conducted an extensive literature review and
obtained independent validation of leading practices from program officials.
View
GAO-15-593SP.
For more information, contact Steve Lord at (202) 512-6722 or [email protected].