How Fraud Prevention Intersects with Governmental Funding | Part I

Dana Daigle: 
Hi. Thank you. I'm Dana Daigle. I am a CPA and a CFE. I have over 13 years experience in the government programs industry and specifically in financial management and funds disbursement service line. 
Hubert Klein: 
Dana, we're going to start the questioning with you today and pretty much why is it so important for organizations that receive government funding and funds to address the possibility of a fraud that may occur? 
Dana Daigle: 
Absolutely. Addressing the possibility of fraud is crucial for organizations that receive government funds because they want to make sure that they are ensuring ethical use of those funds. We want to mitigate the risk of facing any clawbacks or reputational harm that might occur due to fraud, and it might look badly upon the operation or the program. 
Hubert Klein: 
Okay, good. Good. So is it fair to say that organizations who receive governmental funds probably have a bigger duty to the public to make sure that those funds don't get misused? 
Dana Daigle: 
Absolutely, yes. So these are government funds. They're coming from the public or taxpayer money. So there's even more of a duty and responsibility for these organizations to mitigate fraud. 
Hubert Klein: 
All right, great. Thanks. And Louise, I'm going to give you a hypothetical. We'll say my organization received some funds and it's required to prevent fraud as part of the terms of the agreement that we have with the entity that gave us the money. Where did we start? 
Louise Gannuch: 
Yeah, that's a great question. So if an organization hasn't really taken any steps yet, the fraud risk assessment is a great place to start. So generally, that's going to involve identifying the ways that fraud could occur and then also assessing likelihood and impact of each of those ways that fraud can occur. And then you're going to want to develop a response or action plan to address those schemes. And then in combination with the fraud risk assessment, you can perform an internal control analysis, and that's really going to make a large impact because prevention is typically much easier and it's more cost effective than trying to recoup funds. And so as you continue to build and assess your program, you'll want to also consider creating an anti-fraud policy, and that's going to help you create that tone through the organization on the tolerance for fraud. 
Hubert Klein: 
Interesting. So pretty much a lot of the work that you're doing is a preventative service upfront to make sure that these systems and controls are in place to minimize something that may happen on the backend? 
Louise Gannuch: 
That's correct, yeah. It's typically going to be much more cost effective, like I said, than trying to get back money after fraud's been identified and it has occurred. 
Hubert Klein: 
Excellent. That's great. Great. Dana, now what controls should be put in place to ensure that a correct payment system is made in a government assistance program? 
Dana Daigle: 
Absolutely. So to ensure correct payments are made, this answer is going to be very similar to Louise's in that you don't want to wait until the backend to implement controls just within the payment process. You want to make sure you're bringing in your finance team and get those members involved in the process design from the beginning to implement controls in the front end and even throughout the program so that you make a proper payment on the back end. There's no one size fits all really when it comes to which controls need to be in place in these programs. But to give you some examples, it would be TIN matching with the IRS or verification of address, secure collection of banking information, and even segregation of duties throughout the payment approval process. 
Hubert Klein: 
So more or less a verification process in place to make sure that the vendor who the disbursement is going to is authorized to receive the funds. 
Dana Daigle: 
That's right. There are several checks that can be done on the payee, whether that be an organization or an individual. And so there's checks that can be done there on the payee to make sure we're paying someone or something properly. 
Hubert Klein: 
Excellent, excellent. Louise, what other controls can be put in place? 
Louise Gannuch: 
Yeah, so typically when we're helping organizations we like to look at it from a layered approach. So you're going to focus on prevention, detection, and then response. For prevention, you can look at system access restrictions. So as Dana said, segregation of duties. And so a lot of times you can build that into your applications or whatever software program that you're using. And then for detective controls, that can include quality assurance, quality control. If you have teams that are reviewing, say if you have claims that come through. You also want to make sure that you have a method to receive tips. And so that could be a formal hotline, maybe you have a separate email account or people that are tasked with receiving that information. And then also having exception reporting where you can detect anomalies, outliers in your data and things that you might want to look into. 
And then for the last piece for response is creating a detailed response plan that is going to make sure every employee knows who's responsible for investigating fraud and who's responsible for those next steps. So you don't want all of your employees taking it upon themselves to start an investigation because you should have a team that's responsible for that. So that's a really important part of the response, part of the layered anti-fraud approach. 
Hubert Klein: 
All right. So that approach from preventative to detective, but there's also a formal plan for a chain of command that if there is something that happens or a breach, how the employees are to report back up the chain so not everybody's going off on their own and it's a structured approach. 
Louise Gannuch: 
That's correct, yeah. And you also want to make sure as part of that, that your employees know that they're not talking to the media, that you have someone who is a representative that can have those conversations. That's really part of training. And so another form of a prevention control is also making sure your employees are trained as well. 
Hubert Klein: 
Well, excellent. That was great information and thank you for joining us today. 

^{Transcribed by Rev.com}