The Executive Order on Improper Payments€¦ · The Executive Order on Improper THE KPMG...

THE KPMG GOVERNMENT INSTITUTE

The Executive Order on Improper Payments A Practical Look at What Government Agencies Can Do to Address This Presidential Call for Action

ADVISORY

The Executive Order on Improper PaymentsWhat Government Agencies Can Do to AddressThis 1 Presidential Call for Action


Introduction November 23 2009 represents the start of a new era in the federal governmentrsquos fight against improper payments with the release of the Presidential Executive OrdermdashReducing Improper Payments and Eliminating Waste in Federal Programs

In the words of Office of Management and Budget (OMB) Director Peter Orszag in announcing the pending issuance of the Executive Order on November 18

ldquoEach year taxpayers lose billions of dollars in wasteful improper payments by the federal government to individuals organi-zations and contractorshellipIn 2008 improper payments totaled $72 billion in 2009 they totaled $98 billionmdashan increase driven by improved detection and the significant increase in federal outlays associated with the economic downturnThese errors and mistakes are unacceptable Taxpayers deserve to know that their dollars are being spent wisely and effectivelyrdquo

To quote from the November 23 Executive Order

ldquoWhen the Federal Government makes paymentshellip it must make every effort to confirm that the right recipient is receiving the right payment for the right reason at the right timeThe purpose of this order is to reduce improper payments by intensifying efforts to eliminate payment error waste fraud and abuse in the major programs administered by the Federal Government while continuing to ensure that Federal programs serve and provide access to their intended beneficiaries No single step will fully achieve these goalsTherefore this order adopts a comprehensive set of policies including transparency and public scrutiny of significant payment errors throughout the Federal Government a focus on identifying and eliminating the highest improper payments accountability for reducing improper payments among executive branch agencies and officials and coordinated Federal State and local government action in identifying and eliminating improper paymentsrdquo

The Improper Payments Information Act (IPIA) of 2002 which requires annual estimates of improper payments has helped frame the issue and the magnitude of the problemThe ensuing efforts to improve the tracking of improper payments and subsequent findings of significant and growing levels of estimated improper payments in turn

led to the Presidential Executive Order This is a good example of where requiring agencies to estimate and report annually on their improper payments focused a spotlight on the issue and helped drive broader management reform

The new Executive Order officially signals that the time has come to address costly and chronic payment problems that result in improper paymentsThe expectation of the Executive Order is that federal agencies will take actions to significantly reduce their improper payments To do so agencies may need to ldquothink outside the boxrdquo to identify changes in business processes or in some cases to better leverage available technology and proven management practices Regardless of an agencyrsquos maturity in addressing improper payments new techniques improved technology tools or a combination of both can help reduce the risk of improper payments by enhancing detection and prevention before improper payments occur and can enhance the likelihood and degree of recovery once an improper payment is detected

The KPMG Government Institute has developed this white paper as a tool to help governments at all levels as they consider strategies to address the challenges presented by the Executive Order The white paper is based on research into leading practices and draws on sources such

as The KPMG Executive Guide to High Performance in Federal Financial Management (KPMG Executive Guide) (httpstg-wwwkpmginstitutescom government-instituteinsights2009pdf ffm-executive-guide-finalpdf) which the KPMG Government Institute released in June 2009

About the KPMG Government Institute

The KPMG Government Institute was established to serve as a strategic resource for government chief financial officers seeking to achieve high standards of accountability transparency and performanceThe Institute is a forum for ideas a place to share leading practices and a source of thought leadership as a catalyst to help governments address difficult challenges

copy 2010 KPMG LLP a Delaware limited liability partnership and the US member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International) a Swiss entity All rights reserved Printed in the USA KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative (KPMG International) a Swiss entity 28610WDC

2 The Executive Order on Improper Payments A Practical Look atWhat Government Agencies Can Do to AddressThis Presidential Call for Action

rdquoThose of us who manage the publicrsquos dollars will be held to accounthellip

because only then can we

restore the vital trust between

a people and their

government rdquo ndash President Barack Obama Inaugural Address


The Executive OrdermdashWhat It Means The Executive Order Builds on the Improper Payments Information Act of 2002 Concerned about reports of billions of dollars of improper payments annually across a wide array of federal programsmdashincluding federal programs administered by state and local governmentsmdashthe Congress enacted IPIA1 IPIA and OMBrsquos implementing regulation (OMB Circular A-123 Managementrsquos Responsibility for Internal Control Appendix C ldquoRequirements for Effective Measurement and Remediation of Improper Paymentsrdquo) requires that improper payments be estimated tracked and reported the causes determined and actions taken to cost-effectively address the causes and reduce the risk of improper payments

As discussed in the KPMG Executive Guide a high-performing federal finance organi-zation views implementation of IPIA as much more than a compliance exerciseThe organization has clear strategies for managing improper payments that cost-effectively target related risk and are designed to avoid improper payments at the outset rather than just attempting to recover them after the fact

A ldquopay and chaserdquo approach whereby improper payments are dealt with after the funds have been disbursed and the payment problem detected is generally more costly and the improper payments may not be fully recovered if at all A high-performing federal finance organization makes it a priority to prepare the estimates and reports required by IPIA and Appendix C of OMB Circular A-123 In this way the agency can have an ongoing assessment of its payment processes and can focus attention on areas of highest risk of improper payments More importantly the finance organization has plans and ongoing initiatives to address the underlying causes of improper payments to reduce improper payments at the outset High-performing finance organizations also provide leadership and assistance to agency program managers who typically authorize agency payments By establishing and maintaining an internal control environment that instills a culture of accountability for improper payments the cost-effective reduction of improper payments can be managed

1 Improper Payments Information Act of 2002 Public Law 107-300


ldquoTransparency promotes

accountability and provides information for citizens

on what their Government is doing

Information maintained by the Federal Government is a national assetrdquo

ndash Presidential Memorandum on Transparency and Open Government January 21 2009


Although it may never be cost-effective to totally eliminate improper payments it is generally understood that the public has a zero tolerance for fraud waste and abuse This was echoed by the president in his inaugural address when he set a high bar for public officials in his administration

ldquoThose of us who manage the publicrsquos dollars will be held to accountmdashto spend wisely reform bad habits and do our business the right waymdashbecause only then can we restore the vital trust between a people and their governmentrdquo

One day later the Obama administration announced the following guiding principles These principles underlie the November 23 Executive Order and what the adminis-tration is trying to achieve in its fight against improper payments

Government should be transparent It should harness technology so that information on government operations and decisions are online and readily available to the public in forms the public can readily find and use

ldquoTransparency promotes accountability and provides information for citizens on what their Government is doing Information maintained by the Federal Government is a national assetrdquo

Government should be participatory It should solicit public input by giving people information that lets them provide informed perspectives and a mechanism for providing their input

ldquoPublic engagement enhances the Governmentrsquos effectiveness and improves the quality of its decisionsrdquo

Government should be collaborative It should foster cooperation across all levels of government the private sector and nonprofit organizations

ldquoExecutive departments and agencies should solicit public feedback to assess and improve their level of collaboration and to identify new opportunities for cooperationrdquo

Presidential Memorandum on Transparency and Open Government January 21 2009

The Executive Order provides a comprehensive framework for tackling what has been a difficult long-standing problem in the federal government But its implementation will present a series of challenges for many agencies High-performing organizations will adopt a holistic approach that addresses the root causes of the problemmdashnot just the remediation or recovery of improper paymentsmdashand will fully embrace the change called for in the Executive Order They will view this approach as a way to improve the business of government by protecting the public interest and the resources entrusted to the federal government

Many of the requirements in the Executive Order draw upon and reinforce important standards and practices set forth in other major federal legislation and regulatory guidanceThey include the requirements to

bull Create an online dashboard of key indicators and statistics on improper paymentsThis requirement is congruent with the accountability and transparency concepts in the American Recovery and Reinvestment Act of 2009 (Recovery Act)2 Also having information that is reliable relevant and useful to support the systematic measurement of performance is a key requirement of the Chief Financial Officers Act of 19903 and the Government

2 American Recovery and Reinvestment Act of 2009 Public Law 111-5 3 Chief Financial Officers Act of 1990 Public Law 101-576


Performance and Results Act of 19934

bull Create and publicize a single mechanism for the public to report suspected incidences of fraud waste and abuse Much like the accountability and transparency provisions in the Recovery Act increased citizen involvement in combating fraud waste and abuse would be encouraged and facilitated in line with the administrationrsquos guiding principles

bull Establish more frequent payment error reduction targets as well as more frequent error measurement for certain high-priority programsThis requirement is intended to increase the focus on programs at highest risk of improper payments which is where the primary focus should be

bull Issue recommendations on new internal control techniques agencies can use to better detect and reduce improper payments Such techniques could include continuous monitoring programs that use data analysis and technology tools to achieve this purpose Continuous monitoring can also be applied and leveraged by agency management to help address other types of fraud waste and abuse and will be discussed in greater detail later in this paper

bull Designate at each agency a current Senate-confirmed appointee to be accountable to the president for meeting improper payment reduction targets This requirement helps set the proper ldquotone at the toprdquo and makes a clear and unmistakable statement about the expectation for results at each agency The ldquotone at the toprdquo is an essential element in the Comptroller Generalrsquos Standards for Internal Control in the Federal Government5

bull Provide the OMB director a report describing the likely causes of the agencyrsquos failure and actions it will take to meet reduction targets for programs where targets for reducing payment error rates are not met for two years in a rowThe report is to be prepared by the agency head the chief financial officer and the agency inspector generalThis requirement raises the stakes and helps foster greater accountability for results by focusing attention upon actual results rather than on compliance with the processes instituted to achieve results

bull Increase data-sharing among federal agencies and programs and where applicable require state and local governments and other stakeholders to improve eligibility verification and prepayment scrutiny Data-sharing has been a long-standing challenge for some federal programsThere may be legislative

copy 2010 KPMG LLP a Delaware limited liability partnership and the US member firm of the KPMG regulatory andor systems issues that limit data-sharing The Executive Order network of independent member firms affiliated recognizes the importance of data-sharing in combating improper payments with KPMG International Cooperative (KPMG International) a Swiss entity All rights reserved Printed in the USA KPMG and the KPMG logo 4 Government Performance and Results Act of 1993 Public Law 103-62 are registered trademarks of KPMG International 5 As required by the Federal Managersrsquo Financial Integrity Act of 1982 federal agencies are to adhere to internal control Cooperative (KPMG International) a Swiss entity standards developed by the Comptroller General of the United States The Comptroller Generalrsquos Standards for Internal 28610WDC Control in the Federal Government (GAOAIMD-00-2131 dated November 1999) are applicable to all federal agencies

The Executive Order on Improper PaymentsWhat Government Agencies Can Do to AddressThis 5

There is no silver bullet

that will reduce improper payments


Presidential Call for Action

and as discussed further later in this white paper data-sharing can help in ldquoconnecting the dotsrdquo

bull Prepare quarterly reports on any high-dollar payment errors identified by the agency and actions the agency will take to recover the improper payments as well as to prevent future improper payments Again this provides added accountability and focus on those areas of greatest risk for improper payments As discussed later in this paper by focusing on areas of greatest impact risk management can be a key ingredient in addressing improper payments

bull Pursue administrative actions to provide incentives for reducing improper payments by state and local governments and nonprofit organizations that receive federal funds The Recovery Act has highlighted the importance of strong working relationships with state and local governments and nonprofit organi-zations given their role in disbursing hundreds of billions of dollars of federal funds annually and in administering key federal programs Included are programs identified as high-risk for improper payments such as Medicaid which is state- administered State and local governments also have a large stake in ldquogetting it rightrdquo as they share in the cost of many federal programs

bull Seek to enhance contractor accountability through use of remedies such as debarment suspension and financial penalties for failing to disclose in a timely manner credible evidence of significant overpayments received on government contractsThe Government Accountability Office (GAO) reported6 in the past that some contractors may have kept any federal overpayments unless the government identified the problem and sought the return of its moneyThe Executive Order now places some of the onus on the contractor to identify and return the overpayment

6 GAO-01-309 Contract Management Excess Payments and Underpayments Continue to Be a Problem at DOD February 22 2001 GAO-02-635 DOD Contract Management Overpayments Continue and Management and Accounting Issues Remain May 30 2002



Combating Improper Payments There is no silver bullet that will reduce improper payments Also it will likely never be cost-effective or feasible to completely eliminate improper paymentsThe Executive Order talks in terms of reducing improper payments not of eliminating them altogether by intensifying efforts by federal agencies to combat improper payments It will require among others

1 Commitment of the senior agency management

2 Hard work and partnerships across the agency

3 Probably significant changes in practices and processes for some federal programs

4 Improved internal control

5 Better leveraging of technology

6 The application of techniques such as continuous monitoring that have a tested track record of success

7 More and better communications and data-sharing among federal agencies state and local governments and other stakeholders that administer federal funds

In addition the adoption of an agency-wide comprehensive fraud risk management program aligns with the expectations in the Executive Order and would help provide a focus on fraud waste and abuse that can result in improper payments

WhatTypifies the Role of a High-Performing Finance Organization in Helping Reduce Improper Payments The research conducted by the KPMG Government Institute in developing the KPMG Executive Guide showed that to help reduce improper payments a high-performing federal finance organization

bull Establishes improper payment benchmarks and knows where the agency stands against those benchmarks


bull Helps program managers develop reliable estimates of improper payments as required by the IPIA and Appendix C of OMB Circular A-123 as a management tool to measure and document progress

bull Helps program managers monitor improper payment rates and their causes for management purposes

bull Assists program managers in assessing existing and new programs determined to be of high risk for improper payments so that needed internal controls can be built in at the outset Prevention is the goal and risk management which will be discussed in greater detail later in this paper is at the heart of prevention

bull Knows when the cost of additional internal control outweighs the benefits There can be a difficult balancing act in establishing a reasonable level of internal control Absolute control can be too costly and is generally not realistic to expect Identifying the right cost-benefit equation can be both ldquoan art and a sciencerdquo that requires in-depth understanding of risk the adroit application of internal control within an agencyrsquos operating environment and routine reassessment and periodic recalibration as risks change

bull Supports the development of a comprehensive fraud risk management program which incorporates continuous monitoring processes and techniques as a key management tool to first and foremost prevent and then detect improper payments High-performing federal finance organizations implement the fraud risk management program in partnership with program managers who have the overall management responsibility for assessing risk and deterring fraud waste and abuse risks and occurrences in their programs Continuous monitoring programs that leverage technology and techniques such as forensic data analysis can identify potential improper payments before they are made or quickly identify them after the fact They can also help pinpoint internal control weaknesses and provide a road map to help with remediation High-performing federal finance organizations also support data-sharing initiatives across programs and levels of government to leverage information and develop ldquofraud intelligencerdquo

bull Keeps abreast of emerging fraud schemes and program design changes that can increase the risk of improper payments as well as new tools and techniques to help combat improper payments and shares lessons learned with stakeholders

In all of this the primary goal should be prevention which is targeted at avoiding the ldquopay and chaserdquo situation mentioned earlier

A later section of this white paper includes a series of questions that a federal agency could use to help gauge whether or not it and its finance organization are high performing in helping combat improper paymentsThe questions were developed through the extensive research that went into preparing the KPMG Executive Guide The KPMG Executive Guide draws its content from authoritative sources of law guidance and expertise that include the OMB Department of the Treasury GAO and representative federal CFOs and government financial management leaders

Also federal agencies may find useful GAOrsquos Executive Guide Strategies to Manage Improper Payments Learning from Public and Private Sector Organizations (GAO Improper Payments Executive Guide)7 The GAO Improper Payments Executive Guide ldquohellipis intended to identify effective practices and provide case illustrations and other information for federal agenciesrsquo consideration when developing strategies

7 GAO-02-69G Strategies to Manage Improper Payments Learning from Public and Private Sector Organizations October 2001

Improper payments

related to fraud have been

estimated to cost the federal government

tens of billions of dollars

annually They represent a constant

threat that can undermine the publicrsquos trust and damage a federal agencyrsquos reputation




and planning and implementing actions to manage improper payments in their programsrdquo Participating in the GAO research that led to the GAO Improper Payments Executive Guide were three federal agencies three state governments three foreign governments and three private sector corporations The GAO Improper Payments Executive Guide discusses

bull The Control Environment Instilling a Culture of Accountability

bull Risk Assessment Determining the Extent and Nature of the Problem

bull Control Activities Taking Action to Address Identified Risk Areas

bull Information and Communications Using and Sharing Knowledge to Manage Improper Payments

bull Monitoring Tracking the Success of Improvement Initiatives

The issues addressed in the GAO Improper Payments Executive Guide correlate with our research that resulted in the KPMG Executive Guide and should be useful to agencies working to apply the concepts in this KPMG white paper

The Role of Risk Management We will now explore risk management in greater detail As discussed in the KPMG Executive Guide risk management is at the heart of managing improper payments and is similar to managing other projects or operations

bull Goals and objectives would first be established and clearly communicated to the staff

bull Clear and effective policies and procedures would be in place and operating effectively and efficiently to help achieve the goals and objectives

bull Actions to remediate identified risks would be timely and effective

bull Accountability for results would be established and enforced

The risk management process would be continuous since improper payment risks can be ever-changing

If performed correctly risk management can be a powerful tool for establishing the internal controls appropriate to reduce the risk of improper payments to a level established by management after considering the level of risk and the cost of reducing it

Risk management entails accepting certain risks instead of setting up costly fail-safe systems to attempt to avoid all risks Risk management can require a signif-icantly higher degree of sophistication than simply instituting internal controls because if done properly it involves complex trade-offs between risks and the cost of controlling those risks Risk management policies and procedures would also expressly address information technology (IT) risks given the important role IT plays in agency operations and fraud risk In high-performing organizations the policies and procedures and the concepts underlying risk management would be well understood by agency staff in both the finance and program organizations and would be treated as living documents that are kept up-to-date as changes in the risk environment occur This will help an agency keep ldquoone step aheadrdquo in combating improper payments

Establishing an Effective Fraud Risk Management Program

Improper payments related to fraud have been estimated to cost the federal government tens of billions of dollars annually They represent a constant threat


that can undermine the publicrsquos trust and damage a federal agencyrsquos reputationThe challenge for federal agencies is to adopt a comprehensive and integrated approach to managing the risk of fraud

A KPMG white paper Fraud Risk Management Developing a Strategy for Prevention Detection and Response (httpwwwuskpmgcomRutus_ProdDocuments12 FRM-White-Paperpdf) provides an overview of fraud risk management fundamentals identifies relevant regulatory mandates spotlights key fraud risk management practices and generally provides fresh insights into the consideration of the risk of fraud and the effectiveness of internal controls relied upon to help mitigate such risks As discussed in the Fraud Risk Management white paper an effective fraud risk management program and approach is focused on three objectives

Continuous monitoring can be a powerful tool in the

fight against improper payments

Prevention Preventive internal controls are designed to reduce the risk of fraud from occurring in the first place Prevention starts with a fraud risk assessment which is critical to understand the risks that are unique to the agency identify gaps or weaknesses in internal control to address those risks and develop a practical plan for targeting the right internal controls and resources to reduce the risk In addition close attention should be placed on cyber fraud given the strong reliance on IT to approve and make payments under government programs

Such assessments should be conducted across the agency taking into consid-eration the agencyrsquos significant programs processes and operations They should also be periodically updated based on changes in the agency andor its programs and the passage of time so that management maintains a fresh perspective on where it stands Effective prevention programs also include

(1) Codes of conduct core values and the tone at the top

(2) Employee and third-party due diligence

(3) Communication and training

(4) Process-specific fraud risk controls

Continuous monitoring which is discussed in greater detail in the next section can be both a preventive and detective fraud control

Detection Detective internal controls are designed to discover fraud after it has occurred Because whistleblower tips are one of the most important methods of identifying improper payments and potential fraud waste and abuse fraud hotlines and other protected reporting mechanisms are prevalent across federal agencies and in Offices of Inspectors General Detective controls also include auditing and continuous monitoring as well as proactive forensic data analysis

Response Responsive internal controls that are designed to take corrective action and remedy the harm caused by fraud They include protocols for internal investigation enforcement and accountability disclosure and remedial action that would focus priority on correcting weaknesses in the internal controls that gave rise to the fraud

copy 2010 KPMG LLP a Delaware limited liability partnership and the US member firm of the KPMG As discussed in the KPMG Executive Guide a high-performing federal financial organi-network of independent member firms affiliated zation would have a strong partnership with program management which has the with KPMG International Cooperative (KPMG International) a Swiss entity All rights reserved primary responsibility for fraud risk management For a number of federal programs Printed in the USA KPMG and the KPMG logo fraud risk units have been established by program management and the federal are registered trademarks of KPMG International Cooperative (KPMG International) a Swiss entity inspectors general have audit and investigative units that focus on fraud 28610WDC


Continuous Monitoring A Key Ally in the Fight against Improper Payments As discussed earlier continuous monitoring can be a powerful tool in the fight against improper payments It can provide an automated sustained feedback mechanism to help management ensure that systems and internal controls operate as designed and that transactions are processed as prescribed in accordance with policies laws and regulations Inherent in continuous monitoring is using a risk-based approach whereby management would set the business rules or criteria to test for noncom-pliant activities or transactions before a payment is made It would investigate any exceptions and take action as appropriate to

bull Deny the payment

bull Strengthen internal control

bull Hold responsible parties accountable if problems are identified

The Benefits of Continuous Monitoring

Continuous monitoring can be an important tool in cost-effectively preventing and timely detecting improper payments by providing management continual visibility into payments in a repeatable and sustainable manner Properly implemented continuous monitoring can allow agencies to shift their focus from traditional retrospective detective activities to proactivepreventive activities thereby helping reduce the risk of improper payments

Automated continuous monitoring tools such as sophisticated analytical tests computer-based cross-matching and relationship identification can highlight potential improper payments that may go unnoticed by traditional management review techniques In this way management can continually evaluate the effectiveness of internal controls and quickly identify suspicious trends patterns relationships transactions and activities that suggest potential improper payments preferably before the payments are made Continuous monitoring tools can analyze large volumes of transactions that otherwise could not be readily reviewed and continually look for obscure or hidden relationships among people organizations and events that may indicate the potential for improper payments

Continuous monitoring programs can also help identify root causes of improper paymentsThis in turn can help agencies develop actionable enhancements to systems processes and internal controls to address systemic weaknesses that result in improper payments In addition continuous monitoring can help organi-zations automate controls processes and activities to streamline payment operations and drive efficiencies to help prevent the agency from falling back into payment practices that can result in improper payments With continuous monitoring organi-zations can realize benefits in important areas such as cost optimization alternative business models improved contract and payment management and process improvement When applied appropriately there can be a positive and quick return on the investment in continuous monitoring especially for large programs at risk for improper payments

Finally while prevention can be the greatest benefit as mentioned earlier continuous monitoring tools provide a cost-effective mechanism to quickly identify improper payments after the fact so that recovery action can be taken In this regard a March 10 2010 Presidential Memorandum Finding and Recapturing Improper Payments directed the heads of executive departments and agencies to expand and intensify the use of Payment Recapture Audits which use technology tools to examine payment records and identify problems such as duplicate payments payments for services not rendered overpayments and fictitious vendors

Continuous monitoring tools can

analyze large volumes of transactions

that otherwise could not be readily

reviewed and continually look for obscure or hidden

relationships among people organizations and events that may indicate the potential for improper payments




The benefits of continuous monitoring extend well beyond reducing improper payments As shown below and discussed in the KPMG white paper Continuous AuditingContinuous Monitoring UsingTechnology to Drive Value by Managing Risk and Improving Performance (httpsportalemakworldkpmgcomAdvisory methodologydocscacmCACM_Whitepaperpdf) continuous monitoring offers a broad range of potential benefits such as

1 Greater efficiency through the reduction of work duplication

2 Earlier information resulting in fewer surprises and better data for decision making

3 Enhanced internal control through automated fraud prevention and detection activities

4 Reduced complexity including greater visibility into how processes are functioning and the ability to standardize process measures across locations and activities

Making the Most of Continuous Monitoring

Leading organizations take a measured approach when embarking on a continuous monitoring initiative starting small and focusing on particular ldquopain pointsrdquo to tackle first Through this approach organizations can deliver quick wins to demonstrate an immediate return on investment For example if an agency considers the risk of

-

o appr

ndash ndash

Users outside of authorized roles

Unusual trends in volume activit or value


improper payments to be high for contract payments which exceeded $500 billion for the federal government for fiscal year 2009 it can design continuous monitoring processes specifically targeted to this areaThe goal would be to proactively identify possible improper payments before funds are disbursed

The following illustrates how procurement data analytic techniques could be used to help identify possible improper payments and potential fraud waste and abuse KPMGrsquos approach to procurement analytics keys on red flags and indicators of potential fraud schemes For example as shown below forensic data analysis can be used to identify duplicate invoices hidden links between employees and bank accounts and unusual trends in volume activity or value

KPMGrsquos Approach to Procurement Analytics

Forensic Data Approach or Red Flag Scheme or IndicatorAAnallysiis

Matching

bull Trace transactions from ordering to bull Overpayment for or under delivery of goods payment and identify inconsistencies or services

bull Duplication of invoices bull Duplicated invoices or payments bull Hidden links between employees and bull Collusion between staff and suppliers vendors (eg on bank accounts) bull Fictitious vendors

Timing

Amount amp Value

Vendor Activity

User Activity

bull Timing of transaction creation bull Periods of time prone to fraudulent activity approval and payment (eg by time of (eg outside of business hours) day day of week or non-business day) bull Unusual heightened activity out of correlation

bull Volumevalue patterns Volumevalue patterns to business cycle to business cycle

bull Statistical numerical distribution (including bull Number ldquoinventionrdquo or manufactured Benfordrsquos Law) transactions

bull Duplicate amounts or endings (99 44 000) bull Concealment of transactions through splitting bull Identification of clustering of expenses Identification of clustering of expenses of amounts t defeat oval limits of amounts to defeat approval limits around unusual values bull Unusual volumeactivityred flags indicating

bull Identification of expenses that are outside discovery of a new fraud scheme the norm for a given employee

bull Quantity of invoices bull Ghost vendors bull Identification of suspicious key words bull Falsified volume or pricing within specific text bull Collusion invoices below approval limits

bull Unit pricevolume clustering bull Collusion discounts earned but ldquorefusedrdquo bull Discounts not taken

bull Unusual trends in volume activity y or value bull Users operating outside of authorized roles operating bull Unauthorized users bull Unauthorized activity bull Segregation of duties breaches bull Unmonitored transactions


Another area where continuous monitoring can be helpful in reducing improper payments relates to monitoring government purchase and travel card usage This has been a priority of OMB since early 2002 and it has been the subject of a number of critical reports by GAO and the federal inspectors general widespread media accounts and congressional oversight hearings Federal auditors have widely used forensic auditing techniques in their reviews of the use of government purchase and travel cards that incorporate the attributes of continuous monitoring Continuous monitoring places these techniques at the front end as a normal tool of management to help oversee payments rather than at the back end after the event has occurred After all management maintains the information that auditors use to perform their analysis

-

expenses o emp oyees

en ca on o c us er ng o expenses

U h i d i il

p

y p y


The following illustrates how purchase card analytic tools can be used to help identify possible improper payments and potential fraud waste and abuse For example as shown below forensic data techniques can be used to identify the use of government purchase cards for expenses which are outside the norm for an employee and indicate personal purchases returns of purchases for cash and unusual trends in volume activity or value

Forensic D t A l i A h R d Fl S h I di t

KPMGrsquos Approach to Purchase Card Analytics

Matching

Data Analysis Approach or Red Flag Scheme or Indicator

bull Personal purchases bull Returns of purchases for cash bull Rolling agency card balance

bull Comparisons of agency card data to employee submitted expenses

Timing bull Periods of time prone to fraudulent activity (eg holidays weekends etc)

bull Timing of transactions (eg by day of week time of day or non business day)

Amount amp

bull Employees splitting expenses to circumvent approval levels

bull Unusual number of expenses or value of t l

bull Statistical numerical distribution (including Benfordrsquos Law) bullDuplicate amounts or endings (99 44 000) bull Id tifi ti f l t i f

bull Volumevalue patterns

Value expenses to employees bull Identification of clustering of expenses around unusual values

bull Identification of expenses that are outside the norm for a given employee

Employee bull Purchases for personal use bull Quantity of payments Employee Activity

U bull Users operating outside of authorized roles bull Unusual trends in volume activity or

bull False reimbursement submissions bull Inflated reimbursement submissions

bull Expenses to blocked merchants bull Review of information submitted for expenses

User Activity

bull Unauthorized activity bull Unmonitored transactions

value bull Unauthorized users


An example of a federal organization that has established a continuous monitoring program is in the Department of DefenseThe Defense Finance and Accounting Service (DFAS) which provides accounting and payment services for the Department of Defense established the Business Activity Monitoring (BAM) system which is used to analyze the validity of payments before funds are disbursed DFAS reported that in less than one year through continuous monitoring the BAM system enabled it to identify thousands of potential improper payments valued at over $800 million for follow-up before payment was made If properly implemented such continuous monitoring tools can hold great promise in the fight against improper payments

Data-Sharing Can Help Reduce Improper Payments by Enhancing Business Intelligence The Executive Order calls for ldquohellipincreased data sharing among federal agencies and programs and where applicable requires state and local governments and other stakeholders to improve eligibility verification and prepayment scrutinyrdquo Simply put data-sharing is about effectively and efficiently leveraging the information that federal agencies collectively have in their information systems to help develop a complete and comprehensive summary of pertinent and actionable information


Simply put data-sharing is about

effectively and efficiently leveraging the information that federal agencies collectively have in their information systems to

help develop a complete and comprehensive summary of pertinent and actionable information


Fundamental to effective data-sharing strategies is determining what business and ldquofraudrdquo intelligence can government agencies gain by linking together or sharing related information from multiple agencies and sources For example fraudulent schemes have involved the receipt of loans from a variety of federal agencies and programs The schemes may have succeeded because the different agencies and programs may not have been aware of what the other was doing and that the borrower had multiple federal loans or had defaulted on previous loans from other federal agencies or programs Data-sharing and improved business intelligence can help detect and seek to remedy such fraudulent loans or prevent or lessen the likelihood of those schemes from succeeding in the future

One way to think about a strategy for increased data-sharing is to look at it in terms of three phases An agencyrsquos experience and data-sharing typically grows over time as it adopts this multitiered or phased approach

Phase 1 Creating ldquoFraud Intelligencerdquo

Knowledge within an agency and its specific programs is transformed into ldquofraud intelligencerdquo that can be used as part of a comprehensive fraud risk program across agency programs and operations For example related programs are able to share information of common interest on benefit recipients or borrowers

Phase 2 Sharing Information across Federal Agencies

A trend in the private sector is the sharing of business intelligence across an industry such as in the banking retail and pharmaceutical industriesThere may be some challenges to sharing information between federal agencies due to disparate incompatible systems and platforms as well as possible legal and or program limitations on data-sharing Once any obstacles to data-sharing are identified approaches can be developed so that federal agencies can better leverage technology to share what can be valuable business intelligence

Phase 3 Sharing Information with State and Local Governments and Other Administrators of Federal Funds

In fiscal 2008 total federal assistance to state and local governments for a wide array of programs ranging from food stamps to Medicaid to education was about $461 billion and an additional $280 billion of federal funding is flowing into state and local government through the American Recovery and Reinvestment Act of 2009 Improper payments do occur in these programs For example on November 18 2009 OMB reported that improper payments in the state-administered Medicaid program were an estimated $18 billion for fiscal year 2009

In this phase the integration of the information gleaned in the first two phases could have the potential of significant benefit to all levels of government through targeted data-sharing and business intelligenceThis would also help achieve the presidentrsquos guiding principle mentioned earlier that ldquohellipgovernment should be collaborativerdquo and ldquohellipfoster cooperation across all levels of governmentrdquo

Some challenges to data-sharing may have to be overcome similar to the obstacles discussed in the second phase


Can You Say rdquoYesldquo to These Questions The research that forms the foundation of The KPMG Executive Guide to High Performance in Federal Financial Management indicated that a high-performing federal finance organization would be able to say ldquoyesrdquo to the following questions related to improper payments fraud risk management and risk remediation

Improper Payments


1 Does the finance organization support program managers in instilling an agency-wide culture that views improper payments as unacceptable and their elimination a management priority by

aPromoting an awareness and understanding of the nature of improper payments and their impact on programs

bSupporting program managers in all aspects of the assessment and remediation process related to reducing improper payments to acceptable levels

2 Does the finance organization support program managers such that the risks of improper payments are regularly assessed for existing programs and an estimate of the level of improper payments developed as required by IPIA and Appendix C of OMB Circular A-123

3 For existing programs determined to be at high risk for improper payments does the finance organization assist program managers such that

a Improper payment benchmarks are established and periodically reassessed

bAnnual goals are established for reducing improper payments at the individual program level

cRates of improper payments are monitored throughout the year to measure results against goals track success and identify problems and additional risks

dReliable estimates of improper payments are available at year-end and compared to benchmarks and annual goals to assess performance and establish accountability

eEffective and efficient internal controls are in place and operating as intended to reduce improper payments to acceptable levels

f Internal controls are regularly reassessed to help ensure their continuing efficiency and effectiveness

gData-sharing takes place between federal programs and agencies and with state and local governments and other stakeholders that administer federal funds to enhance business intelligence thereby helping reduce improper payments

4 Does the finance organization assist program managers in assessing new programs for the potential of improper payments as part of the program design phase so that internal controls can be built in from the outset before the program is implemented

5 Does the finance organization provide program managers information on leading practices and lessons learned as to the most effective strategies for reducing improper payments


Improper Payments (continued)

6 Does the finance organization support program managers by keeping abreast of emerging fraud schemes new internal control tools and techniques and program design changes that can impact the risk of improper payments

7 Does the finance organization assist program managers by monitoring pending legislation to

a Help identify any increased potential risks for improper payments

b Help legislators remedy potential problems

8 Does the finance organization assist program managers in periodically informing interested external stakeholders including key OMB and congressional staff regarding actions being taken to manage improper payments and any problems and impediments

9 Does the finance organization assist program managers in establishing a continuous monitoring program to help deter and timely identify improper payments through the use of commonly available forensic tools and techniques for analyzing payment data and identifying anomalies from the norm for further investigation follow-up and remedial action

10Does the finance organization support program managers in using payment recapture audits to the extent permitted by law and where cost-effective to examine payment records to identify and reclaim improper payments as directed by the President in his March 10 2010 Memorandum to heads of executive departments and agencies Finding and Capturing Improper Payments

11Does the finance organization support program managers in resolving weaknesses that result in improper payments in a way that is effective and efficient and fully protects the interests of the government

12 Does the finance organization assist program managers in preparing an annual report on improper payments that meets the requirements of IPIA and Appendix C of OMB Circular A-123

13 Overall is the finance organization carrying out its role to support program managers in ensuring effective and efficient compliance with IPIA and Appendix C of OMB Circular A-123



Fraud Risk Management


1 Does the agency have a comprehensive fraud risk management program that at a minimum includes the following components

a A ldquotone at the toprdquo of the agency starting with the agency head that emphasizes the importance of effective and efficient fraud risk management to help ensure accountability and transparency as a tool in the fight against fraud waste and abuse

b A code of conduct and related fraud risk management policies that clearly define and convey the agencyrsquos strong commitment to the prevention detection and response to fraud

c Fraud risk assessments that help the agency

i Understand its unique fraud risks

ii Identify gaps or weaknesses in internal control that can increase the risk of fraudulent improper payments

iii Develop a practical plan for targeting the right resources and controls to reduce such risk to an acceptable level

d Due diligence in the hiring retention and promotion of employees contractors and other third parties the scope of which is targeted to the agencyrsquos identified risks the individualrsquos or organizationrsquos job function andor level of authority and any relevant laws and regulations

e Fraud risk strategies and plans that address the fraud risk identified through fraud risk assessments and set out managementrsquos priorities

f Practical communications and training that inform employees of the agencyrsquos fraud risk strategy plans and priority areas and the employeesrsquo responsibilities for fraud risk management to help establish a common understanding of what is expected and the priority management places on effective and efficient fraud risk management

g Whistleblower mechanisms that encourage employees and the public to report incidents of potential fraud waste and abuse and raise questions about the adequacy of internal controls in an anonymous fashion without fear of retribution

h Auditing and monitoring processes including the use of continuous monitoring that leverage forensic tools and techniques (such as data analysis data mining and digital analysis) to help combat fraud and improper payments)

i A focus on cyber fraud given the significant reliance on IT across agency programs and operations and the risk to improper payments

j Policies and processes that provide for a timely comprehensive and objective investigation into allegations of fraud waste and abuse

k A consistent and credible disciplinary system that holds managers accountable for the misconduct of their subordinates and provides for meaningful sanctions regardless of rank or tenure which can send a clear signal that the agency considers managing fraud risk a top priority

l The identification of the root cause whenever fraud is identified so that timely actions can be taken to reduce the harm associated with fraud and to help protect the agency going forward


Fraud Risk Management 2 Is the agencyrsquos fraud risk management program formally documented such that the results are maintained and the elements of the program are kept current with

(continued) respect to changes in risks

3 Does the agency exhibit a strong partnership between key program managers and finance staff who need to be involved in helping assess and deter fraud risk and improper payments given the nature of their programs

4 Does the agency have a positive relationship with its inspector general (IG) whereby it routinely leverages the IG staffrsquos knowledge skills abilities and work in the area of fraud which can be extensive to help agency management understand its fraud risks and quickly get on top of problems identified by the IG when they first come to light

5 Is the adequacy of the fraud risk management program periodically assessed to address changes in the agencyrsquos programs operations and the overall fraud and improper payment environment

6 Are external stakeholders notably the Congress periodically informed about the results of the fraud risk management program and advised of legislative or resource impediments facing the agency in proactively managing fraud risk and addressing improper payments

7 Does the agency conduct ongoing research into emerging fraud risk management leading practices so that the agency remains on the cutting edge in combating fraud and addressing improper payment schemes



1 For each identified risk that is above the risk threshold set by agency Remediation of Risks management for fraud and improper payments is there a risk remediation plan that includes

aSteps milestones time lines and resources necessary to remediate identified risks to an acceptable level as an integral part of each risk assessment cycle

bSpecific tactical remediation action items that are at a sufficient level of detail to get to the root cause of identified risks

c Interim solutions to help remediate identified risks for which more permanent solutions will take more than six months to complete

dKey individuals identified as responsible for the various tactical remediation action items

2 Is there someone at a senior management level in the agency with overall responsibility and accountability to help ensure that the remediation actions are effective efficient and completed in a timely manner



FinalThoughts The Presidential Executive Order on improper payments provides a way forward to help address a serious problem costing the federal government an estimated $100 billion annually Regardless of an agencyrsquos level of organizational maturity in combating improper payments the Executive Order is calling on agencies to meet the improper payment challenge of today Governments at all levelsmdashfederal state and localmdash will face increasing pressures to reduce and manage costs in light of large budget deficits and serious resource challengesThey will face a public that is skeptical about whether the government resources are being effectively and efficiently used are adequately safeguarded and whether the government is an effective and efficient financial steward

The leading practices related to improper payments highlighted in this white paper and in the KPMG Executive Guide can provide a valuable framework for meeting the goals of the Presidential Executive Order Proven risk management practices such as establishing a comprehensive agency-wide fraud risk program and using the power of continuous monitoring can be leveraged to help reduce improper payments and help reduce the risk of fraud waste and abuse in government programs


Appendices



Appendix A ndash AcknowledgementsThis KPMG white paper The Executive Order on Improper Payments A Practical Look at What Government Agencies Can Do to Address This Presidential Call for Action was developed under the leadership of John Cherbini CGFM CPA partner in charge

Federal Advisory practice KPMG LLP and Jeffrey Steinhoff executive director KPMG Government Institute

The Author Jeffrey Steinhoff CGFM CPA CFE is the executive director of the KPMG Government Institute and KPMGacutes executive fellow to the Federal CFO Academy at the National Defense University Mr Steinhoff retired from GAO after a 40-year federal career 21 years of which were served in the Senior Executive Service As managing director for Financial Management and Assurance and assistant comptroller general of the United States for Accounting and Information Management he headed GAOrsquos largest audit unit and was involved in the development of the Improper Payments Information Act of 2002 and GAOrsquos oversight of the Actrsquos implementation

Contributors and KPMG Government Institute Executive Fellows Ori Ben-Chorin JD Director Forensic Advisory

Terry Carnahan CGFM CPA Managing Director Federal Advisory

Donald Farineau CPA CISA Partner Federal Advisory

Zack Gaddy CGFM CPA Managing Director Federal Advisory

Kenneth Jones CPP Director Forensic Advisory

James Littley Principal Americas Leader for Continuous Auditing and Continuous Monitoring Services Advisory

Ronald Longo CGFM CPA Managing Director Federal Advisory

Miles McNamee Principal Federal Advisory

Deon Minnaar CPA CIA Partner Governance Risk amp Compliance



Appendix B ndash Contacts

Jeffrey Steinhoff 202-533-6487 steinhoffkpmgcom

Terry Carnahan

202-533-3342 tcarnahankpmgcom

Zack Gaddy 202-533-3958 zgaddykpmgcom

James Littley 267-256-1833 jlittleykpmgcom

Miles McNamee 202-533-4400 mrmcnameekpmgcom

Ori Ben-Chorin

202-533-4534 oben-chorinkpmgcom

Donald Farineau

202-533-4320 dfarineaukpmgcom

Kenneth Jones 267-256-1746 kennethjoneskpmgcom

Ronald Longo

202-533-4014 rlongokpmgcom

Deon Minnaar 212-872-5634 dminnaarkpmgcom


uskpmgcom

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity Although we endeavor to provide accurate and timely information there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation




Introduction November 23 2009 represents the start of a new era in the federal governmentrsquos fight against improper payments with the release of the Presidential Executive OrdermdashReducing Improper Payments and Eliminating Waste in Federal Programs

In the words of Office of Management and Budget (OMB) Director Peter Orszag in announcing the pending issuance of the Executive Order on November 18

ldquoEach year taxpayers lose billions of dollars in wasteful improper payments by the federal government to individuals organi-zations and contractorshellipIn 2008 improper payments totaled $72 billion in 2009 they totaled $98 billionmdashan increase driven by improved detection and the significant increase in federal outlays associated with the economic downturnThese errors and mistakes are unacceptable Taxpayers deserve to know that their dollars are being spent wisely and effectivelyrdquo

To quote from the November 23 Executive Order

ldquoWhen the Federal Government makes paymentshellip it must make every effort to confirm that the right recipient is receiving the right payment for the right reason at the right timeThe purpose of this order is to reduce improper payments by intensifying efforts to eliminate payment error waste fraud and abuse in the major programs administered by the Federal Government while continuing to ensure that Federal programs serve and provide access to their intended beneficiaries No single step will fully achieve these goalsTherefore this order adopts a comprehensive set of policies including transparency and public scrutiny of significant payment errors throughout the Federal Government a focus on identifying and eliminating the highest improper payments accountability for reducing improper payments among executive branch agencies and officials and coordinated Federal State and local government action in identifying and eliminating improper paymentsrdquo

The Improper Payments Information Act (IPIA) of 2002 which requires annual estimates of improper payments has helped frame the issue and the magnitude of the problemThe ensuing efforts to improve the tracking of improper payments and subsequent findings of significant and growing levels of estimated improper payments in turn

led to the Presidential Executive Order This is a good example of where requiring agencies to estimate and report annually on their improper payments focused a spotlight on the issue and helped drive broader management reform

The new Executive Order officially signals that the time has come to address costly and chronic payment problems that result in improper paymentsThe expectation of the Executive Order is that federal agencies will take actions to significantly reduce their improper payments To do so agencies may need to ldquothink outside the boxrdquo to identify changes in business processes or in some cases to better leverage available technology and proven management practices Regardless of an agencyrsquos maturity in addressing improper payments new techniques improved technology tools or a combination of both can help reduce the risk of improper payments by enhancing detection and prevention before improper payments occur and can enhance the likelihood and degree of recovery once an improper payment is detected

The KPMG Government Institute has developed this white paper as a tool to help governments at all levels as they consider strategies to address the challenges presented by the Executive Order The white paper is based on research into leading practices and draws on sources such

as The KPMG Executive Guide to High Performance in Federal Financial Management (KPMG Executive Guide) (httpstg-wwwkpmginstitutescom government-instituteinsights2009pdf ffm-executive-guide-finalpdf) which the KPMG Government Institute released in June 2009

About the KPMG Government Institute

The KPMG Government Institute was established to serve as a strategic resource for government chief financial officers seeking to achieve high standards of accountability transparency and performanceThe Institute is a forum for ideas a place to share leading practices and a source of thought leadership as a catalyst to help governments address difficult challenges






a people and their







































































Improper payments


































































-

o appr

ndash ndash








Matching



Timing

Amount amp Value

Vendor Activity

User Activity











-



U h i d i il

p

y p y





Matching






Amount amp











User Activity























Improper Payments





































































Appendices



















Terry Carnahan





Ori Ben-Chorin


Donald Farineau



Ronald Longo




uskpmgcom







a people and their







































































Improper payments


































































-

o appr

ndash ndash








Matching



Timing

Amount amp Value

Vendor Activity

User Activity











-



U h i d i il

p

y p y





Matching






Amount amp











User Activity























Improper Payments





































































Appendices



















Terry Carnahan





Ori Ben-Chorin


Donald Farineau



Ronald Longo




uskpmgcom



































































Improper payments


































































-

o appr

ndash ndash








Matching



Timing

Amount amp Value

Vendor Activity

User Activity











-



U h i d i il

p

y p y





Matching






Amount amp











User Activity























Improper Payments





































































Appendices



















Terry Carnahan





Ori Ben-Chorin


Donald Farineau



Ronald Longo




uskpmgcom






























































-

o appr

ndash ndash








Matching



Timing

Amount amp Value

Vendor Activity

User Activity











-



U h i d i il

p

y p y





Matching






Amount amp











User Activity























Improper Payments





































































Appendices



















Terry Carnahan





Ori Ben-Chorin


Donald Farineau



Ronald Longo




uskpmgcom



-



U h i d i il

p

y p y





Matching






Amount amp











User Activity























Improper Payments





































































Appendices



















Terry Carnahan





Ori Ben-Chorin


Donald Farineau



Ronald Longo




uskpmgcom




















Improper Payments





































































Appendices



















Terry Carnahan





Ori Ben-Chorin


Donald Farineau



Ronald Longo




uskpmgcom
























































Appendices



















Terry Carnahan





Ori Ben-Chorin


Donald Farineau



Ronald Longo




uskpmgcom




















Terry Carnahan





Ori Ben-Chorin


Donald Farineau



Ronald Longo




uskpmgcom



uskpmgcom



The Executive Order on Improper Payments€¦ · The Executive Order on Improper THE KPMG...

Documents

Transcript of The Executive Order on Improper Payments€¦ · The Executive Order on Improper THE KPMG...