FRAUD RISK
MANAGEMENT
2018-2022 Data Show
Federal Government
Loses an Estimated
$233 Billion to $521
Billion Annually to
Fraud, Based on
Various Risk
Environments
Report to Congressional Committees
April 2024
GAO-24-105833
United States Government Accountability Office
United States Government Accountability Office
Highlights of GAO-24-105833, a report to
congressional committees
April 2024
FRAUD RISK MANAGEMENT
2018
-2022 Data Show Federal Government Loses an
Estimated $233 Billion
to $521 Billion Annually to
Fraud, Based
on Various Risk Environments
What GAO Found
GAO estimated total direct annual financial losses to the government from fraud
to be between $233 billion and $521 billion, based on data from fiscal years 2018
through 2022. The range reflects the different risk environments during this
period. Ninety percent of the estimated fraud losses fell in this range.
GAO collected data from three key sources to develop the estimate: investigative
data, such as the number of cases sent for prosecution and the dollar value of
closed cases; Office of Inspector General (OIG) semiannual report information;
and confirmed fraud data reported to the Office of Management and Budget
(OMB) by agencies. GAO organized these data around three fraud categories
adjudicated, detected potential, and undetected potential. Model design and
validation were also informed by 46 fraud studies. OIG and other knowledgeable
officials agreed with these categories and subcategories.
Categories of Fraud-Related Data Used in GAO’s Estimate
GAO’s approach is sensitive to the assumptions made about fraud and accounts
for data uncertainty and limitations. GAO used a well-established probabilistic
method for estimating a range of outcomes under different assumptions and
scenarios where there is uncertainty. The estimate does not include fraud loss
associated with federal revenue or fraud against federal programs that occurs at
the state, local, or tribal level unless federal authorities investigated and reported
it. GAO’s estimate is in line with other estimates of fraud losses from the United
Kingdom and Association of Certified Fraud Examiners, among others.
View GAO-24-105833. For more information,
contact
Rebecca Shea at (202) 512-6722 or
or Jared Smith at (202) 512-
2700 or
Why GAO Did This Study
All federal programs and operations
are at risk of fraud
. Therefore,
agencies need robust processes in
place to prevent, detect
, and respond
to fraud.
While the government
obligated
almost $40 trillion from fiscal
years 2018 through 2022
, no reliable
estimates of fraud losses affecting the
federal government previously exi
sted.
As part of
GAO’s work on managing
fraud risk
s, this report (1) estimates the
range of
total direct annual financial
losses
from fraud based on 2018-
2022
data
and (2) identifies opportunities
and challenges in fraud estimation to
support fraud
risk management.
GAO estimated the
range of total
direct
annual
financial losses from fraud
based on 2018
-2022 data using a
Monte Carlo
simulation model. GAO
identified opportunities and challenges
through interviews
and data collection
focused on 12 agenc
ies representing
about 90 percent of
federal
obligations.
What GAO Recommends
GAO is making
two recommendations
to
OMBone in collaboration with the
Council of the Inspectors General on
Integrity and Efficiency
(CIGIE)
and the
other with
agency input to improve the
availability of fraud
-related data. GAO
is also making
a recommendation to
the Department of the Treasur
y to
expand government
-wide fraud
estimation
, in consultation with OMB.
OMB
generally agreed with the
recommendations
but disagreed with
the
estimate. GAO believes the
estimate is sound, as discussed in the
report.
CIGIE stated it would work with
OMB to consider how OIG
s might
improve fraud
-related data. Treasury
agreed with the recommendation.
Highlights of GAO-24-105833 (Continued)
As a first of its kind government-wide estimate of federal dollars lost to fraud, there are known uncertainties associated with
the model and underlying data important to interpreting the results. These include caveats related to
applying the estimate to agencies or programs. GAO’s model was developed to estimate government-wide federal
fraud. The fraud estimate’s range represents 3 to 7 percent of average federal obligations. These percentages should
not be applied at the agency or program level. While every federal program and operation is at risk of fraud, the level of
risk can vary substantially. Controls, growth or shrinkage of budget, and the emergence of new fraud schemes are
some reasons the risk level can vary;
drawing conclusions about pandemic fraud. GAO’s estimate is based on data from fiscal years 2018 through 2022.
The data include time periods and programs with and without pandemic-related spending. Therefore, the estimate
includes, but is not limited to, pandemic-related spending fraud. While the upper range of the estimate is associated
with higher-risk environments, it is not possible to break out a subset of our government-wide estimate to describe
pandemic program fraud;
comparing with improper payment estimates. GAO’s estimate is not comparable to improper payment estimates.
Improper payment estimates are based on a subset of federal programs, using a methodology not designed to identify
fraud. GAO has also consistently reported that the federal government does not know the full extent of improper
payments and has long recommended that agencies improve their improper payment reporting. In contrast, GAO’s
fraud estimate includes all federal programs and operations and is based on fraud-related data. With these differences
in scope and data, the upper end of GAO’s estimated fraud range exceeded annual improper payment estimates; and
assuming the estimate is predictive. GAO’s estimate is not based on a predictive model. Factors such as the
amount of emergency spending, the effectiveness of federal fraud risk management, and the nature of new fraud
threats could substantially impact the scale of future fraud.
GAO has previously issued Matters for Congressional Consideration and recommendations to improve agencies’ program
integrity, including fraud risk management. Fraud estimation provides opportunities to improve fraud risk management,
according to OIG and agency officials. For example, estimates can demonstrate the scope of the problem, improve
oversight prioritization, and help determine the return on investment from fraud risk management activities. While it is not
possible to eliminate fraud, with a better understanding of the costs, agencies will be better positioned to manage the risk.
How Fraud Estimates Can Improve Fraud Risk Management
OIG and agency officials noted challenges in producing fraud estimates, such as limited available fraud-related data and
use of varying terms and definitions of fraud for recording data. These data gaps and variability result in information that
cannot be readily compared or consolidated to determine the extent of fraud across the federal government. Guidance for
collecting and reporting fraud-related data is currently limited to OIG semiannual reports and confirmed fraud reported by
agencies to OMB, which are not designed to support fraud estimation. With guidance targeted to the purpose of fraud
estimation, agencies and OIGs would be better positioned to collect and report data on potential and adjudicated fraud in
support of estimation efforts.
OIG and agency officials also noted the utility of agency or program-level estimates compared with government-wide
estimates. They further noted the need for expertise and data-analytics capacity to produce estimates. GAO previously
reported that agencies identified limitations in expertise, data, and tools as a significant challenge for their fraud risk
management efforts. These challenges could also impact agencies’ ability to develop effective fraud estimates at a
program or agency level. The Department of the Treasury’s Office of Payment Integrity (OPI) supports agencies facing
such challenges. OPI’s resources are dedicated to preventing and detecting improper payments through a variety of data-
matching and data-analytics services. Therefore, OPI is well positionedwith the expertise, data, and analytic toolsto
evaluate and advance methods that the federal government can take to estimate fraud in support of fraud risk
management.
Page i GAO-24-105833 Federal Fraud Estimate
Letter 1
Background 5
Annual Federal Losses Due to Fraud Are Estimated to Be
between $233 Billion and $521 Billion Based on Data from
Fiscal Years 2018 through 2022, Reflecting Various Risk
Environments 18
Opportunities and Challenges in Estimating Fraud to Support
Fraud Risk Management 25
Conclusions 38
Recommendations for Executive Action 38
Agency Comments and Our Evaluation 39
Appendix I Objectives, Scope, and Methodology 48
Appendix II Matters for Congressional Consideration 68
Appendix III Comments from the Office of Management and Budget 70
Appendix IV GAO Contacts and Staff Acknowledgments 73
Figures
Figure 1: Illustrative Examples of Adjudicated Fraud Perpetrated
Against the Federal Government 7
Figure 2: Confirmed Fraud, as Reported by the Office of
Management and Budget for Fiscal Years 2018 through
2022 9
Figure 3: Examples of Analytic Studies of Potential Fraud in Select
Federal Programs 11
Figure 4: Select International or Nongovernmental Fraud
Estimation Studies 13
Figure 5: Components of the Fraud Risk Framework 14
Figure 6: Estimate of Direct Annual Financial Losses from Fraud
Affecting the Federal Government, Based on Our
Simulation 18
Contents
Page ii GAO-24-105833 Federal Fraud Estimate
Figure 7: Fraud Categories and the Data Collected and Used in
the Simulation, by Category 24
Figure 8: How Fraud Estimates Can Improve Fraud Risk
Management 26
Figure 9: Examples of Variation in How Fraud-Related Data Are
Reported in Office of Inspectors General Semiannual
Reports to Congress 32
Figure 10: Fraud Categories: Adjudicated, Detected Potential, and
Undetected Potential 51
Figure 11: Information and Data Sources for the Simulation, by
Fraud Category 53
Page iii GAO-24-105833 Federal Fraud Estimate
Abbreviations
ACFE Association of Certified Fraud Examiners
CFO Chief Financial Officer
CIGIE Council of the Inspectors General on
Integrity and Efficiency
DOD Department of Defense
Federal internal control Standards for Internal Control in the Federal
standards Government
Fraud Risk Framework A Framework for Managing Fraud Risks in
Federal Programs
FRDAA Fraud Reduction and Data Analytics Act of
2015
HHS Department of Health and Human Services
MAX Office of Management and Budget’s MAX
A-11 Data Entry Information System
OIG Office of Inspector General
OMB Office of Management and Budget
PIIA Payment Integrity Information Act of 2019
This is a work of the U.S. government and is not subject to copyright protection in the
United States. The published product may be reproduced and distributed in its entirety
without further permission from GAO. However, because this work may contain
copyrighted images or other material, permission from the copyright holder may be
necessary if you wish to reproduce this material separately.
Page 1 GAO-24-105833 Federal Fraud Estimate
441 G St. N.W.
Washington, DC 20548
April 16, 2024
Congressional Committees
All federal programs and operations are at risk of fraud. Some individuals
or groups will seek to gain through fraud when and wherever there is
opportunity. As a result, agencies need robust processes in place to
prevent, detect, and respond to fraud.
1
Prior GAO work has found
evidence of substantial losses due to fraud in some government
programs. While the federal government obligated almost $40 trillion from
fiscal years 2018 through 2022, no reliable estimate has existed on the
amount of federal dollars lost to fraud.
2
One of the many challenges in determining the full extent of fraud is its
deceptive nature. Programs can incur losses related to fraud that are
never identified, and such losses are difficult to reliably estimate.
However, without usable information on the scope of fraud, actions to
address it might not be directed at the highest-risk areas or designed to
maximize their effectiveness. Reliably determining the extent of fraud in
federal programs could help Congress, oversight entities, and agency
officials better prioritize prevention, detection, and response resources.
By identifying and addressing fraud, such as through targeted actions
based on estimations of risk, potential fraudsters may be deterred.
1
Fraud involves obtaining a thing of value through willful misrepresentation. Willful
misrepresentation can be characterized by making material false statements of fact based
on actual knowledge, deliberate ignorance, or reckless disregard of falsity. Program
officials are responsible for managing the risk of fraud through activities to prevent, detect,
and respond to potential fraud.
2
Obligations as reported on Office of Management and Budget’s MAX A-11 Data Entry
System (MAX), a government-wide system used to share information and services among
government agencies and to collect and process most of the information required for
preparing the President’s Budget of the federal government. An obligation is a definite
commitment that creates a legal liability on the part of the federal government for the
payment of goods and services ordered or received, or a legal duty on the part of the
United States that could mature into a legal liability by virtue of actions on the part of the
other party beyond the control of the United States. Payment may be made immediately or
in the future. An agency incurs an obligation, for example, when it places an order, signs a
contract, awards a grant, purchases a service, or takes other actions that require the
government to make payments to the public or from one government account to another.
GAO, A Glossary of Terms Used in the Federal Budget Process, GAO-05-734SP
(Washington, D.C.: Sept. 1, 2005).
Letter
Page 2 GAO-24-105833 Federal Fraud Estimate
We have previously reported that the federal government faces an
unsustainable long-term fiscal future.
3
Our projections, as well as those
from the Office of Management and Budget (OMB), the Department of the
Treasury, and the Congressional Budget Office, all show that current
fiscal policy is unsustainable over the long term. Improved efforts to
combat fraud, with an emphasis on prevention, can reduce the loss of
federal dollars and help improve the federal governments fiscal outlook.
We performed our work under the Comptroller Generals authority to
conduct evaluations to address issues of broad interest to Congress,
such as the extent of fraud affecting the federal government. Our
objectives were to (1) estimate the range of total direct annual financial
losses from fraud affecting federal programs and operations and (2)
identify opportunities and challenges in fraud estimation to support fraud
risk management.
For both objectives, we interviewed officials from 12 selected agencies
and their respective Offices of Inspector General (OIG).
4
These 12
agencies were selected based on obligation levels for fiscal years 2018
through 2022 and include those with the top 10 obligations for one of the
fiscal years. Combined, they represent approximately 90 percent of all
government obligations during this time.
We also identified and reviewed 46 fraud measurement and estimation
studies developed by U.S. government, and international, academic, and
others with subject-matter expertise.
5
We generally focused on the
studies published between fiscal years 2013 and 2022. We used these
studies to assess estimation and measurement methodologies, the
amount of fraud estimated or measured, and challenges in estimating and
measuring fraud. As appropriate, we also used the studies to assess the
reasonableness of our fraud estimate. Our estimate was in line with fraud
3
GAO, The Nations Fiscal Health: Road Map Needed to Address Projected
Unsustainable Debt Levels, GAO-24-106987 (Washington, DC: Feb. 15, 2024).
4
The 12 selected agencies and OIGs are the Department of Defense, Department of
Education, Department of Homeland Security, Department of Labor, Department of the
Treasury, Department of Health and Human Services, Office of Personnel Management,
Social Security Administration, Department of Agriculture, Department of Veterans Affairs,
Department of Transportation, and the Small Business Administration.
5
For the purposes of this report, we define fraud measureas a count of detected fraud or
fraud-related activities. We define fraud estimateas a projection or inference based on
fraud or fraud-related measures, assumptions, or analytical techniques, where direct
measures are incomplete or unreliable.
Page 3 GAO-24-105833 Federal Fraud Estimate
estimates and analysis developed by other governments, as well as
relevant nongovernmental organizations with fraud expertise.
We also met with subject-matter experts from the Association of Certified
Fraud Examiners (ACFE); the Centre for Cybercrime and Economic
Crime at the School of Criminology and Criminal Justice at the University
of Portsmouth in the United Kingdom; and the creator of the Crime, and
Compliance blog, among others.
6
We selected these experts based on
our review of fraud measurement and estimation studies and through
interviews.
To estimate the range of total direct annual financial losses from fraud,
we assessed different methods that could be used to estimate fraud.
Given available data and our cross-government scope, we selected a
Monte Carlo simulation to develop our estimate. A Monte Carlo simulation
is a method that can be used to estimate ranges for events where there is
a high degree of uncertainty or for which there are limited data.
7
We
chose this approach based on our review of fraud studies, available
agency fraud-related reporting data and information, interviews with
agency and OIG officials and fraud experts, and knowledge gained
through our past work on fraud.
To inform the simulation, we identified and collected relevant fraud-
related data and information from fiscal years 2018 through 2022 for the
12 selected agencies. These sources include
OIG investigative data relating to past and ongoing investigations,
including adjudicated cases;
OIG semiannual reports;
8
and
6
During our review, the Centre for Cybercrime and Economic Crime was founded and
integrated the Centre for Counter Fraud Studies.
7
Determining the extent of fraud is challenging due to multiple factors. We have previously
reported on several challenges in measuring fraud, which are discussed later in this
report.
8
Under the Inspector General Act of 1978, as amended, federal inspectors general are
required to submit semiannual reports to Congress describing the officesactivities and
accomplishments during that reporting period. 5 U.S.C. App. § 5.
Page 4 GAO-24-105833 Federal Fraud Estimate
confirmed fraud reported by agencies to the OMBs
Paymentaccuracy.gov dashboard.
9
To collect OIG investigative data, we developed a data collection
instrument, which enabled us to consistently request and gather detailed,
fraud-related data and information from the 12 selected OIGs. We
pretested this data collection instrument with three OIGs prior to collecting
these data from all 12 selected OIGs.
We also collected and analyzed information reported in semiannual
reports for the 12 selected agencies for fiscal years 2018 through 2022.
For example, we collected information on cases referred for prosecution,
investigative reports issued, and hotline reporting statistics.
We spoke with OIG officials knowledgeable about their investigative data
and semiannual reports and reviewed any relevant documentation they
provided to identify limitations with the data.
We collected and analyzed confirmed fraud data and asked
knowledgeable agency and OIG officials about the data. We assessed
the reliability of all data used in our analysis and determined they were
sufficiently reliable for our purposes.
Using these data, we developed an estimate of fraud affecting the federal
government. Based on the data available and known uncertainties in
estimating fraud, we developed our estimate as a range.
We assessed the reasonableness of our estimate by comparing it with
applicable fraud estimates identified in our review of 46 fraud
measurement and estimation studies. While these studies utilized
different methodologies or estimated fraud in a variety of environments,
our estimate was in line with those estimates.
To identify ways that enhanced fraud estimation could potentially improve
fraud risk management, we evaluated these data and information using
relevant leading practices in GAOs A Framework for Managing Fraud
Risks in Federal Programs (Fraud Risk Framework), specifically, leading
9
OMB requires agencies to provide certain information about improper payments and
confirmed fraud. OMB publishes this information in a dashboard on
Paymentaccuracy.gov.
Page 5 GAO-24-105833 Federal Fraud Estimate
practices related to assessing fraud.
10
We also evaluated existing fraud-
related data and information collection against the principles in Standards
for Internal Control in the Federal Government (federal internal control
standards).
11
Specifically, we determined that the information and
communication component of internal control was significant to the
objective, along with the underlying principles that management should
use quality information to achieve the entitys objectives.
For additional information on our methodology, including a detailed
discussion of the steps taken to develop our fraud estimate and
associated caveats, see appendix I.
We conducted this performance audit from February 2022 to April 2024 in
accordance with generally accepted government auditing standards.
Those standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings based on our audit objectives. We believe that the evidence
obtained provides a reasonable basis for our findings based on our audit
objectives.
Our work has shown that fraud can result in financial and nonfinancial
losses to federal programs and operations. In 2022, we issued the
Antifraud Resource, a web-based tool that provides users with tools to
help learn more about fraud schemes that affect the federal government,
their underlying concepts, and how to combat such fraud.
12
The Antifraud
Resource provides a detailed discussion of the characteristics of fraud
that affect the federal government and notes that fraud can impact many
different federal programs and operations.
The Antifraud Resource also provides numerous case examples of fraud
that impacts federal programs and operations. These examples include
cases that resulted in a financial loss to the federal government, as well
10
GAO, A Framework for Managing Fraud Risks in Federal Programs, GAO-15-593SP
(Washington, D.C.: July 28, 2015).
11
GAO, Standards for Internal Control in the Federal Government, GAO-14-704G
(Washington, D.C.: Sept. 10, 2014).
12
GAO, The GAO Antifraud Resource(Washington, D.C.: Jan. 10, 2022),
https://gaoinnovations.gov/antifraud_resource/.
Background
Fraud Against the Federal
Government
Page 6 GAO-24-105833 Federal Fraud Estimate
as those that resulted in nonfinancial losses. Nonfinancial losses can
include things such as negative impacts to the affected programs ability
to provide beneficiary services, or reputational loss. For illustrative
examples of federal fraud cases, see figure 1. As shown in the figure, it
can take months, and even years, from the date fraud-related charges are
filed against a suspected fraudster until the case is adjudicated.
Page 7 GAO-24-105833 Federal Fraud Estimate
Figure 1: Illustrative Examples of Adjudicated Fraud Perpetrated Against the Federal Government
Note: Restitution is ordered to reimburse victims for financial losses, making it indicative of at least a
portion of the federal financial loss. Restitution does not, however, include or reflect agency resources
spent investigating and prosecuting fraud.
Page 8 GAO-24-105833 Federal Fraud Estimate
Various federal entities report data that provide insights into the extent of
federal fraud. For example:
The Council of the Inspectors General on Integrity and Efficiency
(CIGIE): annually reports its accomplishments to the President and
Congress.
13
For fiscal years 2018 through 2022, CIGIE reported
between $6.6 billion and $19.7 billion in potential savings from
investigative recoveries and receivables. This amount includes
ordered restitution, fines, and settlements from resolved criminal and
civil cases. However, this amount also includes potential crimes
beyond fraud, such as theft and the mismanagement of government
funds. This amount also excludes undetected fraud, as well as
potential fraud detected by the agency that has not resulted in
investigative action.
The Office of Management and Budget: annually reports federal
government confirmed fraud data on its website,
Paymentaccuracy.gov. According to OMB, confirmed fraud is the
amount determined to be fraudulent through the judicial or
adjudication process.
14
It represents only those fraud cases that have
been confirmed by a court or other adjudicative forum and does not
represent anything settled out of court with or without admission of
guilt.
15
For fiscal years 2018 through 2022, OMB reported between
$4.41 billion and $7.31 billion annually in confirmed fraud, as shown in
figure 2.
13
CIGIE was established as an independent entity within the executive branch by The
Inspector General Reform Act of 2008, Pub. L. No. 110-409. Among other things, CIGIE is
to increase the professionalism and effectiveness of personnel by developing policies,
standards, and approaches to aid in the establishment of a well-trained and highly skilled
workforce in the Offices of the Inspectors General.
14
Per OMB guidance, confirmed fraud does not include transactions determined by
management to be anomalous or indicative of potential fraud that were referred to the
agencys OIG or the Department of Justice, unless the appropriate judicial or adjudicative
process has made the determination.
15
Paymentaccuracy.gov reporting on confirmed fraud states that it only includes fraud
confirmed by a court.
Existing Information on the
Extent of Fraud and
Potential Fraud in the
Federal Government
Page 9 GAO-24-105833 Federal Fraud Estimate
Figure 2: Confirmed Fraud, as Reported by the Office of Management and Budget
for Fiscal Years 2018 through 2022
According to OMBs definition used on PaymentAccuracy.gov, confirmed
fraud does not include those cases resolved through settlement or an
administrative process. Therefore, for example, it would not reflect a
contractor that was debarred from obtaining government contracts for a
certain period based on determinations made by an agency
administrative body. Further, it does not include settlements, with or
without an admission of wrongdoing, that may be significant. In addition, it
does not count amounts recouped under the False Claims Act. According
to the Department of Justice, in fiscal year 2022 the government was
party to 351 False Claims Act settlements and judgments, in an amount
that exceeded $2 billion.
16
In addition to these issues, limitations with the reported confirmed fraud
numbers have also been identified. For example, the Department of
16
31 U.S.C. §§ 3729 3733. The False Claims Act provides that any person who
knowingly submits, or causes to submit, false claims to the government is liable for three
times the governments damages, plus a penalty.
Page 10 GAO-24-105833 Federal Fraud Estimate
Defense (DOD) OIG reported at least $1.1 billion in confirmed fraud to
CIGIE in fiscal year 2021, but DOD reported $0 in confirmed fraud to
OMB for the same period.
17
Because of these limitations on the
completeness and quality of OMBs confirmed fraud data, it is not
sufficient information for fraud estimation.
The Department of Justice: issues press releases for some federal
fraud cases and may include information such as the charges and
outcome of a trial. For fiscal years 2018 through 2022, the
Department of Justice annually issued around 1,300 press releases.
However, these press releases include cases unrelated to federal
fraud, and the Department of Justice does not issue a press release
for every case.
Some agencies and OIGs have also issued studies that examine the
extent of identified potential fraud in a limited number of programs,
including studies in response to concerns about fraud impacting
pandemic spending (see fig. 3).
17
Department of Defense, Office of Inspector General, Audit of the Department of
Defenses FY 2021 Compliance With Payment Integrity Information Act Requirements,
DODIG-2022-108 (Alexandria, VA: June 28, 2022). In the report, DOD personnel noted
that the difference was a result of a change in reporting requirements and certain data
limitations that had since been resolved.
Page 11 GAO-24-105833 Federal Fraud Estimate
Figure 3: Examples of Analytic Studies of Potential Fraud in Select Federal Programs
Note: Reports cited: Department of Labor, Office of Inspector General, Alert Memorandum:
Potentially Fraudulent Unemployment Insurance Payments in High-Risk Areas Increased to $45.6
Billion, Report No. 19-22-005-03-315 (Washington, D.C.: Sept. 21, 2022); Small Business
Administration, Protecting the Integrity of the Pandemic Relief Programs: SBA’s Actions to Prevent,
Detect and Tackle Fraud (Washington, D.C.: June 2023); Small Business Administration, Office of
Inspector General, COVID-19 Pandemic EIDL and PPP Loan Fraud Landscape, White Paper Report
23-09 (Washington, D.C.: June 27, 2023); and U.S. Department of Agriculture, The Extent of
Trafficking in the Supplemental Nutrition Assistance Program: 2015-2017 (Alexandria, VA.:
September 2021).
Page 12 GAO-24-105833 Federal Fraud Estimate
The studies noted in figure 3 quantify the extent of fraud based on
instances of identified potential fraud. However, some portion of fraud is
never detected. See sidebar for example of now detected, potential fraud
that is alleged to have taken place, and gone undetected for about two
years, per news media. Fraud estimates can provide information on the
extent of undetected fraud. For example, we developed an estimate of
unemployment fraud in response to congressional interest in the extent of
pandemic-related spending fraud.
18
Specifically, we estimated that
between $100 billion and $135 billion (between 11 and 15 percent of total
spending) in fraudulent unemployment insurance payments were made
between April 2020 and May 2023. This included an estimate of
undetected fraud.
In addition to fraud estimation or analysis efforts performed by the federal
government, non-U.S. governments and relevant nongovernmental
organizations with fraud expertise have also developed estimates (see
fig. 4).
18
GAO, Unemployment Insurance: Estimated Amount of Fraud during Pandemic Likely
Between $100 Billion and $135 Billion, GAO-23-106696 (Washington, D.C.: Sept. 12,
2023).
Undetected Fraud May Be Significant
In March 2024, the Department of Health and
Human Services Office of Inspector General
(HHS OIG) issued a consumer alert related to
scams that involve obtaining a Medicare
enrollee’s personal information and then billing
for unnecessary, low-cost medical equipment.
Related media reported that an alleged fraud
ring may have used the scheme to overbill
Medicare for more than $2 billion since 2022. It
is alleged the fraud ring employed multiple
small charges to many victims to help avoid
detection.
Source: HHS OIG Consumer Alert: Urinary Catheter Scams.
GAO-24-105833
Page 13 GAO-24-105833 Federal Fraud Estimate
Figure 4: Select International or Nongovernmental Fraud Estimation Studies
Note: Reports cited: United Kingdom Public Sector Fraud Authority, Cross-Government Fraud
Landscape, Annual Report 2022; Occupational Fraud 2022: A Report to the Nations (Association of
Certified Fraud Examiners, Inc.:2022). ACFE’s study also explored characteristics of occupational
fraud, such as the methods used and the characteristics of the perpetrators and impacted
organizations. Jim Gee and Mark Button, The Financial Cost of Fraud (University of Portsmouth and
Crowe, United Kingdom: 2021).
The Fraud Risk Framework provides a comprehensive set of key
components and leading practices that serve as a guide for agency
managers to use when developing efforts to combat fraud in a strategic,
Fraud Risk Management
and Standards for Internal
Control
Page 14 GAO-24-105833 Federal Fraud Estimate
risk-based manner.
19
The objective of fraud risk management is to ensure
program integrity by continuously and strategically mitigating the
likelihood and impact of fraud.
As discussed in the Fraud Risk Framework, strategic fraud risk
management involves more than having controls to prevent, detect, and
respond to fraud. Rather, it also encompasses structures and
environmental factors that influence or help managers achieve their
objective to mitigate fraud risks. The Fraud Risk Framework describes
leading practices in four components: commit, assess, design and
implement, and evaluate and adapt, as depicted in figure 5.
Figure 5: Components of the Fraud Risk Framework
19
GAO-15-593SP. In June 2016, Congress enacted the Fraud Reduction and Data
Analytics Act of 2015. This act required OMB to establish guidelines for federal agencies
to create controls to identify and assess fraud risks and to design and implement antifraud
control activities. The act further required OMB to incorporate the leading practices from
GAO’s Fraud Risk Framework in these guidelines. In its 2016 Circular No. A-123
guidelines, OMB directed agencies to adhere to the Fraud Risk Frameworks leading
practices as part of their efforts to effectively design, implement, and operate an internal
control system that addresses fraud risks. The act was repealed and replaced in March
2020 by the Payment Integrity Information Act of 2019, which required these guidelines to
remain in effect. In its 2021 update to Appendix C to Circular No. A-123 guidelines, OMB
provided guidance to agencies to improve their controls for identifying, assessing,
mitigating, and monitoring payment integrity risks, including fraud.
Page 15 GAO-24-105833 Federal Fraud Estimate
The Fraud Risk Framework includes several leading practices that
highlight the importance of understanding the scope of fraud affecting a
program to manage fraud risk. It also includes leading practices
associated with data analytics, such as
assessing the likelihood and impact of inherent fraud risk, which may
include involving qualified specialists, such as statisticians and
subject-matter experts, to contribute expertise and guidance when
employing techniques like analyzing statistically valid samples to
estimate fraud losses and frequency;
identifying specific tools, methods, and sources for gathering
information about fraud risks, including data on fraud schemes and
trends from monitoring and detection activities;
considering known or previously encountered fraud schemes to
design data analytics; and
collecting and analyzing data, including data from reporting
mechanisms and instances of detected fraud, for real-time monitoring
of fraud trends and identification of potential control deficiencies.
The Fraud Risk Framework also includes leading practices related to
assessing risk and using this information to inform a response, such
as by
considering the financial and nonfinancial impacts of fraud risks, and
using the programs fraud risk profile (see sidebar) to help decide how
to allocate resources to respond to residual fraud risks.
Page 16 GAO-24-105833 Federal Fraud Estimate
Federal internal control standards provide managers with criteria for
designing, implementing, and operating an effective internal control
system, which is key to preventing and reducing fraud.
20
Among other
things, the standards state that program managers are to use quality
information to achieve their objectives. Further, program managers are to
identify and obtain relevant and reliable data and process the data into
quality information. The standards also state that management should
consider the potential for fraud when identifying, analyzing, and
responding to risks.
OMB oversees implementation of programs and operations across the
executive branch. Among other things, OMB issues guidance to agencies
on their responsibilities. OMB Circular A-123 defines managements
responsibility for internal control in federal agencies.
21
Among other
actions, the circular directs agencies to follow the leading practices
outlined in the Fraud Risk Framework. Moreover, in October 2022, OMB
issued a Controller Alert reminding agencies that they must establish
financial and administrative controls to identify and assess fraud risks.
22
In our March 2022 testimony before the Senate Committee on Homeland
Security and Governmental Affairs, we identified 10 actions that Congress
could take to strengthen internal controls and financial and fraud risk
management practices across the government.
23
For example, we
suggested Congress (1) establish a permanent analytics center of
excellence to aid the oversight community in identifying improper
payments and fraud; (2) amend the Social Security Act to make
permanent the sharing of full death data with the Department of the
20
GAO-14-704G.
21
Office of Management and Budget, OMB Circular No. A-123, Management’s
Responsibility for Enterprise Risk Management and Internal Control, M-16-17
(Washington, D.C.: July 15, 2016).
22
Office of Management and Budget, Establishing Financial and Administrative Controls to
Identify and Assess Fraud Risk, CA-23-03 (Washington, D.C.: Oct. 17, 2022). Enterprise
risk management is a decision-making tool that can assist federal leaders to anticipate
and manage risks across their portfolios. Prior to implementing enterprise risk
management, risk management focused on traditional internal control concepts for
managing risk exposures. Beyond traditional internal controls, enterprise risk management
promotes risk management by considering its effect across the entire organization and
how it may interact with other identified risks.
23
GAO, Emergency Relief Funds: Significant Improvements Are Needed to Ensure
Transparency and Accountability for COVID-19 and Beyond, GAO-22-105715
(Washington, D.C.: Mar. 17, 2022).
Fraud Risk Profile
The fraud risk profile forms the basis of a
program’s antifraud strategy and informs the
specific control activities to be designed and
implemented.
A Framework for Managing Fraud Risks in
Federal Programs discusses information that
might be in a fraud risk profile such as
the identified fraud risk,
fraud risk factors,
inherent risk likelihood and impact,
inherent risk significance, and
the fraud risk response.
Source: GAO analysis of GAO, A Framework
for Managing Fraud Risks in Federal
Programs, GAO-15-593SP (Washington,
D.C.: July 28, 2015). │ GAO-24-105833
Page 17 GAO-24-105833 Federal Fraud Estimate
Treasurys Do Not Pay working system; and (3) reinstate the requirement
that agencies report on their antifraud controls and fraud risk
management efforts in their annual financial reports, among other actions.
As of March 2024, these Matters for Congressional Consideration remain
open. We continue to believe that such actions will increase
accountability and transparency in federal spending in both normal
operations and emergencies. See appendix II for a summary of the
Matters for Congressional Consideration.
The federal government has established capacity to provide data-
analytics resources to combat fraud. For example, the Department of the
Treasurys Office of Payment Integrity includes resources and expertise
for preventing and detecting improper payments, including those due to
fraud. The Office of Payment Integritys Do Not Pay Business Center
operates a resource dedicated to preventing and detecting improper
payments through a variety of data-matching and data-analytics services
to support agency programs.
24
The Office of Payment Integritys Payment
Integrity Center of Excellence is a community of experts with a mission to
provide government-wide partnership, guidance, and customer-centric
solutions that aid in the prevention and recovery of improper payments
due to fraud, waste, and abuse. The Payment Integrity Center of
Excellence uses capacities such as data and analytics to help address
agency payment integrity challenges.
Additionally, in March 2020, Congress enacted the CARES Act, which
created the Pandemic Response Accountability Committee within CIGIE.
The mission of the Pandemic Response Accountability Committee is to
promote transparency and conduct and support oversight of covered
funds and the coronavirus response to (1) prevent and detect fraud,
waste, abuse, and mismanagement; and (2) mitigate major risks that cut
across program and agency boundaries. In March 2021, the American
Rescue Plan Act of 2021 appropriated $40 million to the Pandemic
Response Accountability Committee, which subsequently established the
Pandemic Analytics Center of Excellence. The role of the Pandemic
Analytics Center of Excellence is to help oversee the trillions of dollars in
federal pandemic-related emergency spending.
24
According to its website, the Do Not Pay Business Center uses a variety of data
sources, such as those to verify individual personal records, as well as data sources to
determine if companies have been debarred or received other sanctions against them.
Data Analytics to Aid
Program Integrity
Page 18 GAO-24-105833 Federal Fraud Estimate
We estimated direct annual financial losses to the federal government
from fraud to be between approximately $233 billion and $521 billion, as
shown in figure 6. This range reflects the middle 90 percent of values,
based on our model. The width of the range is a reflection of both the
uncertainty associated with estimating fraud and the diversity in the risk
environments that were present in fiscal years 2018 through 2022.
The estimate reflects fraud losses associated with direct federal spending
on programs and operations. Accordingly, fraud loss associated with
revenues, such as tax credits or other fees collected by the federal
government, are not included. This estimate does not capture losses that
occur at the state, local, tribal, or other government level unless those
losses included a federal investigative, administrative, or related action.
Further, the estimate does not include the nonfinancial losses due to
fraud or the value of nonfinancial benefits obtained fraudulently.
25
Figure 6: Estimate of Direct Annual Financial Losses from Fraud Affecting the
Federal Government, Based on Our Simulation
The estimated losses represent about 3 to 7 percent of average federal
obligations for fiscal years 2018 through 2022. These percentages are
generally in line with fraud estimates and analysis developed by other
governments, as well as relevant nongovernmental organizations with
fraud expertise such as the ACFE and academia. For example, studies
from the United Kingdom’s Public Sector Fraud Authority, ACFE, and
Portsmouth Centre cite fraud losses of 0.5 to 5, 5, and 6.4 percent,
respectively. Although these estimates vary in their methodology, risk
25
Nonfinancial losses due to fraud may not pose a direct financial cost but they lead to
other potentially harmful outcomes. For example, fraud can impact government outcomes
or program reputation. Further, government activities such as passport and Social
Security number issuance, or small business certification may result in nonfinancial fraud
but not a direct financial loss to the government.
Annual Federal
Losses Due to Fraud
Are Estimated to Be
between $233 Billion
and $521 Billion
Based on Data from
Fiscal Years 2018
through 2022,
Reflecting Various
Risk Environments
Page 19 GAO-24-105833 Federal Fraud Estimate
environment, and entities affected, the results are in line with our
estimate.
26
Our estimate is also in line with studies of domestic federal program
fraud. For example, we and others conducted estimation work related to
pandemic spending, which was at higher risk of fraud. We estimated that
between $100 billion and $135 billion (between 11 and 15 percent of total
spending) in fraudulent unemployment insurance payments were made
between April 2020 and May 2023.
27
This analysis supported even higher
fraud rates for the Pandemic Unemployment Assistance payments, which
made up a subset of the unemployment insurance payments that were
included in our review. The Small Business Administration OIG reported
that it estimated $200 billion in potentially fraudulent pandemic related
business loans as of May 2023.
28
Our estimate of direct annual financial losses due to fraud reflects
significant financial impacts to the federal government. For comparative
context, the lower range of the estimate$233 billionis greater than
fiscal year 2022 obligation levels for all but the eight largest agencies.
There are five agencies with total annual obligations greater than the
upper range of $521 billion, based on fiscal year 2022.
This estimate is based on a Monte Carlo simulation using data from fiscal
years 2018 through 2022 (see sidebar). For the Monte Carlo simulation
that generated our estimate, we used investigative, OIG semiannual, and
confirmed fraud data from 12 selected agencies and other fraud estimate
and measurement information from fiscal years 2018 through 2022. The
resulting range represents our best estimate of the extent of fraud, given
the data available, which have limitations. While we designed our
simulation approach and underlying assumptions to account for the
inherent uncertainties associated with fraud estimation and data
limitations, we cannot eliminate the possibility that the actual amount of
fraud could be outside of the range of our estimate. See appendix I for
26
See figure 4 for more information on these studies.
27
GAO-23-106696.
28
Small Business Administration, Office of Inspector General, COVID-19 Pandemic EIDL
and PPP Loan Fraud Landscape, White Paper Report 23-09 (Washington, D.C.: June 27,
2023). Using a different approach, the Small Business Administration estimated $36 billion
of pandemic relief emergency program funds that were likely obtained fraudulently from
2020 to 2022. Small Business Administration, Protecting the Integrity of the Pandemic
Relief Programs: SBAs Actions to Prevent, Detect and Tackle Fraud (Washington, D.C.:
June 2023).
Monte Carlo Simulation
A Monte Carlo simulation attempts to capture
the uncertainty in a process by randomly
generating a range of values consistent with
that process. Monte Carlo simulations can be
useful for understanding the range of potential
outcomes that can exist under different
assumptions and scenarios. They are useful
where there is a high degree of uncertainty, or
for where there are limited data.
Source: GAO analysis. │ GAO-24-105833
Page 20 GAO-24-105833 Federal Fraud Estimate
additional details on our simulation, data sources, assumptions, and
limitations.
Our results reflect a first-of-its kind, government-wide estimate of federal
dollars lost to fraud. Our estimate includes known uncertainties
associated with the model and underlying data that are important to
understand in interpreting and applying the results. Improvements to the
availability of fraud-related data could improve future estimation efforts.
Current caveats to our estimate include those related to extrapolating a
government-wide estimate to (a) programs or agencies, (b) pandemic
spending, (c) improper payment estimates, and (d) future years.
Applying the estimate to agencies or programs. Our model was
developed to estimate government-wide federal fraud losses and the
model’s dollar range and percent should not be applied to the agency,
program, or operation level. While every federal program and
operation is at risk of fraud, the level of risk can vary substantially.
These variations affect the rate of fraud, both detected and
undetected, in each agency, program, or operation. Our model did not
account for such variation.
Different factors may impact the fraud risk environment (see sidebar).
Factors could include growth or shrinkage in the budget or scope of
operations, changes to controls, emergence of new fraud schemes,
and changes to investigative and prosecutorial priorities that affect the
detection and adjudication of fraud. For example, if two agency
programs undertook significant contracting activity but one program
relied extensively on sole source acquisition (which can be at higher
risk of fraud due to the lack of competition), while the other used
competitive bidding, the extent of fraud might be different between the
two programs. Each of these fraud risk factors, and potentially others,
could increase or decrease the likelihood of fraud against an agency,
program, or operation.
Drawing conclusions about the extent of pandemic fraud from
our estimate. The pandemic is a recent example of how factors such
as the effectiveness of federal fraud risk management, and the nature
of new fraud threats, can substantially impact the scale of fraud. We
have previously reported on the heightened fraud risk environment
Risk Factors for Fraud
Factors associated with heightened risk of
fraud include
reliance on self-certification;
programs that are new to the agency;
expansions or major changes in program
funding, authorities, practices, or
procedures;
a large volume of payments being made;
payment or eligibility decisions made
outside of the agency, such as those by
state governments;
limitations in the experience or training of
those making eligibility determinations or
payment certifications; and
challenges related to eligibility and
identity, such as lack of information or
data systems to confirm eligibility.
Source: GAO, COVID-19: Insights and Actions for Fraud
Prevention, GAO-24-107157 (Washington, D.C.: Nov. 14,
2023). │ GAO-24-105833
Page 21 GAO-24-105833 Federal Fraud Estimate
associated with some pandemic programs.
29
These prior reviews
provided observations about varying fraud risk environments by
program, and across delivery years, and included a standalone
estimate of unemployment insurance fraud during the pandemic.
Unlike this prior work, our current model was designed to estimate
government-wide fraud and included agencies and programs with and
without pandemic spending. In addition, the fraud and obligation data
used in our model reflected pandemic and prepandemic time periods.
As such, our estimate includes but is not limited to fraud against
federal pandemic spending. Given the scope of our work and the
nature of the available investigations data, subsetting the estimate to
describe pandemic programs is not possible. Further, our model
estimates annual loss within a range, whereas a pandemic estimate
would reflect loss across multiple spending years.
Comparing estimated fraud to improper payment estimates.
Fraud and improper payments are two distinct concepts that are not
interchangeable but are related.
30
While all fraudulent payments are
considered improper, not all improper payments are due to fraud. For
example, payments can be determined to be improper due to error or
lack of documentation. Given the broader definition, it may seem that
fraud estimates are a subset of improper payment estimates.
However, there are two key distinctions that lead to different and not
comparable estimates. These include differences in
the scope of programs included in the estimate. Our estimate
reflects fraud loss associated with direct federal spending in
29
GAO, COVID Relief: Fraud Schemes and Indicators in SBA Pandemic Programs,
GAO-23-105331 (Washington, D.C.: May 18, 2023); GAO-22-105715; and
GAO-23-106696. Further, in November 2023, we reported that there were also federal
fraud-related charges pending against at least 599 other individuals or entities involving
federal COVID-19 relief programs as of June 30, 2023. GAO, COVID-19: Insights from
Fraud Schemes and Federal Response Efforts, GAO-24-106353 (Washington, D.C.: Nov.
14, 2023). A charge is merely an allegation, and all defendants are presumed innocent
until proven guilty beyond a reasonable doubt in a court of law.
30
An improper payment is defined by law as any payment that should not have been made
or that was made in an incorrect amount (including overpayments and underpayments)
under statutory, contractual, administrative, or other legally applicable requirements. It
includes any payment to an ineligible recipient, any payment for an ineligible good or
service, any duplicate payment, any payment for a good or service not received (except
for such payments where authorized by law), and any payment that does not account for
credit for applicable discounts. 31 U.S.C. § 3351(4). When an executive agency’s review
is unable to discern whether a payment was proper because of insufficient or lack of
documentation, this payment must also be included in the improper payment estimate. 31
U.S.C. §3352(c)(2). Since fiscal year 2003, executive agencies have reported cumulative
improper payment estimates of about $2.7 trillion, including $247 billion for fiscal year
2022 and $236 billion for fiscal year 2023.
Page 22 GAO-24-105833 Federal Fraud Estimate
programs and operations government-wide. In contrast, improper
payment reporting is required for programs and activities that
agencies have determined are susceptible to significant improper
payments. For fiscal year 2022, 18 agencies reported improper
payment estimates across 82 programs and activities that totaled
about $247 billion.
31
For fiscal year 2023, 14 agencies reported
estimates for 71 programs and activities that totaled about $236
billion.
32
Total reported improper payment estimates for a given
fiscal year may not include estimates for certain risk-susceptible
programs.
33
For example, the total reported in estimated improper
payments for fiscal year 2023 did not include the Department of
Health and Human Service’s Temporary Assistance for Needy
Families. This programs and all others across the federal
government are reflected in our estimate of fraud losses.
the estimation methodology used. Our estimate is based on
adjudicated and potential fraud, which is then extrapolated to
determine the probable range of undetected fraud. This approach
was developed to help account for the uncertainties associated
with fraud determination. Conversely, improper payment estimates
are based on reviews of documentation associated with a
statistically valid sample of payments. While the reviews can be
rigorous, they are not designed to identify fraud, particularly
schemes that cannot be easily detected. For example, improper
payment reviews include checking whether certain documentation
is present, but they are not designed to identify falsified
documentation. Building our estimate around known and potential
fraud eliminates one element of uncertainty associated with fraud
determination.
Assuming the estimate is predictive of future federal fraud. Our
estimate is not based on a predictive model. Future federal operations
and budgets will present different fraud risk environments and
31
GAO, Improper Payments: Fiscal Year 2022 Estimates and Opportunities for
Improvement, GAO-23-106285, (Washington, D.C.: March 29, 2023). Our 2023 priority
recommendation letters included 59 priority recommendations related to improper
payments.
32
GAO, Improper Payments: Information on Agencies’ Fiscal Year 2023 Estimates,
GAO-24-106927, (Washington, D.C.: Mar. 26, 2024).
33
GAO, Financial Audit: FY 2023 and FY 2022 Consolidated Financial Statements of the
U.S. Government, GAO-24-106660 (Washington, D.C.: February 15, 2024). In our audit
reports on the U.S. governments consolidated financial statements, we note that the
federal government is unable to determine the full extent to which improper payments
occur. Our most recent report was issued in February 2024.
Page 23 GAO-24-105833 Federal Fraud Estimate
associated fraud losses. Factors such as the amount of emergency
spending, the effectiveness of federal fraud risk management, and the
nature of new fraud threats could substantially impact the scale of
future fraud losses.
On the basis of our understanding of fraud, investigations, available data,
and the findings of other fraud measurement and estimation studies, we
identified three fraud categoriesadjudicated fraud, detected potential
fraud, and undetected potential fraud. Within detected potential fraud, we
developed three subcategories. These categories reflect different degrees
of certainty about the possibility of fraud. For example, an instance of
adjudicated fraud is certainly fraudulent. In contrast, the certainty of fraud
may be substantially lower for an instance of potential fraud that has been
detected and not accepted for investigation.
Using these fraud categories, we collected and analyzed data from three
key sources. Individually, these data do not provide a comprehensive
understanding of the extent of fraud but, when analyzed collectively,
provide support for a government-wide estimate. These data include
investigative case data from 12 selected OIGs,
OIG semiannual reports, and
confirmed fraud reported to the OMBs Paymentaccuracy.gov
dashboard.
Each of these data sources has strengths and limitations, which impact
our estimate. The data sources were generally available from all selected
agencies and included information on detected potential and adjudicated
fraud. However, there was variance in terms and definitions used across
the data sources, and not all sources included information on potential
fraud. Finally, data for undetected fraud, by definition, do not exist. We
considered these strengths and limitations in determining the data to
collect and our estimation approach.
Our review of 46 fraud measurement or estimation studies also informed
the development of these categories and use of data within them. Studies
include those developed by agencies, such as the OIGs for the Small
Business Administration and the Department of Labor; academics;
professional organizations; and international entities, such as the United
Kingdoms Public Sector Fraud Authority.
Fraud Categories and
Data Sources
Page 24 GAO-24-105833 Federal Fraud Estimate
Figure 7 provides additional information on the fraud categories and the
data used in our simulation, by category.
Figure 7: Fraud Categories and the Data Collected and Used in the Simulation, by Category
a
For the purposes of this review, we defined “adjudication” as the legal or administrative process of
resolving a dispute and that includes a formal, fact-finding process; due process; and a formal
determination of the facts.
b
For the purposes of this review, we defined “full investigation” as a thorough inquiry into alleged facts
to find out the truth about a potential crime or violation and for which a determination can be made on
whether there is substantial evidence to refer the case for a judicial or administrative remedy.
Our estimate was based on our Monte Carlo simulation, which relied
upon certain key assumptions that reflect how we collected and used
Key Assumptions
Page 25 GAO-24-105833 Federal Fraud Estimate
agency and OIG data for our estimate. One such assumption relates to
agencies that were not selected as part of our sample of 12. Specifically,
we assumed that the relationship between the number of fraud
occurrences and the financial loss associated with an individual
occurrence of fraud in these agencies was similar to the relationships
observed at the 12 agencies in our sample. We took this approach, given
that our agency selection included about 90 percent of agency obligations
and also reflected a variety of different programs and operations.
We designed our approach so that the financial loss amount of each
instance of fraud or potential fraud was lower for the less certain
categories. For example, we assumed that instances of potential fraud
that were detected by the federal government but not investigated tended
to have lower associated financial loss than instances of fraud that were
investigated and ultimately adjudicated by U.S. courts and other bodies.
We simulated values for undetected fraud by relying on the information
that we had available about detected potential fraud. We considered
several potential models of the relationship between detected and
undetected fraud to help account for the substantial uncertainty
associated with the undetected fraud category.
Across all categories, we did not assume a single value, but rather a
range of values was included in our simulation to capture the degree of
uncertainty associated with the subject area.
Understanding the extent of fraud supports effective fraud risk
management. The Fraud Risk Framework includes several leading
practices that highlight the importance of understanding the scope of
fraud to better manage the risks, such as for managers to conduct
quantitative or qualitative assessments of the likelihood and impact of
inherent risks on the programs objectives. This helps agencies allocate
resources to respond to their more significant fraud risks. The Fraud Risk
Opportunities and
Challenges in
Estimating Fraud to
Support Fraud Risk
Management
Developing and Using
Fraud Estimates Supports
Fraud Risk Management
Page 26 GAO-24-105833 Federal Fraud Estimate
Framework also notes the importance of including qualified specialists to
estimate fraud loss and frequency, among other data-analytics activities.
While our estimate focused on government-wide fraud, multiple agency
and OIG officials told us that more granular estimates, such as those at
the program level, are particularly helpful. Officials also stated that the
likelihood of fraud can vary significantly by program. For example,
multiple OIG officials stated that programs that accept self-certification by
applicants to obtain government benefits tend to have much higher fraud
risks and fraud rates than programs that require additional verification. In
addition, Association of Certified Fraud Examiners officials stated that
granular estimates provided more actionable information to guide
oversight.
Agency and OIG officials and fraud experts identified additional ways that
program-level fraud estimates can improve fraud risk management.
These include the ability to demonstrate the scope of the problem,
improve oversight prioritization, and demonstrate return on investment for
oversight investments (see fig. 8).
Figure 8: How Fraud Estimates Can Improve Fraud Risk Management
Page 27 GAO-24-105833 Federal Fraud Estimate
Demonstrate scope of problem: As noted in the Fraud Risk Framework,
fraud estimates can be used to help assess program fraud risks.
34
It also
states that capturing information on fraud schemes, trends, and outcomes
from fraud measurement activities can aid fraud risk management efforts.
These risks can be both financial and nonfinancial in nature. Better
estimates of the scope of fraud at program, agency, and government-
wide levels can help inform decisions about the level of resources to
commit to fraud risk management activities. In addition, continued
refinement of estimates can help agencies further strengthen their fraud
risk assessments.
In November 2023, we reported on factors that are important to agencies
when managing fraud risks.
35
In survey responses, 18 officials from the
24 Chief Financial Officers (CFO) Act agencies noted that the amount lost
to fraud was an extremely or very important factor when managing fraud
risks.
36
Fraud experts have also noted how fraud estimation can support fraud
risk management. For example, the Director of the University of
Portsmouth Centre for Cybercrime and Economic Crime told us that fraud
estimation can be used to help raise awareness of the risks of fraud in
particular areas and show the importance of making investments to
counter fraud. The Director noted that without estimation, some may
assume that a problem does not exist and, thus, not direct resources to
stop fraud from occurring. The Director also noted that most organizations
underestimate their fraud levels because they confuse detected levels of
fraud with the real level of fraud. The Director noted that detected levels
34
GAO-15-593SP.
35
GAO, Fraud Risk Management: Agencies Should Continue Efforts to Implement Leading
Practices, GAO-24-106565 (Washington, D.C.: Nov. 1, 2023).
36
The 24 agencies surveyed are those listed in the CFO Act of 1990, as amended. These
agencies include the Departments of Agriculture, Commerce, Defense, Education,
Energy, Health and Human Services, Homeland Security, Housing and Urban
Development, the Interior, Justice, Labor, State, Transportation, the Treasury, and
Veterans Affairs, as well as the Agency for International Development, Environmental
Protection Agency, General Services Administration, National Aeronautics and Space
Administration, National Science Foundation, Nuclear Regulatory Commission, Office of
Personnel Management, Small Business Administration, and Social Security
Administration. Pub. L. No. 101-576, § 205, 104 Stat. 2838 (1990), codified, as amended,
at 31 U.S.C. § 901(b).
Page 28 GAO-24-105833 Federal Fraud Estimate
of fraud represent the small tip of the fraud icebergand that substantial
levels of undetected fraud likely remain below the surface.
37
Officials with an OIG we spoke with stated that fraud rates were likely
larger than some assumed, and that estimation could help show the
scope of the problem. Through a better understanding of the problem,
actions such as additional oversight could be taken. We have previously
reported that estimation practices could produce different results,
depending on the key assumptions used or how the analysis was
conducted.
38
In conducting estimates, multiple agency and OIG officials
told us that program-level estimates are particularly helpful because the
likelihood of fraud can vary significantly by program. Officials also stated
that it is important to estimate fraud in such a way that it would effectively
capture the risks to the program and that the estimates were correctly
interpreted. In one example, officials said that benefits programs that
include a self-certification component tend to have much higher fraud
risks and fraud rates than programs requiring additional verification. In
another example, an agency official stated that agencies and states use
varying definitions of fraud that may vary by the program and relevant
legal statutes. Likewise, another official emphasized that there was not a
clear definition of potential fraud. By defining fraud or potential fraud
differently, fraud rates could differ substantially.
Officials also noted that organizations needed to develop estimates that
reflected the true extent of fraud and, thus, did not misinform decision-
making.
Improved oversight prioritization: The Fraud Risk Framework notes
that effective managers of fraud risk use the programs fraud risk profile to
help decide how to allocate resources to respond to residual fraud risks.
As federal fraud estimates mature, additional information on program
risks could help refine fraud risk assessments that are documented in the
profile.
Officials with several OIGs noted that an estimate of fraud could
potentially help prioritize oversight resources. For example, officials at
37
We recently reported on the stages of fraud detection, including the known and
unknown aspects of fraud. See GAO-24-106353.
38
GAO, Unemployment Insurance: Data Indicate Substantial Levels of Fraud during the
Pandemic, DOL Should Implement an Antifraud Strategy, GAO-23-105523 (Washington:
D.C.: Dec. 22, 2022).
Page 29 GAO-24-105833 Federal Fraud Estimate
one OIG stated that additional fraud estimates could help guide the OIG
to vulnerable programs across the agency. Officials also stated that fraud
estimation could help enhance regulatory change to improve oversight for
those programs that appeared to have a higher rate of fraud. Officials with
another OIG noted that their agency had many different types of
programs and operations, all with different potential fraud risks. Officials
noted that having more information on the rate of fraud could help better
target scarce oversight resources.
Association of Certified Fraud Examiners officials stated that detailed
information about the likely extent of fraud can help organizations conduct
risk analysis to better target fraud. OIG officials also cautioned that
estimation needed to be performed and interpreted correctly, or the
results of the estimation could misdirect oversight resources. If a program
was determined to have a low rate of fraud when, in fact, it had a high
rate, it may receive less oversight than needed.
Help demonstrate return on investment: OIG officials told us that fraud
estimation could help demonstrate the return on investment of fraud risk
management activities. In addition, the CFO Council notes that while it
might be difficult to measure outcomes as a result of fraud prevention
tactics, it is a vital step to an effective and robust antifraud program and
can lead to a significant return on investment.
39
Program Integrity: The
Antifraud Playbook states that repeated monitoring and periodic
evaluations provide insight into the effectiveness of fraud risk
management activities. Knowing the extent of fraud affecting a program
through estimates can be a useful data point in determining the
effectiveness of fraud risk management activities. This is consistent with
what we heard from an OIG official, who stated that more fraud
measurement or estimation could help justify investment in fraud
prevention and detection techniques.
The Director for the Centre for Cybercrime and Economic Crime at the
School of Criminology and Criminal Justice at the University of
Portsmouth in the United Kingdom stated that without clear measures of
performance, it is difficult for entities involved with combating fraud to
demonstrate their contribution to an organization and to see how well they
39
Chief Financial Officers Council, Program Integrity: The Antifraud Playbook (Oct. 17,
2018), accessed Nov. 27, 2023, https://www.cfo.gov/assets/files/Interactive-Treasury-
Playbook.pdf. The playbook provides a four-phased approach, with 16 plays drawn from
successful practices from the federal government and private sector to help combat the
risk of fraud at an agency.
Page 30 GAO-24-105833 Federal Fraud Estimate
are doing. The Director noted that without clear metrics, it can be
challenging for increasingly financially focused organizations in both the
private and public sector to answer questions about their performance.
Estimates of fraud in federal programs are limited, with recent estimation
being completed in response to the unprecedented fraud against federal
pandemic programs.
40
The Fraud Risk Framework and other prior work
have identified challenges related to determining the extent of fraud.
41
In
developing our government-wide fraud estimate, we faced several of
these previously identified challenges, among others.
As part of our work to estimate the extent of federal fraud, we considered
a variety of data sources. On the basis of discussions with 12 selected
agencies, we identified varying amounts of data. While some agencies
have data that could be informative for fraud estimation, many do not, or
the data they do have require extensive analysis to support fraud
estimation.
Some agencies have collected significant program data. These data have
been used to detect potential fraud, such as through data matching, data
mining, and network analysis.
42
These data could be informative for future
program fraud estimates. For example:
The Centers for Medicare & Medicaid Services Fraud Prevention
System uses predictive models and other algorithms to identify
medical providers and suppliers exhibiting a pattern of behavior
indicative of potential fraud.
In 2016, the Social Security Administration began implementing a
multiphase project to integrate data from multiple sources and use
predictive analytics to identify high-risk transactions for review to
prevent fraudulent actions from advancing.
40
For example, see GAO-23-106696; Department of Labor, Office of Inspector General,
Report No. 19-22-005-03-315); and Small Business Administration, Office of Inspector
General, COVID-19 Pandemic EIDL and PPP Loan Fraud Landscape, White Paper
Report 23-09. (Washington, D.C.: June 27, 2023).
41
GAO-15-593SP; GAO, GAOverview: Fraud in the Federal Government Challenges
Determining the Extent of Federal Fraud, GAO-23-106110 (Washington, D.C., Jan. 23,
2023).
42
Network analysis is a quantitative approach to identifying and graphically representing
potentially unknown relationships among individuals or organizations.
Challenges in Estimating
Fraud
Data to Support Further Fraud
Estimation Are Not Readily
Available and Usable
Page 31 GAO-24-105833 Federal Fraud Estimate
In addition, the results of data analytics undertaken for program integrity
or OIG audits and evaluations could be useful for understanding the
extent of potential fraud facing a program. For example, in 2022, the
Department of Labors OIG used data analytics to identify potentially
fraudulent unemployment insurance claims.
43
We found that OIG case management data and OIG semiannual reports
to Congress contained data to support fraud estimates, but these data did
not provide all the information needed. For example, OIG reporting
excluded information on potential fraud captured by the agency that was
not reported to the OIG for investigation. Further, in reviewing OIG
semiannual reports to Congress, we identified variability in how data were
reported that affects their usefulness for fraud estimation. For example,
we reviewed information related to investigative recoveries. In some data,
recoveries were reported as the only data point. In other data, recovered
amounts were combined with fines, or limited to only administrative
recoveries, and excluded court-ordered recoveries. We found similar
variability in reporting of data regarding forfeitures, recoveries, and
restitution, as shown in figure 9. This variability results in data that cannot
be readily compared or consolidated to understand the financial impacts
of fraud across the federal government.
43
Department of Labor, Office of Inspector General, 19-22-005-03-315.
Page 32 GAO-24-105833 Federal Fraud Estimate
Figure 9: Examples of Variation in How Fraud-Related Data Are Reported in Office of Inspectors General Semiannual Reports
to Congress
We also found that reliable information on the potential effect of fraud in
OIG data is often not captured. This can make it difficult to determine the
extent of the impact from fraud that agencies and programs might face.
For example, multiple OIG officials told us that they did not capture
information on the financial impact of a fraud case unless it was formally
adjudicated. Further, officials also said that initial information on the total
loss to fraud gathered during an investigation can be inaccurate and
Page 33 GAO-24-105833 Federal Fraud Estimate
might vary significantly from the outcome of the case. For example, the
initial information provided by a whistleblower tip might be exaggerated.
Conversely, an investigation might uncover additional information that
would indicate that the fraud was much larger than previously believed.
Our past work has also noted that legal limitations can inhibit sharing of
key data with some agencies that could help identify fraud-related
payments. For example, in 2023 we reported that the Small Business
Administration faced statutory obstacles that prevent the Social Security
Administration from sharing key data, including Social Security numbers,
with the Small Business Administration.
44
A program official told us that different entities, such as federal and state
programs, might use varying definitions of fraud, which can limit the ability
to compare and aggregate data. Multiple program and OIG officials told
us that there are different definitions of fraud used across the
government. For example, a Department of Labor official told us that
many state workforce agencies use different definitions of fraud, which
complicates attempts to estimate fraud associated with unemployment
insurance programs. Department of Health and Human ServicesOIG
officials also noted that there are differing definitions of fraud that can
vary across programs and statutes that can complicate attempts to
determine the extent of fraud. We have previously reported that varying
definitions of fraud can impact reporting and that some entities use
broader definitions of fraud.
45
Direct measures of undetected fraud, by definition, do not exist.
Identifying previously undetected fraud, assessing related proxies, or
estimating undetected fraud can be resource intensive and require
significant analysis and expertise. Despite these challenges, information
on the amount of undetected fraud is necessary to understand the full
scope of likely fraud. To help determine the extent of undetected fraud,
agencies and OIGs have employed methods, such as statistical sampling,
44
GAO, COVID Relief: Fraud Schemes and Indicators in SBA Pandemic Programs,
GAO-23-105331 (Washington, D.C.: May 18, 2023).
45
GAO defines fraud as obtaining a thing of value through willful misrepresentation. Willful
misrepresentation can be characterized by making material false statements of fact based
on actual knowledge, deliberate ignorance, or reckless disregard of falsity. Other entities
use broader definitions that include settlements, suspected fraud, or prevented fraud.
These varying definitions can result in different reported fraud amounts, which could
prevent comparison and summary across agencies. See GAO-23-106110.
Use of Varying Fraud
Definitions Impacts Reporting
Determining the Amount of
Undetected Fraud Is
Challenging
Page 34 GAO-24-105833 Federal Fraud Estimate
to estimate a rate of fraud, or data analytics to attempt to identify
previously undetected fraud.
46
Given the hidden nature of fraud, a certain portion of fraud will go
undetected. Further, multiple agency and OIG officials stated that the
extended time it takes to investigate and prosecute cases of fraud can
also make it more challenging to use existing data to determine the extent
of fraud. These time lags can make it difficult to determine the prevalence
or amount of fraud at a given time, as the data may reflect events that
occurred years in the past. Officials with one OIG stated that while cases
generally took 1-1/2 to 2 years to move from identification to conviction,
some cases could take a decade to complete.
Further, not all potential fraud is investigated or prosecuted. For example,
an OIG official noted that OIG can only investigate the worst of the worst
and that OIG does not have the capacity to investigate many possible
instances of fraud. To help prioritize scarce investigative resources, some
investigative organizations have thresholds that may impact the fraud
they investigate (see sidebar). Further, the statute of limitations may
cause investigative organizations to prioritize some cases over others.
As demonstrated by our and other estimates of the extent of fraud in the
federal government or programs, expertise and data-analysis capacity are
needed to develop fraud estimates. For example, our government-wide
fraud estimate required an investigative data request from the OIGs of the
12 selected agencies, as well as additional data, such as from OIG
semiannual reports to Congress. We also made use of significant fraud
46
Department of Agriculture, The Extent of Trafficking in the Supplemental Nutrition
Assistance Program: 2015-2017 (Alexandria, VA: September. 2021); Department of
Labor, Office of Inspector General, 19-22-005-03-315; Small Business Administration,
Protecting the Integrity of the Pandemic Relief Programs: SBAs Actions to Prevent,
Detect and Tackle Fraud. (Washington, D.C.: June 2023); and Small Business
Administration, Office of Inspector General, White Paper Report 23-09.
Fraud Is Not Easy to Detect,
Investigate, or Prove
Case Thresholds Limit Amount of Fraud
Investigated and Adjudicated
Case thresholds can limit what cases are
pursued for investigation and potential referral
for prosecution and adjudication. Officials at
one Office of Inspector General’s office stated
that for certain contract fraud investigations to
be initiated, the size of the contract needed to
be at least $2 million and an estimated fraud
loss of at least $500,000. Other investigations,
such as those for certain types of direct
assistance, had a lower threshold of $30,000.
Officials did note, though, that if thresholds
are not met, the investigation might still occur
if there are other concerns, such as corruption
by public officials.
Source: Office of Inspector General officials.
GAO-24-105833
Expertise and Data Analysis
Capacity Needed for
Estimation Efforts
Page 35 GAO-24-105833 Federal Fraud Estimate
expertise to interpret these data and statistical expertise to further
analyze the data and develop our estimate.
Agency and OIG officials told us that additional fraud expertise and data-
analysis capacity would help improve the accuracy of fraud measures and
estimates.
47
These officials stated that agencies needed a certain level of
sophistication in their oversight efforts before they would be positioned to
accurately estimate fraud. For example, if an agencys internal controls
and analysis efforts were deficient, it would be difficult to develop data
that would be useful for estimation.
Our 2023 survey of 24 CFO Act agencies identified significant challenges
related to expertise, data, and tools for fraud risk management.
48
In
particular, agencies reported challenges related to the availability of
resources such as staff, access to data-analysis tools and techniques,
and access to data to look for fraud as their top challenges to fraud risk
management efforts. These challenges could also impact the ability to
develop effective fraud estimates.
OIG officials also expressed concerns about the development and use of
estimation redirecting oversight resources to estimation activities versus
oversight. The officials stated that estimation activities are typically time
consuming and could redirect already scarce staff resources from audit or
investigative work.
We previously reported in the International Journal of Government
Auditing on the opportunities for data analytics, including the use of
artificial intelligence to help identify potential fraud, which could further aid
estimation.
49
However, agencies have reported that artificial intelligence
can also pose new risks to oversight efforts, such as when used by
47
In March 2022, we recommended that Congress consider establishing a permanent
analytics center of excellence to aid the oversight community in identifying improper
payment and fraud. We found that without permanent government-wide analytics
capabilities to assist the oversight community, agencies will have limited resources to
apply to nonpandemic programs to ensure robust financial stewardship, as well as to
better prepare for applying fundamental financial and fraud risk management practices to
future emergency funding. See GAO-22-105715.
48
GAO-24-106565.
49
GAO, Artificial Intelligence Creates New Opportunities to Combat Fraud,International
Journal of Government Auditing (Summer 2020).
Artificial Intelligence Creates
Opportunities for Improved Fraud
Detection but Also for Fraud
We have previously reported that artificial
intelligence has created opportunities for
improved oversight and fraud detection.
Artificial intelligence can use algorithms and
models to reveal anomalous patterns,
behaviors, and relationships—with speed, at
scale, and in depth—that was not possible
previously.
Despite these opportunities, artificial
intelligence can also pose new risks to
agencies and others, such as by creating fake
images to assist with developing falsified
documentation or to create fake audio to
assist in impersonation schemes.
Sources: GAO, Artificial Intelligence Creates New
Opportunities to Combat Fraud,International Journal of
Government Auditing (Summer 2020); Department of Health
and Human Services, Health Sector Cybersecurity
Coordination Center: AI-Augmented Phishing and the Threat
to the Health Sector (Oct. 26, 2023); and Department of
Homeland Security, Increasing Threat of Deepfake Identities.
| GAO-24-105833
Page 36 GAO-24-105833 Federal Fraud Estimate
fraudsters to execute new fraud schemes, which may evade detection
(see sidebar).
Current guidance on the collection of data for fraud estimation is limited to
efforts to support OIG semiannual reports to Congress and confirmed
fraud reporting to OMB. Further, there are no plans to expand the use of
fraud estimation to enhance fraud risk management in the executive
branch or to leverage data experts across government to support such
estimates. Despite these limitations, opportunities exist government-wide
to build on current OIG oversight and agency program integrity efforts and
increase the availability of data, expertise, and data-analytics capacity
needed to develop estimates. Further, our Schedule Assessment Guide
notes the value in using timelines and key milestones to help guide
implementation for projects, which can include government-wide
initiatives.
50
OMB and CIGIE issue guidance and requirements to the executive
branch agencies and OIG community, respectively. While OMB has
issued management guidance to agencies, including on their
responsibilities for improving payment integrity and fraud risk
management, it has not established guidance or plans for guidance on
data collection to support fraud estimation. There are also existing
requirements for fraud-related data collection and reporting, such as
through the Inspector General Act, as well as associated data systems
and processes to meet those requirements.
51
However, this collection and
reporting is not designed to support fraud measurement or estimation.
CIGIE has developed Quality Standards for Investigations that require
investigative data to be stored in a manner that allows effective retrieval,
reference, and analysis, while ensuring the protection of sensitive data.
These standards were not developed to enable fraud measurement or
estimation.
52
The federal government has also established data-capacity resources to
aid program integrity, and these resources could also aid estimation. For
example, the Department of the Treasurys Office of Payment Integrity,
which includes the Do Not Pay Business Center and the Payment
50
GAO, Schedule Assessment Guide: Best Practices for Project Schedules, GAO-16-89G
(Washington, D.C.: Dec. 22, 2015).
51
5 U.S.C. App. § 5.
52
The Council of the Inspectors General on Integrity and Efficiency, Quality Standards for
Investigations (Nov. 15, 2011).
Opportunities to Expand
Fraud Estimation
Page 37 GAO-24-105833 Federal Fraud Estimate
Integrity Center of Excellence, offers data-analytics capacity to help
agencies address payment integrity challenges. These centers have
access to data-analysis resources and fraud expertise to help prevent
improper payments due to fraud and have worked with numerous
datasets for programs with different fraud risks. Specifically, these centers
help provide support to agency payment integrity efforts with various
expenditure types, such as direct beneficiary payments, contracts, and
grants. Because of these efforts, the Department of the Treasury has
unique insights that could be used to evaluate and identify methods to
expand government-wide fraud estimation. OMB has also directed
agencies to use Do Not Pays analytic capacity to identify potentially
fraudulent payments to help enhance program integrity. However, these
centers have not been leveraged to evaluate and identify methods to
expand fraud estimation to date.
Treasurys Office of Payment Integrity is well positionedwith the
expertise, data, and analytic toolsto evaluate and advance approaches
the federal government can take to estimate fraud in support of fraud risk
management. Moreover, as fraud-related data available to the Office of
Payment Integrity expands or improves, it would also be well positioned
to refine estimates.
The Fraud Risk Framework notes that assessing the likelihood and
impact of inherent fraud risk may include involving qualified specialists,
such as statisticians and subject-matter experts.
53
These specialists may
contribute expertise and guidance when employing techniques like
analyzing statistically valid samples to estimate fraud losses and
frequency.
Federal internal control standards require managers to use quality
information.
54
Specifically, internal control standards require management
to obtain relevant data from reliable internal and external sources in a
timely manner based on the identified information requirements. The
standards also direct management to process the obtained data into
quality information that supports the internal control system. This involves
processing data into information and then evaluating the information so
that it is quality information.
53
GAO-15-593SP.
54
GAO-14-704G.
Page 38 GAO-24-105833 Federal Fraud Estimate
By leveraging existing oversight mechanisms and payment integrity data-
capacity resources, the government would be better positioned to
address the different challenges in fraud estimation. In doing so, agencies
and others, such as the OIGs, will be better positioned to use estimation
to help demonstrate the scope of the problem, prioritize resources, and
demonstrate return on investment for fraud risk management activities.
Our estimate of direct annual financial losses from fraud affecting the
federal government provides insights not obtained through previous
analysis and reporting on the extent of fraud across the federal
government. The significant estimated annual loss from fraudranging
from $233 billion to $521 billionreinforces the importance of fraud risk
management, with an emphasis on prevention.
With additional data and more granular estimates, such as at the program
level, agencies would be better positioned to leverage this information to
strategically manage fraud risk. For example, targeted estimates can
provide a better understanding of the scope of the problem in different
program areas, help prioritize resources, and demonstrate return on
investment from fraud prevention and detection efforts. However, the
federal government faces challenges in producing more precise fraud
estimates, including incomplete and varyingly recorded data on identified
fraud. A government-wide approach is required to address these
challenges. Centralized guidance from OMB for improving data collection
to support fraud estimates can provide a more uniform approach to what
data are collected, and how. Further, identifying ways to expand the use
of fraud estimationleveraging the significant analytics expertise and
data repository of Treasurys Office of Payment Integritywill help
strengthen antifraud efforts and promote fiscal sustainability government-
wide.
We are making three recommendations, including one to OMB in
collaboration with CIGIE, one to OMB, and one to the Department of the
Treasury in consultation with OMB. Specifically:
The Director of the Office of Management and Budget, in collaboration
with the Council of the Inspectors General on Integrity and Efficiency,
should develop guidance on the collection of Office of Inspector General
(OIG) data to support fraud estimation. The guidance should
identify and establish consistent data elements and terminology for
use across OIGs;
Conclusions
Recommendations for
Executive Action
Page 39 GAO-24-105833 Federal Fraud Estimate
include a timeline for implementation and key milestones; and
leverage existing data systems and processes, as appropriate.
(Recommendation 1)
The Director of the Office of Management and Budget, with input from
executive branch agencies, should develop guidance on the collection of
executive agency data to support fraud estimation. The guidance should
identify and establish consistent data elements and terminology for
use across agencies;
include a timeline for implementation and key milestones; and
leverage existing data systems and processes, as appropriate.
(Recommendation 2)
The Secretary of the Treasury, in consultation with the Office of
Management and Budget, should establish an effort to evaluate and
identify methods to expand government-wide fraud estimation to support
fraud risk management. This effort should
initially prioritize program areas at increased risk of fraud;
be responsive to changes in the availability or quality of data; and
leverage data-analytics capabilities, such as within the Office of
Payment Integrity, which includes the Do Not Pay program.
(Recommendation 3)
We provided a draft of this report to OMB, CIGIE, and the Department of
the Treasury for review and comment. We received written comments
from OMB, which are reproduced in appendix III and summarized below.
Both CIGIE and the Department of the Treasury provided comments via
email in lieu of formal, written comments. We also provided a draft of the
report to the 12 selected agencies and their respective OIGs for technical
comments, if any. In response, we received technical comments from the
Departments of Health and Human Services, Labor, and Justice; the
Small Business Administration; and the Department of Labor’s OIG,
which we incorporated as appropriate. The other agencies and OIGs did
not provide comments.
In its written comments, OMB generally agreed with the two
recommendations directed to it and with the need for improved data
collection and reporting at the agency and program levels. Separately,
OMB informed us that it had been in touch with CIGIE and they will work
Agency Comments
and Our Evaluation
Page 40 GAO-24-105833 Federal Fraud Estimate
together to determine appropriate next steps regarding our
recommendations.
OMB agreed with several aspects of our report, including the following:
Federal agencies must do a better job assessing and preventing fraud
risk and they should more completely and consistently apply GAO’s
Fraud Risk Framework to their programs to ensure that fraud risks are
properly assessed, mitigated, and monitored on an ongoing basis.
Rigorous analysis of fraud and fraud risk, at the program level, can be
highly valuable in driving agency action and ongoing leadership
prioritization of combatting fraud.
The level of risk can vary substantially between agencies and
programs.
The amount of captured fraud and recoveries underestimates total
loss from fraud.
OMB also expressed support for our ongoing analysis of fraud risks,
efforts to estimate program-specific fraud rates to inform future program
design, and guidance provided by our Fraud Risk Framework. OMB
highlighted its collaboration with us and others to identify and reduce
fraud risk. For example, OMB noted collaboration through the Joint
Financial Management Improvement Program’s Payment Integrity
Initiative and the issuance of a Controller Alert on identifying and
assessing fraud risks.
55
OMB also described several actions agencies
have taken to reduce fraud and improper payments. This includes
implementing additional safeguards and investing in antifraud and
modernization efforts for state unemployment systems.
We appreciate the past coordination with OMB, as well as its efforts and
those of agencies, to combat fraud. We look forward to continued
coordination and collaboration government-wide on such efforts. We
agree that progress has been made on fraud risk management. We also
agree that there is more to be done to prevent and reduce fraud.
55
Joint Financial Management Improvement Program (JFMIP) is a cooperative venture
between GAO, OMB, the Office of Personnel Management, and the Department of the
Treasury. JFMIP, Payment Integrity Initiative: A Three Year Plan to Advance Payment
Integrity, JFMIP-24-02 (Feb. 2024). See also Office of Management and Budget,
Establishing Financial and Administrative Controls to Identify and Assess Fraud Risk, CA-
23-03 (Washington, D.C., Oct. 17, 2022).
Page 41 GAO-24-105833 Federal Fraud Estimate
Beyond those points of agreement, however, OMB raised concerns about
our estimate and how it would be interpreted. Specifically, OMB stated
that our estimate was based on a “simulation model” rather than analysis
of estimated losses by individual federal programs and that our
government-wide estimate would not provide agency- or program-specific
insights for fraud prevention. OMB also questioned the plausibility of our
estimate.
Our estimated range of fraud loss is based on a well-established
simulation model. As we make clear in the report, it was designed to
provide a government-wide estimate, as opposed to agency- or program-
level estimates. We disagree with OMB’s implication that our estimate is
not based on fraud loss data from federal agencies or programs. To the
contrary, fraud frequency and loss data, covering fiscal years 2018
through 2022, collected from the 12 selected OIGs, serve as the primary
basis for our estimate. These data reflect adjudicated and potential fraud
activity within the agencies and programs. They also provide the basis for
our simulation of undetected fraud. While we aggregated these data in
the simulation model for statistical reliability reasons, to suggest that our
model is not grounded in relevant, appropriate, agency or program data is
inaccurate. Because these data are not publicly or readily available in a
format suitable for fraud estimation, we developed a rigorous approach to
collect, collate, and assure reliability for simulation purposes.
OMB’s narrow view of fraud is generally confined to confirmed fraud,
which is a subset of adjudicated fraud cases. All adjudicated fraudbut
especially what is measured in OMB’s confirmed fraud reportsreflects
only a small portion of the full extent of fraud. Further, OMB’s comments
overlook the intent and objective of our effort to develop a first-ever,
government-wide estimate of losses due to fraud. A government-wide
estimate can help OMB, program officials, or Congress begin to
understand and assess the scope of the problem and drive action to
address it.
Our estimate also builds on the intent of the Fraud Reduction and Data
Analytics Act of 2015 (FRDAA), and its successor, the Payment Integrity
Information Act of 2019 (PIIA).
56
FRDAA and certain provisions in PIIA
were enacted to improve agencies’ controls and procedures to assess
and mitigate fraud risks and improve data analytics to identify, prevent,
and respond to fraud. PIIA included requirements for OMB to take actions
56
Pub. L. No. 114-186, 130 Stat. 546 (June 30, 2016); Pub. L. No. 116-117, § 2(a), 134
Stat. 113, 131-32 (2020) (codified at 31 U.S.C. §3357).
Page 42 GAO-24-105833 Federal Fraud Estimate
to support agencies’ fraud risk management, such as by establishing an
Interagency working group on government-wide payment integrity
improvement. While OMB has recently initiated such meetings, its lag in
doing so represents lost opportunities for agencies to share and receive
information that could have supported their payment integrity efforts
particularly amid the challenges associated with pandemic spending.
The needand requirementsfor agencies to take action to address
fraud was reiterated in our February 2023 testimony, which identified
agencies’ continued lag in implementing fraud risk management activities
as a major factor contributing to pandemic programs' exposure to fraud.
57
In November of that year, we reported that of the 173 recommendations
we had made to over 40 agency or program offices to improve fraud risk
management since 2015, over half (95) remained unimplemented.
58
As discussed in our report, we recognize the value of more granular-level
estimates, such as those at the agency or program level. This is why we
made recommendations to improve the data available so that such
estimates could be developed in the future. We see this government-wide
estimate as an important first step.
Our report repeatedly cautions against any attempt to use our estimated
range to reverse engineer how much may have been lost due to fraud for
any particular agency or program or predict future fraud losses. OMB did
this, however, in its written comments questioning the plausibility of our
estimate. Specifically, OMB took our calculation comparing the fraud
estimate to annual obligations and inappropriately applied it to various
program areas. In doing so, OMB said that certain areas of federal
spending have no or low fraud risk, removed those areas of spend from
its calculation, and then applied the upper end of the percentage range to
the remaining spending. OMB noted this results in an implausibly high
level of fraud loss from all other federal programs and suggests long-
standing fraud across many federal programs over multiple years
comparable to pandemic spending fraud.
We disagree with OMB’s approach, assumptions, and conclusions on this
issue. The extent and impact of fraud is not easily identified through
informal means, and OMB has not performed a meaningful analysis with
supporting data of fraud risk in individual federal programs. For example,
57
GAO, Emergency Relief Funds: Significant Improvements Are Needed to Address Fraud
and Improper Payments, GAO-23-106556 (Washington, D.C: Feb. 1, 2023).
58
GAO-24-106565.
Page 43 GAO-24-105833 Federal Fraud Estimate
OMB summarily concludes that interest on public debt and other large
portions of federal outlays are at low or no risk of fraud and generally
excludes them in their calculation of a fraud rate. Notwithstanding the fact
that fraud can add to the federal debt, which directly increases interest
payments on that debt, OMB’s argument to exclude large portions of
federal outlays from the fraud rate is not supported by evidence. It is not
based on actual data, backed by the extensive literature on fraud, or
methodologically and statistically grounded. While we recognize that
some programs are at a lower risk of fraud, all federal programs and
operations are at risk of fraud. Some individuals or groups will seek to
gain through fraud when and wherever there is opportunity.
We acknowledge risk varies across programs and environments; that
variation is reflected in our estimated range of fraud. OMB’s focus on the
upper end of the range when considering normal risk environments leads
to a distorted view of the reasonableness of our estimate. We note in the
report that higher-risk environments, such as we observed with pandemic
spending, are associated with estimates on the higher end of the range.
Lower risk environments are associated with estimates on the lower end
of the range.
As discussed in our report, particularly in our methodological appendix,
our analysis was based on fraud frequency and loss data, a review of
relevant literature, interviews with subject matter experts, and our
extensive knowledge of program fraud across the federal government.
We also met with knowledgeable agency and OIG officials and conducted
extensive work to analyze, select, and use data for our model. After
running our simulations, we took multiple steps to assess the
reasonableness of our results before finalizing our estimated range. Our
results were further reviewed by the selected agencies and their OIGs. As
such, our results provide a reasonable estimate of government-wide fraud
loss based on the data collected in the timeframe of our review.
Further, as our report states and OMB acknowledges in its comments,
our model was developed to estimate government-wide federal fraud
losses, and its dollar range and percent should not be applied to the
agency, program, or operation level. It is, therefore, inappropriate for
OMB to attempt to apply a percentage based on our estimated range of
fraud losses to subsets of programs or outlays.
OMB also commented that we declined to share our methodology or
show the specific programs and assumptions that informed our model.
We disagree. Our report includes a detailed appendix that outlines our
Page 44 GAO-24-105833 Federal Fraud Estimate
objectives, scope, and methodology. It also describes key assumptions
used in our estimate of government-wide fraud. Further, we met with
OMB staff throughout our engagement and multiple times after providing
our draft report for review and comment to discuss the details of our
report and methodology.
OMB also noted that our reliance on a simulation model to produce what
it described as unrealistic estimates was concerning given our reporting in
this and prior reports regarding the availability of data for fraud estimation.
OMB referenced a 2023 report we issued on the challenges associated
with determining the total extent of fraud.
59
That report summarizes many
of the same issues we discuss in this report, including the limitations with
existing data.
OMB’s comments take our prior work out of context and do not recognize
the substantial data collection, collating, analysis, and expertise that we
used to develop this estimated range of fraud loss. First, we developed an
estimate of fraud, as opposed to a measure of fraud. An estimate, which
is a projection or inference based on fraud or fraud-related measures,
assumptions, or analytical techniques, was necessary because direct
measures of fraud are incomplete or unreliable. We determined that
available data were sufficiently available and reliable to develop an
estimated range of fraud loss across the federal government. Throughout
our report, we acknowledge the inherent challenges with estimating
federal fraud losses. Our recommendations are intended to improve the
data available so that more granular estimates can be developed to help
the government strategically manage fraud risk in the future.
Second, as we detail in this report, to estimate the range of total direct
annual financial losses from fraud, we assessed different methods that
could be used to estimate fraud. Given available data and our
government-wide scope, we selected a Monte Carlo simulation to develop
our estimate. A Monte Carlo simulation is a well-established method that
can be used to estimate ranges for events where there is a high degree of
uncertainty or limited data. OMB’s guidance on regulatory analysis notes
Monte Carlo simulations as an analytic approach to account for
uncertainty.
60
59
GAO-23-106110.
60
Office of Management and Budget, Circular No. A-4, Regulatory Analysis, (Washington,
D.C.: Nov. 9, 2023).
Page 45 GAO-24-105833 Federal Fraud Estimate
We therefore maintain that our methodology, including its assumptions
and given its limitations as disclosed in the report, was sound and
appropriate. Therefore, our estimated range of annual losses due to
fraud, based on fiscal year 2018 through 2022 data, is realistic and
reflects various risk environments during that period.
In email communication, CIGIE indicated that it appreciated our work and
our statement that federal agencies need robust processes in place to
prevent, detect, and respond to fraud. CIGIE also stated that it would
work with OMB in fiscal year 2024 to consider how the federal inspector
general community might improve the availability of fraud-related data to
expand government-wide fraud estimation and support fraud risk
management, which relates to our second recommendation.
In email communication, the Department of the Treasury indicated that it
concurred with our third recommendation that it establish an effort to
evaluate and identify methods to expand government-wide fraud
estimation to support fraud risk management. The Department of the
Treasury also provided technical comments that we incorporated into the
report, as appropriate.
We are sending copies of this report to the appropriate congressional
committees, the Director of the Office of Management and Budget, the
Executive Director of the Council of the Inspectors General on Integrity
and Efficiency, the Secretary of the Treasury, and other interested
parties. In addition, the report is available at no charge on the GAO
website at https://www.gao.gov.
Page 46 GAO-24-105833 Federal Fraud Estimate
If you or your staff have any questions about this report, please contact
Rebecca Shea, (202) 512-6722, [email protected] or Jared Smith, (202)
512-2700, [email protected]. Contact points for our Offices of
Congressional Relations and Public Affairs may be found on the last page
of this report. GAO staff who made key contributions to this report are
listed in appendix IV.
Rebecca Shea
Director, Forensic Audits and Investigative Service
Jared B. Smith
Director, Applied Research and Methods
Page 47 GAO-24-105833 Federal Fraud Estimate
List of Committees
The Honorable Gary C. Peters
Chairman
The Honorable Rand Paul, M.D.
Ranking Member
Committee on Homeland Security and Governmental Affairs
United States Senate
The Honorable James Comer
Chairman
The Honorable Jamie Raskin
Ranking Member
Committee on Oversight and Accountability
House of Representatives
The Honorable Pete Sessions
Chairman
The Honorable Kweisi Mfume
Ranking Member
Subcommittee on Government Operations and the Federal Workforce
Committee on Oversight and Accountability
House of Representatives
Appendix I: Objectives, Scope, and
Methodology
Page 48 GAO-24-105833 Federal Fraud Estimate
This report discusses (1) our estimate of the range of total direct annual
financial losses from fraud affecting federal programs and operations and
(2) opportunities and challenges in fraud estimation to support fraud risk
management. We performed this work under the Comptroller Generals
authority to conduct evaluations to address the broad interest of
Congress on the extent of fraud affecting the federal government.
To inform both objectives, we interviewed agency and Offices of Inspector
General (OIG) officials from 12 agencies. We primarily interviewed
officials responsible for program integrity, criminal investigations,
investigative data collection, and audits. These agencies were selected
based on obligation levels for fiscal years 2018 through 2022 and include
those agencies with the top 10 obligations for one of the fiscal years. We
made these selections using budget obligation data available through the
Office of Management and Budget’s (OMB) MAX A-11 Data Entry
Information System (MAX).
1
Combined, the 12 agencies represent
approximately 90 percent of all government obligations from fiscal years
2018 through 2022. The 12 selected federal agencies are the
Departments of Homeland Security, Defense, Labor, Transportation,
Education, Agriculture, the Treasury, Health and Human Services, and
Veterans Affairs, Office of Personnel Management, Small Business
Administration, and Social Security Administration. We also reviewed
relevant federal government requirements for existing fraud-related data
and reporting.
In addition, we interviewed Department of Justice officials, including from
the Executive Office for United States Attorneys; Criminal Division; Civil
Division; Bureau of Justice Statistics; and the Office of Audit,
Assessment, and Management, among others. We also met with officials
from the Council of the Inspectors General on Integrity and Efficiency
(CIGIE), Pandemic Response Accountability Committee, the Internal
Revenue Service Criminal Investigation, and the Congressional
Research Service.
1
The Office of Management and Budget’s MAX A-11 Data Entry System (MAX) is a
government-wide system used to share information and services among government
agencies and to collect and process most of the information required for preparing the
President’s Budget of the federal government.
Appendix I: Objectives, Scope, and
Methodology
Appendix I: Objectives, Scope, and
Methodology
Page 49 GAO-24-105833 Federal Fraud Estimate
We also identified and reviewed fraud measurement and estimation
studies to inform both objectives.
2
Specifically, we identified and reviewed
fraud measurement and estimation studies developed by U.S.
government, international, academic, and others with subject-matter
expertise. We generally focused on the studies published between fiscal
years 2013 and 2022. In total, on the basis of web and literature database
research, we considered 46 studies that were relevant for our review. We
used these studies to assess estimation and measurement
methodologies, the amount of fraud estimated or measured, and
challenges in estimating and measuring fraud. As appropriate, we also
used the studies to assess the reasonableness of our fraud estimate. Our
estimate was in line with fraud estimates and analysis developed by other
governments, as well as relevant nongovernmental organizations with
fraud expertise.
We also interviewed selected fraud experts to gather additional
information related to fraud measurement and estimation. We selected
these individuals based on their wide-ranging knowledge of fraud in the
international, academic, or private sector. These experts included those
from the Association of Certified Fraud Examiners; the Centre for
Cybercrime and Economics Crime at the School of Criminology and
Criminal Justice at the University of Portsmouth in the United Kingdom;
and the creator of the Corruption, Crime, and Compliance blog.
Information about the extent of fraud across the federal government is
limited. Various data are available about fraud that has been investigated
and adjudicated, but this information does not provide a complete
understanding of the extent of fraud. We considered several factors in
determining our methodology for estimating fraud, including our
knowledge of likely available data, prior fraud estimation methods, and
the known challenges of estimating fraud.
In considering prior methods used to estimate fraud, we found that these
methods generally fell into the following three categories:
studies whereby a group of knowledgeable individuals is surveyed to
determine what they think the likely amount or rate of fraud is.
2
For the purposes of this report, we define fraud measureas a count of detected fraud or
fraud-related activities. We define fraud estimateas a projection or inference based on
fraud or fraud-related measures, assumptions, or analytical techniques, where direct
measures are incomplete or unreliable.
Estimate of the
Range of Total Direct
Annual Financial
Losses from Fraud
Affecting Federal
Programs and
Operations
Appendix I: Objectives, Scope, and
Methodology
Page 50 GAO-24-105833 Federal Fraud Estimate
Because these surveys rely on peoples perceptions, they can be
biased, depending on the views of those surveyed;
the use of a statistically valid sample of transactions and detailed
analysis to attempt to identify fraud that occurred in those transactions
in order to extrapolate to the population of transactions. For example,
in 2023, we relied on statistical sampling to develop an estimate of
unemployment insurance fraud.
3
Given the scope of government
activities and transactions, this approach was not feasible for our
work. Moreover, given the hidden nature of fraud, even a detailed
analysis can still miss instances of potential fraud, which would bias
the results to indicate less fraud is present; and
the use of data analytics to identify transactions with evidence of
potential fraud. These analyses are typically not based on statistical
samples for the purpose of extrapolation. For example, some
agencies have collected program data that have been used to detect
potential fraud, such as through data matching, data mining, and
network analysis.
4
This type of information can serve as inputs to
develop broader models on the extent of fraud in a program area or
the risk of fraud in individual transactions. However, aggregate
government-wide program-level data and program-specific details
needed to pursue this approach were not available.
Due to the limited applicability of these methods for the purpose of
producing a broader government estimate, we developed a novel method
that relied on Monte Carlo simulation to extend the available data to
estimate fraud. Monte Carlo simulation is a well-established probabilistic
method for estimating a range of outcomes under different assumptions
and scenarios where there is uncertainty. We chose this method because
it provided a structured approach to account for the available data and
addressed the multiple, substantial sources of uncertainty associated with
the application of those data to fraud estimation.
5
The approach has
similarities to the three different approaches noted above, in that it
involves obtaining information from experts in the field, analysis of
3
GAO, Unemployment Insurance: Estimated Amount of Fraud during Pandemic Likely
Between $100 Billion and $135 Billion, GAO-23-106696 (Washington, D.C.: Sept 12,
2023).
4
Network analysis is a quantitative approach to identifying and graphically representing
potentially unknown relationships among individuals or organizations.
5
The general purpose of a Monte Carlo simulation is to capture the uncertainty in a
process by randomly generating a range of values consistent with that process. Monte
Carlo simulations can be useful for understanding the range of potential outcomes that
can arise under different assumptions and scenarios.
Appendix I: Objectives, Scope, and
Methodology
Page 51 GAO-24-105833 Federal Fraud Estimate
existing datasets, and the extension of available information to an
unobserved population.
We used the simulation to estimate a range of the total direct annual
financial losses from fraud. The simulation was developed primarily using
data from fiscal years 2018 to 2022, which was organized into three fraud
categories further described below. Our approach is sensitive to the
assumptions made about fraud and accounts for data uncertainty and
limitations. The data available and used in our simulation had various
limitations and assumptions that impact our estimate. The insights offered
by simulations should be interpreted carefully. While we used an
analytical approach to account for the inherent uncertainties associated
with fraud estimation and data limitations, the actual amount of direct
annual financial losses resulting from fraud affecting federal programs
and operations could be outside of the range of our estimate.
Based on our understanding of fraud, investigations, available data, and
the findings of other fraud measurement and estimation studies, we
identified three fraud categoriesadjudicated fraud, detected potential
fraud, and undetected potential fraud. Within detected potential fraud, we
developed three subcategories. See figure 10 for additional information
on these categories and subcategories.
Figure 10: Fraud Categories: Adjudicated, Detected Potential, and Undetected Potential
Fraud Categories
Appendix I: Objectives, Scope, and
Methodology
Page 52 GAO-24-105833 Federal Fraud Estimate
These categories reflect different degrees of certainty about the possibility
of fraud. For example, an instance of adjudicated fraud is certainly
fraudulent. In contrast, the certainty of fraud may be substantially lower
for an instance of potential fraud that has been detected and not accepted
for investigation.
We shared these categories and subcategories with OIG officials from the
12 selected agencies, CIGIE, the Pandemic Response Accountability
Committee, and the Department of Justice to obtain their feedback on the
appropriateness of the categories. Generally, these officials agreed with
our categories and subcategories. As appropriate, we made clarifications
or revisions based on their input.
Using these three fraud categories, we collected and analyzed data from
three key sourcesOIG investigative systems, OIG semiannual reports,
and OMBs Paymentaccuracy.gov reporting. Data on undetected fraud,
by their nature, do not exist. For the undetected fraud category, we relied
on fraud studies for model inputs and assumptions. See figure 11 for the
information and data sources used for each fraud category.
Data Collection and
Analysis
Appendix I: Objectives, Scope, and
Methodology
Page 53 GAO-24-105833 Federal Fraud Estimate
Figure 11: Information and Data Sources for the Simulation, by Fraud Category
Individually, these data do not provide a comprehensive understanding of
the extent of fraud but, when analyzed collectively and in our simulation,
provide support for a government-wide estimate.
We generally collected data from each source for fiscal years 2018
through 2022. The data collected have strengths and limitations that
impact our estimate. For example, investigative data related to potential
and adjudicated fraud were generally available from all 12 selected
agencies, but there was variance in the terms used across the sources,
and not all agencies had information for each subcategory of potential
fraud. We considered these strengths and limitations in determining the
data to collect and used information from fraud estimation studies
developed by government, international, academic, and others with
subject-matter expertise to adjust simulation assumptions and parameters
to account for data limitations. Specifically, data sources for our
Appendix I: Objectives, Scope, and
Methodology
Page 54 GAO-24-105833 Federal Fraud Estimate
simulation and their related limitations include those related to
investigative data, OIG semi-annual reports, and confirmed fraud
amounts reports by agencies to OMB.
Investigative data. We requested data from the OIGs for the 12 selected
agencies using a data collection instrument.
6
The instrument requested
OIG information organized into the fraud categories and subcategories,
which we had previously discussed with the selected OIGs. The
instrument requested information that was known to OIGs, such as
hotline complaints and closed case information. We pretested the data
collection instrument with three OIGs prior to collecting these data from all
12 selected OIGs.
While we received information from all 12 of the selected agenciesOIGs,
the level of detail provided varied. Some OIGs were able to provide
information for each of the data elements we requested. However, some
did not maintain records in such a way that they could provide all
information to us without extensive manual work. For example, some
OIGs collected data at the case level, while others collected at the
individual or entity level and were unable to consolidate at the case level.
We addressed these differences in how our model analyzed the data.
We requested summary statistics and information for fiscal years 2018
through 2022 for the following to inform the detected potential fraud
category:
number of allegations received in the fiscal year;
number of allegations closed in the fiscal year, including those that
were not converted to full investigations;
number of investigations opened and closed, including details on
whether the case was accepted for judicial, administrative, criminal, or
civil action; and
the dollar value of alleged direct federal financial losses for
allegations, closed investigations, and judicial and administrative
action.
6
This information was often maintained in Office of Inspector General case management
systems.
Appendix I: Objectives, Scope, and
Methodology
Page 55 GAO-24-105833 Federal Fraud Estimate
We also requested summary statistics and information for fiscal years
2018 through 2022 for the following to inform the adjudicated fraud
category:
number of cases of adjudicated fraud by criminal, civil, or
administrative case types; and
the direct federal financial loss, by criminal, civil, or administrative
case types.
We also requested additional summary statistics and information for fiscal
years 2018 through 2022 on actions taken jointly with other OIGs.
We also requested that the OIGs
describe any potential issues or limitation related to the data
requested,
provide their professional perspective on the portion of allegations
from hotlines and other sources that are accepted for investigation or
ultimately adjudicated as fraud, and
describe any data system or other changes that might affect the
information provided.
Finally, we requested data regarding the progress on actions taken for
fiscal years 2013 through 2022 to reflect the extended investigative
timelines and the full extent of adjudicated and potential fraud in our
simulation. These investigative data included information on the number
of unique cases that included a potential financial loss related to judicial
and administrative action and the status of certain closed and adjudicated
cases for the extended period. We used these data to contextualize and
validate the summary statistics collected for fiscal years 2018 through
2022.
Office of Inspector General Semi-Annual Reports. OIGs are required
to report on their activities through semiannual reports.
7
We collected and
analyzed information reported in semiannual reports for the 12 selected
agencies for fiscal years 2018 through 2022 to inform the detected
potential fraud and adjudicated fraud categories. Specifically, we
collected information on
7
Under the Inspector General Act of 1978, as amended, federal inspectors general are
required to submit semiannual reports to Congress describing the officesactivities and
accomplishments during that reporting period. 5 U.S.C. App. § 5.
Appendix I: Objectives, Scope, and
Methodology
Page 56 GAO-24-105833 Federal Fraud Estimate
investigative reports issued;
cases referred to the Department of Justice for criminal prosecution;
cases referred to state or local authorities for criminal prosecution;
indictments, criminal informations, and convictions that resulted from
prior referrals;
8
statistical summaries of investigative accomplishments; and
hotline reporting statistics, and aggregated amounts of fraud.
We assigned data collected from the semiannual reports to the
appropriate fraud category or subcategory.
Confirmed fraud. We collected and analyzed confirmed fraud data
reported by agencies to OMB for fiscal years 2018 through 2022.
Confirmed fraud data are reported to OMB by federal agencies and are
available on OMBs Paymentacuracy.gov.
9
These data include our 12
selected agencies and all other agencies that reported confirmed fraud
amounts to OMB in our time period. According to OMBs guidance for
reporting, confirmed fraud
is defined as the amount determined to be fraudulent through the
adjudication process;
does not include transactions determined by management to be
anomalous or indicative of potential fraud that were referred to the
agencys OIG or the Department of Justice, unless the appropriate
judicial or adjudicative process has made the determination; and
does not represent anything settled out of court with or without
admission of guilt.
10
While confirmed fraud provides a direct measure of fraud, it represents
only a portion of the total amount of fraud impacting the federal
8
A criminal information is a written accusation made by a public prosecutor, without the
intervention of a grand jury. On the other hand, an indictment is a formal written
accusation originating with a prosecutor and issued by a grand jury against a party
charged with a crime.
9
OMB requires agencies to provide certain information about improper payments and
confirmed fraud. OMB publishes this information in a payment-integrity dashboard on
Paymentaccuracy.gov.
10
Office of Management and Budget, Transmittal of Appendix C to OMB Circular A-123,
Requirements for Payment Integrity Improvement, M-21-19 (Washington, D.C.: Mar. 5,
2021).
Appendix I: Objectives, Scope, and
Methodology
Page 57 GAO-24-105833 Federal Fraud Estimate
government. Confirmed fraud also does not include cases that never
resulted in a conviction or a formal admission of wrongdoing. For these
reasons, we considered other sources of information about fraud in our
model, and we estimated undetected fraud, as well.
To determine the reliability of the investigative data, confirmed fraud data,
and OIG semiannual report data, we met with knowledgeable agency and
OIG officials and reviewed relevant documentation to identify any relevant
data limitations that could impact our simulation. We also manually
reviewed the data to verify the quality and completeness of the data. On
the basis of the investigative data, confirmed fraud, and OIG semiannual
report data collected, we assessed each specific dollar amount and count
to identify the data for inclusion in the simulation. Specifically, we selected
those data that offered the most credible and complete information for our
fraud data categories. We concluded that these data were sufficiently
reliable to inform the development of assumptions and parameters in our
Monte Carlo analysis and to serve as inputs into that estimate.
In addition to fraud-related information sources, we also used obligation
data available through OMB MAX. We used average obligations for fiscal
years 2018 to 2022 to account for the size, in dollar amount, for agency
operations in our simulation. We obtained these data for our 12 selected
agencies and all other agencies.
To determine the reliability of the obligation data from OMB MAX, we
reviewed relevant documentation on the data and conducted electronic
testing. We concluded that these data were sufficiently reliable to
determine the total obligations for each agency and as an input into our
Monte Carlo analysis.
On the basis of the fraud categories, data sources, discussions with
officials from the 12 selected agencies and their OIGs, and other experts,
we developed a simulation framework to account for three limitations
common in efforts to measure or estimate fraud.
11
These are limitations
related to the fact that
not all fraud is adjudicated,
not all fraud is detected, and
11
We use the terms modeland simulation frameworkboth to refer to the general
approach that we used to estimate the extent of fraud in the federal government. We use
the term simulationto describe the implementation of the estimation approach.
Simulation Framework,
Assumptions, and
Limitations
Appendix I: Objectives, Scope, and
Methodology
Page 58 GAO-24-105833 Federal Fraud Estimate
measures and estimates based on potential fraud likely include some
nonfraudulent activities.
Assumptions related to the nature of fraud. The foundation for our
simulation framework is a set of assumptions about the nature of fraud
and how information in the different fraud categories relate to each other.
For example, because of the hidden nature of fraud, we cannot observe
or detect the complete set of fraudulent activities and associated financial
losssome portion of fraud and related financial loss will remain
undetected. In addition, the process of investigating and adjudicating
fraud can be costly. As a result, even if an agency or OIG is aware of
potential financial losses from detected potential fraud, some portion of
potential fraud may never be investigated or adjudicated. The statute of
limitations could also impact the OIGs ability to investigate some
detected potential fraud. For example, if the statute of limitations were
expiring before investigative activity could likely be completed, the case
may be deprioritized. Relatedly, the average dollar amounts associated
with cases of adjudicated fraud are likely higher than the average
amounts associated with cases of detected potential fraud, which, in turn,
would be greater than the average amounts associated with undetected
fraud.
Given the above considerations, we identified the following baseline
assumptions about the nature and characteristics of fraud. To the extent
we could confirm the accuracy of these assumptions during our work, we
did so.
12
Specifically, we assumed that
the total financial loss amount of fraud can be reasonably modeled
using the number of occurrences of fraud and potential fraud, the
financial loss amount associated with each occurrence, the size of
agency operations, the characteristics of the agency, and the
characteristics of fraud;
on average, the financial loss amount associated with each
adjudicated occurrence of fraud will be higher than the loss amount
associated with each occurrence of detected potential fraud. We
found that this expectation generally held in our observed data. We
applied this assumption when simulating fraud categories with missing
data;
12
We describe the specific implementation of these assumptions, along with the
distributions underlying Monte Carlo simulation, in the simulation procedures below.
Appendix I: Objectives, Scope, and
Methodology
Page 59 GAO-24-105833 Federal Fraud Estimate
on average, the financial loss amount associated with each
occurrence of undetected potential fraud will be lower than the loss
amount associated with each occurrence of detected potential fraud.
We assumed this relationship held when simulating fraud information
categories with missing data. If this assumption does not hold, then
the simulation may underestimate the potential loss from undetected
fraud;
on average, the number of occurrences of adjudicated fraud will be
smaller than the number of occurrences of detected potential fraud.
We found that this expectation generally held in our observed data;
and
the number of occurrences of undetected potential fraud will be closer
in scale to the number of occurrences of detected potential fraud than
to adjudicated fraud. If this assumption does not hold, then the
simulation may under- or overestimate the potential loss from
undetected fraud. To reduce the risk associated with this assumption,
we performed model sensitivity checks that included different potential
relationships between the number of occurrences of undetected
potential fraud and detected potential fraud described in more detail
later in this section.
Assumptions related to fraud occurrence and loss. In addition to the
baseline assumptions about the nature and characteristics of fraud, we
also applied various assumptions throughout the simulation process.
Three additional assumptions related to fraud occurrence, and two related
to fraud loss are described below.
Assumptions applied to agencies. We made assumptions about the
relationship between fraud at the 12 selected agencies and all other
federal agencies. We had total obligations and OMB confirmed fraud
data for all federal agencies as inputs to the simulation. We used data
collected for the 12 selected agencies to inform our simulation of the
number of fraud occurrences at other agencies. We took this
approach, given that our agency selection included about 90 percent
of agency obligations and also reflected a variety of different
programs and operations. Collectively, for these other agencies, we
assumed that the relationship between the number of fraud
occurrences and financial loss associated with each individual
occurrence of fraud was similar to the relationships observed at the
selected agencies.
Assumptions related to the occurrence of fraud. We assumed that the
number of fraud occurrences for each agency is uniformly distributed
between the minimum value and maximum value we identified from
Appendix I: Objectives, Scope, and
Methodology
Page 60 GAO-24-105833 Federal Fraud Estimate
the data collection process.
13
For undetected potential fraud
simulations, we assumed that the number of undetected potential
fraud occurrences is the sum of the fraud occurrences in the three
stages of detected potential fraud.
14
Assumptions about financial loss associated with individual
occurrences of fraud. We assumed that the range of financial losses
attributable to individual occurrences of fraud could be reasonably
captured using a uniform distribution. This is described in greater
detail below. To add variability to our estimate, we randomly
generated financial amounts from a uniform distribution with a
minimum and maximum defined by the amounts we observed across
the 5 years of data for each agency.
15
In cases where agencies did
not provide any dollar amount associated with detected potential
fraud, we follow the previously described assumption that, on
average, the financial loss associated with each adjudicated
occurrence of fraud would be higher than the loss associated with
each occurrence of detected potential fraud, and we adjusted the
financial loss amount based on the financial loss amounts observed in
the previous steps of the simulation. The specific adjustments are
provided in the simulation description.
16
Assumptions related to financial recoveries and fraud loss. Financial
recoveries include assets or funds regained or ordered restored
through a judicial or administrative action after it was determined that
the funds or assets were lost, misappropriated, stolen, or misused.
Financial recoveries may, but do not always, equate to the direct
financial loss from fraud determined through the adjudicative process.
In some instances, financial recoveries may include the recovery of
13
We also applied different simulations based on the assumptions that the number of
fraud occurrences for each agency is uniformly distributed between two (one) standard
deviations below the average and two (one) standard deviations above the average of the
data.
14
We also applied different simulations based on the assumption that the number of
undetected potential fraud occurrences is the same as the amount in stage 1 of detected
potential fraud.
15
We also applied different simulations based on the assumption that the number of fraud
occurrences for each agency is uniformly distributed between two standard deviations
below the average and two standard deviations above the average of the calculated
financial loss amount associated with each occurrence of fraud. As another approach, we
repeated this design using one, rather than two, standard deviations.
16
We also applied different simulations based on the assumptions that the size of financial
loss amount factors is uniformly distributed between zero and the average of results of
simulated detected potential fraud stage 1.
Appendix I: Objectives, Scope, and
Methodology
Page 61 GAO-24-105833 Federal Fraud Estimate
another agencys financial loss from fraud, if the fraud was
perpetuated against multiple agencies. In this situation, if amounts are
reported by both agencies, then the financial recoveries would
overstate the financial loss from fraud across the agencies.
Conversely, recoveries may be less than the direct financial loss from
fraud; for example, when a restitution order is less than the actual
funds lost due to fraud.
17
In this situation, recoveries would
underestimate fraud.
Assumptions related to OIG investigations of fraud relative to other
crimes. OIGs track fraud and nonfraud cases in their case
management systems. However, their systems do not always
distinguish fraud cases from other crimes. For example, OIGs conduct
investigations not related to fraud, such as employee misconduct. We
adjusted the dollar losses associated with cases downward to adjust
for this issue. Without this adjustment, our simulation would
overestimate fraud for this data source.
The simulation involved a series of iterative steps. The result of each
complete simulation step was an estimate of fraud. We ran the simulation
1,000 times, which produced 1,000 estimates. These estimates were then
used to formulate our range of estimated fraud affecting the federal
government.
Each iteration of the simulation included the following steps, repeated for
each fraud category.
1. Using data on adjudicated fraud, we
a. calculated a range for the annual number of occurrences of
adjudicated fraud for each agency.
18
We selected the number of
occurrences randomly from this range.
17
In federal court, a convicted offender may be ordered to reimburse victims for financial
losses incurred due to the offenders crime. This reimbursement is called restitution,and
it may be ordered for lost income, property damage, counseling, medical expenses,
funeral costs, or other financial costs directly related to the crime.
18
In this context of this discussion, the term agencyrefers to each of the 12 selected
agencies and the group that contained all other federal agencies. For the federal agencies
that were not among the 12 selected and for which data were collected, we estimated their
fraud using OMB confirmed fraud amounts, obligations, and fraud data from the 12
selected agencies.
Simulation Procedures
Appendix I: Objectives, Scope, and
Methodology
Page 62 GAO-24-105833 Federal Fraud Estimate
b. calculated a range for the financial loss associated with each
occurrence of adjudicated fraud for each agency. We randomly
generated values from this range to simulate the losses
associated with each potential occurrence of adjudicated fraud.
For example, if we simulated that there were 100 occurrences of
adjudicated fraud, then we would simulate 100 financial losses,
one for each occurrence; and
c. combined the financial losses that we simulated for each
occurrence and scaled the results based on agency obligations.
19
2. We repeated steps a) through c) using data from the detected
potential fraud categorystage 3. These data include remedies that
were obtained using due process but where guilt, liability, or fault of
fraud were not formally determined.
If financial information about such agency remedies did not exist for
an agency, then we developed a range for the financial loss amount
using the average simulated amounts for adjudicated fraud. In these
cases, financial loss amounts were randomly drawn from a range
defined to be between 50 percent and 150 percent of the mean value
of the adjudicated fraud.
3. We repeated steps a) through c) using data from the detected
potential fraud categorystage 2. These data include information
about investigative inquiries into the facts of a case but where
referrals have not been accepted for judicial or administrative actions.
If financial information about such investigative inquiries did not exist
for an agency, then we developed a range for the financial loss
associated with each individual fraud occurrence using the average
simulated loss amounts from the prior step (stage 3remedies that
were obtained using due process but where guilt, liability, or fault of
fraud were not formally determined). In such cases, financial loss
19
We used obligations to reflect that fraud can occur, and is best prevented, prior to when
there is an outlay of funding. An obligation is a definite commitment that creates a legal
liability on the part of the federal government for the payment of goods and services
ordered or received, or a legal duty on the part of the United States that could mature into
a legal liability by virtue of actions on the part of the other party beyond the control of the
United States. Payment may be made immediately or in the future. An outlay occurs upon
the issuance of checks, disbursement of cash, or electronic transfer of funds made to
liquidate a federal obligation.
Appendix I: Objectives, Scope, and
Methodology
Page 63 GAO-24-105833 Federal Fraud Estimate
amounts were randomly drawn from a range defined to be between
25 percent and 100 percent of the mean value of the prior step.
20
4. We repeated steps a) through c) using data from the detected
potential fraud categorystage 1. These data include information
about potential fraud detected by the federal government but not
accepted for full investigation.
If financial information about such potential fraud did not exist for an
agency, then we used the average simulated amounts from our prior
step (stage 2investigative inquiries into the facts of a case but
where referrals have not been accepted for judicial or administrative
action). In such cases, financial loss amounts were randomly drawn
from a range defined to be between 0 percent and 100 percent of the
mean value of the prior step. In addition, for 0 percent to 50 percent of
the occurrences, we assumed no financial loss to account for
uncertainty associated with false positives in fraud reporting.
5. We tested 12 different simulations for undetected fraud, each based
on a different model of the relationship between undetected and
detected fraud. For example, we ran a simulation that assumed that
the number of occurrences of undetected fraud was equal to the
number of occurrences of detected fraud. We also ran a simulation
that assumed that the average financial loss amount associated with
undetected fraud was similar to the average amount associated with
cases detected by the federal government but not accepted for full
investigation. These different undetected fraud models produced
generally consistent simulation results of the total amount of financial
loss from fraud.
6. We combined the interim simulation outputs that were generated from
each step to develop the government-wide estimated fraud range.
The range was calculated as the 5th percentile and 95th percentile of
the 1,000 simulated runs. Because our simulation is constructed from
the data of fraud occurrence and associated financial information
measured on an annual basis, our simulation results are also annual
financial loss estimates of the categories affecting federal programs
and operations.
20
The size of the adjustment depended on the agency. For agencies without financial
information for the amounts associated with remedies that were obtained using due
process but where guilt, liability, or fault of fraud were not formally determined, financial
loss amounts were randomly drawn from a range defined to be between 50 percent and
150 percent of the mean value. The size of the adjustments was calculated by testing the
simulation procedures on agencies with information regarding all categories of fraud
information.
Appendix I: Objectives, Scope, and
Methodology
Page 64 GAO-24-105833 Federal Fraud Estimate
To assess the reasonableness of the simulation results, we took several
steps. First, we compared interim simulation data calculated for each of
the 12 selected agencies against information we had collected about
fraud at those organizations. This information included 46 estimations and
measurement studies from a variety of sources, including the OIGs for the
Small Business Administration and the Department of Labor. In addition,
we reviewed information that agencies reported on actions taken to
combat fraud and obtain financial recoveries.
If the interim simulation data for an agency differed materially from
available information, we adjusted the relevant simulation parameters to
improve consistency. These adjustments were applied at the fraud
category level. For example, the Department of Justice and the
Department of Health and Human Services reported that the federal
government won or negotiated more than $5 billion in health care fraud
judgments and settlements in fiscal year 2021.
21
On the basis of the
findings in this report, we adjusted the simulation parameters for the
Department of Health and Human Services to assure that interim
simulation data for detected fraud did not conflict with the $5 billion.
22
Given that the adjustments were made at the fraud category level, an
agency might have no adjustment for the portion of the simulation
associated with adjudicated fraud weights but an adjustment for the
portion of the simulation associated with stage 1 detected potential fraud.
In addition, we ran separate simulations with alternative assumptions to
assess the reasonableness of our results. As described previously, we
considered multiple approaches to estimating undetected potential fraud.
Similarly, we considered different approaches in the simulations based on
the certainty in the categories of fraud (i.e., the adjudicated fraud category
has higher certainty than the detected potential fraud in any stage). We
also considered additional ranges for the simulated financial amounts
21
Department of Justice and Department of Health and Human Services, Annual Report of
the Departments of Health and Human Services and Justice, Health Care Fraud and
Abuse Control Program FY 2021 (July 2022).
22
The $5 billion in health care fraud was used to adjust fraud weights for detected fraud,
which includes adjudicated fraud, investigations, and fraud that has been flagged by the
government regardless of whether it has been accepted for investigation. We expected
that the fraud amounts associated with the broader category of detected fraud would be
greater than the amounts associated with civil settlements. To account for uncertainty in
this relationship, we set $5 billion as the 10th percentile for interim simulation values
associated with Health and Human Services detected fraud. This approach allowed for the
possibility that the total amount of detected fraud could be lower than $5 billion for any
given simulated year.
Assessing the
Reasonableness of
Simulation Results
Appendix I: Objectives, Scope, and
Methodology
Page 65 GAO-24-105833 Federal Fraud Estimate
associated with each fraud category. The purpose of this additional
testing was to assess the sensitivity of our reported range to the
assumptions underlying our simulation. Sensitivity was determined by
examining how much our estimate changed, given the changes to the
structure of our simulation. We found our range to be reasonably
consistent, given the approaches that we tested.
The insight offered by simulations should be interpreted carefully. Our
approach was not designed to provide precise predictions. Instead, it was
meant to extend the current understanding about the likely extent of fraud
in the federal government, given available data.
Our methodology results in two primary sources of uncertainty. The first
source of uncertainty is the statistical uncertainty arising from the
randomness of the simulation process. We intentionally included this
randomness to help capture the uncertainty associated with the selected
fraud information categories. For example, our simulation has parameters
that account for uncertainty in the number of occurrences of fraud and the
financial loss associated with each occurrence of fraud. The statistical
uncertainty associated with our estimate is reflected in our reported
range.
In addition to statistical uncertainty, our approach is affected by the
uncertainty associated with the specification of our underlying model and
the reliability of the underlying data. The results of our simulations depend
on key assumptions we made about how the historical data might
correspond to adjudicated fraud, detected potential fraud, and undetected
potential fraud.
We believe our assumptions are reasonable, given our historical data and
the degree of uncertainty involved. However, our estimates should not be
generated to specific past or future results. In part, this is because
resulting overall potential annual financial loss of fraud would ultimately
depend on how federal agencies manage their specific fraud risks, and
other factors, which we did not attempt to model.
If one or more of our assumptions, as implemented in our simulation, are
incorrect, then we face an increased risk that our range will not capture
the actual extent of fraud. This risk is especially high with the undetected
fraud category. As described in the previous section, we attempted to
mitigate this risk by checking if our results were reasonably consistent,
given changes to key assumptions underlying our simulation.
Simulation Interpretation
and Uncertainty
Appendix I: Objectives, Scope, and
Methodology
Page 66 GAO-24-105833 Federal Fraud Estimate
In addition, we reviewed published information about government and
agency-specific fraud rates to ensure that our fraud estimate was in line
with these alternative sources. These included fraud estimation or
analysis efforts performed by the federal government, non-U.S.
governments, and relevant nongovernmental organizations with fraud
expertise. These studies include:
the United Kingdom Public Sector Fraud Authority, which estimates
fraud and error losses between 0.5 and 5 percent of government
expenditures in 2020;
the Association of Certified Fraud Examiners that estimated in 2022
that organizations lost about 5 percent of revenue to fraud each year;
and
the University of Portsmouth Centre for Counter Fraud Studies, which
estimated fraud and error losses between 0.02 and 63.96 percent,
with average losses of 6.42 percent between 1997 and 2020.
Agencies differed in the methods and assumptions that they used to
compile the data that we relied on to calculate our estimate. Our
simulation results may be influenced by these differences. We worked to
mitigate potential issues with our data sources by working closely with
agencies and OIGs to better understand the limits of the underlying
source data.
To identify opportunities and challenges in fraud estimation to support
fraud risk management, we reviewed relevant agency and OIG
documentation related to existing fraud-related measures, such as fraud
estimation studies or documentation discussing existing measures. For
example, we reviewed agency reports documenting estimation studies or
how fraud measures were developed and any known caveats and
limitations. We also reviewed OIG reports discussing known challenges
with the data. We reviewed relevant requirements for existing fraud-
related data and reporting, including OIG semiannual reports, confirmed
fraud reporting, and CIGIE annual reports to the President.
We evaluated the extent to which these data and information collection
and use align with leading practices in GAOs A Framework for Managing
Fraud Risks in Federal Programsspecifically, leading practices related to
assessing fraud risks and evaluating outcomes using a risk-based
Opportunities and
Challenges in Fraud
Estimation to Support
Fraud Risk
Management
Appendix I: Objectives, Scope, and
Methodology
Page 67 GAO-24-105833 Federal Fraud Estimate
approach.
23
We also evaluated the extent to which existing fraud-related
data and information collection and use align with the Standards for
Internal Control in the Federal Government.
24
Specifically, we determined
that the information and communication component of internal control
was significant to the objective, along with the underlying principles that
management should use quality information to achieve the entitys
objectives.
We conducted this performance audit from February 2022 to April 2024 in
accordance with generally accepted government auditing standards.
Those standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings based on our audit objectives. We believe that the evidence
obtained provides a reasonable basis for our findings based on our audit
objectives.
23
GAO, A Framework for Managing Fraud Risks in Federal Programs, GAO-15-593SP
(Washington, D.C.: July 28, 2015).
24
GAO, Standards for Internal Control in the Federal Government, GAO-14-704G
(Washington, D.C.: Sept. 10, 2014).
Appendix II: Matters for Congressional
Consideration
Page 68 GAO-24-105833 Federal Fraud Estimate
In a March 2022 testimony before the Senate Committee on Homeland
Security and Governmental Affairs, we recommended 10 Matters for
Congressional Consideration to strengthen internal controls and financial
and fraud risk management practices across the government.
1
As of
March 2024, these matters remained open.
Congress should pass legislation requiring the Office of Management
and Budget (OMB) to provide guidance for agencies to develop plans
for internal control that would then immediately be ready for use in, or
adaptation for, future emergencies or crises and requiring agencies to
report these internal control plans to OMB and Congress. (Matter for
Congressional Consideration 1)
Congress should amend the Payment Integrity Information Act of
2019 to designate all new federal programs making more than $100
million in payments in any one fiscal year as susceptible to
significant improper paymentsfor their initial years of operation.
(Matter for Congressional Consideration 2)
Congress should amend the Payment Integrity Information Act of
2019 to reinstate the requirement that agencies report on their
antifraud controls and fraud risk management efforts in their annual
financial reports. (Matter for Congressional Consideration 3)
Congress should establish a permanent analytics center of
excellence to aid the oversight community in identifying improper
payments and fraud. (Matter for Congressional Consideration 4)
Congress should clarify that (1) chief financial officers (CFO) at CFO
Act agencies have oversight responsibility for internal controls over
financial reporting and key financial management information that
includes spending data and improper payment information; and (2)
executive agency internal control assessment, reporting, and audit
requirements for key financial management information, discussed in
an existing Matter for Congressional Consideration in our August
2020 report,
2
include internal controls over spending data and
improper payment information. (Matter for Congressional
Consideration 5)
1
GAO, Emergency Relief Funds: Significant Improvements Are Needed to Ensure
Transparency and Accountability for COVID-19 and Beyond, GAO-22-105715
(Washington, D.C.: Mar. 17, 2022).
2
GAO, Federal Financial Management: Substantial Progress Made since Enactment of
the 1990 CFO Act; Refinements Would Yield Added Benefits, GAO-20-566 (Washington,
D.C.: Aug. 6, 2020).
Appendix II: Matters for Congressional
Consideration
Appendix II: Matters for Congressional
Consideration
Page 69 GAO-24-105833 Federal Fraud Estimate
Congress should require agency CFOs to (1) submit a statement in
agenciesannual financial reports certifying the reliability of improper
payments risk assessments and the validity of improper payment
estimates, and describing the actions of the CFO to monitor the
development and implementation of any corrective action plans; and
(2) approve any methodology that is not designed to produce a
statistically valid estimate. (Matter for Congressional Consideration 6)
Congress should consider legislation to require improper payment
information required to be reported under the Payment Integrity
Information Act of 2019 to be included in agenciesannual financial
reports. (Matter for Congressional Consideration 7)
Congress should amend the DATA Act to extend the previous
requirement for agency inspectors general to review the
completeness, timeliness, quality, and accuracy of their respective
agency data submissions on a periodic basis. (Matter for
Congressional Consideration 8)
Congress should amend the DATA Act to clarify the responsibilities
and authorities of OMB and the Department of the Treasury for
ensuring the quality of data available on USAspending.gov. (Matter
for Congressional Consideration 9)
Congress should amend the Social Security Act to accelerate and
make permanent the requirement for the Social Security
Administration to share its full death data with the Department of the
Treasurys Do Not Pay working system. (Matter for Congressional
Consideration 10)
Appendix III: Comments from the Office of
Management and Budget
Page 70 GAO-24-105833 Federal Fraud Estimate
Appendix III: Comments from the Office of
Management and Budget
Appendix III: Comments from the Office of
Management and Budget
Page 71 GAO-24-105833 Federal Fraud Estimate
Appendix III: Comments from the Office of
Management and Budget
Page 72 GAO-24-105833 Federal Fraud Estimate
Appendix IV: GAO Contacts and Staff
Acknowledgments
Page 73 GAO-24-105833 Federal Fraud Estimate
Rebecca Shea, (202) 512-6722 or [email protected]
Jared B. Smith, (202) 512-2700, [email protected]
In addition to the contacts named above, Heather Dunahoo, Moon Parks,
Steven Putansu (Assistant Directors); Nick Weeks (Analyst in Charge);
Tracy Abdo, Lisa Fisher, Amber D. Gray, Lijia Guo, and Abinash Mohanty
made key contributions to this report. Also contributing to the report were
Robert Bastian, Lilia Chaidez, Leia Dickerson, Colin Fallon, Carly
McCann, Maria McMullen, Joe Rini, and Sabrina Streagle.
Appendix IV: GAO Contacts and Staff
Acknowledgments
GAO Contacts
Staff
Acknowledgments
The Government Accountability Office, the audit, evaluation, and investigative
arm of Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability of the
federal government for the American people. GAO examines the use of public
funds; evaluates federal programs and policies; and provides analyses,
recommendations, and other assistance to help Congress make informed
oversight, policy, and funding decisions. GAO’s commitment to good government
is reflected in its core values of accountability, integrity, and reliability.
The fastest and easiest way to obtain copies of GAO documents at no cost is
through our website. Each weekday afternoon, GAO posts on its website newly
released reports, testimony, and correspondence. You can also subscribe to
GAO’s email updates to receive notification of newly posted products.
The price of each GAO publication reflects GAO’s actual cost of production and
distribution and depends on the number of pages in the publication and whether
the publication is printed in color or black and white. Pricing and ordering
information is posted on GAO’s website, https://www.gao.gov/ordering.htm.
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card, MasterCard,
Visa, check, or money order. Call for additional information.
Connect with GAO on Facebook, Flickr, Twitter, and YouTube.
Subscribe to our RSS Feeds or Email Updates. Listen to our Podcasts.
Visit GAO on the web at https://www.gao.gov.
Contact FraudNet:
Website:
https://www.gao.gov/about/what-gao-does/fraudnet
Automated answering system: (800) 424-5454 or (202) 512-7700
A. Nicole Clowers, Managing Director, ClowersA@gao.gov, (202) 512-4400, U.S.
Government Accountability Office, 441 G Street NW, Room 7125, Washington,
DC 20548
Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, DC 20548
Stephen J. Sanford, Managing Director, [email protected], (202) 512-4707
U.S. Government Accountability Office, 441 G Street NW, Room 7814,
Washington, DC 20548
GAO’s Mission
Obtaining Copies of
GAO Reports and
Testimony
Order by Phone
Connect with GAO
To Report Fraud,
Waste, and Abuse in
Federal Programs
Congressional
Relations
Public Affairs
Strategic Planning and
External Liaison
Please Print on Recycled Paper.