gao's forensic audits and investigative service team: tools and methods to identify fraud,...
TRANSCRIPT
GAO's Forensic Audits and Investigative Service Team: Tools and Methods to
Identify Fraud, Waste and Abuse
National State Auditors Association Annual Conference
June 15, 2011
Gregory D. Kutz, Director
2
Discussion Agenda
FAIS Background
FAIS Methodology
Case Study Discussion
Questions
3
FAIS BackgroundWho We Are
The Government Accountability Office (GAO) is a federal agency that reports to Congress and the American people.
Over time, GAO found that its ability to investigate fraud was enhanced when auditors/analysts worked closely with criminal investigators: Auditors/analysts benefit from law enforcement
background of criminal investigators Criminal investigators benefit from analytical and
database experience of auditors/analysts
Combining disciplines improved GAO’s ability to deliver high-impact reports and testimonies to Congress.
4
FAIS BackgroundWho We Are
The Forensic Audits and Investigative Service (FAIS) team brings GAO’s related anti-fraud and other investigative activities together in one organization.
In addition to analysts, forensic auditors, and criminal investigators, FAIS staffing includes:
• data mining and systems integration experts,
• fraud hotline analysts, and
• quality control staff such as communications analysts.
All permanent FAIS staff are Certified Fraud Examiners (CFE).
5
FAIS BackgroundWhat We Do
FAIS work addresses• fiscal challenges facing our nation,• organizational and individual ethics, • stewardship over government resources, and• control environment at federal agencies.
FAIS work comes from a variety of sources• congressional requests,• Comptroller General Authority (self-initiated), and• hotline tips.
6
FAIS BackgroundWhat We Do
FAIS has governmentwide jurisdiction and has access to most government data including tax records, SSA data, and grants and disbursement data, including Medicare/Medicaid data.
FAIS has access to law enforcement tools such as the National Criminal Information Center (NCIC), Financial Crimes Enforcement Network (FINCEN), and Lexis-Nexis law enforcement.
FAIS also manages FraudNet, the governmentwide hotline to report fraud, waste, and abuse.
FAIS has offices in Washington, D.C., and Dallas, Texas.
7
FAIS MethodologyOverview FAIS’s forensic audits attempt to identify the reason why
fraud or abuse has occurred. Where possible, we estimate the magnitude of the problem.
Investigations are more limited in scope and provide the facts and details that substantiate fraud or demonstrate a vulnerability.
FAIS’s best antifraud work leverages both forensic audit and investigative approaches to deliver a powerful message about broken controls.
8
FAIS MethodologyTechniques and Tools
Audit steps• Data matching
• Data mining
• Statistical sampling
• Internal controls evaluation
Investigative steps• Proactive testing
• Social engineering
• Coordination with IGs or other law enforcement agencies
• NCIC, FINCEN, Lexis Nexis law enforcement
Combined forensic audit and investigation• Concludes on broken controls
• Substantiates specific fraud cases and/or provides first-hand evidence of fraud
• Where possible identifies magnitude
Integration
9
FAIS MethodologyData Matching Data matching involves comparing two discreet data sets to
identify questionable overlaps.
Governmentwide access to federal databases allows FAIS to perform matching on data sets that other federal agencies do not have the authority to perform.
This is an audit step that reveals fraud indicators that require further investigation, for example: Commercial drivers also on 100 percent disability Prisoners who also received disaster assistance ARRA Recipients with unpaid federal taxes
10
FAIS MethodologyData Mining Data mining is an effective way to develop fraud targets for
further investigation.
FAIS mines databases for Specific types of transactions Patterns within the data Outliers (e.g., doctor shopping for controlled substances)
Based on interviews of targets, gather additional intelligence to refine data mining (“James Fine Dining” example).
11
FAIS MethodologyProactive Testing FAIS also has the authority to perform proactive testing of
programs or processes to identify vulnerabilities.
Proactive tests performed by criminal investigators as “red team” exercises (e.g. no agency notification).
Tests allow FAIS to gather first-hand knowledge of control breakdowns and vulnerabilities in a realistic setting, rather than rely on the representations of the tested entity.
Analyst/auditors help interpret the results of the tests in a broader context and provide planning input.
12
FAIS MethodologyCase Studies Case studies help illustrate the details and impact of fraud in
concrete terms to Congress and taxpayers.
Criminal investigators are critical to developing cases: Access to law enforcement databases and resources Professional interviewing skills Contacts in other federal agencies and IGs.
FAIS frequently refers case studies to the appropriate law enforcement agency or other entity for further investigation.
13
FAIS MethodologyStandards
• Forensic audits are performance audits conducted in accordance with generally accepted governmental auditing standards
• Certain elements of work in FAIS are done under the Council of Inspectors General for Integrity and Efficiency (CIGIE) Investigative standards
• E.g., field investigations of cases of procurement fraud
14
Questions?
Any questions prior to moving on to case study discussion?
15
FAIS Case Study #1Passport Fraud
Undercover tests to obtain genuine U.S. passports using counterfeit or fraudulently obtained documents Used commercial, off-the-shelf hardware and software to
create counterfeit birth certificates and driver’s licenses Applied in person at U.S. Postal Service facilities and, in
one case, a Department of State office Used identities (names and SSNs) that would simulate
identity theft
16
FAIS Case Study #1Passport Fraud
Findings: Neither the U.S. Postal Service nor the Department of
State detected counterfeit documents All four applications were successful, including:
• Passport issued to a man who died in 1965
• Passport issued to a 53-year-old applicant using the name and SSN of a 5-year-old child
All passports issued to the same criminal investigator State and the FBI have identified fugitives, sex offenders,
and delinquent taxpayers who used identity theft to obtain genuine U.S. passports
17
FAIS Case Study #1Passport Fraud – Counterfeit Driver’s License
18
FAIS Case Study #1Passport Fraud – Genuine U.S. Passports
19
FAIS Case Study #2Medicaid Controlled Substance Fraud and Abuse
GAO found tens of thousands of Medicaid beneficiaries and providers involved in potentially fraudulent and abusive purchases of controlled substances in FY 2006 and 2007 Doctor Shopping - about 65,000 Medicaid beneficiaries in five
states acquired the same type of controlled substance from six or more doctors at a cost of $63 million.
Although some beneficiaries justifiably received this medication, others obtained these drugs to support their addictions or sell on the street.
20
FAIS Case Study #2Medicaid Controlled Substance Fraud and Abuse
Other Findings: $2 million in controlled substance prescriptions were written or filled by
medical practitioners and pharmacies barred or excluded from federal healthcare programs for such offenses as illegally selling controlled substances.
Our analysis also found that controlled substance prescription claims to over 1,800 beneficiaries were filled after they died at a cost of $200,000.
In addition, our analysis also found that Medicaid paid about $500,000 in Medicaid claims based on controlled substance prescriptions “written” by over 1,200 doctors after they died.
21
FAIS Case Study #2Medicaid Controlled Substance Fraud and Abuse
States are primarily responsible for the fight against Medicaid fraud. The five selected states we examined, however, did not have a comprehensive framework to prevent fraud and abuse of controlled substances.
The Centers for Medicare and Medicaid Services is responsible for overseeing state fraud and abuse control activities but has provided limited guidance related to controlled substances.
23
24
25
FAIS Case Study #3: Head StartFraud and Abuse at Selected Centers
Received hotline allegations involving two nonprofit grantees Manipulating recorded income to qualify higher income
applicants Encouraging families to report that they were homeless
when they were not Enrolling more than 10 percent of over-income children Counting children as enrolled in more than one center at
a time
26
FAIS Case Study #3: Head StartFraud and Abuse at Selected Centers
Realizing such schemes could be widespread, we Developed 15 undercover test scenarios at centers in 6
states and the District of Columbia Attempted to register fictitious children using bogus
documents Interviewed families on wait lists to document cases of
potentially eligible children not receiving services due to others’ fraudulent activity
27
FAIS Case Study #3: Head StartFraud and Abuse at Selected Centers
For 8 of 15 proactive tests, staff at Centers fraudulently misrepresented information to register over-income children into under-income slots
These tests were done in 6 states and D.C.
None of information provided was verified leaving program vulnerable to falsified earnings statements and other documents
28
29
30
FAIS Case Study #3: Head StartFraud and Abuse at Selected Centers
506 of the 550 Head Start centers contacted had wait lists 2 centers where we enrolled fictitious children later
became full and developed wait lists after the fictitious children had been withdrawn
Many families stated that their incomes were at or below the federal poverty level
Some families stated they had experienced domestic violence, or were receiving some type of public assistance, a group automatically eligible for Head Start
31
FAIS Case Study #4: ARRA Recipients With Unpaid Federal Taxes
• To determine the magnitude of known federal tax debt owed by Recovery Act contract and grant recipients
• Matched contract and grant recipients from www.recovery.gov to IRS Unpaid tax assessments @ September 30, 2009
• Developed examples of entities with unpaid federal taxes that benefited from Recovery Act contracts and grants through July 2010 reporting• Focused on 15 cases of entities with substantial
unpaid payroll taxes
32
FAIS Case Study #4: ARRA Recipients With Unpaid Federal Taxes
• At least 3,700 Recovery Act contract and grant recipients (including prime recipients, subrecipients, and vendors) with $750 million of unpaid federal taxes
• These entities received $24 billion of Recovery Act funds through July of 2010
• Represents about 6% of the 63,000 Recipients with taxpayer identification numbers that we could derive
• Understated for • 17,000 Recipients with no TIN• Underreporting of income• Non-filing of required tax returns
33
FAIS Case Study #4: ARRA Recipients With Unpaid Federal Taxes
• 15 cases included• Construction• Engineering• Security• Health Care
• IRS had taken collection or enforcement action for all 15 cases
• For 13 IRS had filed federal tax liens• For 12 IRS had assessed Trust Fund Recovery Penalties
against owners and officers
34
FAIS Case Study #4: ARRA Recipients With Unpaid Federal Taxes
• For 15 Cases• Over half had reported state and local tax liens• Several defaulted on installment agreements• Several failed to file required tax returns • Several cited for Federal Labor Law Violations• Several owners and officers received substantial salaries
and company loans• Several owners had hundreds of thousands of dollars
each in gambling transactions• Several entities received millions of additional federal
dollars of non-Recovery Act contracts
35
FAIS Case Study #4: ARRA Recipients With Unpaid Federal Taxes
• Potential Solutions• Further controls to prevent entities with significant unpaid
federal taxes from receiving new awards• Additional sharing of IRS information for limited purposes• Steps to address sub-recipients with unpaid federal taxes• Enhancements in Federal Payment Levy Program
36
Summary of Key Points
There are significant benefits to establishing and maintaining an integrated team of auditors, analysts, and investigators.
Data mining and matching are effective tools to help identify fraud and abuse.
Developing actual cases of fraud and abuse helps show the actual effect of ineffective controls.
It is important to perform internal controls work and develop practical solutions to minimize fraud, waste and abuse.
Questions