The 2019 Internal Control and Fraud Prevention Training took place on September 18 and 19 at the Ronald Reagan Building and International Trade Center in Washington, DC. Presented by the Association of Government Accountants (AGA), Fraud19 welcomed 513 in-person and 162 virtual participants for two days of keynotes, networking events, and breakout sessions. Training topics included fraud detection, data analytics, and improper payments. The panels consisted of federal, state, and local agency leaders as well as industry specialists.
AGA CEO Ann Ebberts gave welcoming remarks before the opening plenary session by Bart McDonough, cybersecurity guru and author of Cyber Smart. McDonough said we live in an unsafe cyber world, aspects of which we cannot control. The threat landscape is varied, and includes malware, social engineering (phishing and the like) and the use of trusted applications to facilitate hacks or data breaches. McDonough suggested technical and behavior changes (such as not using the same password across many sites or applications) to help protect tangible and intangible property and your identity.
Breakout sessions made up the rest of the conference and focused on topics such as influencing culture for accountability and impact, artificial intelligence for fraud and internal controls, and combating government fraud and waste with better analytics.
Below are some important takeaways from the event:
- Agencies must identify and assess their fraud risks. It’s easy to believe that fraud can’t happen in your workplace, but that’s simply not true. Understand what’s valuable in your organization and be sure to consider intangible assets – data can be monetized on the dark web. Assess fraud risks and potential schemes, including internal and external threats.
- To manage fraud risks, one must think like a fraudster – how could someone perpetrate your purchase card process? Gain access to valuable data? Compromise access controls? Answers to these types of questions can help an agency to implement appropriate preventative and detective controls.
- Know which behaviors present fraud risks and do something about them. An effective risk response doesn’t have to be overly complicated. For example, don’t use the same password for multiple systems or websites; instead, use a reputable password manager and establish unique passwords with two-factor authentication. Don’t rush to reply to a seemingly urgent email requesting important information; rather, diligently review it for suspicious references or links.
- Use automation and analytics to complement risk management processes. There are countless ways to enhance your programs through outlier detection, predictive models, and other data-driven tools. These don’t replace our jobs or judgement – instead, they augment our analysis.
- Agencies should work with each other and the Inspector General community to help prevent and detect fraud. Some processes exist in all agencies (such as procurement activities), and others cross agencies. Engagement and knowledge-sharing can drive efficiencies and more effective internal controls and fraud risk management practices.
Conferences such as Fraud19 provide an excellent opportunity for the public sector community to gather and not only learn from industry experts but also share information and experiences. Open communication helps us improve our own practices, bring back ideas for our clients, and ultimately better serve the American public.