As agencies begin to send stimulus money to businesses, citizens and other organizations, the risk of waste, fraud and abuse grows with the speed needed to help Americans.
One of the big lessons from the last time agencies had to accelerate payments to tens of millions of people under the 2008 Recovery Act is oversight can’t be a casualty of the process. It has to be more like a partner in stopping crime.
Earl Devaney, the former chairman of the Recovery Accountability and Transparency Board that oversaw more than $840 billion stimulus spending following the 2008 recession, told Federal News Network that it would be “virtually impossible” to oversee which individuals receive pandemic stimulus payments, given the scope of the spending and the speed at which it’s headed out the door.
But the new Pandemic Response Accountability Committee can create broad partnerships with agencies, good government groups and average citizens to let the public know someone is watching and will aggressively prosecute waste, fraud or abuse.
Insight by MFGS, Inc.: In this exclusive Federal News Network survey, cybersecurity experts from the military services and intelligence community offer insights into how their agencies are transforming their approaches to cybersecurity to address the ever-changing threats.
Experts say for the PRAC to be successful in this mission, it should follow the Recovery Accountability and Transparency (RAT) Board’s playbook from 12 years ago.
“We didn’t want to pay and chase, but we wanted to get in front of the possible problems,” said Shawn Kingsberry, the former Recovery Accountability and Transparency Board chief information officer, and now vice president of digital transformation and consulting services at Unisys. “There is a blueprint to start with. Based on what the RAT board did to stand up the recipient reporting portal, there is an architected and documented approach. Recovery.gov used edge services and availability zones in the continental United States. We used data sources like the death master file and the System for Award Management (SAM) and others. There is a baseline to start from so they do not have to start from scratch. It will be more like an accelerator to get them going.”
The blueprint the RAT Board started with the development of Recovery.gov, built on the notion that “transparency is a force multiplier for fraud prevention,” Devaney said.
The website kept the American public in the loop on recovery spending, and included a map where people could type in their ZIP codes and see where stimulus funding was going in their communities.
“Essentially, we created a million IGs,” Devaney said. “We leveraged that website to have people go in with their ZIP codes and see things. And if it didn’t seem right to them, we provided them not only with 800-numbers but electronic ways to convey to us that, ‘Hey, I’m next door to that address of where that money went and it’s a vacant building.’ That’s the kind of thing we turned into a follow-up audit or a follow-up investigation. We essentially got the public to help us do our job.”
Meanwhile, the RAT Board pioneered the use of big-data tools that, while commonplace in most IG shops today, saw limited use more than decade ago.
“The technology that we chose to deploy was basically from the intelligence world, and some respects law enforcement. It was the same kind of technology that we were trying to find [Osama] Bin Laden with,” Devaney said. “Ten years later, that’s almost off-the-shelf software that can be deployed.”
Kingsberry said the new oversight board should take the same approach as the RAT Board — bring in the best technology that is available today, the best people from all sectors of industry and combine them to create an approach to oversight that has basically never been seen before.
“We leveraged the Environmental Protection Agency’s CDX program. We migrated to the public cloud before really anyone else was there. We, at the time, had the largest public facing SharePoint site. We leveraged beta document forms from Microsoft and worked with AWS to build out the site and data warehousing tools,” he said. “We asked how can we bring in information from every quarter in to the recovery operations center. We leveraged counterterrorism tools to find risk indicators so we can focus and get in front of the situation.”
Kingsberry added the Recovery board also hired the best people they could find, what he called “real Type A” personalities.
The need to adjust technology and processes flows down from the oversight board to the agencies too.
Tony Scardino, a former CFO at the Department of Housing and Urban Development and now a managing principal at Grant Thornton, said back in 2008, his office modified an existing methodology to do a front-end risk assessment of the programs and money.
“The approach was around for a long time at HUD where you are identifying risk areas for fraud waste and abuse. Then you would stratify the risk as low, medium or high, and come up with mitigation strategies,” he said. “Under the Recovery Act, we didn’t have time for that so we did a light version. We looked at the most important part of the effort, the funds control and expedited the process. We got it developed, approved and implemented quickly.”
Scardino said the CFO office worked with program offices to identify risks and mitigate them with an overall goal of getting money out the door.
Today, agencies are in much better shape to address potential risks. Scardino said automation, better data analytics and other tools should make this process easier and more effective.
Doug Criscitello, who followed Scardino as HUD CFO and now is a managing director at Grant Thornton, said the speed at which some agencies are moving demonstrates just how far they have come over the last 12 years.
He has been working at the Small Business Administration for the last two weeks to help them get ready to push out almost $350 billion in supplemental funding.
“It’s an unbelievable expansion of SBA,” Criscitello said. “They are using their existing network of 1,800 participating lenders around country and are opening up the program to any other FDIC lenders so there will be thousands of lenders who will be originating forgivable loans.”
He said SBA has developed regulations on the fly to implement the stimulus provisions and reduced application complexity.
“To apply regularly for a loan, it’s a very involved application like it should be,” Criscitello said. “But they have turned it into a two-page application asking questions like are you a small business? How many employees do you have? Where do you want the money sent to? There is a huge emphasis on getting money on the street, which will have profound implications after the fact.”
Scardino said another big difference today than in 2008 is Congress recognized that implementing these massive programs requires agencies to pay employees overtime, hire more employees or contractors and quickly improve systems.
He said the Recovery Act was the first massive spending bill to allocate funding for administrative costs for each agency.
“Under the Recovery Act, HUD received $63 million for administrative costs and that was a big change,” Scardino said. “Congress is using the Recovery Act as model for this portion of the spending bill now for any big relief effort.”
Former RAT Board chairman Devaney said there are plenty of lessons learned the pandemic board can follow, including pushing for bipartisan support from Congress.
Devaney said IGs will need to spend money to save money, and suggested that CIGIE give IGs the financial resources they need to conduct audit and investigations that will inevitably stem from the board’s oversight.
While most large organizations lose about 5% of their annual revenues to fraud, according to the Association of Certified Fraud Examiners, Devaney said his board was lauded as being “tremendously successful” for bringing down that fraud rate for stimulus funding down to about 1%.
Even if the pandemic board maintained that same level of fiscal oversight, a 1% fraud rate on $2 trillion still amounts to billions of dollars in fraud.
“There’s no way there will be no fraud,” Devaney said. “People should not be shocked when they learn that an IG has brought a case against somebody that tried to steal money. A certain amount of fraud is the risk of doing business now.”
Jory Heckman is a reporter at Federal News Network covering U.S. Postal Service, IRS, big data and technology issues.