GAO's Listing of Fraud Risk Indicators

Trial lawyers have an old saying: "You never ask a question on cross examination to which you do not know the answer to." Unlike lawyers, contract auditors, during the fieldwork phase of an audit, ask a lot of questions to which they don't know the answer. Its what auditors do and its part of gathering sufficient information to support a conclusion. However, many auditors will also sprinkle a few questions into the mix that they do know the answer to. They do this to test the veracity and forthrightness of the individual being interviewed (or questioned).

During the planning stage of any audit, auditors are required by Generally Accepted Government Auditing Standards (GAGAS) to consider fraud risk factors and if any are noted, to add specific audit procedures to address the increased risk of noncompliances or inappropriate costs charged to the Government. For DCAA (Defense Contract Audit Agency), auditors are directed to two sources of fraud risk indicators. One is the listing published by the Defense Department's Office of Inspector General (OIG) and the other is the Government Auditing Standards published by the Government Accountability Office (GAO).

We've written concerning the OIG's fraud risk indicators several times on these pages. For example, see Fraud Indicators and What are Fraud Indicators. Today we want to list out the GAO's fraud indicators. In general, the GAO's fraud indicators are more conceptual in nature while the OIG's are much more granular. The GAO would ask: "Is there something going on in the U.S. economy that threatens the company's viability? The OIG on the other hand might list out fraud risk indicators for a specific cost element, such as Consultant and Professional Service costs.

Here then are the 14 fraud risk indicators published by the GAO.

1. Economic, programmatic, or entity operating conditions threaten the entity's financial stability, viability, or budget
2. The nature of the entity's operations provide opportunities to engage in fraud.
3. Management's monitoring of compliance with policies, laws, and regulations is inadequate
4. The organizational structure is unstable or unnecessarily complex
5. Communication and/or support for ethical standards by management is lacking.
6. Management is willing to accept unusually high levels of risk in making significant decisions.
7. The entity has a history of impropriety, such as previous issues with fraud, waste, abuse, or questionable practices, or past audits or investigations with findings of questionable or criminal activity.
8. Operating policies and procedures have not been developed or are outdated.
9. Key documentation is lacking or does not exist.
10. Asset accountability or safeguarding procedures is lacking.
11. Improper payments.
12. False or misleading information.
13. A pattern of large procurements in any budget line with remaining funds at year end, in order to "use up all of the funds available".
14. Unusual patterns and trends in contracting, procurement, acquisition, and other activities of the entity or program.

There is one thing for certain that will result in increased contractor oversight; a history of proprieties. That's why risk factor No. 7 is present. There is another thing that will significantly increase an auditor's awareness; evasive answers and missing documentation. That is why risk factor No. 9 is present.