The Pandemic Responsibility and Accountability Committee (PRAC) has released a new report for Federal and state program administrators that outlines recommendations on how to better protect government programs from fraud and abuse – including by upgrading out-of-date IT systems.
The Blueprint for Enhanced Program Integrity compiles lessons learned from reports issued by the Federal and state oversight communities between January 2020 and January 2024, as well as interviews with stakeholders.
“Given the heightened challenges posed by emergency situations, we recognize the delicate balance between swiftly providing the money and services to recipients while also taking time to prevent and deter fraud, waste, and abuse prior to releasing funds,” the report says.
“To help agencies meet these critical objectives, we have identified key recommendations related to the development, implementation, and maintenance of strong internal controls, even during crises,” it adds. “Our ultimate goal is to steer agencies away from the ‘pay and chase’ model that has led to substantial losses of taxpayer funds.”
The report features three key recommendations: prepare for the next emergency now; design and implement effective emergency relief programs; and strengthen program impact through enhanced monitoring and evaluation.
In order to prepare for the next emergency, the report recommends that program administrators “set the tone at the top.” This means that they conduct “Gold Standard Meetings” between agency and Office of Inspector General (OIG) staff, as well as mandate and track training for agency staff on preventing, identifying, and reporting fraud, waste, and abuse.
Additionally, PRAC recommends they prioritize addressing OIG and Government Accountability Office (GAO) recommendations regarding improper payments and fraud risk management.
Perhaps the most tech-heavy recommendation is to build necessary infrastructure. According to the report, this means maintaining a crisis-ready staff, enhancing information technology, and implementing a data-centric approach.
The report explains that program administrators should “replace or upgrade legacy IT systems and implement enhanced IT processes and controls.” Additionally, it calls on them to “implement cybersecurity requirements to systems and processes” and use technology “to securely collect and protect key personal identifiers and information to include social security numbers, dates of birth, IP addresses, and tax returns or tax transcripts.”
To design and implement effective emergency relief programs, the report recommends program administrators develop strong award terms and conditions, validate self-certified eligibility criteria, and distribute funding strategically.
Finally, to strengthen program impact through enhanced monitoring and evaluation, it recommends implementing risk-based monitoring; instituting key reporting requirements; and providing timely, clear, and consistent guidance.
“Guidance related to program requirements and financial reporting responsibilities should be clear and consistent to address stakeholder questions and comments. In addition, training and technical assistance should be provided to prime recipients and subrecipients on a regular and ongoing basis in multiple forums, such as listening sessions and roundtables,” the report says. “The communications should include providing real-time information about new fraud risks.”