
A field employee routinely expenses out more than they were charged for business travel, pocketing the difference. A procurement officer funnels business to friends and family, using shell companies and fake addresses as a cover.
There may be a dedicated department or team assigned to detect, investigate, remediate fraudulent activities like these across a public sector agency or organization. But most managers and supervisors will likely just see these instances of potential criminal activity as isolated issues because they don’t have the full picture and can’t see the patterns in the data instead it’s just an anomaly that they’ll chalk up to the cost of doing business—and not take action on them.
It’s time to look at fraud differently. What may appear isolated on the surface can introduce risk across the entire organization.
Simply put: Fraud risk is enterprise risk.
Payment errors, known in govspeak as “Improper Payments” are a critical part of that risk. In the public sector, they can result from fraud, but more often result from weak controls, duplicate payments, payments to ineligible recipients missing documentation or simple data entry mistakes. And because their volume is so high across government programs, they are not just a payment-integrity issue — they are an enterprise risk that affects operations, oversight, compliance and public trust.
Not only do the dollars lost to these individual incidents add up, but when the payment error occurs because of fraud, it not only weakens public sector institutions’ internal operations, but also damages their reputations and effectively reduces their ability to achieve their missions. Here’s how.
Let’s face it; fighting crime is a time- and labor-intensive affair. Agency fraud teams must constantly scan operations for anomalies, collect evidence on red flags, prepare reports for auditors and leadership — all while keeping up with evolving regulations and capturing lessons learned to improve operations.
If the fraud team is doing this work by hand via disparate spreadsheets and systems, it becomes even more cumbersome and costly. One government IT leader told us that their department manually reviewed over 20,000 transactions each month, consuming valuable staff time.
But with that level of volume, manual reviewers are often limited to cursory checks for the most basic errors. They may be able to flag an incomplete field or an obvious duplicate, but they rarely have the time or visibility to analyze behavioral patterns, compare activity across programs, or trace anomalies back to their source. That makes it far harder to pinpoint fraud, because the indicators that matter most are often found in relationships, trends, and outliers — not in a single transaction viewed in isolation.
Fraud does not only create financial loss; it can also make it harder for legitimate beneficiaries, providers, vendors and grant recipients to receive the services and payments they are entitled to. As fraud risk increases, agencies often respond by adding more controls, documentation requirements, manual reviews and approval steps. While these safeguards are necessary, they can also introduce friction into the process, especially when detection methods are imprecise or heavily manual.
In fraud detection, false positives come with the territory. A claim, payment or application may be flagged because it resembles a known risk pattern, contains incomplete information or triggers a basic control rule — even when the underlying activity is legitimate. When that happens, eligible recipients may be asked to provide additional documentation, wait through extended review periods or navigate appeals before receiving benefits, services or payments.
Those delays create a secondary burden for the agency. Staff must spend time researching exceptions, responding to complaints, resolving appeals and explaining decisions to frustrated constituents or stakeholders. When these grievances become public, they can quickly damage trust in the institution.
In effect, weak fraud detection creates a lose-lose outcome: fraudulent activity still slips through, while legitimate participants experience more delays, more scrutiny and less confidence in the program.
Taxpayers, benefits recipients and other stakeholders expect public sector institutions to run like well-oiled machines, with funds going to the right place at the right time, for the intended services and in the correct amounts.
Reports of fraud confound these expectations — and even isolated incidents can create an outsized perception that controls are weak, oversight is inconsistent or public funds are not being protected.
That perception matters. When constituents believe fraud is widespread or easily exploited, confidence in the program begins to deteriorate. Taxpayers may question whether their money is being used responsibly. Legitimate beneficiaries may wonder whether delays, documentation requests or denials are the result of poor administration. Vendors and partners may lose confidence in the fairness and predictability of the process.
“Every dollar loss undermines confidence,” Tiffany Robinson said during a webinar with FedInsider about her experiences as national identity theft coordination with IRS Criminal Investigations.
This wasn’t the only hindrance Robinson brought up.
“People are less likely to follow regulations if they believe others are exploiting loopholes,” she said, adding that such vulnerabilities extend to internal operations as well. “Improper payments create inconsistencies in enforcement, which makes it harder for agencies to maintain uniform standards.”
In other words, fraud does not just damage trust after the fact; it can weaken compliance going forward. When people believe the system is being gamed, they may be less willing to follow rules, more likely to challenge enforcement decisions and more skeptical of agency actions. For public sector institutions, that creates a compounding risk: fraud losses rise, administrative burdens increase and the legitimacy of the program itself comes under greater scrutiny.
“Improper payments create inconsistencies in enforcement, which makes it harder for agencies to maintain uniform standards.” - Tiffany Robinson, National Identity Theft Coordination, IRS Criminal Investigations.
Fraud does not only create financial loss; it can also expose public sector organizations to heightened oversight, audit findings, funding restrictions, claw-backs and reputational damage. Agencies and institutions that administer public funds are expected to demonstrate that they have effective controls in place to prevent, detect and respond to fraud, waste, abuse and improper payments.
For federal agencies — and for state, local, higher education and nonprofit organizations that administer federal funds — those expectations are reinforced through a growing set of requirements and oversight mechanisms. These include OMB A-123 for internal controls, Uniform Guidance, audit readiness expectations, payment integrity requirements, and program-specific grant or funding rules. In higher education, boards, accreditors and oversight bodies are also asking tougher questions about fraud risk alongside AI, cyber, accessibility, research compliance and reputational risk.
The issue is no longer whether an organization can produce documentation after the fact. Leaders increasingly need to show that they have visibility into risk across programs, systems and funding streams; that controls are operating effectively; and that exceptions are being identified and resolved in a timely way.
That is why many public sector organizations are moving toward continuous monitoring, automated detection and stronger analytics — not simply to satisfy compliance requirements, but to protect funding, preserve trust and demonstrate responsible stewardship of public resources.
Which leads to our final, and most powerful, connection between individual fraud cases and enterprise risk.
Which leads to the final — and most powerful — connection between individual fraud cases and enterprise risk: weak fraud detection does not stay confined to the fraud team.
Intentional deception, such as fake claims, stolen identities, inflated invoices or fictitious vendors, represents only one-way public-sector institutions lose money. Innocent errors, control gaps, outdated processes and program mismanagement can also add up to billions in waste each year. These issues are not the same, but they often expose the same underlying weaknesses: limited visibility into transactions, fragmented evidence, inconsistent controls, manual exception handling and delayed remediation.
When fraud detection is weak, those weaknesses ripple across the enterprise. Internal control teams have less confidence that controls are operating as intended. Program leaders lack timely insight into where losses, exceptions or abuse may be occurring. Audit teams spend more time gathering evidence after the fact. Risk leaders struggle to connect transaction-level issues to broader operational, financial, reputational and compliance risks.
That is why fraud detection should not be treated as a standalone compliance activity or a narrow investigative function. The same capabilities that help identify suspicious activity — continuous monitoring, automated testing, analytics-driven exception detection, cross-system evidence collection and documented remediation workflows — also strengthen payment integrity, audit readiness, service delivery, oversight reporting and enterprise risk management.
In that sense, stronger fraud detection becomes part of the foundation for a more mature risk program. It gives public sector organizations a clearer view of where controls are failing, where resources are being misdirected and where emerging risks require management attention. Without that visibility, agencies are left reacting to isolated cases after damage has already occurred. With it, they are better positioned to prevent losses, protect legitimate beneficiaries, preserve public trust and demonstrate responsible stewardship of public funds.
You can see such an approach in action at the Oregon Secretary of State, specifically how its Audit Division uses Diligent’s ACL Analytics solution to assess fraud risk and the effectiveness of its fraud detection and prevention controls.
“It’s a great tool for managing things. It’s a great tool for strategic planning, for analyzing data,” said a key official that leads fraud analysis for the state. “You can spend an hour or two and find literally millions of dollars in a large state program of waste, fraud and inefficiencies.”
The takeaway for your organization: strong fraud detection contributes to strong overall audit management. What’s more, if you’re moving fraud management forward with AI, automation and advanced analytics, you can scale this infrastructure across the enterprise into IT security, third-party security and more.
Diligent's ACL Analytics empowers public sector audit, risk, and compliance teams to automate testing, analyze 100% of their data and detect issues before they become costly problems, with advanced and no coding options. Its three-step process enables you to:
Recurring analytics, control checks and quick anomaly detection reduce manual labor and errors while guided workflows connect power users and newcomers alike. Throughout, every prompt, test and result is logged for auditability and compliance.
See Diligent’s fraud-strengthening power in action. Schedule a demo today.