News | Sept. 2, 2021

New strategy will refine agency’s management of enterprise risks, fraud mitigation

By Beth Reece

A new Fraud Risk Management Strategy outlines the Defense Logistics Agency’s roadmap in continued efforts to identify areas with the most risk for fraud, waste and abuse so resources can be appropriately dedicated toward mitigation. 

The five-year plan is an agency-wide approach for assessing, monitoring and combatting risk. It mirrors guidance published by the Office of the Secretary of Defense Comptroller in July 2020 and embraces mandates of the Office of Management and Budget Circular A-123, which emphasizes the inclusion of risk management and internal controls in business practices as an essential part of managing federal agencies. 

Common programs like payroll and government purchase cards are universally regarded as having risk, and DLA also faces potential fraud simply by managing multiple supply chains, said the agency’s new chief risk officer, Ron Black.

“Avoiding acquisition fraud is one of our biggest efforts in risk management throughout DLA. Folks sometimes think of fraud as after-the-fact, saying it’s something we catch in an audit, but much of our Strategic Plan is actually informed by fraud risks,” he said. 

The new strategy is expected to help create a more cohesive plan for addressing agency-wide risks and involves process owners at the major subordinate commands and a DLA Headquarters team established in July 2019 to integrate risk management and internal controls across the enterprise.  

Initial fraud assessments have been done to identify risks, and the next step is prioritizing them to streamline limited resources, RM Branch Chief Eric Gabris said. That includes weighing the likelihood of fraud, waste and abuse against the potential impact. Government travel card risk may be high, for example, but contract fraud could cost thousands or millions of dollars more. 

“It’s really important to recognize that we don’t want to see fraud in either area,” he said. “If we’re investing in analytical tools to address risks and only have money for one of them, however, we need to know what to focus on first.”

The strategy also includes formalizing who’s responsible for monitoring various risks and the use of automated tools like those that enable users to create alerts for transactions over certain dollar amounts, for certain commodities or services, or outside a geographic location. 

“Those same tools are available to us in government work, but we haven’t determined who those alerts should go to for which areas,” Gabris said. 

OSD has already created an analytics tool for payroll that allows agencies to create tolerance thresholds that trigger an alert when an employee’s timesheet falls outside normal realms.

“We don’t have the resources to individually audit timesheets for 27,000 employees, and with no tolerance for fraud, this tool is designed to identify possible fraudulent transactions for further analysis as we need to focus on the real abnormalities,” Gabris added. 

Such automated tools will let DLA focus on risks that could have more severe impacts, like those surrounding contracts for disaster relief or contingency operations. Meeting emergency needs often entails compressed timeframes and out-of-the-box solutions that Black said raise risks for acquisition fraud among high-dollar contracts. 

DLA employees have practiced risk management and internal controls for years, but revisions in 2016 of OMB Circular A-123 mandated that agencies like DLA establish formal enterprise risk management programs.

“A lot of this has been around for a long time but called different things like stewardship or risk awareness, and we already have many controls in place to verify that people are following policies,” Gabris said, adding that the new strategy will lead to more comprehensive oversight and is approved by DLA leaders. 

“Leadership takes this seriously,” he continued. “There’s truly no tolerance for fraudulent activity at this agency.”