The GAO’s Investigative-Forensics Team: A Watchdog with Sharper Teeth Than Most

Topics: Artificial Intelligence, Cybersecurity, Data Analytics, Efficiency, Government, Government Accountability Office, Government Fraud, Government Regulation, Leadership, Risk Management


In the federal government’s ongoing effort to combat fraud, waste, and abuse, few agencies have more powerful tools at their disposal than the Government Accountability Office’s (GAO’s) Forensic Audits and Investigative Service (FAIS).

The FAIS is an elite team of auditors and investigators whose primary responsibility is investigating federal agencies to identify troublesome indicators, and it also took the lead in writing the GAO’s landmark report, A Framework for Managing Fraud Risks in Federal Programs. That report, which advises federal program managers how to best manage fraud risks, was codified into law by the Fraud Reduction and Data Analytics Act of 2015.

But where other teams are limited to conventional auditing practices, the FAIS uses a much more creative and pro-active approach to fraud-fighting and is allowed by law and professional standards to do things other teams in the GAO can’t.

Investigating Government Systems

For example, unlike the GAO’s 14 other teams, the FAIS has a squad of specially-trained criminal investigators that it deploys to uncover vulnerabilities and failures in the government’s systems and to identify potential indicators of fraud.

“Having investigators is really powerful, because investigators can do things that auditors can’t,” says Johana Ayers, managing director of the FAIS. “For example, when we audit an agency, we have to be honest and up-front about who we are and why we are there. But a criminal investigator doesn’t. Auditors can go in and point out that there are things on paper that look like potential weaknesses or vulnerabilities. But investigators can go in and actually test the processes.”

Part of this testing amounts to setting up sting operations against the government in order to expose cracks in the system. For example, to test the efficacy of the application process for the Affordable Care Act, FAIS investigators submitted applications that should never have gotten through the program but were still approved. To test the physical security of the National Institute of Standards and Technology (NIST), investigators went to the NIST’s campuses in Maryland and Colorado, where they were able to penetrate secure areas that they shouldn’t have been able to access. The FAIS operations also show when processes work as intended. For example, investigators once created a fake university to test the approval process for the Department of Homeland Security’s (DHS’s) student-visa program, but the DHS caught it.

“Our investigators combine their work with auditors to look at what is supposed to be happening, and to test agency systems for vulnerabilities,” Ayers explains. “Through that process we also identify potential cases of fraud or other wrongdoing and refer them to appropriate law-enforcement authorities.”

Better Data Analysis

Another tool set available to the FAIS is more expansive data-analytics capabilities. “There are other teams in GAO that do data analytics,” says Ayers, “but we in FAIS use data analytics specifically to identify potential fraud cases through data-mining and data-matching.”

For example, a comparison of Medicaid providers and data from the U.S. Postal Service (USPS) revealed thousands of providers who did not have valid addresses recognized by the USPS. In one instance, a provider’s reported address was actually a fast-food franchise. “We don’t know if these providers were committing fraud,” says Ayers, “but there certainly were indicators of fraud.”

In the future, Ayers and her team will be working closely with the GAO’s new Science, Technology, Analytics and Assessment team to develop new auditing and investigative practices leveraging advances in machine learning and artificial intelligence.

FraudNet & Whistleblowers

The FAIS is also responsible for operating FraudNet, one of the federal government’s oldest whistleblower hotlines. According to Ayers, FraudNet and FAIS investigators work directly with whistleblowers to assess the credibility of allegations and provide individuals with the anonymity and protections to which they are legally entitled.

Indeed, of all the challenges the FAIS faces, protecting whistleblowers — along with the entire idea of whistleblowing — is one of the most important, says Ayers. “When we talk about fraud, it’s very hard to convince federal agencies that finding fraud is a good thing, because fraud is occurring whether we find it or not,” she adds. “We should be celebrating in some way those agencies and individuals that are actively pursuing and identifying fraud and taking corrective action to address it.”

In the course of congressional oversight, when agencies report fraud or improper payments, often their processes are called into question. Consequently, Ayers says, federal agencies will sometimes go to great lengths to avoid using the word “fraud” in order to avoid or minimize scrutiny. From where she sits, however, agencies that report little or no improper payments — which includes those resulting from fraud — also raise questions. “Why don’t they have any improper payments?” she wonders. “Is it because they aren’t looking?”

Demonizing whistleblowers and punishing agencies for responsibly and pro-actively catching and reporting improper activity is counter-productive, insists Ayers. “There is a perverse set of incentives there, and in the fight against fraud, it’s one of our biggest obstacles.”