An Oracle White Paper June 2011 Tackling Fraud and Error 1
Executive Overview Fraud and error has been estimated to cost the public finances approximately 17.6bn in 2010 alone 1. Getting to the root cause of the problem can only be enabled by the analysis of data; data that is accurate, complete, reliable, and can be effectively processed and acted upon quickly. Historically it has been prohibitively costly and time intensive to analyse the vast amount of data generated in the public sector, but to tackle this growing challenge government must act quickly. With the public finances in a state of disarray, time is critical. Unlike controversial public spending cuts, all sides of the political spectrum agree that eradicating, or at the very least minimising, fraud and error is now a national imperative. Information Communications Technology (ICT) has a significant role in furthering the change of policy from "pay now, check later" to "check now, pay later". The government anti fraud strategy aims to be a multi pronged effort to prevent, detect, correct, punish and deter. 1 National Fraud Authority Annual Fraud Indicator January 2010 & HMRC/DWP - Tackling fraud and error in the benefit and tax credits systems, October 2010 2
At a time when we are having to take difficult decisions about how to cut back expenditure without damaging the things that matter the most, it is simply not acceptable for us to waste money either through error in the welfare system or by allowing people to get away with deliberately defrauding the taxpayer. Lord Freud, Minister for Welfare Reform Prevent, Detect, Correct Centralising data in order to tackle fraud and errors is most effective only if that data can be appropriately processed. Changing the way data is stored to provide a single record of truth about each citizen, which is both complete and accurate, as opposed to the current environment where multiple silos of information exist about an entity is an essential first step. Whilst much of the focus will inevitably be placed on detecting fraud (indeed a network of counter fraud champions is being created within all public bodies), customer input errors attributes 1.5bn in tax credit overpayments, and 1.1bn in benefits overpayments. Centralising information allows for greater levels of cross-checking in order to target at least some of these input errors. Oracle Master Data Management (MDM) and Oracle Data Quality and Profiling are tools specifically designed for exactly this task, cleansing and rationalising data from multiple sources, including 3rd parties, to provide a single point from which all of the information about an entity can be accessed in a timely and accurate manner. This accuracy is essential to ensure that mistakes are both detected and also prevented by performing crossdepartmental checking. Oracle Exadata provides a platform from which the volumes of data created by the public sector, which are required for accurate and complete fraud detection, can be processed. With these big data processing capabilities available in real-time, it is possible for government to bring to bear the same rigourous practices that are used in the private sector to detect fraud and errors, something that is a stated objective highlighted in the Tackling fraud and error in the benefit and tax credits systems white paper produced jointly by HMRC and DWP 2. Methodologies that are familiar from the private sector, such as Know Your Customer (KYC) can be enabled with these technologies, allowing for multiple data entries that may correspond to the same entity are highlighted. This ensures that issues such as duplication are eliminated and that errors and inconsistencies in the view government holds of the citizen are driven out. Oracle Data Mining is one such enabler, which can expose the underlying patterns and trends within the data, identifying statistical anomalies within large volumes of data. 2 Tackling fraud and error in the benefit and tax credits systems, Oct 2010, HMRC and DWP 3
Detected internal fraud within government was estimated to have cost 4.2m in 2008 3, and is something that is highly likely to affect most departments. Many of the internal issues are caused by individuals with inappropriate, or toxic, combinations of privileges on the ICT systems they access; the ability to create, and subsequently approve, purchase orders may exist for example. More often it is aggregation fraud that arises, in which an individual has, for example, the ability to authorise payments up to 500, anything beyond this limit requires additional sign off. Aggregation fraud occurs when the individual submits multiple payments below their threshold to get around their sign-off limit, and is traditionally extremely hard to detect. Oracle technologies such as Oracle Identity Analytics, Oracle GRC Controls, and Oracle Audit Vault can both mitigate these risks, by eliminating inappropriate levels of privilege, as well as perform historical data analysis to identify potential fraudulent issues, opening up the potential for recovery of the revenues through the courts. Punish and Deter ICT cannot in itself provide punishment and deterrents; it can however provide the supporting framework to assist with these. In the case of fraud and error, as is true with security, prevention is almost always better than remediation, and exponentially less costly. If government can deter potential fraud before it occurs, the costs savings become obvious. Even where fraud and error is detected large costs are associated, including: Investigative costs, Human Resources costs; lost productivity; legal costs; and all with no guarantee of full recovery of monies through the courts. Therefore high visibility, and targeting, deterrence is highlighted in the HMRC and DWP white paper 2 as another key component in reducing fraud within the UK public sector. With the inevitable pressures on public finances, this deterrence should be targeted on those areas of the highest return. Oracle Data Mining combined with Oracle Business Intelligence allow for identification of high value areas based on historical, and as importantly emerging trends, allowing the share of the public purse spent on deterrence to be most effectively used. Any fraud or error detected by an improved ICT infrastructure will ultimately be passed to the most appropriate enforcement authority, and be required for any legal challenges. Therefore IT should support this in the most cost effective and sustainable manner, providing rapid access to data in a form that is both usable and up to date. Oracle Business Intelligence Publisher can provide a method for rapid, easy publishing of information and facilitate the hand over of 3 Fraud Report 2007-08: an analysis of reported fraud in government departments 4
information to the authorities. Oracle Content and Records Management solutions provide a unified, paper free and secure mechanism for storage and dissemination of documents and content. By reducing the paper based interaction, government can drive additional time and resource efficiency. Conclusion Fraud and error costs the public finances an unacceptable amount, and unless action is taken this figure can only grow. Government efforts to tackle fraud and error need to focus on a consistent view of the citizen with greater cross-checking of data from multiple departments and sources. Through real-time, complete and accurate data integration and analysis, Oracle allows for government to move fraud and error detection from the realms of reactive checking into to something that is part of each and every process flow within the government. 5
Tackling Fraud and Error June 2011 Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright 2011, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 1010