This episode of the Leading with Purpose podcast explores how public sector audit and finance leaders can move beyond manual sampling and spreadsheets to address fraud, waste and abuse as an enterprise risk. Former government auditors Jason Venner and Katja Freeman explain why the issue has intensified in recent years, how standards now emphasize technology, and what’s at stake for mission outcomes and public trust. They outline what a modern, technology-enabled audit function looks like, from population-level analytics to dynamic risk assessment and integrated platforms that connect audit, risk, finance and compliance. You’ll hear practical ideas for where to start, how to prove ROI quickly, and how better data and collaboration can reduce audit fatigue while strengthening governance and accountability. If you find this conversation useful, please rate and review the podcast to help more public sector leaders discover these insights. Further resources: Download a free guide on combating waste in the public sector.
Jill Holtz: Welcome to the Leading with Purpose podcast, where we share practical advice to help mission-driven organisations strengthen governance and lead with confidence. I'm your host, Jill Holtz from Diligent. Today, I'm joined by two experts who have experience on public sector audit and finance teams, as I wanted to talk to them about how to tackle fraud, waste and abuse using technology.
So, you're very welcome, Jason Benner and Katja Freeman. You're both former practitioners who join me from Diligent. You've both worked with public sector organisations to help them identify and use audit and risk solutions.
So, firstly, welcome, Jason.
Jason Venner: Thanks very much, Jill. It's great to be here.
Jill Holtz: And so nice to have you join us too Katja.
Katja Freeman: Hi, Jill. So good to be here.
Jill Holtz: So, I've invited you both to talk to me today about how organizations can move beyond traditional audit approaches and use smarter technology approaches to combat fraud, waste and abuse. I'd love to explore what's changing, what's working and what leaders should prioritise as well. Jason, to kick us off, why is fraud, waste and abuse such a critical issue for public sector organizations today? What's changed in recent years?
Jason Venner: Jill, I think that's an important question. And so, from our perspective, fraud risk is an enterprise risk, right? If you're bleeding money or haemorrhaging money, it can significantly limit how well you can achieve your mission outcomes.
Whatever programme you're looking to further or whatever activities you're looking to advance, whatever public good you're looking to provide across any agency, it's really important that you have all the funds allocated to you by, in my case, customers I work with by the US Congress to execute that mission. No one says, hey, we're giving you $100 million, but we really only expect $80 million of it to go towards the programme, right? Because then you're going to waste the other whatever fraction of it or percentage of it is.
The other thing that's been hugely significant in the last couple of years is that the tone at the top of the US federal government has fundamentally shifted. There was always an emphasis on fraud, waste and abuse and payment errors, which is in the federal government, not necessarily in state governments, but the federal government is called improper payments. But for all intents and purposes, it's just an error in the payment.
And when the current administration came in, they really emphasised in a number of executive orders and then following more recently into some law and regulations to focus on reducing or eliminating fraud. And you really see that shift. There are a number of task forces that have been set up recently to further that and so on.
So that tone at the top, which is essential to furthering any control environment, has changed significantly.
Jill Holtz: So it's really brought it to the fore. So Katja, from your perspective for state organizations or maybe a higher education organisation, what's at stake for them and for audit and finance leaders in those organizations if those issues go undetected?
Katja Freeman: So first of all, I'm very glad that Jason brought up that this has been always the bread and butter of what auditors do anyway, fraud, waste and abuse. This is not a new concept.
However, this is a concept that is now more in the spotlight. And I think the pandemic really brought that forward, that added interest in how is our money spent. There have been instances where we all heard about the fraud that had happened, whether it's in unemployment or in PPE was given to people, to agencies, that type of thing.
And it was highly publicised. That added lens that was put on what's happening has really brought it in the forefront. But again, this is not something that auditors didn't do before.
What happened back then is that money had to be spent very quickly. And while money is spent quickly, mistakes can happen. And that is something that always that is actually something that's a lesson learned. Right.
That is what people can learn from that is if you have a large amount of money and it's spent fast, then errors can happen. So as a result to that, the standards were actually updated, whether it's the GAO standard, GAGAS, right, or the IAPPF standards.
They all now talk about how there needs to be a greater emphasis on the use of technology because it does make it easier to find problems. And then also spending more time on internal controls, testing, fraud, waste and abuse, it's all baked in more. And because it's more baked in, people are thinking more of that now in the profession, the auditors and the financial business organizations. Right.
And so what's really at stake, whether it's the federal government, state, local, higher ed, is the public trust. Because at the end of the day, what we, I say we, right, I'm not working for the government anymore, but what government auditors and financial analysts want to do is to protect and be good stewards of public funds.
And in order to do that and provide services to those who actually need them, whether it's a school, a road that needs to be maintained or a service that is really necessary, you want to have that funding and show that it was used for the right purposes. So to me, that is the, you know, that's why you want to do a good job.
Jill Holtz: That's what's really at stake, that public trust ultimately. So let's talk about the limits of traditional approaches. Jason, what do you typically see in organizations still relying on manual audit, sampling, the spreadsheet approach?
Jason Venner: What we see when we talk to those folks is a lot of well-meaning people who really want to, you know, do the right thing, but don't have the tools available to them to do it in an efficient manner. So, you know, there may be a program that someone's working in that has thousands or tens of thousands of transactions, and they're just scratching the surface by taking a sample and they get maybe in a sample size of 60 transactions. That's the sample size back when I was an auditor that we used to use that was generally statistically significant for any population or significant enough.
And you get like a couple errors in that and you're like, OK, well, it just I have a couple errors out of 60. So what's the big deal? Right.
And so, you know, you don't quite get the full picture of how significant those errors might be. Or if you could look at the entire population of data, you could see start seeing patterns and saying, hmm, this looks kind of odd that to these recipients, they're getting $25 even every month. Right.
That's not exactly how payments work. And whatever that, you know, that's just an example, whatever the case may be, you just can't see it. And so a lot of people just say, oh, yeah, we look at it and we had a couple errors and, you know, we tighten the control a little bit and we moved on.
But you really don't get a sense of what the underlying issue might be, whether it's just an internal control weakness or it's a legitimate clerical error of some sort or someone is abusing the system or doing something that's actually criminal.
Jill Holtz: And then Katja, in your experience, why are these approaches no longer sufficient?
Katja Freeman: Well, before I get into that, is it OK if I comment on what Jason just said? Because what I'm seeing working with clients across the entire United States and in different segments and markets, right, is that there's a disconnect. So there's on one side that scrutiny on fraud, waste and abuse that we all hear about all the time.
And then we talk to the people who are actually supposed to do that type of work. And then there's that oxymoron, right, Jason, that you just described the tools versus the savings and not having any budget. And also this, oh, we don't I mean, luckily, I don't hear this anymore as much.
But when I first started with Diligent four years ago, there were several potential clients who said we don't have a problem with fraud. And I said, how do you know? They're like, we just know.
And I mean, that stuff doesn't happen anymore, at least. So great. Right.
But what still happens is this, you know, oh, sampling is good enough. That does still happen far more often than you would think. And it goes to the point of what's the cause of not acting?
What's at stake for you to actually just do the status quo and wait, excuse me, and wait until maybe somebody else wants to take that on? And what's really missing there is the right tone at the top in an organization, in an agency, in a department. Right.
Somebody who understands that, yes, there is that scrutiny on one side. And then there's that kind of savings, the cost savings, the efficiency gain that we achieve by utilizing the right tools and using them and then showing to the public that what we're doing is very much informed. And we're keeping up with the times. Right.
Jill Holtz: Yeah. So I think what I'm hearing from you both is the risks that arise from doing very manual approach. And that sampling is that you're just not getting to the totality of the picture.
You're missing things that brings risks for compliance, obviously for finances, because, as you said, somebody could be systematically being fraudulent and that's just not being picked up.
Katja Freeman: Right. And then having those tools and using that for what I would call a dynamic risk assessment. So not just that static risk assessment that we grew up with where, you know, at the end, towards the end of the year, we're talking to executives and other leaders in the organization.
And then you based on that snapshot that you receive, you build your audit plan. That's just not good enough anymore. And in order to be more dynamic, to be more with it, you have to have the right tools in place.
You have to actually meet with or send out surveys, meet, have those interviews and talk to people more than once a year.
Jill Holtz: Katja, what does a modern technology enabled audit function actually look like today? What are you seeing when people do implement that approach?
Katja Freeman: Well, what I'm seeing is that you actually use analytics to the fullest, fullest possible. Right. So you do that population testing.
You have an analytics tool in place that allows you to do that. Ideally, if you're in an organization where the governance model is right and you have that kind of, you know, buy in from I.T., you do connect to the data sources. If you're an internal audit organization, obviously the external auditors wouldn't do that.
But where you have access to information and you can run information in the background so that it's not just static anymore. And you have a workforce that is willing and capable of using these tools. That being said, you also have to allow your people to learn how to use them.
And so it's like learning any language, right? If you just learn it in a vacuum, it's like Duolingo and you never use it with others. It's really tough to then actually do that in real life.
And so what you want to do is you want to put time away or put time to the side for your auditors to learn a tool. Make it part of the performance evaluation that they actually learn how to use a tool, for example, and reward them for that. And then hope for the best that they don't leave you to go somewhere else.
Jill Holtz: Jason, what are you seeing in the federal government in terms of the way that analytics, automation, even AI are changing how audit and finance teams are working?
Jason Venner: I think we're starting to see the recognition of what Katja is saying. And that, you know, you have the auditors and I was one of them who has been doing this work for a long time. But that what's commonly called as a second line professionals or those in management, those in the office of the CFO or the office of the chief risk officer, or even the office of the CIO and stuff that they're doing, actually having to be proactive and perform this work themselves.
The only way that you're going to get ahead of the improper payment pandemic, really, and eventually stop fraud on the back end of that is to do this before the payments go out. And the only way to do that is with technology. And the only way is to automate as much of it as possible.
And so with the tone of the top shifting, we're seeing that recognition in the form of RFPs that are going out, in the form of questions that we get, in the form of discussions at conferences that something finally needs to be done. Because, frankly, the conversation about what could be done to do this has not changed in 20 plus years. In the years that I was in the federal government going to these conferences and discussions, the technology has been there for several decades.
It's just there has not been that emphasis of using it, which there is now.
Jill Holtz: So you're both seeing a real shift then from that reactive investigation to more proactive detection and prevention. Jason, I'll start with you on that.
Jason Venner: Yeah, yeah. And so you're seeing that. And some agencies have been doing it in sort of dribs and drabs.
And certainly, you know, at the Department of Health and Human Services and CMS, they've been there really at the forefront of this and have been fighting fraud and. With success, by the sounds of it. With a lot of success.
Right. And it can be done. Like, you can whittle this down.
Now, those sort of deep frauds, which are really organized crime or a terrorist organization committing, those are going to require, you know, some law enforcement and or intelligence agency tip to, you know, combat those. You can see things, but they're really hard to get at unless someone calls something in. Right.
But the rest of it is available in the data. And that's 80 to 90 percent of it, depending on n the program. And so you're really seeing the recognition of that.
I think what we still see is is a lack of sort of general understanding and knowledge that, again, that the tools have been available to do this for a long time. They're not necessarily as expensive as people think or take as long as to implement as maybe other tools. You're expecting, well, we have to build this big, grandiose system and it's going to take several years to do.
It's not the case. You can be up and running on this in like six months. That's been the case for 10 to 15 years.
Katja Freeman: But that kind of approach also works as a deterrent, right? Especially in an organization when it comes to internal fraud, waste and abuse.
So if your own employees understand that we have a pretty solid system in place, that's a deterrent right there. Interesting. I know, Jason, you were talking about external fraud attempts, and those are much, much more difficult to detect and combat, of course.
And then the farther you get away from the federal government and the budgets that federal agencies have, the more complicated it gets to have the right tools in place, to have people and enough resources to actually do that kind of monitoring and testing and that type of thing. And I think because of that, we see more of a willingness from associations, but also from organizations to explore how can we safely collaborate. Because the sheer volume of attempts and what's happening is just so overwhelming at this point, with AI enabling a lot of these things, of course, and getting it to a scale that is just terrible when people say unprecedented.
But it is unprecedented. Right. It's just so much that it becomes such a daunting task that everybody does have to kind of work together more than they may have been comfortable with in the past.
Jill Holtz: So, Jason, you mentioned a couple of examples there and people who are using or organizations that are using technology to detect fraud and improper payments. Is that like making a really good ROI case then for technology to be implemented? And the fact that it can be done so relatively quickly, even with legacy data systems, they can now connect.
Jason Venner: With ROI, when we put forth numbers and they're off the charts, everyone is skeptical. But the ROI, let's just say it is significant what you can save with what is needed to invest. And at least initially, you can take the approach of, well, we're going to just chip away maybe at duplicate payments the first year.
And you could reduce those to zero or at least to a non-significant number of like a couple percentage points of which, depending on what that number is for you, it could be savings of the tens or hundreds of millions of dollars per agency, per program. Again, it depends on the size across the federal government if everyone was using it. Just sort of like not paying deceased individuals of which there was an act just signed into law recently.
Just getting a handle on that will save probably tens if not hundreds of millions of dollars. And that all can be done today. There's no big thing that needs to be invented or developed or built over a couple years to do that.
Whether it's using a diligent tool or something similar to it on the market, it can be done today. And as a taxpayer and a former federal employee, it just sort of drives me crazy that we think like, oh, we have to go spend $100 million to save 50. You have to spend maybe $100,000 to save $50,000.
Jill Holtz: Katja, when you're working with state and local government teams, where do they typically see the fastest impact or ROI when they're adopting analytics in their audit?
Katja Freeman: Yeah, I mean, it's the I would say the low hanging fruit, right? It's what Jason just mentioned, the duplicates and doing Benford's law and even dollar amounts. But then you can go, depending on what agency or department you work with, you can become more specific and actually make it more yours.
Meaning that you look into, for example, if you're a human health department, you look into your vendors or service providers. Or make sure that everybody you rely on who's maybe a little removed from the government is actually complying with the right requirements. Because what happens very quickly is that if you don't have a good grip of what those service providers do, you're in danger of losing your funds, for example.
It's a pretty real problem to have losing funding or even having to pay funding back just because you didn't do the monitoring the way it was expected from you. And that can be overwhelming doing that work, but there are tools to do that very well and fairly quickly. So that's the type of thing that we're talking about here.
Jill Holtz: So we've talked a bit about sort of immediate ROI, duplicate payments, low hanging fruit, things that can be done quickly. But beyond those initial sort of wins, how else should leaders think about the value of investing in technology that helps with auditing? Beyond compliance, what else is good for the organization? How is this supporting stronger governance and accountability? Katja, let me start with you on that one.
Katja Freeman: Well, you have to have the right tone at the top. That's probably the most important thing is for a leader to understand that this is what my organization should do. This is how my department works well.
This is how we improve and constantly challenge ourselves to be better rather than, you know, maintaining the status quo. And what should happen is that you get to a point where everybody understands that the cost of not doing anything is too high here. And using the type of technology that we and others offer is to help you to have a single source of truth in place.
That risk doesn't fall through the gaps, that information is contained in a system and leads actually to reduced audit fatigue, which is also important. Right. There are certain agencies that get audited all the time and struggle with providing all that material to you.
When in reality, there are ways for them to do that better in the first place. And maybe they don't have the resources or the knowledge to do that properly. Right.
And so if they're caught up with just providing information to you and they don't get to do their day job, that's the type of situation that we want to avoid in a well-functioning government organization as a whole.
Jason Venner: Right. And just to piggyback on what Katya said, as we're both former auditors by trade, audit fatigue is real. And if you're sick and tired of it, you can defeat the audit with having better controls and being able to share that information and share the data that you're using to show that, you know, you have a handle on what's going on and be proactive.
And, you know, you shouldn't be doing it for the auditors. I was just saying earlier, you should be doing it for the agency and the outcomes. This is not compliance.
This is mission execution. Right. This is ensuring that a hundred percent of taxpayer dollars or a number as close to those possible go to the public good that they're assigned to.
Right. And so like that sort of gets lost in a song. It'd be nice to just do some of this better, you know, type type discussion.
But yeah, you know, I was our people like, oh, it's you again. And I'd be like, yeah, sure. But show me the improvement or show me what you're doing and we can move on that type of thing.
I mean, so there are different motivations for doing this, but fundamentally, it's the public trust and the public benefit that we're trying to provide with whatever program the money is coming out of.
Jill Holtz: So, Jason, for organizations who are early and making the shift to a more technology led approach, where should they start? What's some advice you can give them?
Jason Venner: I would for management, for chief financial officers, chief risk officers, whatever their title may be. I would say start with something small where, you know, you have a problem, which you as Katya just said, you've been audited a number of times. You can just tackle one of those problems today.
Purchase cards is something that everyone gets audited about. You could start that. Don't wait, because, you know, whether you want to call it fraud or payment errors or whatever, it is happening today as we speak, as you're listening to this webinar.
And a lot of agencies will say, well, we need a policy in place or we need these controls in place or we need to rebuild the program first. Sure. But like this stuff is happening and you could stop the bleeding sooner than later if you just move forward on some of your known issues.
And once you get the ROI from that and the savings from that, you then have a case to be made to do other work. Right? Yeah, I think there ends up being a lot of, you know, analysis paralysis or like, oh, where do we start?
Just start. Just put one foot in front of the other on something that you know about, which, of course, you do because the auditors have been in there for years and say, I'm going to knock this one out and do it.
Katja Freeman: So I want to put a pin on what you just said. Just start. I'm so on board with that. But at the same time, now I'm going to sound like an auditor. You have to have a plan, right? You have to have a strategy in place because here's what happens.
And I see that a lot talking again, being at lots of different conferences and that type of thing. People buy technology and software and then it doesn't get used. And then people say, oh, what a wasteful purchase, right?
Or, well, that didn't really help us. Of course, it didn't help you because you didn't use it right. So people have to have a plan in place to an idea of what is it that I want to produce with the software, what outputs and what outcomes and how do I get there and then make people actually use it?
Because if you don't use it, it's again, it's that's wasteful. Right. And so, yes, I agree.
Just do something, get on it, but then do it right. You know.
Jill Holtz: Yeah, that's really good advice, particularly about training, enabling that you mentioned earlier, you know, to really and connecting everything. So obviously, at Diligent, we sell software. We work with many public sector organizations who are looking to connect audit, risk and compliance in a more integrated way.
Jason, can you share how a platform like Diligent helps bring together that data, brings the analytics, brings the workflows to support that?
Jason Venner: You know, I think our position is like fraud risk or payment integrity risk or whatever your operative term is, is an enterprise risk. Right. And so it is it is a risk as significant to any organization as cybersecurity.
And so you need, you know, an integrated set of workflows for different people operating off of the same sheet of music, looking at the same data to say to do the analysis and whether it's doing your financial statement audits, doing your statement of assurance work for A123 and compliance. You know, you all want to be you want that approach to be as integrated as possible because you have as many people leveraging the same information and you're going to get better outcomes and better conclusions. So when you have a platform that can put all that together, you know, two heads are better than one.
A hundred heads are better than two. Right. And you can see all the same information and so on.
And, you know, it's just not you get out of that silos of the auditors are looking at this. And the CFO's office is looking at that and their chief risk officer is looking at this. Right.
Put that all together and let's see. Let's see what we have. We have a full picture of the risks and data underlying it.
Katja Freeman: Consolidation is a real thing, right, where the attackability and I don't know if that's a real word, but the kind of surface that can be attacked by having different solutions that that offers greater risk to an organization. So that that's just another area I wanted to add here. And then cost, of course, being able to leverage something that can allow many to use it again safely with the right safeguards and all that good stuff in place, of course, but that those are real advantages for a government to to consider.
Jill Holtz: I was just going to ask, how does having that centralized connected system change collaboration between teams? Because you audit, you mentioned finance office compliance has to have a role there. But, you know, management wants to make good decisions on behalf of the mission as well.
So, you know, one of you, I can't remember if it was you Katja mentioned single source of truth and having that connected system.
Katja Freeman: So I don't see that as often as you would think. But in theory, you know, if you do have an enterprise risk management function within a government, they do risk work every day, right? The auditors do risk work every day, different angles, different outputs, if you will, but similar missions, similar risk that they find.
And so they can, in a way, safely collaborate and exchange that information. So that would be a great game, for example, or, you know, the outcomes or having easier access to the kind of controls monitoring that a Department of Finance does or the IT testing that an IT compliance function does, and then having ease at how you accumulate that information and then send it to the auditors so that they can truly just check whether the controls work. And I mean, obviously, that's our bread and butter.
We love this stuff. And sometimes people say, of course, there are going to be some people who say, yeah, that's easier said than done. But at the end of the day, that's kind of what you should strive for as an organization is get to a place where, you know, people actually can work together safely and get to a point where they can work on the better outcomes for the public.
Jill Holtz: Thank you. So I'm really conscious of time. You're both really busy, and I'm really appreciate you taking the time to talk to me today.
So I'm going to ask you one final shared closing question. So Jason, I'll start with you. What is one piece of advice you would give to public sector audit and finance leaders who want to better protect public funds?
Jason Venner: Good question. I mean I just emphasize that like you know if we are talking about fraud in particular, you know, this is people who are committing fraud are criminals and you know, we have to take that mindset of, you know, fighting crime a labor intensive activity, but if you use technology, it's gonna make it a lot, lot easier. And again, I would say start at Katja's point, start smartly, but start somewhere today because it's going on today as we speak. And so don't wait for six months or a year until you have all your ducks in a row administratively before you start attacking this problem.
Jill Holtz: Thank you, Jason. Katia, what is one piece of advice you would give to public sector audit and finance leaders who want to better protect public funds?
Katja Freeman: I'm gonna go the other way as Jason. I totally agree with him, but just because he basically covered it, I'm gonna look internally, build relationships with your other departments, your other agency heads. that in my experience has been one of the biggest blocker in being able to have either access to information, having sufficient budget, you know, or having people actually work with you and getting you the information that you need to do a good job.
And actually being able, and now I'm being more internally audit focused, but being that strategic advisor, right? So really being able to have an impact on an organization as an auditor, you have to have the kind of relationship with those other agency heads and the people who do the work there to then pr come up with good audit findings and be that strategic advisor. That's what I think.
Jill Holtz: I love that Katya. Thank you both of you for taking the time to come on the podcast and for sharing your experience and advice. I'm really hearing that combating fraud, waste and abuse isn't just about compliance, isn't just about running an audit or a sample, it's about protecting resources, improving outcomes, and building public trust. And you can download our free guide combating waste in the public sector, and I will put a link to that in the show notes. Thank you very much, both of you.
Katja Freeman: Thank you.
Jason Venner: Thank you.
