At the peak of the COVID-19 pandemic, governments around the world were working feverishly to appropriate relief funds to mitigate the pain and suffering of their citizens. At the same time, fraudsters were working feverishly to steal as much of the relief money as they could get their hands on.

The results were stunning. Governments around the world fell victim to theft including the UK, South Africa, Australia, and Germany. But COVID fraud in the U.S dwarfed the rest of the world combined with estimated theft of relief funds exceeding $200 billion.

In a recent article on COVID relief fraud, CNBC said:

They came into their riches by participating in what experts say is the theft of as much as $80 billion — or about 10 percent — of the $800 billion handed out in a Covid relief plan known as the Paycheck Protection Program, or PPP. That’s on top of the $90 billion to $400 billion believed to have been stolen from the $900 billion Covid unemployment relief program — at least half taken by international fraudsters — as NBC News reported last year. And another $80 billion potentially pilfered from a separate Covid disaster relief program.

While the vast majority of the stolen funds will never be recovered, at least U.S. government officials have wised up enough to make stealing public dollars more difficult. As CNBC also noted:

Most of the losses are considered unrecoverable, but there is still a chance to stanch the bleeding, because federal officials say $600 billion is still waiting to go out the door. The Biden administration imposed new verification rules last year that administration officials say appear to have made a difference in curbing fraud.

How in the name of “public accountability” did such staggering sums get stolen right out from under the noses of the agencies charged with oversight? The answers are complicated, but not at all reassuring. It started with the pandemic and the threat it was posing to Americans’ ability to survive financially as the economy was being systematically shut down during the early months of COVID. As CNBC noted, “federal officials have acknowledged that programs in 2020 sacrificed security for speed, needlessly.” The objective was to get relief funds in the hands of those in need as expeditiously as possible. In the haste that followed, risks were not adequately assessed, and controls were not designed and implemented to prevent rampant fraud. In short, the first line failed spectacularly.

It is fair to note that the very agencies charged with oversight were themselves severely impacted at the outset of the pandemic. Agency employees were in lock down and trying to implement the COVID relief legislation while working remotely. In the haste, not only were adequate controls not created, but monitoring and oversight functions were not poised to swiftly detect the nature and scope of fraudulent activity. Only in the past year has the fraud’s true magnitude become apparent. It’s fair to say that the second line functions in federal agencies also failed in their responsibilities.

With the first and second line functions having missed the mark, the only hope in detecting the fraud in real time to prevent an escalation was the third line: internal audit. The federal government doesn’t have a true “internal audit” function at the agency level. Instead, it has statutorily empowered inspectors general (IGs) whose role it is to “detect and deter fraud, waste, and abuse in Department programs and misconduct by Department personnel.”

In response to the pandemic-related fraud, 21 federal IGs have joined together as the Pandemic Response Accountability Committee (PRAC). The mission of PRAC “is to promote transparency and use data to detect fraud, waste, abuse, and mismanagement.” The committee was created by the CARES Act to support and coordinate independent oversight of pandemic relief spending. Some may argue that the formation of PRAC after so much money was stolen is akin to “closing the barn door after the horse has escaped.” I still believe that good can come from the efforts of this committee if it codifies its work and provides Congress and agency heads with recommendations to avoid such debacles in the future.

It would appear that some lessons are already being understood. As PRAC Chairman, Michael Horowitz (The Department of Justice IG) recently observed: “The Small Business Administration, in sending that money out, basically said to people, ‘Apply and sign and tell us that you’re really entitled to the money.’ And, of course, for fraudsters, that’s an invitation. … What didn’t happen was even minimal checks to make sure that the money was getting to the right people at the right time.”

As a former federal IG, I know only too well how challenging it is to engage in real time with agency officials when decisions are being made and controls are being designed and implemented. The United States Government Auditing Standards (GAGAS) discourage/prohibit the IGs from engaging in management-related functions or providing “non-audit” services such as consulting and advice. Consequently, many IGs feel they are sidelined until it is time to provide assurance on the efficiency and effectiveness of decisions made in the past. Hindsight may provide some value, but it is of little use when fraudsters have emptied federal coffers.

One recommendation I hope PRAC and the Biden Administration offer to Congress is to relax the restrictions on IGs during times of crisis. When a once-in-a-century pandemic occurs, and trillions of dollars are being appropriated for relief, it should be all hands on deck. Collaboration among the three lines will not only protect taxpayer dollars, but also offer the promise of enhanced service to citizens and taxpayers in times of greatest need.

I welcome your thoughts.