An Unhealthy Fraud
A National Audit Office investigation concludes that government contractor falsified staffing and performance figures 252 times when reporting to the U.K.'s National Health Service.
March 20, 2013
A National Audit Office (NAO) investigation has concluded that Serco Group PLC — the leading private contractor of U.K. government services — falsified staffing and performance figures 252 times when reporting to the U.K.'s National Health Service (NHS), according to The Guardian. The NAO points out that although a review by the NHS commissioner found no evidence that the service was systematically unsafe, safety depended on the service being fully clinically staffed on a regular basis. A parliamentary committee will hold a hearing on the NAO's findings in April.
While it is commendable that the NAO reported extensive manipulation of health care-related performance data and Serco is moving to address its performance problems, this story highlights several issues that should be of concern to auditors: governance, oversight, performance measurement, and reporting.
In 2012, Serco earned close to the equivalent of US $8 billion, with 90 percent of its business relating to the provision of public services on behalf of U.K. federal and local governments. For Serco staff to be able to falsify performance figures more than 250 times, it appears that serious gaps would have to exist in oversight and controls — both on the part of the NHS and within Serco.
As governments around the world increasingly pursue public-private partnerships and contract for services, while seeking the most cost-effective arrangements, the importance of effective oversight and monitoring of performance against expectations also increases. Public and private organizations must have effective oversight regimes in place that address the need for regular monitoring (and periodic auditing) of performance results. Governance and oversight regimes also should be reviewed or audited periodically to ensure their continued efficacy, especially where they concern large dollar amounts and sensitive service areas.
Auditors in particular should position themselves — through audit plans and engagements — within both oversight bodies and the organizations they oversee to assess:
The performance measurement regime for contracting services, including processes for establishing performance targets, and especially a consideration of the relationship between targets being set and the resources needed to achieve them. Both of these elements may need to be addressed specifically in any contractual arrangement, and contracting expectations should address the consequences of repeated compliance failures.
Controls over the quality of performance information, including the adequacy of processes that relate to the input and modification of performance-related data. The integrity of performance information, particularly as related to sensitive outcomes such as health care, should be considered as a priority equal to that of financial or security data types. The use of "dummy accounts" in such situations is a red flag and should be eliminated as much as possible.
Regular and timely monitoring of performance targets and results, including discussion of anomalies in results. It is critical for oversight bodies to possess robust controls and processes in this area relating to its duty to closely verify that third-party service providers are actually meeting set expectations.
Performance results, particularly in key service areas (e.g., timely provision of emergency services) should be considered for regular public reporting, including the identification of any shortfalls in achieving targets and what is being done to improve the situation.