Back to Solutions Library
Solution 15 of 25PWS · Data AnalysisFO · Budget Execution
Anomaly Detection at the $40M / 5% Abnormal Activity Threshold
RD-FO must surveil for abnormal activity at a $40M absolute or 5% relative threshold across program obligations, outlays, and subsidy actuals, and the manual nature of threshold monitoring means anomalies are often surfaced after the fact rather than as they emerge.
Why It Matters
Threshold-based abnormal activity detection is the front line of fraud, error, and policy-execution surveillance. Late detection costs RD the chance to course-correct mid-cycle, and amplifies the OIG and GAO criticism vector.
HSG's Approach
- 1Build a daily anomaly detection engine running statistical and rules-based checks on program obligation, outlay, and actuals data against the $40M / 5% threshold, with contextual peer comparisons.
- 2Layer LLM-driven narrative explanation that drafts the 'what happened, what does it mean, what should we do' memo for each flagged event.
- 3Integrate with BICS, Essbase, Tableau, and Rural Data Gateway so analysts can drill from the anomaly to underlying data lineage.
- 4Maintain a tiered alert workflow (NFAOC analyst → OBP branch chief → senior leadership) with SLA-bound escalation.
- 5Document every anomaly disposition in the AI / Expert Reconciliation Log.
Expected Deliverables
- Daily anomaly detection engine
- LLM-driven anomaly narrative auto-draft
- Tiered alert workflow with SLA tracking
- Anomaly drill-down dashboard with full data lineage
- Monthly anomaly review with disposition log
Expected Outcome
Surface 90%+ of $40M / 5% threshold events within 48 hours of occurrence and cut the average detection-to-disposition cycle from 30+ days to 5 days.