Controller Alerts are designed to bring your attention to emerging financial management issues where the Office of Management and Budget (OMB) believes further action may be warranted, but do not constitute official guidance or include specific tasks for agencies beyond consideration of appropriate steps to address the issue. These Alerts are intended to make sure that the Chief Financial Officer (CFO) community is aware of key issues. This Alert includes notice to the Council of the Inspectors General on Integrity and Efficiency (CIGIE) because of reporting specific for Inspectors General. Additional Controller Alerts are available at https://cfo.gov/controller-alerts/.
The purpose of this Controller Alert is to remind Executive departments and agencies (“agencies”) of their responsibilities for managing risk and maintaining improper payment protocols in disaster situations.
On September 8, 2017, President Trump signed into law the Continuing Appropriations Act, 2018 and Supplemental Appropriations for Disaster Relief Requirements Act, 2017. This Act provides approximately $15.25 billion in aid for survivors of natural disasters like Hurricane Harvey and other impacted communities. In addition, this Act invoked the Stafford Act imposing certain funding restrictions. Because relief funding of this magnitude often carries additional risk of misallocation due to fraud, waste or abuse, agencies must ensure that the funds appropriated under the Act are used for their intended purposes and are appropriately accounted for.
Towards that end, this Controller Alert provides an overview of the risk-based internal control planning for all funding for natural disasters as reflected in OMB Memorandum M-16-17 and OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control.
Managing Risk in Disaster Situations
As required by OMB Circular No. A-123, each agency has overall responsibility for establishing internal controls to manage the risk of fraud. Agencies must use a risk-based approach to design and implement financial and administrative control activities to mitigate identified fraud risks. In assessing risk in disaster situations, agencies should leverage their existing enterprise risk management processes, including assessments that contributed to the development of initial risk profiles and efforts to integrate fraud risks identified and linked to formal internal controls.
This approach includes establishing risk tolerances in disaster situations. Agencies must balance their priorities to fulfill the program mission, such as effectively and expediently disbursing funds or providing services to beneficiaries, and taking actions to safeguard taxpayer dollars from improper use. In disaster situations, fraud risks are higher than under normal circumstances because the need to provide services quickly can hinder the effectiveness of existing controls and create additional opportunities for individuals to engage in fraud. As a result, Federal managers face the additional challenge of balancing their mission to provide assistance quickly with implementing controls to address the increased risk of fraud.
Risk tolerance reflects a Federal manager’s willingness to accept a higher level of fraud risks and may vary depending on the circumstances of the program. When determining risk tolerances in disaster situations, managers must weigh the program’s operational objectives of expeditiously providing assistance against the objective of lowering the likelihood of fraud as activities to lower fraud risks may cause delays in service.
As required by Appendix C to OMB Circular No. A-123, Requirements for Effective Estimation and Remediation of Improper Payments, if a low risk program experiences a significant change in legislation and/or a significant increase in its funding level, agencies are required to reassess the program’s risk susceptibility during the next annual cycle, even if it is less than three years from the last risk assessment. Additional funding received after a natural disaster could create a significant increase in funding level and require agencies to reassess the program’s risk in accordance with OMB Circular No. A-123.
To further assist in ensuring accountability for funds provided for disaster relief, OMB will work with the Chief Financial Officer (CFO) community to develop a more permanent mechanism to track costs expended. Questions about this Controller Alert can be directed to the Office of Federal Financial Management or to Regina Kearney at firstname.lastname@example.org.