< Back to Search

CSBG Data ARRA Technical Assistance: Risk Assessment and Mitigation for CSBG - Tribes

Published: September 8, 2009
Audience:
Community Services Block Grants (CSBG)
Category:
About, Data

 

Community Services Block Grant (CSBG)
Risk Assessment and Risk Mitigation for CSBG ARRA Funds

Script for Recorded Call for Tribes

Note: The text below is the prepared script for the technical assistance conducted on Thursday, September 8, 2009.  Minor wording changes may have occurred during recording.

[SPEAKER SETH HASSETT]

  • Good afternoon. 
  • I’m Seth Hassett, Director of the Division of State Assistance in the Office of Community Services.   

[SPEAKER BRANDY RAYNOR]

  • I’m Brandy RayNor, Team Lead for Program Operations, here in the Office of Community Services.

[SPEAKER SETH HASSETT]

  • Thank you for joining us for this technical assistance conference call focused on risk assessment and risk mitigation for the Community Services Block Grant.
  • This conference call presentation has an accompanying slide presentation that should be viewed in conjunction with the telephone presentation.   This slide presentation was distributed via an e-mail message and is available on the CSBG web page on the Administration for Children and Families’ website.
  • It is strongly recommended that listeners either have a printed copy of the presentation available, or that listeners view the slide presentation with a copy of the slide presentation on their computer screens. 
  • If you have not already printed a copy of the slide presentation, it can be obtained on the Community Services Block Grant website, which is at the following address: 
  • https://www.acf.hhs.gov/programs/ocs/programs/csbg
  • On the OCS website, go to the right hand side of the screen under “What’s New” and click on the text that references this presentation. If you have available a copy of the Powerpoint presentation, we begin with the cover page.
  • Please note that in the lower right hand corner of each slide, there is a number. 
  • We will be referencing this number as we progress through the presentation.  Please move to the next slide as we prompt you to do so.

[SPEAKER BRANDY RAYNOR]

  • PLEASE NOW MOVE TO SLIDE 2, entitled CSBG Information Memorandum 113 Risk Assessment and RISK MITIGATION PROCESS for CSBG ARRA FUNDS
  • On August 18, 2009, the Office of Community Services (OCS) transmitted guidance for all Tribal Governments and organizations for a risk assessment and risk mitigation plan for Community Services Block Grant (CSBG) funds received under the American Recovery and Reinvestment Act (ARRA). 
  • The risk assessment guidance was communicated via  Information Memorandum 113 which was included with the e-mail and is posted to the CSBG website.
  • IM 113 is applicable to Tribes and Tribal organizations receiving CSBG ARRA funds directly from the Federal government.  
  • For the purposes of CSBG ARRA implementation, all Tribes and Tribal organizations receiving Recovery Act Grant funds are expected to certify to the Office of Community Services that a basic risk assessment has been conducted, previous auditing or monitoring findings addressed, and certify that certain statutory, regulatory and internal controls are adequate. 
  • IM 113 provides guidance and reference tools to assist in identifying appropriate risk mitigating measures and compensating controls. A model format for a plan and certification are provided as an attachment to IM 113. 
  • Tribal governments and organizations must review the risk assessments conducted by eligible entities, and provide the risk assessments to OCS any comments on risk mitigation activities. 
  • The Office of Community Services will use risk assessment information to identify and prioritize technical assistance and monitoring activities including specific training events, webinars, guidance materials, and areas for on-site assistance to supplement regular Tribal monitoring activities. 

[SPEAKER SETH HASSETT]

  • PLEASE MOVE TO SLIDE 3, entitled “An APpropriate balance between risk and Internal Controls
  • At the outset of a risk assessment process, it is important to acknowledge that certain risks are inherent in the distribution and expenditure of Federal grant funds.
  • The goal is not to eliminate all risk, but instead to mitigate the risks through appropriate internal controls, checks and balances.
  • A lack of internal controls presents risks.
  • At the same time, excessive control systems may adversely impact the efficiency of a program effort.

[SPEAKER SETH HASSETT]

  • PLEASE MOVE TO SLIDE 4, entitled “Analyzing and PRIORITIZING RISKS”
  • Assessing risks requires careful analysis and prioritization of potential risks that come with the expenditure of Federal grant funds.
  • Two key dimensions for analysis are:
    • the probability of occurrence—in other words, what is the likelihood that something will happen; and
    • the scope of potential impact—whether it is financial loss, legal issues, an adverse impact on program mission, or a negative impact on an organization or program’s reputation in the community, State, or nation.
  • A LOW probability-LOW impact risk may warrant relatively limited controls or monitoring,
    A LOW probability—HIGH impact risk warrants careful attention and
    A HIGH probability—HIGH impact risks warrant vigilant attention and compensating controls.

[SPEAKER BRANDY RAYNOR]

  • PLEASE MOVE TO SLIDE 5, entitled “EXAMPLES OF RISK AREAS”
  • What are some examples of risks to be considered?
  • As discussed in IM-113, and in referenced internal control standards from the Government Accountability Office (or GAO) and private sector organizations, risk assessment encompasses the organizational environment, policies and procedures, as well as specific risks associated with certain types of expenditures.
  • Some examples of risks for organizations to consider with CSBG ARRA funds are as follows:
  • Previous audit or monitoring findings with no corrective actions – a failure to take any corrective action on a previous audit finding is a red flag for auditors and Federal monitors.  Results of single audits, which are available to all Federal monitors, are a key example of such findings.
  • Some Tribes and Tribal organizations may not receive sufficient funds to require the single audits under the Single audit act.  If so, the review should focus on any other internal monitoring or audit activities if available.
  • IM-113 emphasizes corrective actions from previous audits and monitoring visits, because these a key item that independent reviewers will go for future reviews and audits.  By reviewing and documenting corrective actions, Tribes can anticipate and avoid future issues.
  • Likewise, a lack of clear policies and procedures—or policies and procedures that are in conflict with the CSBG Act, regulatory requirements, or commonly-accepted accounting standards present significant risks.
  • For example, elements of the CSBG Act—such as income eligibility requirements—should be reviewed in conjunction with existing organizational procedures to assure consistency.
  • CSBG IM-113 also includes reference to OMB Cost Principles, along with an internet link to OMB circular A-87 and A-122.  We strongly recommend that large and small entities have someone “in-house” who is well versed in the applicable OMB cost principles, since these are a likely area for review in analyzing the appropriateness of expenditures.
  • Clear policies and procedures are necessary, but not sufficient, to address potential areas of risk.  Policies and procedures must be updated as necessary to incorporate new information and these changes must be communicated to staff. 
  • If operating procedures are not consistently followed—or are routinely bypassed, that is another area of potential risk to consider and address through training and review.
  • Even in strong organizations that have clearly articulated operating systems and procedures, it is critical to review to assure that these systems are sufficient to address expectations of the Recovery Act, such as the expectation that Recovery Act funds will be tracked and reported on separately from regular CSBG funds.
  • PLEASE MOVE TO SLIDE 6, entitled “OTHER EXAMPLES OF RISK AREAS”
  • A key area of risk with disbursement of within and outside of tribal organizations is the segregation of duties. 
  • Simply put, no one individual or small group of staff should have unmonitored ability to plan, approve, disburse, and report on funds.
  • Organizations should maintain checks and balances in the review of expenditures and activities.
  • Tribal councils and boards have an essential role to play in this process, assuring accountability to the individuals and communities served by CSBG funds.
  • Risk assessment includes review of personnel expertise and training.   Staffing plans should be reviewed in light of the Recovery Act funds to assure sufficient availability of staff with appropriate skills.
  • Certain types of activities may present inherent risks that require especially vigilant oversight.
  • One example to consider is any type of direct cash assistance or financial assistance on rental or mortgage issues.
  • Without appropriate expertise, review, and eligibility determination, direct financial assistance could present a high impact risk. 
  • Inadequate documentation of expenditures, as well as inadequate protections against theft or misuse of property, not only present financial or legal risks, but also can damage organizational reputations. 
  • Stories of misuse of property, or inability to account for property or expenditures, can fairly or unfairly be used to impact the reputation of an organization and its services, no matter how valuable these services are to the recipient community.

[SPEAKER SETH HASSETT]

  • PLEASE MOVE TO SLIDE 7, entitled “ThE RISK ASSESSMENT PROCESS”
  • The risk assessment process outlined in IM-113 reserves considerable judgment for the Tribal leadership. 
  • To the extent that organizations have existing risk assessment processes in place—including reviews for other related program areas such as Head Start--entities are encouraged to build upon or utilize these existing process.
  • IM-113 includes a model template for a risk assessment certification, but CSBG entities may provide a certification in an alternate format as long as it includes the elements outlined in IM-113.  
  • The risk assessment must include a review of past audit or monitoring findings—and any corrective actions that have been implemented.
  • Tribes should review the GAO standards for internal controls, the COSO standards, and the OMB Cost principles.  For many organizations—these standards are second nature.  However, we strongly encourage familiarity with these types of standards because in the event of audits or reviews, these will be a point of reference for Inspector General, GAO, and other review offices.
  • As discussed earlier, existing procedures and policies should be reviewed for compliance with the CSBG act and ARRA requirements.  It is important to recognize that the Recovery Act funds will be subject to a high level of scrutiny and we want to meet high standards.
  • PLEASE MOVE TO SLIDE 8, entitled “ThE RISK ASSESSMENT PROCESS”
  • We strongly encourage some type of internal testing—particularly of any “high probability – high impact” risks you’ve identified with CSBG ARRA funds.
  • Sampling work and looking for “blind spots” in existing systems, controls, and procedures can avoid problems later.
  • While it is understandably quite challenging to undergo such efforts during the ramp up of program efforts, self testing efforts can be extremely helpful in preparing for future audits and reviews. 
  • Entities may wish to consider identifying outside organizations or individuals to assist in assessment of risk and testing of controls, even after the completion of the IM 113 exercise.
  • Ultimately, a risk assessment effort is only valuable if potential risk areas are communicated among program stakeholders, and refinements are put in place where necessary.
       
    [SPEAKER BRANDY RAYNOR]
  • PLEASE MOVE TO SLIDE 9, entitled “BE PREPARED”
  • Many listeners to this call have been involved in the CSBG program for many years and recognize that the Recovery Act presents major new opportunities and challenges.
  • Within the Division of State Assistance, we recognize the difficult work and long hours that have already gone in to this process.
  • The risk assessment process we are undertaking is an effort to be prepared for the next phases of program implementation.
  • Risk assessment can also be a key element of accomplishing the goals of a program or activity by assuring that activities are conducted as intended by Congress, the Administration, and Tribal community stakeholders.

[SPEAKER BRANDY RAYNOR]

  • PLEASE MOVE TO SLIDE 10, entitled “DEADLINES”
  • As outlined in IM-113, by October 30, 2009 – Tribal governments and organizations are expected to submit a certification statement signed by the Tribal Chief, Chief Executive, or Tribal Chairperson certifying that a risk assessment has been conducted.
  • As you move forward with this risk assessment effort, please communicate with your assigned DSA liaison staff if you encounter challenges.
  • A follow-up call is scheduled for Thursday, September 24, 2009 at 2:00 p.m. Eastern Standard Time.  If you have questions you would like to have answered on that call, please send them to [GREG ELLIOTT E-MAIL] by Wednesday, September 16. 
  • Thank you for your participation in this call and thank you for your ongoing work on behalf of children, families, and communities.