image Visit coronavirus.govVisit disclaimer page for the latest Coronavirus Disease (COVID-19) updates.
View ACF COVID-19 Responses and Resources
< Back to Search

CSBG Tools ARRA Technical Assistance: ARRA Risk Assessment Presentation to States

Published: August 10, 2012
Community Services Block Grants (CSBG)
Guidance, Policies, Procedures, Tools


CSBG ARRA Risk Assessment Presentation - States


1.Community Services Block Grant (CSBG)

Risk Assessment and Risk Mitigation Process for CSBG American Recovery and Reinvestment Act (ARRA) Funds

2.CSBG Information Memorandum 112 Risk Assessment and Risk Mitigation Process for CSBG ARRA Funds

Eligible Entities receiving CSBG ARRA funds certify that a risk assessment has been conducted addressing the following:

3.The Goal: An Appropriate Balance Between Risk & Internal Controls


  • Acceptable Risks
  • Internal Controls


4.The Risk Assessment Process


  • Review of past audit or monitoring findings – Have corrective action plans been developed and implemented?
  • Review of Key Federal and State Requirements (e.g. GAO Internal Control standards, OMB Cost principles, CSBG Act, CSBG Information Memoranda, State contracts and statutes).

5.The Risk Assessment Process

  • Review of existing policies and procedures – Are clear policies and procedures in place for CSBG ARRA funds?  Have these policies been reviewed to assure compliance with the CSBG Act (e.g. income eligibility) and other Federal guidance (e.g. OMB cost principles).
    • Testing – Review samples of existing work to assure consistency.  Discuss and look for “blind spots” in existing controls and procedures.
    • Communicating and Refining – Assure leadership, board members, and staff are aware of potential risk areas and identify refinements in existing procedures and policies.  Assure that any refinements in policies and procedures are communicated among all staff with appropriate training provided where necessary.

6.Analyzing and Prioritizing Risks

  • Probability of Occurrence

  • Potential Impact

–Program Mission
–Organizational and Program Reputation

7.Examples of Risk Areas

  • Previous audit findings with no corrective actions (“red flag”)
  • Lack of operating procedures or policies
  • Policies and procedures in conflict with statutory or regulatory requirements, accounting standards
  • Operating procedures or policies not communicated to key staff
  • Operating procedures not followed consistently or routinely bypassed
  • Inability to track and report on CSBG ARRA funds.

8.Other Examples of Risk Areas

  • No segregation of key duties (e.g. program planning, funds approval, funds disbursement, reconciliation).
  • Lack of expertise among key personnel (e.g. financial, program monitoring)
  • Inherent risk of expenditure (e.g. cash disbursement) without compensating controls and oversight
  • Inadequate documentation of activities or expenditures



  • Inadequate protections against theft or misuse of property
    • Federal ARRA funds will be highly scrutinized.  Internal risk assessments are intended to assure preparation for future reviews, audits, and oversight.
    • Risk assessment can be a key element of accomplishing the goals of a program or activity by assuring that funds and activities are conducted as intended.
      • Chief Executive and Board Chairperson for CSBG eligible entities certify risk assessments by October 15, 2009.
      • State CSBG Lead Agencies submit risk assessment certifications, along with State comments, by October 30, 2009.
  • previous audit or monitoring findings;
  • internal controls;
  • conflicts of interest;
  • statutory and regulatory compliance; and
  • equipment and property policies.
Last Reviewed: June 24, 2019