Fraud Risk Management:

OMB Should Improve Guidelines and Working-Group Efforts to Support Agencies' Implementation of the Fraud Reduction and Data Analytics Act

GAO-19-34: Published: Dec 4, 2018. Publicly Released: Dec 4, 2018.

Additional Materials:

Contact:

Rebecca Shea
(202) 512-6722
shear@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Fraud in federal programs can erode public trust in government. We reviewed what the Office of Management and Budget and agencies are doing to manage fraud risk.

We found that OMB established a working group and held meetings to help agencies share fraud risk management practices. However, the group did not meet as often as required in 2017 and not all relevant agencies were involved.

Most agencies we surveyed had started implementing required fraud risk management activities, but reported needing more involvement and information from the working group.

We recommended 3 ways to improve compliance with fraud risk management requirements.

Agencies' Implementation Status of Fraud Risk Management Activities

Agencies' Characterization of the Status of Implementation of Fraud Risk Management Activities

Agencies' Characterization of the Status of Implementation of Fraud Risk Management Activities

Additional Materials:

Contact:

Rebecca Shea
(202) 512-6722
shear@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

At varying stages, agencies have begun planning for and implementing fraud risk activities (like conducting an evaluation of fraud risks) required by the Fraud Reduction and Data Analytics Act of 2015 (FRDAA), according to GAO's survey of agencies subject to the act. Overall, most of the 72 surveyed agencies (85 percent) indicated that they have started planning how they will meet FRDAA requirements, and about 78 percent indicated that they have also started taking steps to implement the requirements.

To assist agencies in implementing fraud risk management activities, the Office of Management and Budget (OMB) established FRDAA-related guidelines and a working group, as required by the act. However, agencies experienced challenges with OMB's guidelines and the working group, among other things, according to GAO's survey and roundtable discussion results (see figure below).

Agencies Indicating Challenges with the Sufficiency of Office of Management and Budget Guidelines, Progress Reporting, and Working-Group Efforts

102278_HLP_5_v4_McM

Implementation guidelines. To meet FRDAA requirements, OMB updated Circular No. A-123 guidelines that govern executive agencies. However, this update included limited information on the methodologies agencies can use to assess, document, and report on internal controls required by FRDAA, according to GAO's review of the guidelines. Surveyed agencies had mixed perspectives on the usefulness of OMB's guidelines for implementing FRDAA controls. Similarly, agencies identified the lack of clear requirements and guidance as top challenges in GAO's roundtable discussion with 14 selected agencies.

Reporting on implementation progress. Although not required by FRDAA, OMB updated annual financial report guidelines to include FRDAA requirements, but GAO found that the guidelines did not contain enough information to aid agencies in producing complete and detailed progress reports in 2017, the first year of reporting. Additional guidelines from OMB could help agencies produce more complete and detailed reports for 2019, the final year of required reporting. Without a longer reporting period, however, Congress may not have the useful information for continued oversight of agencies' progress.

Working Group. OMB has taken steps to establish the working group, but GAO found the working group did not fully meet FRDAA requirements. As Chair, OMB did not (1) involve all agencies subject to the act in the working group or (2) hold the required number of meetings in 2017. Most surveyed agencies indicated a lack of involvement with and information from the working group as challenges in implementing FRDAA.

Why GAO Did This Study

Fraud poses a significant risk to the integrity of federal programs and erodes public trust in government. Implementing effective fraud risk management processes can help ensure that federal programs fulfill their intended purpose, spend their funding effectively, and safeguard assets.

FRDAA requires agencies to establish internal controls to manage their fraud risks and to report implementation progress for the first 3 years after enactment. It also directs OMB to (1) develop guidelines for agencies to establish fraud risk management controls and (2) establish a working group to share best practices in fraud risk management and data analytics.

GAO was asked to review agencies' and OMB's efforts to implement FRDAA. This report examines steps (1) agencies and (2) OMB have taken to implement FRDAA. GAO conducted a survey of the 72 agencies subject to the act, held a roundtable discussion with 14 selected agencies, reviewed 24 selected annual financial reports, examined OMB guidelines, and interviewed OMB staff.

What GAO Recommends

GAO is making three recommendations, including that OMB (1) enhance its guidelines for establishing controls, (2) enhance guidelines for reporting on agencies' progress, and (3) fully implement the working group. OMB did not concur with the need for the recommendations. GAO continues to believe the recommendations are valid, as discussed in the report. Additionally, Congress should consider extending agencies' reporting requirements.

For more information, contact Rebecca Shea at (202) 512-6722 or shear@gao.gov.

Matter for Congressional Consideration

  1. Status: Open

    Comments: When we determine what steps the Congress has taken, we will provide updated information.

    Matter: Congress should consider extending the requirement in FRDAA for agencies to report on their implementation of fraud controls, identification of fraud risks, and strategies for mitigating them, beyond the current 2019 expiration. (Matter for Consideration 1)

Recommendations for Executive Action

  1. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Director of OMB should enhance the guidelines for agencies to establish the controls required by FRDAA, by clarifying the difference between FRDAA and ERM requirements, and through collaboration with agencies to determine what additional information agencies need to implement the controls. (Recommendation 1)

    Agency Affected: Executive Office of the President: Office of Management and Budget

  2. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Director of OMB should enhance FRDAA reporting guidelines by directing agencies to report complete and detailed information on each of the reporting elements specified by FRDAA, which should include information related to financial and nonfinancial fraud. (Recommendation 2)

    Agency Affected: Executive Office of the President: Office of Management and Budget

  3. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Director of OMB should ensure the working group's composition meets FRDAA requirements by involving the CFO of all agencies subject to the act by inviting them to participate or otherwise providing access and input into the working group, and ensure that mechanisms to share controls, best practices, and data-analytics techniques are in place. (Recommendation 3)

    Agency Affected: Executive Office of the President: Office of Management and Budget

 

Explore the full database of GAO's Open Recommendations »

Dec 10, 2018

Nov 16, 2018

Nov 5, 2018

Oct 25, 2018

Sep 28, 2018

Sep 20, 2018

Sep 17, 2018

Sep 12, 2018

Sep 5, 2018

Aug 30, 2018

Looking for more? Browse all our products here