The Government Accountability Office (GAO) has found that not all agencies planned for or assessed their contracting workforce needs for disaster response, and only one of the six agencies* GAO reviewed assessed how purchase card fraud risks change during disaster response.
The 2017 and 2018 hurricanes and California wildfires affected millions of people and caused billions of dollars in damages. Extreme weather events are expected to become more frequent and intense due to climate change. Federal contracts for goods and services play a key role in disaster response and recovery, and government purchase cards can be used by agency staff to buy needed items.
GAO’s review found that the efforts of selected agencies to plan for disaster contracting activities and assess contracting workforce needs varied. The U.S. Forest Service initiated efforts to address its disaster response contracting workforce needs while three agencies: the U.S. Army Corps of Engineers (USACE), the U.S. Coast Guard, and Department of the Interior (DOI), only partially addressed these needs. The Environmental Protection Agency indicated it did not have concerns fulfilling its disaster contracting responsibilities.
GAO said USACE assigned clear roles and responsibilities for disaster response contracting activities, but has not formally assessed its contracting workforce to determine if it can fulfill these roles. Meanwhile the Coast Guard has a process to assess its workforce needs, but it does not account for contracting for disaster response activities. And DOI said it is developing a strategic acquisition plan and additional guidance for its bureaus on how to structure their contracting functions, but currently does not account for disaster contracting responsibilities.
Contracting officials at all three of these agencies identified challenges executing their regular responsibilities along with their disaster-related responsibilities during the 2017 and 2018 hurricane and wildfire seasons. For example, Coast Guard contracting officials told GAO they have fallen increasingly behind since 2017 and that future disaster response missions would not be sustainable with their current workforce.
Originating in the late 1980s, the federal government’s purchase card program enabled agencies to quickly and easily acquire items needed to support daily operations and reduced administrative costs associated with small purchases. According to the Federal Acquisition Regulation, government purchase cards are the preferred means to make micropurchases. The government’s purchase card program—part of the SmartPay program—is managed by the General Services Administration (GSA), which administers the purchase card contracts with two commercial banks: U.S. Bank and Citibank. The banks issue purchase cards and maintain transaction and payment data, as well as provide analytical tools for agencies to use.
All five aforementioned agencies, as well as the Federal Emergency Management Agency (FEMA), collectively spent more than $20 million for 2017 and 2018 disaster response activities using purchase cards. GAO found that two of these six agencies—Forest Service and EPA—have not completed fraud risk profiles for their purchase card programs that align with leading practices in GAO’s Fraud Risk Framework. Additionally, five of the six agencies have not assessed or documented how their fraud risk for purchase card use might differ in a disaster response environment. DOI completed such an assessment during the course of GAO’s review.
About 42 percent of FEMA’s nearly $12.9 million in purchase card spending occurred with merchants specializing in office supplies. FEMA purchase card officials told GAO they used purchase cards to purchase materials and supplies, including office supplies, to set up offices for disaster response.
About 29 percent of the Coast Guard’s purchase card spending was with building supplies merchants, such as industrial supply and hardware merchants. Purchase cardholders at the Coast Guard reported frequently purchasing personal protective equipment, such as goggles, coveralls, and gloves, and items for ship repairs, among other things.
An Office of Management and Budget memorandum requires agencies to complete risk profiles for their purchase card programs that include fraud risk. GAO’s Fraud Risk Framework states managers should assess fraud risk regularly and document those assessments in risk profiles. The framework also states that risk profiles may differ in the context of disaster response when managers may have a higher fraud risk tolerance since individuals in these environments have an urgent need for products and services. Without assessing fraud risk for purchase card programs or how risk may change in a disaster response environment, agencies may struggle to design or implement effective internal controls, such as search criteria to identify fraudulent transactions.
GAO’s report makes a total of 12 recommendations, including to three agencies to assess disaster response contracting needs in workforce planning, and to five agencies to assess fraud risk for purchase card use in support of disaster response.
In its response to the draft report, the Department of Homeland Security provided additional documentation that demonstrated that FEMA and the Coast Guard generally account for risk associated with purchase cards in its quarterly risk register.
Contracting during a disaster can pose a unique set of challenges as officials face significant pressure to provide goods and services to survivors as quickly as possible while simultaneously fulfilling their agencies’ core missions. Agencies performing disaster response duties must adapt to dynamic and rapidly changing priorities and doing so requires a contracting workforce that is appropriately aligned to meet these responsibilities.
It is also imperative to have data that enables agencies to identify potential fraud that may have occurred as a result of higher fraud risk tolerance and associated flexibilities that may reduce the effectiveness of internal controls meant to prevent fraud.
* Federal Emergency Management Agency, U.S. Army Corps of Engineers, U.S. Coast Guard, Environmental Protection Agency, U.S. Department of Agriculture’s Forest Service, and U.S. Department of the Interior.