Fraud is one contributor to financial and nonfinancial risks that cost taxpayers dollars, threaten national security, or put consumers at risk. It also poses a significant risk to the integrity of federal programs and erodes public trust in government. Implementing effective fraud risk management processes can help ensure that federal programs fulfil their intended purpose, spend their funding effectively, and safeguard assets.
The Fraud Reduction and Data Analytics Act of 2015 (FRDAA) requires agencies to establish internal controls to manage their fraud risks and to report implementation progress for the first three years after enactment. It also directs the Office of Management and Budget (OMB) to develop guidelines for agencies to establish fraud risk management controls and establish a working group to share best practices in fraud risk management and data analytics.
GAO was asked to review agencies’ and OMB’s efforts to implement FRDAA. Its December 4 report examines the steps agencies and OMB have taken to implement FRDAA. GAO conducted a survey of the 72 agencies subject to the act, held a roundtable discussion with 14 selected agencies, reviewed 24 selected annual financial reports, examined OMB guidelines, and interviewed OMB staff.
GAO found that agencies have begun planning for and implementing fraud risk activities (like conducting an evaluation of fraud risks) required by FRDAA. Overall, most of the 72 surveyed agencies (85 percent) indicated that they have started planning how they will meet FRDAA requirements, and about 78 percent indicated that they have also started taking steps to implement the requirements.
To assist agencies in implementing fraud risk management activities, the OMB established FRDAA-related guidelines and a working group, as required by the act. However, agencies experienced challenges with OMB’s guidelines and the working group, among other things, according to GAO.
To meet FRDAA requirements, OMB updated Circular No. A-123 guidelines that govern executive agencies. However, this update included limited information on the methodologies agencies can use to assess, document, and report on internal controls required by FRDAA, according to GAO’s review of the guidelines. Surveyed agencies had mixed perspectives on the usefulness of OMB’s guidelines for implementing FRDAA controls. Similarly, agencies identified the lack of clear requirements and guidance as top challenges in GAO’s roundtable discussion with 14 selected agencies.
Although not required by FRDAA, OMB updated annual financial report guidelines to include FRDAA requirements, but GAO found that the guidelines did not contain enough information to aid agencies in producing complete and detailed progress reports in 2017, the first year of reporting. GAO said additional guidelines from OMB could help agencies produce more complete and detailed reports for 2019, the final year of required reporting. Without a longer reporting period, however, Congress may not have the useful information for continued oversight of agencies’ progress.
OMB has taken steps to establish a working group, but GAO found the working group did not fully meet FRDAA requirements. As Chair, OMB did not involve all agencies subject to the act in the working group or hold the required number of meetings in 2017, although the required number of meetings had been held at the time of investigation in 2018. Most surveyed agencies indicated a lack of involvement with and information from the working group as challenges in implementing FRDAA.
GAO is making three recommendations: that OMB enhance its guidelines for establishing controls, enhance guidelines for reporting on agencies’ progress, and fully implement the working group. OMB did not concur with the need for the recommendations on various grounds, and staff also stated that they did not believe the GAO survey provided sufficient evidence that a change in guidance is needed because the responses are based on agencies’ opinions.
In June 2018, OMB released the government-wide reform plan, which consists of government-wide reorganization and reform proposals with the goal of increasing focus on integrated mission, service, and stewardship delivery. While it is too early to tell whether or how all of these reforms will affect agencies’ efforts to implement FRDAA, GAO has previously reported that OMB and agencies can leverage these broader reform efforts to address the high-risk areas and government-wide challenges that present vulnerabilities to fraud, waste, abuse, and mismanagement, or are in need of transformation.
GAO recognizes that effective implementation of the act will take time, and each program and agency may evolve at a different pace. While a small number of agencies reported being mature in their implementation of FRDAA activities, most are in the process of developing key fraud risk activities, and others have yet to start developing them.
Congress is therefore asked to consider consider extending the requirement in FRDAA for agencies to report on their implementation of fraud controls, identification of fraud risks, and strategies for mitigating them, beyond the current 2019 expiration.