What GAO Found
At varying stages, agencies have begun planning for and implementing fraud risk activities (like conducting an evaluation of fraud risks) required by the Fraud Reduction and Data Analytics Act of 2015 (FRDAA), according to GAO’s survey of agencies subject to the act. Overall, most of the 72 surveyed agencies (85 percent) indicated that they have started planning how they will meet FRDAA requirements, and about 78 percent indicated that they have also started taking steps to implement the requirements.
To assist agencies in implementing fraud risk management activities, the Office of Management and Budget (OMB) established FRDAA-related guidelines and a working group, as required by the act. However, agencies experienced challenges with OMB’s guidelines and the working group, among other things, according to GAO’s survey and roundtable discussion results (see figure below).
Agencies Indicating Challenges with the Sufficiency of Office of Management and Budget Guidelines, Progress Reporting, and Working-Group Efforts
Implementation guidelines. To meet FRDAA requirements, OMB updated Circular No. A-123 guidelines that govern executive agencies. However, this update included limited information on the methodologies agencies can use to assess, document, and report on internal controls required by FRDAA, according to GAO’s review of the guidelines. Surveyed agencies had mixed perspectives on the usefulness of OMB’s guidelines for implementing FRDAA controls. Similarly, agencies identified the lack of clear requirements and guidance as top challenges in GAO’s roundtable discussion with 14 selected agencies.
Reporting on implementation progress. Although not required by FRDAA, OMB updated annual financial report guidelines to include FRDAA requirements, but GAO found that the guidelines did not contain enough information to aid agencies in producing complete and detailed progress reports in 2017, the first year of reporting. Additional guidelines from OMB could help agencies produce more complete and detailed reports for 2019, the final year of required reporting. Without a longer reporting period, however, Congress may not have the useful information for continued oversight of agencies’ progress.
Working Group. OMB has taken steps to establish the working group, but GAO found the working group did not fully meet FRDAA requirements. As Chair, OMB did not (1) involve all agencies subject to the act in the working group or (2) hold the required number of meetings in 2017. Most surveyed agencies indicated a lack of involvement with and information from the working group as challenges in implementing FRDAA.
Why GAO Did This Study
Fraud poses a significant risk to the integrity of federal programs and erodes public trust in government. Implementing effective fraud risk management processes can help ensure that federal programs fulfill their intended purpose, spend their funding effectively, and safeguard assets.
FRDAA requires agencies to establish internal controls to manage their fraud risks and to report implementation progress for the first 3 years after enactment. It also directs OMB to (1) develop guidelines for agencies to establish fraud risk management controls and (2) establish a working group to share best practices in fraud risk management and data analytics.
GAO was asked to review agencies’ and OMB’s efforts to implement FRDAA. This report examines steps (1) agencies and (2) OMB have taken to implement FRDAA. GAO conducted a survey of the 72 agencies subject to the act, held a roundtable discussion with 14 selected agencies, reviewed 24 selected annual financial reports, examined OMB guidelines, and interviewed OMB staff.
What GAO Recommends
GAO is making three recommendations, including that OMB (1) enhance its guidelines for establishing controls, (2) enhance guidelines for reporting on agencies’ progress, and (3) fully implement the working group. OMB did not concur with the need for the recommendations. GAO continues to believe the recommendations are valid, as discussed in the report. Additionally, Congress should consider extending agencies’ reporting requirements.
For more information, contact Rebecca Shea at (202) 512-6722 or email@example.com.