1 / 30

Developments in High Risk

Developments in High Risk. Tiffany R. Winters, Esquire twinters@bruman.com Brustein & Manasevit, PLLC Fall Forum 2011. Risk Management: What Does it Mean. Risk = any barrier that prevents grantees and subgrantees from: (1) complying with federal law; and (2) meeting program objectives.

farica
Download Presentation

Developments in High Risk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Developments in High Risk Tiffany R. Winters, Esquire twinters@bruman.com Brustein & Manasevit, PLLC Fall Forum 2011

  2. Risk Management:What Does it Mean Risk = any barrier that prevents grantees and subgrantees from: (1) complying with federal law; and (2) meeting program objectives. • Primarily financial (protecting the integrity of federal funds) • But can also be programmatic (what is ED’s return on investment)

  3. Risk Management:Why Does it Matter? • Federal laws require ED to monitor risk levels at state/local level • Internal problems at ED have led to increased awareness of the impact of state/local activities • Significant audit/monitoring findings (including fraud, waste & abuse) These issues have led to a major ED restructuring to focus on risk issues

  4. Risk Management Services • RMS Group • Part of the Office of the Secretary • 4 Primary Responsibilities: • Grant policy • Training/Customer service • Oversight of “high-risk” entities • Risk based monitoring

  5. According to RMS… • Successful Risk Mitigation • Application review identifies who can best implement the program • Risk analysis identifies issues that can impede program implementation • Early risk mitigation actions can improve grant administration

  6. Improved Decisions by ED

  7. Components of Internal Controls

  8. Internal Controls – Control Environment Maintaining a level of competence that allows personnel to accomplish their assigned duties Clearly defined organizational structure Proper amounts of supervision Maintaining a good relationship with oversight agencies (like ED and OIG for example!)

  9. Internal Controls – Risk Assessment What could go wrong? What assets do we need to protect? How could someone steal or disrupt operations? What information do we rely on? High Most Control Risk Judgment Required Least Control Low Low High Impact

  10. Internal Controls – Control Activities Examples: Segregating Key Responsibilities Among Different People Restricting Access to Systems and Records Authorizations / Passwords Implementing Clear Written Policies in Key Areas Performance Reviews Maintaining Physical Control Over Valuable Assets Maintenance of Security Data System Checks Accurate and Timely Recording of Information

  11. Risk / Internal Control Examples Scheme Control Lacking Preapproved vendor list Supervisory oversight / invoice review Supervisory payroll approval Tight RFP procedure / insulated Lack of RFP process Separation of duties Reconciliation of statements • Fake Expense Reports • Diversion to personal use • Payroll / No work • Rigged RFP – kickbacks • Fictitious Vendors • Fictitious Invoices • District cards / personal use

  12. DocumentationIssues to Consider • Record retention • State law • Federal law = 3 years • Statute of limitations = 5 years • Records to facilitate an effective audit (comprehensive) • Consistency of documentation • Source documentation

  13. RMS • Want SEAs and LEAs to self-analyze and recognize risk • What are strategies for minimizing risk (i.e., succession planning, internal audit function, monitoring, self assessment, control environment) • Where are the entity’s greatest risks • How can ED help

  14. Possible factors in risk matrix • Amount of money received • Single audit findings (especially repeat findings or findings in multiple districts) • Federal program monitoring findings • SEA monitoring of LEAs (Sub-recipient monitoring) • Lapsed funds • Program performance • Compliance with laws/regulations • Media reports!

  15. Tips for Avoiding Risks • Keep in mind federal cost principles and basic threshold compliance standards • Have a well developed system of internal controls • Document, document, document!

  16. Top Single Audit Findings • Unallowable Costs • Reporting • Property and Procurement • Cash Management • Subrecipient Monitoring

  17. Single Audit Findings • A-133 Audit NOT necessarily reliable regarding compliance • Not all programs are covered • Depth of Review • Problems with Quality • Hold Firms Accountable • Be Proactive • Internal Controls!!

  18. RISKY Consequences

  19. How to Trigger High Risk Status • Puerto Rico: PRDE Secretary sentenced to 12.7 years – bribes and kickbacks • New Orleans August 2005 OIG Audit $69.3 million not properly accounted for • OIG recommendation: Designate New Orleans High Risk and impose special conditions • Detroit, August 2008 OIG Audit $53.6 million not adequately documented • OIG recommendation: Designate Detroit High Risk and impose special conditions • Philadelphia, January 2010 OIG Audit $138.4 million unallowable or not adequately documented • OIG recommendation: Designate Philadelphia high risk and impose special conditions

  20. You suspect an audit or some other trigger for high risk is here – or coming– • What do you do?

  21. High Risk Preemptive Strike • Do nothing – the U.S. Department of Education will take over the high risk designation and process; • May review overall State supervision of LEA’s in State administered programs

  22. High Risk Preemptive Strike • States/Districts prefer to manage the process at the state level – USDOE will generally not manage day to day – may require hiring outside third party fiduciary

  23. High Risk Preemptive Strike • States can take more active role • Cooperative SEA-LEA relationships generally in place • Closer to local conditions • Can move faster more flexibility

  24. High Risk Preemptive Strike • State high risk process • Notify RMS that state is acting preemptively and will stay in close touch with RMS • State designates LEA as high risk

  25. State Designation to LEA as High Risk • Formal letter • Imposes conditions

  26. State Designation to LEA as High Risk • Conditions • Can be varied to fit circumstances • Include at minimum • Risk assessment • Corrective action plan • Audit resolution process • Review and revision if necessary of policies and procedures

  27. May include • Restrictions on advance payment • Contracting with third party to review internal controls • Outsourcing some or all • LEA admin activities • Requirements to deliver manuals • Personnel • Procurement • Payroll • Any other actions the SEA deems appropriate

  28. Next Steps • RMS, SEA, LEA Meeting • Discussion includes steps taken • Timelines • Deliverables • Further Communication

  29. Finally • The LEA wants to know when this is over: • Rome wasn’t built in a day a.k.a. the conditions at issue did not develop in 6 months or a year • Be patient.

  30. Firm Disclaimer (Yet Again) This presentation is intended solely to provide general information and does not constitute legal advice or a legal service.  This presentation does not create a client-lawyer relationship with Brustein & Manasevit and, therefore, carries none of the protections under the D.C. Rules of Professional Conduct.  Attendance at this presentation, a later review of any printed or electronic materials, or any follow-up questions or communications arising out of this presentation with any attorney at Brustein & Manasevit does not create an attorney-client relationship with Brustein & Manasevit.  You should not take any action based upon any information in this presentation without first consulting legal counsel familiar with your particular circumstances.

More Related