Finding Text
Condition:
The organization has not implemented a formal risk management process, including:
Assessing risks related to compliance with federal regulations.
Addressing risks associated with regulatory changes.
Evaluating and mitigating fraud risks.
Criteria:
2 CFR 200.303 requires entities to establish and maintain effective internal controls, including risk
assessments and fraud prevention measures, to ensure compliance with federal regulations.
Cause:
The organization, being relatively new, has not prioritized developing a structured risk management
framework, including fraud risk assessment and mitigation policies.
Effect:
The lack of a risk management framework and fraud mitigation strategies increases the likelihood of
mismanagement, noncompliance, and potential misuse of federal funds.
Recommendation:
1. Establish a formal risk management process to identify, assess, and address risks associated with
the Federal grant programs (e.g., ERA, TANF, etc.).
2. Develop and implement fraud risk assessment procedures and corresponding mitigation
policies.
3. Train staff and management on risk management principles and fraud prevention strategies.
Questioned Costs: None
Management’s Response:
The organization has already taken steps and will continue to take immediate action to establish a
formal risk management framework. This will include conducting a comprehensive fraud risk assessment
and integrating fraud detection and prevention processes into the organization’s internal controls.
A formal risk management policy will be developed and adopted within three months, with regular
reviews scheduled thereafter to ensure its continued effectiveness and alignment with the industry’s
best practices.