Written Testimony of Lori Giblin Chief Risk Officer, Before the Committee on Education and the Workforce Subcommittee on Higher Education and Workforce Development
Chairman Guthrie, Ranking Member Davis, and Members of the Subcommittee,
Thank you for the invitation to testify today. I appreciate the opportunity to discuss the Corporation for National and Community Service’s (CNCS) commitment to strong risk management and prudent stewardship of taxpayer dollars.
My name is Lori Giblin, and I’ve served as Chief Risk Officer for CNCS since April of 2016. I joined CNCS ten months ago with nearly 25 years of experience working for the great states of Virginia and Arizona and the federal government in the areas of community development, compliance, monitoring, internal controls, and risk management. Today, I will provide you with an update on the activities of the Office of the Chief Risk Officer since our former CEO Wendy Spencer appeared before this Subcommittee in May 2016.
I would like to start by recognizing CNCS’s senior leadership, as well as CNCS staff for their support as my team and I have developed a strategy and work plan that refines and builds on CNCS’s current risk management framework. Without this team of dedicated professionals, I would not be able to share our accomplishments to date and be confident that we can address the opportunities and challenges that lie ahead. I also want to acknowledge the ongoing collaborative partnership and support that I have received from the Inspector General who has been helpful in identifying areas where attention is needed.
My presence here today represents CNCS’s extraordinary commitment to risk management. We view an effective risk management program as an essential strategy for ensuring we meet our grantee management and oversight responsibilities. It bears noting that CNCS is one of the first small, independent federal agencies to hire a Chief Risk Officer. We are also one of the only agencies that has aligned all of our risk assessment functions within one integrated framework. And, through our participation as steering committee members of the Association of Federal Enterprise Risk Management’s Small Agency Community of Practice, we have been identified as a leader among our peers in implementing the principles of risk management described in the Office of Management and Budget (OMB) guidance released in FY 2016.
Even in an extremely tight budget environment, agency management prioritized the implementation of risk management, redirecting scarce resources to ensure that this function is properly staffed and supported. This has enabled us to develop and begin to implement a robust work plan. Thanks to management support we have built a team of seventeen risk management professionals with extensive public and private sector experience in accounting, auditing, compliance, internal controls, and risk management.
My top priority as Chief Risk Officer is to build on our strengths and accomplishments and address challenges by further developing a risk-based program modeled on industry best practices. This program will identify where the agency faces challenges and risks in terms of fully delivering on our mission. Once these challenges and risks are clearly identified, tested, and verified, my job is to design and implement strategies to mitigate those risks. Mitigating risks means to eliminate, prevent, or reduce the negative impact upon our programs, which are vitally important to communities across the country and the American public.
In this testimony I will describe risk management at CNCS as it relates to four standard categories of risk: programmatic, financial, compliance, and fraud. I will also provide an update on progress and accomplishments in the five programs that the Office of the Chief Risk Officer directs. I will end with a summary of our path forward.
Corporation for National and Community Service Overview
To appreciate the risk management systems that CNCS has put in place to ensure accountability, it is important to understand the structure of national service and our programs.
CNCS supports service opportunities and building evidence for social interventions through AmeriCorps members, Senior Corps volunteers, and Social Innovation Fund grantees. The support we provide includes service opportunities and grants that focus on disaster services, economic opportunity, education, environmental stewardship, healthy futures, and veterans and military families. Last year, 325,000 Americans served in CNCS supported programs at more than 50,000 locations across the nation, including more than 244,000 Senior Corps members and nearly 80,000 AmeriCorps members. Our Social Innovation Fund supports more than 426 organizations in 44 states building the evidence base to support interventions in communities around the country. Since 2011, CNCS responded to 200 state and federally declared disasters, deploying more than 16,000 national service participants, including AmeriCorps NCCC and FEMA Corps teams. The structure of CNCS includes a wide variety of grantee activity at many locations and thousands of members each year, creating a complex environment for risk management.
Risk Management Framework at CNCS
CNCS follows leading industry practice in organizing risk into four basic categories: programmatic, financial, compliance, and fraud. The Office of the Chief Risk Officer ensures that the agency actively identifies and mitigates risk in each of these categories in order to successfully deliver effective national service and social innovation activities and benefits.
Our current direction in risk management is to identify actual, evidence-based risks; validate and prioritize them, and mitigate them on an ongoing basis. CNCS takes any misuse of federal funds extremely seriously and our framework will ensure that our risk management efforts are prioritized for impact rather than focusing on isolated incidents that are not representative of the entire grant portfolio.
Programmatic Risk
In the area of programmatic risk, CNCS manages a large, diverse, and active grant portfolio. A majority of our funding is invested in grantmaking. We assess, award, monitor, and provide training and technical assistance to our grantees to assist them in successfully implementing their programs and that any programmatic, financial, compliance or fraud risk on the part of the grantee is mitigated.
Financial Risk
In defining financial risk to the agency, we assess challenges that affect our grantees’ financial viability and their ability to manage federal funds. In some circumstances we may make a strategic choice to tolerate a higher level of financial risk in order to support grantees that are delivering high-quality services that address needs in low-income and hard-to-serve communities or facing pressing or emerging risks.
CNCS employs a wide range of strategies to deal with grantees that have financial challenges, including termination if the grantee cannot comply with the terms and conditions of the award, not considering a grantee for further funding, suspension, and debarment. Other corrective actions include putting grantees on reimbursement only or requiring them to report monthly on their programmatic progress and expenditures. In addition, the agency has taken strong measures over the last two years to ensure that disallowed costs that are identified through audits, investigations and monitoring are recovered.
Compliance and Fraud Risk
Another priority as the Chief Risk Officer is to ensure that grantees comply with the terms and conditions of their award and to ensure that we safeguard the agency against fraud, waste and abuse. Let me share with you what our agency has done to enhance our risk mitigation posture and ensure that we have effective controls in the areas of compliance and fraud risk.
First, the CNCS senior leadership team has provided significant support for the framework of our risk program—its leadership, governance, and organizational structure. Since I arrived at CNCS, senior leadership, based upon my recommendations and their commitment to our success, has increased staffing of the risk management team.
To ensure that this team meets its goal of building, implementing, and reporting the results of a robust risk program, we have established a governance structure that will hold CNCS to the highest standards. Our senior level governance body has met seven times since I arrived and they have made important decisions on staffing, internal controls, and the criminal history check program. I am confident that this governance structure, combined with strong CEO and Board oversight and support, as well as monthly meetings with the IG and OIG staff, will ensure successful implementation of our risk strategies.
Programs of Office of the Chief Risk Officer
CNCS established the Office of the Chief Risk Officer to oversee all of the agency’s financial and programmatic internal risk assessment programs under one executive, including National Service Criminal History Checks, Improper Payments, Internal Controls, Grants Assessment, and Enterprise Risk Management programs.
National Service Criminal History Checks
The National Service Criminal History Checks program is the newest addition to the portfolio of the Office of the Chief Risk Officer. It was added as a follow-up action after the agency last testified before this Committee. Since we added the program to the Office of the Chief Risk Officer, senior leadership has approved a seven-point strategy that we are implementing to address the root causes of grantee noncompliance. These critical controls are designed to enhance the controls currently in place to protect our most vulnerable populations from those who wish to do harm.
As our former CEO shared during her testimony last year, CNCS developed and implemented a strategy to improve compliance with the National Service Criminal History Check requirements. This strategy includes using the agency’s legal authority to enable our grantees to directly obtain fingerprint based checks from a private vendor. Since engaging in this solution, the vendor has provided 17,476 checks to 531 grant recipient organizations in 44 states and the District of Columbia and Puerto Rico. The vendor has helped CNCS and our grantees identify potential ineligible applicants thus fortifying our risk efforts and protecting those we serve. Building on that success, my office will seek a market-based solution to conduct the state criminal history checks that our grantees are currently unable to perform due to lack of access or capability.
In addition, the market-based solution will include the National Sex Offender Public Website checks, ensuring a complete three-part check. This solution will enable us to continue to protect our most vulnerable citizens, serve our grantees, and standardize a complex procedure. In addition to this public-private partnership, CNCS will augment and strengthen our outreach and training plans by educating our grantees in detection and encouraging active participation in proven prevention strategies.
Improper Payments
Every federal agency is required to assess payments that were made to the wrong person, at the wrong time, or in the wrong amount. Our agency has faced challenges in implementing a testing process that allows us to report, with confidence, our estimated rate of improper payments.
We have met with OMB and other federal agencies to gather their input on our testing design and approach to ensure that we are adopting proven strategies so we can more accurately report on the effectiveness of our program to eliminate improper payments. Next month we will submit a testing methodology to OMB that will help us report accurately and test in a way that identifies root causes to our major sources of noncompliance.
Internal Controls
I have been working closely with senior leadership to enhance and refine our internal control framework to comply with all Government Accountability Office (GAO) standards, including those detailed in GAO’s Framework for Managing Fraud Risks in Federal Programs. We have recently conducted the agency's first ever entity-level assessment that tested the agency’s enterprise-wide controls. We are pleased to report that no material gaps were identified.
We have also convened a Fraud Risk Assessment Committee and have scheduled meetings of the group for the remainder of the fiscal year. This committee will guide the agency in identifying potential fraud risks. It will rate, rank, and calibrate identified risks for further action and implement risk mitigation strategies. In addition to the fraud risk assessment, we have hired a contractor to reconfigure our overall internal controls annual testing approach to make sure it is aligned with industry best practices. This year we have selected the procurement and grant lifecycle functions for testing and will continue to develop the assessment tools needed to test the agency’s other key business processes.
Enterprise Risk Management
My team is actively participating in the government-wide effort to implement an enterprise risk management program as one component of our risk management framework. We are in the process of drafting an agency risk register that will be validated and prioritized by senior leadership. We anticipate completing this assessment in the coming months. This risk register will also be used to further assess agency risks and vulnerabilities and provide us the opportunity to refine our mitigation strategies on an ongoing basis.
Monitoring Risk Assessment
My team is charged with developing and facilitating the annual risk assessment of all grants. The agency has an assessment tool that assists us in identifying whether grantees require additional monitoring and training and technical assistance. Nearly a decade ago, CNCS was at the leading edge of federal agencies that developed assessment criteria used to determine which grantees we monitor and how we conduct grantee monitoring. Though we have refined this criteria over the years, we will be working to further refine and mature it moving forward. In addition to strengthening our risk assessment process, CNCS continues to enhance our grantee oversight and monitoring throughout the grant lifecycle to ensure grantee success and accountability.
Conclusion
Thank you for the opportunity to provide testimony today. I want to assure the Committee that CNCS and I are deeply committed to developing and enhancing our approach to risk management. We take our responsibilities very seriously and are confident in our ability to effectively manage federal funds and provide national service opportunities to the American public. I welcome your advice and counsel.