Transmittal No. 113 Date:  August 18, 2009

Background

On April 10, 2009, the Department of Health and Human Services announced the release of $985 million in CSBG funds appropriated as a result of the American Recovery and Reinvestment Act of 2009 (ARRA). Funds were released to States, U.S. Territories, and eligible Indian Tribes and Tribal organizations based on a statutorily defined formula outlined in Public Law 105-285, the Community Opportunities, Accountability, and Training and Educational Services Act of 1998.

Concurrent with the release of funds, OCS (OCS) issued Information Memoranda (IM)110, “Application for Fiscal Year (FY) 2009 CSBG Appropriation of American Recovery and Reinvestment Act (ARRA) Funds” with initial guidance for implementation. Funds were released contingent on specific terms and conditions of the award with the requirement that CSBG ARRA plans be provided for Federal review by May 29, 2009. At the time of the grant release, OCS announced that additional guidance would be provided on CSBG ARRA reporting and accountability requirements as new information became available.

OCS has completed an initial review of all Tribe and Tribal organization Plans that were received by the May 29, 2009 deadline. Each Tribe or Tribal organization will receive written feedback on plans from assigned program specialists. This feedback will indicate whether plans have been accepted, accepted with conditions, or held for further review pending receipt of specific information. In rare situations where OCS identifies significant statutory concerns, or in which essential information has not been provided, OCS may temporarily suspend the ability to draw down funds in the Payment Management System pending specific changes or clarifications.

As a next step in the implementation and monitoring process for CSBG ARRA funds, all Tribes and Tribal organizations will be asked to work on locally based risk assessment efforts, which will be used to help guide OCS technical assistance and monitoring support with the goal of assuring appropriate expenditures in compliance with requirements of the CSBG Act and ARRA.

Available Standards and Guidelines for Internal Controls

According to the Government Accountability Office (GAO), “internal control is not one event, but a series of actions and activities that occur throughout an entity’s operations and on an ongoing basis. Internal control should be recognized as an integral part of each system that management uses to regulate and guide its operations rather than as a separate system within an agency.” (GAO/AIMD-00-21.3.1, Standards for Internal Control in the Federal Government).

GAO standards for internal control in the Federal Government are available online at the following web address:

http://www.gao.gov/special.pubs/ai00021p.pdfVisit disclaimer page

GAO standards for internal controls are based on The Internal Control Integrated Framework, published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), an independent private-sector initiative formed in 1985 to assess causal factors that can lead to fraudulent financial reporting. A summary of COSO’s framework is available online at the following web address:

http://www.coso.org/IC-IntegratedFramework-summary.htmVisit disclaimer page

Under the COSO framework, internal control consists of five interrelated components: 1) Control Environment, including the integrity, ethical values, management philosophy, and operating style of organizational management; 2) Risk Assessment, including identification of analysis of relevant risks to achievement of organizational objectives; 3) Control Activities, including the policies and procedures that help ensure management directives are carried out; 4) Information and Effective Communication, such as reports, containing operational, financial and compliance-related information, and communication of objectives and responsibilities within an organization and with key external parties; and 5) Monitoring of internal controls and system performance both through ongoing internal monitoring and separate evaluations (COSO Internal Control Integrated Framework, Executive Summary).

Internal Controls for CSBG ARRA – A Federal, Tribal Partnership

Tribes and Tribal organizations did not receive additional funds through the ARRA for administration or monitoring, but may include ARRA oversight activities in monitoring and reporting systems supported through regularly appropriated CSBG funds.

Because Tribes and Tribal organizations do not receive additional funds for monitoring or administrative activities, Tribes must take a direct and individually accountable role in overseeing organizational risk assessment, review of internal controls, and risk mitigation planning to assure that funds are spent appropriately and in accordance with Federal and Tribal CSBG requirements.

The process of assessing organizational vulnerabilities and risks should be ongoing and integrated within management oversight efforts. Ongoing risk assessments should focus on the likely risk for errors in expenditures, programmatic errors or delays that may prevent a Tribe or Tribal organization from meeting its program objectives, as well as areas for potential fraud or abuse within the organization and among recipients of support or funding.

For the purposes of CSBG ARRA implementation, all CSBG-eligible entities are expected to certify that a basic risk assessment has been conducted. Risk assessments may be conducted by reviewing existing policies and procedures to assure that they address unique requirements under ARRA for separate accounting of funds and quarterly reporting on expenditures activities. A model format for such certification is provided as an attachment to this guidance. Entities may use this format or an alternate format.

For the purposes of CSBG ARRA implementation, all Tribes and Tribal organizations are expected to certify that a risk assessment has been conducted. At minimum, risk assessments must include the following factors:

1. Previous Audit or Monitoring Findings – Have there been any material weaknesses and reportable conditions, questioned costs or other findings cited within the last three years in annual audits, Tribal monitoring assessments, Inspector General reviews, or other Government agency reviews of Tribe or Tribal organization finances and operations. If so, have these material weaknesses been corrected? How has the agency verified that material weaknesses have been corrected (e.g., verification by auditors or independent reviewers)?
2. Internal Controls – Does the Tribe or Tribal Organization have in place standard financial and operating controls to ensure assets and information are protected against fraud, waste and abuse, and mismanagement of Federal funds? Have these financial and operating controls been reviewed and updated to address new activities and funding under ARRA? Have internal control systems been tested, either through internal or outside reviews to assess potential vulnerabilities?
3. Statutory and Regulatory Compliance – Does the entity have in place clearly stated and current administrative, fiscal and programmatic policies and operating procedures in accordance with the CSBG statute? Does the entity assure that policies and procedures are distributed to staff accompanied by training? Are procedures in place to assure adherence to Office of Management and Budget (OMB) Cost Principles? OMB Cost Principles are available on the following websites:
   
   Cost Principles for State, Local, and Indian Tribal Governments (OMB Circular A–87)
   https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/federal_reg...Visit disclaimer page
   Cost Principles for Non-Profit Organizations (OMB Circular A–122)
   https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/federal_reg...Visit disclaimer page
4. Equipment and Property -What procedures are in place to assure that any general purpose equipment purchased using CSBG ARRA funds is directly related to specific CSBG services under the ACF Grant Terms and Conditions? If the Tribe or Tribal Organization proposes any purchase or improvement of land, or the purchase, construction, or permanent improvement (other than low-cost residential weatherization or other energy-related home repairs) of any building or other facility, has a Federal waiver been requested, and approved as required under the CSBG statute?

Risk assessments must include the following certification, signed by the Tribal chief executive and Tribal chairperson: “I certify that a risk assessment has been conducted to assure appropriate expenditures of Community Services Block Grant funds received through the American Recovery and Reinvestment Act of 2009. This risk assessment addressed previous audit or monitoring findings within the last three years, a review of existing internal controls, a review of statutory and regulatory compliance, and a review of equipment and property procedures to assure a direct relationship to CSBG services. Where potential risks have been identified, appropriate risk mitigation measures and compensating controls have been identified.”

Tribe and Tribal Organization Review of Risk Assessments and Certification or Comment

Tribes are expected to have a strong understanding of the organizational structures, organizational strengths, compliance histories, and risks. For the purposes of CSBG ARRA implementation, the Tribe or Tribal organization is expected to conduct risk assessments and provide comments directly to OCS.

OCS Review of Risk Assessment Information

Risk assessment information provided by Tribes and Tribal organizations will be utilized by OCS for the purpose of prioritizing technical assistance and monitoring activities. Areas of common risk identified by Tribes or Tribal organizations may be addressed through specific training events, webinars, or guidance materials. In other instances, risk assessment information will be analyzed by OCS to identify priority areas for direct on-site assistance to supplement regular Tribe and Tribal organization monitoring activities.

Timelines

To assure timely technical assistance and monitoring assistance at the Federal level, the following timelines are established for risk assessments:

October 30, 2009
Provide a certification statement, signed by the Tribal Chief, Chief Executive or Tribal Chairperson that a risk assessment has been conducted addressing previous audit or monitoring findings, internal controls, compliance risks, avoidance of real or apparent conflicts of interest, equipment and property. This assurance statement must identify any specific risks identified and plans to mitigate those risks.

Tribe and Tribal Organization Risk Assessment Assurances and Comments should be mailed to:

U.S. Department of Health and Human Services
Administration for Children and Families
Office of Community Services
Division of State Assistance
Attention: Community Services Block Grant Program
370 L'Enfant Promenade S.W., 5th Floor West
Washington, D.C. 20447

If you need additional information, contact your assigned Office of Community Services’ CSBG Program Services - Regional Contacts. This contact information is available on the CSBG program website.

/s/
__________________________
Yolanda J. Butler, Ph.D.
Acting Director
Office of Community Services

Attachment:

Model Template for Risk Assessment Assurance Statement by Tribes and Tribal Organization

ATTACHMENT - SAMPLE – RISK ASSESSMENT ASSURANCE TEMPLATE

CSBG ARRA Risk Assessment of Grantees, Sub-Grantees and Vendors/Contractors

GAO -01-1008G, Internal Control and Evaluation Tool August 2001

2 CFR Part 225, Cost Principles for State, Local, and Indian Tribal Governments dated August 29, 1997; and
2 CFR Part 230, Cost Principles for Non-Profit Organizations dated June 1, 1998.

SEC. 678F (a) (1) Limitation on Use of Funds.

Certification Statement: I certify that a risk assessment has been conducted to assure appropriate expenditures of Community Services Block Grant funds received through the American Recovery and Reinvestment Act of 2009. This risk assessment addressed previous audit or monitoring findings within the last three years, a review of existing internal controls, a review of statutory and regulatory compliance, and a review of equipment and property procedures to assure a direct relationship to CSBG services. Where potential risks have been identified, appropriate risk mitigation measures and compensating controls have been identified.

Tribal Chief Executive ____________________________________________________

Tribal Chairperson _________________________________________________

Comments
□ I concur with the assessment of risk with no additional comment
□ I have attached comments on additional areas of risk within this organization
Tribe or Tribal Organization CSBG Program Manager