Managing Financial Risk in Government
Efficient and effective financial management is an essential way U.S. federal agencies serve the American people and protect the interests of taxpayers. Managing financial risk in government is more than a compliance exercise; it goes to the core of agency mission delivery. Strengthening financial risk management aligns with the government’s goals of minimizing waste, fraud, abuse, and mismanagement while also enabling government leaders to improve efficiency, increase transparency, and enhance decision-making.
The key to managing financial risk in the federal government is having access to accurate, complete, and timely information. Many government agencies are unable to analyze their data and quickly communicate it to the right stakeholders to enhance decision-making processes and reduce risk across the federal enterprise.
The foundations for advancing quality financial data and internal controls are based in numerous government reporting requirements, in particular the Federal Managers’ Financial Integrity Act (FMFIA), the Chief Financial Officers Act (CFO Act), and the Government Performance and Results Act Modernization Act (GPRAMA). Together, these acts require agencies to implement enhanced performance planning, risk management, and reporting tools that can help inform the agency, congressional and executive branch decisions. While there has been significant increases in program integrity, efficiency, and transparency over the years, government operations have become increasingly complex. retention of core expertise more difficult, and systems struggling to be compliant invite major areas of fragmentation, overlap, and inefficiency. As a result, government executives increasingly rely on technology solutions to meet these demands and achieve their strategic goals.
Pursuing government-wide standards for financial data that is accurate, consistent, reliable, and searchable across the enterprise has not slowed. More recently, the Digital Accountability and Transparency Act (DATA Act) of 2014 enabled access to information about how government spends $4.1 trillion annually, modernizing the way government spending information is collected, reported, and published. This act was followed by the Foundations for Evidence-Based Policymaking Act (Evidence Act) of 2018 and the Grant Reporting Efficiency and Agreements Transparency (GREAT Act) of 2019, which enhanced the requirements for access to accurate, complete and timely information. Specifically, the Evidence Act requires making data accessible and suitable for government decision making. It also empowered chief data officers in agencies to prioritize how to structure data, focus on data quality, and to facilitate data governance processes. The GREAT Act requires increased reporting by grant recipients and those who have cooperative agreements through a renewed focus on data quality, with the adoption of common data standards and improved access to grantee information.
Two other critical sources of managing financial risk for government agencies are contained in M-16-17 OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, and in the Government Accountability Office (GAO) Standards for Internal Control in the Federal Government (e.g., the Green Book). In July 2016, OMB updated its guidance to ensure federal managers are effectively managing risk by integrating risk management processes in the agency’s strategic objectives and in daily operations. As elaborated in the IBM Center report, Improving Government Decision Making through Enterprise Risk Management, ERM focuses strengthening decision making and improving information flow by breaking down agency silos and changing an agency’s culture to be more risk-aware. OMB Circular No. A-123 focuses on agencies’ expanded responsibilities that reinforce the purposes of the FMFIA and the GPRAMA, while the Green Book provides the standards that agency management must implement in order to properly assess and improve internal controls over operations, reporting, and compliance.
Further complicating matters, the largest economic stimulus package in U.S. history was enacted on March 27, 2020. The Coronavirus Aid, Relief and Economy Security Act (CARES Act) provides economic relief for individuals, businesses, and industries affected by the pandemic. The $2 trillion package contains some key provisions for public data and evidence-building activities. Given the size, objectives, and speed to which the CARES Act was created, there is a greater potential for fraud and abuse. The CARES Act provides special oversight functions in order to monitor and mitigate these risks, similar to the 2008 financial crisis’ Troubled Asset Relief Program (TARP) effort. Two other stimulus packages were enacted before the CARES Act and other packages are being discussed.
Given the pandemic response and the significant infusion of stimulus funding, there will be significant oversight. As a result, federal executives must lead and advance the practice of ERM within their agencies and across the federal government. While risk is unavoidable, especially given federal agencies mission and operational environment, risk management can effectively reduce the probability and harm through a coordinated effort to limit, mitigate and prioritize risks at the senior leadership level.
In this light, it is critical that federal executives focus on extreme financial challenges today and in the future by addressing barriers to effective implementation and execution of ERM programs. Using the latest ERM technology, agency leaders can access real-time data and add value across the organization by identifying risks and systematically connecting them to the appropriate decision makers.
The following “as is” challenges are compared with “to be” opportunities to achieve effective financial risk management with a goal to enhancing government executive decision-making.
The need for transparency, proactive risk-identification measures, and strong internal controls in alignment with agency objectives has never been greater. Some agencies have not kept pace with the numerous regulations and guidelines briefly touched upon here. Recently, many agencies have had to shift strategic objectives and operations to effectively address the impact of the coronavirus and the response to it. This uncertainty time while disruptive to normal operations also offers an opportunity and sense of urgency to change.
Given this evolving situation, agency leadership should apply an enterprise risk management approach and invest in technology that allows for accurate, complete, and timely information. By eliminating information silos, aligning governing procedures with risk mitigation efforts, and delivering the right information to the right people at the right time using the latest technologies, agencies can make better decisions based on a more holistic view of risks and their interdependencies.
Read the next post in our risk series, "Cybersecurity Risk Management – Resources for Agency Action."