Fast Facts

Contracts and purchase cards are 2 ways agencies can acquire goods and services to get urgently needed items after a disaster. We assessed selected agencies' planning for contracting workforce needs and purchase card fraud risks related to disaster response and found

Not all agencies planned for or assessed their contracting workforce needs for disaster response

Only 1 of the 6 agencies assessed how purchase card fraud risks change during disaster response

We recommended that agencies assess disaster contracting workforce needs and purchase card fraud risks to improve disaster response.

Canal debris in the Florida Keys following Hurricane Irma

A debris-filled canal

Skip to Highlights
Highlights

What GAO Found

The efforts of selected agencies to plan for disaster contracting activities and assess contracting workforce needs varied. The U.S. Forest Service initiated efforts to address its disaster response contracting workforce needs while three agencies—the U.S. Army Corps of Engineers (USACE), the U.S. Coast Guard, and Department of the Interior (DOI)—partially addressed these needs. The Environmental Protection Agency indicated it did not have concerns fulfilling its disaster contracting responsibilities. Specifically, GAO found the following:

USACE assigned clear roles and responsibilities for disaster response contracting activities, but has not formally assessed its contracting workforce to determine if it can fulfill these roles.

The Coast Guard has a process to assess its workforce needs, but it does not account for contracting for disaster response activities.

DOI is developing a strategic acquisition plan and additional guidance for its bureaus on how to structure their contracting functions, but currently does not account for disaster contracting responsibilities.

Contracting officials at all three of these agencies identified challenges executing their regular responsibilities along with their disaster-related responsibilities during the 2017 and 2018 hurricane and wildfire seasons. For example, Coast Guard contracting officials stated they have fallen increasingly behind since 2017 and that future disaster response missions would not be sustainable with their current workforce. GAO's strategic workforce planning principles call for agencies to determine the critical skills and competencies needed to achieve future programmatic results. Without accounting for disaster response contracting activities in workforce planning, these agencies are missing opportunities to ensure their contracting workforces are equipped to respond to future disasters.

The five agencies GAO reviewed from above, as well as the Federal Emergency Management Agency (FEMA), collectively spent more than $20 million for 2017 and 2018 disaster response activities using purchase cards. GAO found that two of these six agencies—Forest Service and EPA—have not completed fraud risk profiles for their purchase card programs that align with leading practices in GAO's Fraud Risk Framework. Additionally, five of the six agencies have not assessed or documented how their fraud risk for purchase card use might differ in a disaster response environment. DOI completed such an assessment during the course of our review. An Office of Management and Budget memorandum requires agencies to complete risk profiles for their purchase card programs that include fraud risk. GAO's Fraud Risk Framework states managers should assess fraud risk regularly and document those assessments in risk profiles. The framework also states that risk profiles may differ in the context of disaster response when managers may have a higher fraud risk tolerance since individuals in these environments have an urgent need for products and services. Without assessing fraud risk for purchase card programs or how risk may change in a disaster response environment, agencies may not design or implement effective internal controls, such as search criteria to identify fraudulent transactions.

Why GAO Did This Study

The 2017 and 2018 hurricanes and California wildfires affected millions of people and caused billions of dollars in damages. Extreme weather events are expected to become more frequent and intense due to climate change. Federal contracts for goods and services play a key role in disaster response and recovery, and government purchase cards can be used by agency staff to buy needed items.

GAO was asked to review federal response and recovery efforts related to recent disasters. This report examines the extent to which selected agencies planned for their disaster response contracting activities, assessed their contracting workforce needs, and assessed the fraud risk related to their use of purchase cards for disaster response.

GAO selected six agencies based on contract obligations for 2017 and 2018 disasters; analyzed federal procurement and agency data; reviewed agencies' policies on workforce planning, purchase card use, and fraud risk; and analyzed purchase card data. FEMA was not included in the examination of workforce planning due to prior GAO work.

Skip to Recommendations

Recommendations

GAO is making 12 recommendations, including to three agencies to assess disaster response contracting needs in workforce planning, and to five agencies to assess fraud risk for purchase card use in support of disaster response.

Recommendations for Executive Action

Agency Affected Recommendation Status
Corps of Engineers The Secretary of the Army should ensure that the Commanding General of the Army Corps of Engineers develops guidance to ensure that its district-level affordability determinations account for the agency's disaster response contracting activities. (Recommendation 1)
Open
The Department of Defense (DOD) agreed with this recommendation. In October 2020, DOD said that the U.S. Army Corps of Engineers (USACE) Director of Contracting will provide guidance to commanders to support completion of the USACE Annual Workforce Workload Assessment, which is an assessment to ensure that USACE districts have the capability to accomplish planned contracting workload and disaster response missions arising throughout the year. As part of the workload assessments, USACE districts and major subordinate commands assess effects of current workload and operations tempo impacting the contracting workforce determinations on enterprise contracting. DOD officials told us that this assessment would be completed by the end of June 2021. In August 2021, DOD officials stated that, due to unanticipated leadership changes, USACE has not yet completed these actions.
United States Coast Guard The Commandant of the U.S. Coast Guard should provide guidance or incorporate into existing guidance information to ensure that the Coast Guard's manpower requirements determination for its acquisition directorate accounts for the agency's disaster response contracting activities. (Recommendation 2)
Open
The U.S. Coast Guard agreed with this recommendation. In August 2021, the Coast Guard said it updated the Manpower Requirements Manual in November 2020 and promulgated a new job-aid in April 2021, including guidance for assessing normal contingency workload and surge contingency workload, which covers the acquisition directorate's disaster response contracting activities. The Coast Guard noted that these documents refine and implement guidance for executing manpower requirement determinations. The Coast Guard anticipates an update to the Manpower Requirements Plan during its next periodic report to Congress, which is planned to be provided to Congress by March 2022. According to the Coast Guard, the updated Manpower Requirements Plan will include time frames and milestones to complete manpower requirement analyses and determinations for multiple positions, units, and functions based on service priority, and will include consideration of disaster response activities per the updated Manpower Requirements Manual and job-aide.
Department of the Interior The Secretary of the Interior should ensure that upcoming guidance directs bureaus to consider their disaster contracting activities when planning their contracting workforce, where appropriate. (Recommendation 3)
Open
The Department of the Interior (DOI) agreed with our recommendation and, in November 2020, stated that DOI would implement guidance to bureaus to consider disaster contracting activities in workforce planning, as appropriate. In July 2021, DOI told us that the Office of Acquisition and Property Management is in the early stage of launching a new assessment tool under the Bureau Framework Project--which is a project to assist bureaus in long-term strategic workforce planning, including emergency planning. . Among other things, each bureau's strategic plans must address workforce and workload challenges and detail how the bureau will address these challenges. DOI stated it anticipates delivery of a full governance policy for the project by October 2021.
Corps of Engineers The Secretary of the Army should ensure that the Commanding General of the Army Corps of Engineers updates its fraud risk profile for the purchase card program to include an assessment of how, if at all, the risk profile differs for purchase card use in support of disaster response. (Recommendation 4)
Open
The Department of Defense (DOD) agreed with this recommendation. In October 2020, DOD stated that the U.S. Army Corps of Engineers (USACE) Director of Contracting will work with the Headquarters USACE National Internal Control Program Manager to enhance USACE's fraud risk profile during the 2022 Risk Management and Internal Control Program (RMICP) cycle. DOD stated that the enhanced fraud risk profile will document how, if at all, the USACE risk profile for purchase card use differs in support of disaster response. In August 2021, DOD officials said that USACE still intends to add purchase card risk-management profiles to the 2022 RMICP cycle, including documenting how, if at all, the USACE risk profile for purchase cards use differs in support of disaster response; however, the RMICP program is currently undergoing a revision and restructuring, which is expected to be completed by November 2021.
Federal Emergency Management Agency The Administrator of the Federal Emergency Management Agency should update its fraud risk profile for the purchase card program to include an assessment of how, if at all, the risk profile differs for purchase card use in support of disaster response. (Recommendation 5)
Open
The Department of Homeland Security (DHS) agreed with our recommendation. In May 2021, FEMA officials told us that FEMA's Office of the Chief Financial Officer is working on updating its fraud risk profile for the purchase card program, which will include an assessment of how, if at all, the risk profile differs for purchase card use in support of disaster response. DHS anticipates the update will be completed by December 2021.
Department of Agriculture The Secretary of the U.S. Department of Agriculture should direct the Forest Service to update its fraud risk profile for the purchase card program to align with the leading practices in the Fraud Risk Framework and include an assessment of how, if at all, the risk profile differs for purchase card use in support of disaster response. (Recommendation 6)
Open
The U.S. Department of Agriculture agreed with our recommendation but, as of August 2021, the department had not provided information on actions taken to address it.
United States Coast Guard The Commandant of the U.S. Coast Guard should update its fraud risk profile for the purchase card program to include an assessment of how, if at all, the risk profile differs for purchase card use in support of disaster response. (Recommendation 7)
Open
The U.S. Coast Guard agreed with this recommendation. As of August 2021, the Coast Guard had not yet provided information that demonstrates its assessment of how, if at all, its fraud risk profile differs for purchase card use in support of disaster response.
Environmental Protection Agency The Administrator of the Environmental Protection Agency should take additional steps to complete and document a fraud risk profile for the purchase card program that aligns with the leading practices in the Fraud Risk Framework and includes an assessment of how, if at all, the risk profile differs for purchase card use in support of disaster response. (Recommendation 8)
Open
The Environmental Protection Agency (EPA) agreed with our recommendation. In October 2020, EPA said that the agency has begun preliminary work to determine and document the program's fraud risk profile based on GAO's leading practices. In May 2021, EPA said that the agency was in the process of reviewing EPA's purchase card program and assessing information collected from oversight tools to help populate EPA's Purchase Card Fraud Risk Framework. EPA noted that the new framework will help change the culture of the EPA's Purchase Card community by presenting information that demonstrates how the agency is committing, assessing, designing, implementing, evaluating, and adapting to annual performance of the framework requirements. In July 2021, EPA officials stated that EPA completed an analysis of current purchase card program practices, oversight, & control activities in March 2021 to better understand how to adopt the concepts and practices detailed in GAO's leading practices. In addition, EPA officials said that they developed a purchase card fraud risk questionnaire to survey purchase cardholders, approving officials, acquisition staff, managers, and transaction reviewers to gain further insight into EPA's purchase card fraud risk and better address fraud risk mitigation. EPA officials stated that they expect to complete and document a fraud risk profile for the purchase card program and assess how the risk profile might differ for purchase card use in support of disaster response by December 2021.
Federal Emergency Management Agency The Administrator of the Federal Emergency Management Agency should ensure that the agency has adequate data to allow it to conduct analysis of purchase card use in support of disaster response, including both the disaster event supported and sufficient vendor information to allow fraud risk analysis. (Recommendation 9)
Open
The Department of Homeland Security (DHS) agreed with this recommendation. In October 2020, DOD said that the Federal Emergency Management Agency's (FEMA) Office of the Chief Financial Officer (OCFO) will develop a data collection methodology, in coordination with Citibank, to include both the disaster event supported and sufficient vendor information to allow more comprehensive fraud risk analysis by October 2021. In May 2021, DHS officials told us that the FEMA OCFO's FEMA Finance Center (FFC) implemented an interface with Citibank for online cost transfers of purchases to obligations in CitiManager. According to DHS officials, the interface provides for obligation identification by program code and fund code, which provides for comprehensive data to identify purchases by disaster, merchant, and merchant category code. Officials noted that the FFC interface is able to capture purchase card data by disaster and merchant for purchases starting December 2020. As of August 2021, DHS officials had not provided documentation of the interface.
Corps of Engineers The Secretary of the Army should ensure that the Commanding General of the Army Corps of Engineers ensures that the agency has adequate data to allow it to conduct analysis of purchase card use in support of disaster response, including both the disaster event supported and sufficient vendor information to allow fraud risk analysis. (Recommendation 10)
Open
DOD agreed with our recommendation. In October 2020, DOD stated that by the second quarter of fiscal year 2021, Defense Pricing and Contracting will issue a policy memorandum directing Department of Defense Component Senior Procurement Executives and Heads of Contracting Activities to issue component-level guidance requiring entry of appropriate identifiers in a designated field of the card issuing bank's Electronic Access System "purchase log" to identify transactions made in support of disaster response and other emergency acquisitions. Further, DOD said that by June 2021, the U.S. Army Corps of Engineers (USACE) Directorate of Contracting will work with the USACE National Internal Control Program Manager to enhance USACE's fraud risk profile during the 2022 Risk Management Internal Control Program (RMCIP) cycle. The enhanced fraud risk profile will document how, if at all, the USACE risk profile for purchase card use differs in support of disaster response. In August 2021, DOD officials said that they issued a policy memo in December 2020 directing the Heads of Contracting Activity to issue component-level guidance to the workforce on recording and retaining purchase card information when National Interest Action (NIA) Codes are issued for applicable operations by entering appropriate identifiers in a designated field of the card issuing bank's Electronic Access System purchase log. In addition, DOD officials said that USACE's RMCIP process has been delayed, but the officials are working with USACE & the Office of the Deputy Assistant Secretary of the Army (Procurement) to ensure appropriate actions are completed.
United States Coast Guard The Commandant of the U.S. Coast Guard should ensure that the agency has adequate data to allow it to conduct analysis of purchase card use in support of disaster response, including both the disaster event supported and sufficient vendor information to allow fraud risk analysis. (Recommendation 11)
Open
The U.S. Coast Guard agreed with this recommendation. In August 2021, Coast Guard officials stated that the Director of Financial Operations-Comptroller continues to be scheduled to begin migrating financial systems in October 2022, which they anticipate will alleviate some inconsistencies, as transactions and supplemental data are linked and stored in the new system. Further, according to Coast Guard officials, data migration to the new financial system is on schedule for completion in December 2022, after which detailed actions and milestones for fully implementing this recommendation can be developed.
Environmental Protection Agency The Administrator of the Environmental Protection Agency should ensure that the agency has adequate data to allow it to conduct analysis of purchase card use in support of disaster response, including both the disaster event supported and sufficient vendor information to allow fraud risk analysis. (Recommendation 12)
Closed - Implemented
The Environmental Protection Agency (EPA) agreed with our recommendation. In October 2020, EPA said that through the collaborative work of the Agency's Office of the Chief Financial Officer and Office of Mission Support, EPA would pursue improvements to existing emergency response financial and purchase card use tracking procedures to ensure financial and purchase card transaction reporting systems provide accurate, accessible data in order to conduct fraud analysis in accordance with the mandated framework, including analysis specific to disaster response. In July 2021, EPA stated they are using a process that includes: retrieving data from multiple data systems and review of electronic records maintained by purchase cardholders. As part of this process, EPA officials said that they are able to obtain the data needed to conduct analysis of purchase card use in support of disaster response, including the disaster event, such as hurricane, and vendor information to allow for fraud analysis. EPA provided a report of EPA's fiscal year 2020 disaster response purchase card transactions, which showed EPA's disaster-related purchase card spending by disaster and vendor.

Full Report

GAO Contacts