Grants: AmeriCorps Should Take Multiple Actions to Better Manage Fraud Risks
Fast Facts
AmeriCorps funds grants—over $900 million in FY 2023—for volunteer and national service programs to address a range of community needs across the country. These grants support projects in areas like disaster recovery, educational support, and environmental stewardship.
AmeriCorps has taken some steps to manage potential fraud in its grant programs, such as developing training on what fraud might look like. But it hasn't considered the specific fraud risks in each of its grant programs, which can differ significantly.
We recommended, among other things, that AmeriCorps plan and conduct regular program-level fraud risk assessments.
Highlights
What GAO Found
AmeriCorps—also known as the Corporation for National and Community Service—administers a variety of grant programs that support service opportunities aimed at addressing community needs. The agency has taken some steps to manage fraud risks in its major grant programs. For example, as part of ongoing efforts to formalize its fraud risk management program, in September 2023 AmeriCorps developed a draft standard operating procedure that documents key roles of those leading fraud risk management activities.
Nevertheless, many of the agency's efforts to manage fraud risks do not fully align with selected leading practices in GAO's Fraud Risk Framework. For instance, AmeriCorps has not established a process to conduct regular fraud risk assessments in its major grant programs. The agency's current fraud risk assessment was conducted at the agency level and was not tailored to identify or address program-specific risks. The agency's programs vary in size and scope. For example, one program funded over 7,000 volunteers, while another program funded over 115,000 volunteers. The agency-level assessment may not result in the information necessary to effectively manage program-level fraud risks.
Furthermore, AmeriCorps' current agency-level fraud risk assessment does not fully align with leading practices in GAO's Fraud Risk Framework. Specifically:
- Identifying fraud risks. The fraud risk assessment did not fully identify specific risks or differences across its major grant programs—such as size and scope—that may warrant separate consideration.
- Assessing inherent fraud risks. AmeriCorps did not assess the likelihood or impact of the inherent fraud risks it identified.
- Setting risk tolerance. AmeriCorps set a fraud risk tolerance that does not align with guidance on the level of risk the agency is willing to accept. Specifically, AmeriCorps' guidance calls for a low fraud risk tolerance. However, the agency's fraud risk assessment set a higher risk tolerance, accepting more risk than called for by the agency's guidance.
- Considering existing controls. AmeriCorps did not fully consider the effect of existing controls because it had not assessed its inherent fraud risks.
Conducting fraud risk assessments that fully align with leading practices can help ensure that AmeriCorps produces the program-level information necessary to strategically manage fraud risks across its major grant programs.
AmeriCorps plans to explore and implement feasible antifraud data analytics, as called for by leading practices. However, the agency faces challenges that may hinder these efforts. For example, AmeriCorps does not collect any information on individual volunteers in certain programs, which may limit potential analytics. AmeriCorps has system modernization efforts currently underway that may improve data quality and allow for additional antifraud analytics. However, its plans do not explain whether its analysis will include the benefits and costs of collecting additional information or the anticipated benefits of its modernization efforts. Including these factors will help ensure that AmeriCorps fully explores the feasibility of antifraud data analytics in its major grant programs.
Why GAO Did This Study
AmeriCorps' grant programs address various community needs, including disaster relief, educational support, and environmental stewardship. In fiscal year 2023, the agency received over $900 million to fund these grant programs.
However, AmeriCorps has faced financial management challenges. In fiscal year 2023, AmeriCorps' Inspector General identified improving financial management and prioritizing fraud prevention and detection as major management challenges.
GAO was asked to review issues related to AmeriCorps' management of fraud risks in its grant programs. This report examines the extent to which AmeriCorps' (1) fraud risk management activities for major grant programs and (2) antifraud data analytics align with selected leading practices from GAO's Fraud Risk Framework. GAO reviewed relevant policies and documentation, analyzed data, and interviewed agency officials and compared this information with selected leading practices.
Recommendations
GAO is making 10 recommendations, including that AmeriCorps plan and conduct regular program-level fraud risk assessments that align with leading practices and include data completeness and quality challenges as it explores the feasibility of antifraud data analytics. AmeriCorps agreed with our recommendations and described plans to address them.
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
AmeriCorps | The Chief Executive Officer of AmeriCorps should establish a process to plan regular fraud risk assessments in its grant programs that align with leading practices in the Fraud Risk Framework. (Recommendation 1) |
In March 2024, AmeriCorps provided an updated version of its standard operating procedures (SOP) for fraud risk management. The SOP describes the agency's various risk assessment processes, including fraud risk assessment. The SOP notes that fraud risk assessments will be conducted annually and include a program-by-program focus. The SOP also describes the necessary information and stakeholders involved in assessing fraud risks. These steps align with leading practices in the Fraud Risk Framework. As a result, AmeriCorps is better positioned to ensure that it regularly assesses and manages fraud risks in its various grant programs.
|
AmeriCorps | The Chief Executive Officer of AmeriCorps should require future fraud risk assessments in its grant programs to identify specific inherent fraud risks. (Recommendation 2) |
In March 2024, AmeriCorps provided an updated version of its standard operating procedures (SOP) for fraud risk management and an updated fraud risk assessment for its grant programs. The SOP requires AmeriCorps to annually identify and assess program-specific risks in its grant programs. Further, AmeriCorps assessed fraud risks at the program level in its updated fraud risk assessment, which helps to account for differences across programs. As a result, AmeriCorps is better positioned to assess and manage fraud risks across its various grant programs.
|
AmeriCorps | The Chief Executive Officer of AmeriCorps should assess the likelihood and impact of inherent fraud risks as part of future fraud risk assessments. (Recommendation 3) |
In March 2024, AmeriCorps provided an updated fraud risk assessment for its grant programs. The fraud risk assessment assesses the likelihood and impact of each inherent fraud risk. Additionally, AmeriCorps' standard operating procedure for fraud risk management now requires annual fraud risk assessments to assess inherent and residual risks. As a result, AmeriCorps is better positioned to establish a baseline against which it can determine fraud risk tolerance and the effect of existing antifraud controls its various grant programs.
|
AmeriCorps | The Chief Executive Officer of AmeriCorps should align the fraud risk tolerance in future fraud risk assessments with the agency's risk appetite statement. (Recommendation 4) |
In March 2024, AmeriCorps provided an updated version of its standard operating procedures (SOP) for fraud risk management, which it adopted as an interim draft. The SOP requires fraud risk assessments to align with the agency's risk appetite statement. Further, AmeriCorps' updated fraud risk assessment sets a lower fraud risk tolerance than the 2023 assessment. As a result, AmeriCorps is better positioned to consistently and effectively assess fraud risks and mitigate those that exceed its tolerance.
|
AmeriCorps | The Chief Executive Officer of AmeriCorps should fully consider the effect of existing antifraud controls in mitigating the likelihood and impact of inherent fraud risks as part of future fraud risk assessments. (Recommendation 5) |
In March 2024, AmeriCorps provided an updated fraud risk assessment for its grant programs. The fraud risk assessment separately assesses inherent fraud risks, which then allowed AmeriCorps to more fully consider the effect of existing controls in mitigating the inherent fraud risks (i.e., residual risks). Additionally, AmeriCorps' standard operating procedure for fraud risk management now requires annual fraud risk assessments to assess inherent and residual risks. As a result, AmeriCorps is better positioned to identify the impact of its antifraud controls and prioritize risks that remain above tolerance in its various grant programs.
|
AmeriCorps | The Chief Executive Officer of AmeriCorps should update the agency's fraud risk profile with information from elements of a fraud risk assessment process that align with the leading practices in the Fraud Risk Framework. (Recommendation 6) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
AmeriCorps | The Chief Executive Officer of AmeriCorps should develop, document, and communicate an antifraud strategy for its grant programs based on a fraud risk profile that aligns with leading practices for fraud risk management. (Recommendation 7) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
AmeriCorps | The Chief Executive Officer of AmeriCorps should require grantees to take its fraud awareness training. (Recommendation 8) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
AmeriCorps | The Chief Executive Officer of AmeriCorps should include the benefits and costs of collecting data on volunteers and all subgrants as it explores the feasibility of antifraud data analytics. (Recommendation 9) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
AmeriCorps | The Chief Executive Officer of AmeriCorps should include the anticipated effects of its systems modernization efforts as it explores the feasibility of antifraud data analytics. (Recommendation 10) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|