Legal Services Corporation:

Improved Internal Controls Needed in Grants Management and Oversight

GAO-08-37: Published: Dec 28, 2007. Publicly Released: Jan 18, 2008.

Additional Materials:

Contact:

Susan Ragland
(202) 512-9471
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Legal Services Corporation (LSC) was created as a private nonprofit to support legal assistance for low-income people to resolve their civil legal matters and relies heavily on federal appropriations. In 2006, LSC distributed most of its $327 million in grants to support such assistance. Effective internal controls over grants and oversight of grantees are critical to LSC's mission. GAO was asked to determine whether LSC's internal controls over grants management and oversight processes provide reasonable assurance that grant funds are used for their intended purposes. GAO analyzed key records and interviewed agency officials to obtain an understanding of LSC's internal control framework, including the monitoring and oversight of grantees, and performed limited reviews of internal controls and compliance at 14 grantees.

GAO found weaknesses in LSC's internal controls over grants management and oversight of grantees that negatively affect LSC's ability to provide assurance that grant funds are being used for their intended purposes in compliance with applicable laws and regulations. Effective internal controls over grants and grantee oversight are critical to LSC as its very mission and operations rely extensively on grantees to provide legal services to people who otherwise could not afford to pay for adequate legal counsel. GAO also found poor fiscal practices and improper and potentially improper expenditures at grantees it visited. Weaknesses in LSC's control environment include the lack of clear definition in the responsibilities of two of the three organizational units that oversee the work of grantees. GAO also found that communication between oversight units and coordination of grantee site visits is not sufficient to prevent gaps or duplication of effort, or both. The timing and scope of site visits is not based on a systematic analysis of the risk of noncompliance or financial control weakness across LSC's 138 grantees, so LSC cannot determine whether its resources are being used effectively and efficiently to mitigate risk among its grantees. LSC control activities performed in the monitoring of grantee internal control were not sufficient in scope to achieve effective oversight, and GAO noted implementation weaknesses. For example, in the site visits GAO observed, staff did not follow up on questionable transactions and relied heavily on information obtained through interviews. Feedback to grantees was often delayed, preventing grantees from correcting deficiencies in a timely manner. As of September 2007, LSC had not yet issued reports to grantee management for about 19 percent (10 out of 53) of the 2006 site visits. LSC grantee reviews missed potential control deficiencies at grantees that could have been detected with more effective oversight as evidenced by weaknesses GAO found at 9 of the 14 grantee sites it visited. While control deficiencies at the grantees were the immediate cause of the problems GAO found, weaknesses in LSC's controls over its oversight of grantees did not assure effective monitoring of grantee controls and compliance. Among the questionable expenditures GAO found were grantee use of funds for expenditures with insufficient supporting documentation, unusual contractor arrangements, alcohol purchases, employee interest-free loans, lobbying fees, late fees, and earnest money.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Both management and the board are preparing status updates that they plan on delivering on September 1, 2009. GAO will follow up on LSC actions in this area as part of an engagement planned to begin in November 2009. Subsequently, in November 2007, the LSC President referred eight of the nine programs to the LSC Office of Inspector General (OIG) for follow-up. The ninth program, Nevada Legal Services (NLS), was followed up with by the Office of Program Performance and the Office of Compliance and Enforcement (OCE). In a summary report, the LSC OIG concluded that the issues specifically identified by GAO had been sufficiently corrected at each of the eight grantees visited. In addition, the OIG issued eight individual reports demonstrating that follow-up occurred with the eight grantees contributing to the resolution of the recommendation. During 2008, LSC took oversight actions over NLS. In June 2008, as a result of an OCE investigation, NLS was placed on month to month funding along with monthly reporting requirements. In September 2009, a joint OPP and OCE review of NLS was completed which reviewed progress against specific grant conditions. As a result of LSC's and OIG's follow-up efforts on the nine LSC grantees, LSC has a more informed basis for its grant management actions.

    Recommendation: LSC management should perform follow-ups on each of the improper or potentially improper uses of grant funds that we identified in this report.

    Agency Affected: Legal Services Corporation

  2. Status: Closed - Implemented

    Comments: In our December 2007 report on Legal Services Corporation (LSC) we found that the roles and division of responsibilities between the Office of Inspector General (OIG) and Office of Compliance and Enforcement (OCE) for oversight of grantee financial controls and compliance were not clearly defined. With compliance oversight and monitoring responsibilities divided between OCE and OIG and program oversight activities being performed by Office of Program Performance (OPP), strong coordination and communication among the three offices and a clear understanding of their roles and responsibilities is critical for achieving effective grantee and program oversight. OCE staff expressed confusion about their own roles and responsibility for the more limited fiscal compliance reviews they perform, and there was contention between OCE and OIG over unclear areas of responsibility that dates back to 1995. To help LSC improve its internal control and oversight of grantees, we recommended that LSC develop and implement policies that clearly delineate organizational roles and responsibilities for grantee oversight and monitoring, including grantee internal controls and compliance. During 2010, LSC developed and issued an April 2, 2010 memorandum which defined the responsibilities of the OIG and OCE for grantee oversight and monitoring, including grantee internal controls and compliance. The memo provided that the LSC Board of Directors adopted the "Roles and Responsibilities of LSC Offices Responsible for Grantee Oversight", to include the responsibilities of OPP, OCE and OIG. LSC resolution no. 2008-008 also specified the respective responsibilities for OPP and OCE in the oversight of internal financial controls at grantees. As a result of LSC's actions, LSC increased clarity over roles and responsibilities for grantee oversight, thus providing greater assurance that staff are not duplicating efforts and conducting more effective grantee and program oversight.

    Recommendation: To help LSC improve its internal control and oversight of grantees, LSC management should develop and implement procedures to improve the effectiveness of the current LSC fiscal compliance reviews by revising LSC's current guidelines to provide a direct link to the results of OPP reviews and OIG and Independent Public Accountant audit findings, guidance for performing follow-up on responses from grantee interviews, and examples of fiscal and internal control review procedures that may be appropriate based on individual risk factors and circumstances at grantees.

    Agency Affected: Legal Services Corporation

  3. Status: Closed - Implemented

    Comments: In our 2007 report on the Legal Services Corporation (LSC), we found that LSC did not use a structured or systematic approach for assessing risk associated with its 138 grantees as a basis for determining the timing and scope of its grantee oversight visits. In determining which grantees to visit, both the Office of Program Performance (OPP) and the Office of Compliance and Enforcement (OCE) use an approach based primarily on time between site visits and the respective office director's judgments. The director of OCE also said OCE attempts to visit every grantee on a 5 and a half year cycle. However, this time-based cycle is not consistently followed. For example, the second largest grant recipient, receiving over $13 million in 2006, has not been visited by OCE since at least 1996. In addition, we noted there was a 7-year lapse between OCE visits to a grantee in Las Vegas, Nevada, for which OCE, recently opened an investigation after discovering several significant compliance-related findings. Without a more structured process for selecting grantees to review, LSC does not have an analytical basis to know whether it is has the proper level of staff resources assigned to the grantee review function or whether it is gaining an adequate level of assurance for the number of staff assigned to grantee review activities. Also, when a significant time period exists between OCE visits the risk increases that non-compliance issues may not be detected and remediated in a timely manner. GAO recommended that LSC management develop and implement an approach for selecting grantees for internal control and compliance reviews that is founded on risk-based criteria, uses information and results from oversight and audit activities, and is consistently applied. During 2010, LSC developed two documents: (1) OPP Steps for Program Selection and (2) OCE Steps for Compliance Visit Selection to complement its OPP and OCE Procedures Manuals. The OCE guidance refers to the risk factors listed in the OCE Procedures Manual in the "Criteria to Select Programs for Visits". Both the OPP and OCE guidance documents for program visit selection provide a risk-based, concise description of the process to select programs for reviews. Further, in 2010, LSC revised OCE Office Procedures Manual to emphasize the top risk criteria for selecting grantees for visits, and in 2011, documented program quality and compliance examination visit selection based on a review of risk factors to include both primary and secondary risk factors. Primary risk factors included date of last site visit, and significant programmatic issues identified by LSC or other reliable source. Secondary risk factors included significant complaints filed or pending against a program, transition in program leadership, results of financial statement reviews and others. LSC's actions demonstrate that LSC has developed and implemented risk-based steps for program visit selection and, therefore, has increased the effectiveness and efficiency of its program oversight.

    Recommendation: To help LSC improve its internal control and oversight of grantees, LSC management should develop and implement an approach for selecting grantees for internal control and compliance reviews that is founded on risk-based criteria, uses information and results from oversight and audit activities, and is consistently applied.

    Agency Affected: Legal Services Corporation

  4. Status: Closed - Implemented

    Comments: GAO will follow up on LSC actions in this area as part of an engagement planned to begin in November 2009. Subsequently, LSC issued an OCE procedures manual that addresses the coordination of information with other offices, including visit coordination between OCE and OPP. Additionally, the OCE procedures established a protocol for OCE and the OIG to exchange information. OPP also issued a procedures manual that describes information sharing, specifying when OCE is to provide notice to OPP or to consult with OPP in such matters as --Providing prior approvals to recipients for major expenditures; -- Reviewing and responding to grantees' requests for waivers related to Private Attorney Involvement (PAI) requirements, fund balances and fund deficits; -- Investigating complaints referred by Members of Congress to LSC management pertaining to LSC grantees; -- Reviewing, assessing and responding to public complaints; -- Providing follow up to the referrals of findings by the OIG through the A-50 referral process; and -- Investigating grantees' compliance with the regulations recipients agreed to abide by when accepting Federal funding. In addition, the OPP Procedures Manual includes a protocol for exchanging information with the OIG. As a result of LSC's guidance on information sharing and communication among OPP, OCE and the OIG can enable them to be more effective and should improve LSC's ability to monitor and oversee grants.

    Recommendation: To help Legal Services Corporation improve its internal control and oversight of grantees, LSC management should develop and implement policies and procedures for information sharing among the Office of the Inspector General (OIG), Office of Compliance and Enforcement (OCE), and Office of Program Performance (OPP), and coordination of OCE and OPP site visits.

    Agency Affected: Legal Services Corporation

  5. Status: Closed - Implemented

    Comments: In our December 2007 report of the Legal Services Corporation (LSC), we found that LSC's fiscal reviews did not contain sufficient scope of work to adequately assess grantee internal control or fiscal compliance for purposes of achieving effective oversight. LSC fiscal reviews are intended to determine whether LSC grant recipients demonstrate effective discharge of their stewardship responsibilities. Specifically, fiscal reviews are to examine accountability of LSC funds, and on a limited basis, the effectiveness of the recipient's internal controls. LSC's Office of Program Performance (OPP) performs program site visits to evaluate and develop programs, gather information, and develop new strategies for expanding access and enhancing quality. However, the LSC reviews we observed left out important follow-up to issues that surfaced during LSC's interviews with grantee personnel and did not address outstanding auditor findings. As a result, GAO found that an OCE analyst did not question grantee officials about a $30,000 payment to a subgrantee that lacked supporting documentation. In addition, our review of documentation that LSC officials had also reviewed found that LSC staff did not always follow up on apparent improper transactions, such an improper transaction involving a grantee's sale of a building. To help LSC improve its internal control and oversight of grantees, we recommended that LSC management develop and implement procedures to improve the effectiveness of the current LSC fiscal compliance reviews by revising LSC's current guidelines to provide a direct link to the results of site visit reviews audit findings and responses from grantee interviews, and also provide examples of appropriate fiscal and internal control review procedures. During 2009, LSC revised its On-site Fiscal Review Policies and Procedures to provide comprehensive and the on-site fiscal review policies and procedures, including numerous examples of the types of appropriate procedures to perform and whom to interview. During 2010, LSC updated its manuals to include revised guidance for performing interviews including follow-up on responses from grantee interviews. In addition, procedures were updated in 2010 to provide that on-site reviews are to be conducted in accordance with the approved work plan, and each work plan should identify, in the "Basis for Review" section, the specific risk factors that led to the program being selected for review. For example, the results of financial statement reviews and compliance or other reviews are to be considered as risk factors and incorporated in the approved work plan. With these actions, LSC has developed and implemented procedures to strengthen the effectiveness of its grantee fiscal compliance reviews.

    Recommendation: To help LSC improve its internal control and oversight of grantees, the LSC Board of Directors should develop and implement policies that clearly delineate organizational roles and responsibilities for grantee oversight and monitoring, including grantee internal controls and compliance.

    Agency Affected: Legal Services Corporation

 

Explore the full database of GAO's Open Recommendations »

Sep 19, 2014

Sep 18, 2014

Sep 12, 2014

Sep 10, 2014

Aug 25, 2014

Aug 7, 2014

Jul 30, 2014

Jul 29, 2014

Looking for more? Browse all our products here