Strategies to Manage Improper Payments: Learning From Public and 
Private Sector Organizations (01-OCT-01, GAO-02-69G).		 
								 
Improper payments are a widespread and significant problem in the
federal government, among states, foreign governments, and	 
private sector companies. While in the private sector improper	 
payments most often present an internal problem that threatens	 
profitability, in the public sector they can translate into	 
serving fewer recipients or represent wasteful spending or a	 
higher relative tax burden. Despite a climate of increased	 
scrutiny, most improper payments associated with federal programs
are  unidentified. Yet they drain taxpayer resources from the	 
missions and goals of our government. The root causes of improper
payments can normally be tracked to a lack of, or breakdown in,  
internal controls. The risk of improper payments increases in	 
programs with complex criteria for computing payments, a	 
significant volume of transactions, or emphasis on expediting	 
payments. In this executive guide, GAO highlights many of the	 
strategic actions taken by the study participants to reduce	 
improper payments. Five components of internal control are	 
listed--control environment, risk assessment, control activities,
information and communications, and monitoring. 		 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-02-69G 					        
    ACCNO:   A02111						        
  TITLE:     Strategies to Manage Improper Payments: Learning From    
Public and Private Sector Organizations 			 
     DATE:   10/01/2001 
  SUBJECT:   Erroneous payments 				 
	     Internal controls					 
	     Monitoring 					 
	     Performance measures				 
	     Program evaluation 				 
	     Strategic planning 				 
	     Accounting standards				 
	     Risk management					 
	     Reporting requirements				 
	     Information resources management			 
	     Food Stamp Program 				 
	     HHS Temporary Assistance for Needy 		 
	     Families Program					 
								 
	     Medicaid Program					 
	     Medicare Fee-for-Service Program			 
	     Medicare Program					 
	     Old Age Survivors and Disability			 
	     Insurance Program					 								 
	     Social Security Program				 
	     HCFA Medicaid Fraud and Abuse Detection		 
	     System						 								 
	     SSA Prisoner Verification System			 
	     Medicaid Management Information System		 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-02-69G
     
A

Executive Guide

October 2001 STRATEGIES TO MANAGE IMPROPER PAYMENTS

Learning From Public and Private Sector Organizations

GAO- 02- 69G

?We will want to know what action is being taken and what more could be done
to get a grip on the burgeoning levels of fraud and inaccuracy in benefit
claims.?

a

GAO United States General Accounting Office

GAO- 02- 69G Improper Payments Page 1 Preface

The federal government of the United States- the largest and most complex
organization in the world- expended approximately $1.8 trillion dollars in
fiscal year 2000. As the steward of taxpayer dollars, it is accountable for
how its agencies and grantees spend those funds, and is responsible for
safeguarding against improper payments- payments that should not have been
made or that were made for incorrect amounts.

Despite the amount of funds involved and the impact improper payments can
have on a program?s ability to achieve its intended outcome, most agencies
have not yet estimated the magnitude of improper payments in their programs.
Without a systematic measurement of the extent of the problem, agency
management cannot determine (1) if the problem is significant enough to
require corrective action, (2) how much to costeffectively invest in
internal control systems to correct the problem, or (3) the impact of the
actions already taken to reduce improper payments or additional corrective
actions needed.

This executive guide is intended to identify effective practices and provide
case illustrations and other information for federal agencies? consideration
when developing strategies and planning and implementing actions to manage
improper payments in their programs. It was prepared at the request of
Senator Joseph I. Lieberman, Chairman, Senate Committee on Governmental
Affairs. This is one in a series of projects we are undertaking for the
Senate Committee on Governmental Affairs and the House Committee on
Government Reform concerning the issue of improper payments involving
federal programs.

In producing this guide, we contacted a number of private and public sector
organizations, which we identified primarily through extensive research on
financial management practices, and obtained information on actions that
they took and considered effective in reducing improper payments. 1 The
participants were the Department of Health and Human Services? Health Care
Financing Administration; 2 the Social Security Administration; the
Department of Veterans Affairs; the states of Illinois, Texas, and Kentucky;
the governments of Australia, New Zealand, and the United Kingdom; and three
private sector corporations. 3 We thank them for their willingness to
participate and for the valuable information and insights they provided.

1 For a more detailed discussion of our objectives, scope, and methodology,
see appendix I. 2 In July 2001, the Health Care Financing Administration was
renamed the Centers for Medicare and Medicaid Services (CMS). 3 For a
description of each of these entities, see appendix II.

GAO- 02- 69G Improper Payments Page 2

This executive guide was prepared under the direction of Linda Calbom,
Director, Financial Management and Assurance. Other GAO contacts and key
contributors are listed in appendix IV. Questions can be directed to Ms.
Calbom at (202) 512- 9508, calboml@ gao. gov, or Tom Broderick, Assistant
Director, by phone, e- mail, or regular mail at the following:

Phone: (202) 512- 8705 E- mail: broderickt@ gao. gov Mail: Tom Broderick,
Assistant Director

U. S. General Accounting Office 441 G Street, NW Washington, DC 20548

Jeffrey C. Steinhoff Managing Director Financial Management and Assurance

GAO- 02- 69G Improper Payments Page 3

GAO- 02- 69G Improper Payments Page 4 Contents

Preface 1

Introduction 8

Control Environment: Instilling a Culture of Accountability 12 Case
Illustration: Control Environment in the United Kingdom 15 Strategies to
Consider- Control Environment 17

Risk Assessment: Determining the Nature and Extent of the Problem 18 Case
Illustration: Risk Assessment at Centrelink 21 Strategies to Consider- Risk
Assessment 23

Control Activities: Taking Action to Address Identified Risk Areas 24 Data
Sharing 25 Data Mining 28 Neural Networking 30 Recovery Auditing 32 Contract
Audits 33 Prepayment Investigations 34 Strategies to Consider- Control
Activities 35

Information and Communications: Using and Sharing Knowledge to Manage
Improper Payments 36 Case Illustration: Information and Communications in
Illinois 40 Strategies to Consider- Information and Communications 41

Monitoring: Tracking the Success of Improvement Initiatives 42 Case
Illustration: Monitoring at the Department of Work and

Income New Zealand 44 Strategies to Consider- Monitoring 46

Observations 47

GAO- 02- 69G Improper Payments Page 5 Appendixes

Appendix I: Objectives, Scope, and Methodology 50 Appendix II: Entity
Descriptions 52 Appendix III: Other Resources 58 Appendix IV: GAO Contacts
and Staff Acknowledgments 65

Figures

Figure 1: Trends in Certain Actual and Projected Federal Expenditures:
Fiscal Years 1980 Through 2006 9 Figure 2: Managing Improper Payments
Through Internal

Controls 11

Abbreviations

AFFIRM Association for Federal Information Resources Management AGA
Association of Government Accountants ANAO Australian National Audit Office
BOI Bureau of Investigations CFO chief financial officer CIO chief
information officer CMS Centers for Medicare and Medicaid Services DI
Disability Insurance DSS Department of Social Security DWP Department for
Work and Pensions FACS Department of Family and Community Services FAE Fraud
and Abuse Executive FCW Federal Computer Week

FITEC Financial Implementation Team for Electronic Commerce FPI Fraud
Prevention Investigations Program FSC Financial Services Center FST Fraud
Science Team HCFA Health Care Financing Administration HHS Department of
Health and Human Services HHSC Health and Human Services Commission HIC
Health Insurance Commission HUD Department of Housing and Urban Development
IDHS Illinois Department of Human Services IDPA Illinois Department of
Public Aid IRD Inland Revenue Department ITRB Information Technology
Resources Board KPI key performance indicators MFADS Medicaid Fraud and
Abuse Detection System MMIS Medicaid Management Information System NAO
National Audit Office

GAO- 02- 69G Improper Payments Page 6

NASIRE National Association of State Information Resource Executives NCMA
National Contract Management Association OASI Old Age and Survivors
Insurance OIG Office of Inspector General PSC Private Sector Council PWG
Procurement Working Group SSA Social Security Administration SSI
Supplemental Security Income TANF Temporary Assistance for Needy Families
TDH Texas Department of Health TDHS Texas Department of Human Services VA
Department of Veterans Affairs WINZ Work and Income New Zealand

GAO- 02- 69G Improper Payments Page 7

GAO- 02- 69G Improper Payments Page 8 Introduction

Improper payments are a widespread and significant problem receiving
increased attention not only in the federal government but also among
states, foreign governments, and private sector companies. Improper payments
include inadvertent errors, such as duplicate payments and miscalculations;
payments for unsupported or inadequately supported claims; payments for
services not rendered; payments to ineligible beneficiaries; and payments
resulting from outright fraud and abuse by program participants and/ or
federal employees. In the federal government, for example, they occur in a
variety of programs and activities, including those related to contractors
and contract management; health care programs, such as Medicare and
Medicaid; financial assistance benefits, such as Food Stamps and housing
subsidies; and tax refunds.

While in the private sector improper payments most often present an internal
problem that threatens profitability, in the public sector they can
translate into serving fewer recipients or represent wasteful spending or a
higher relative tax burden that prompts questions and criticism from the
Congress, the media, and the taxpayers. For federal programs with
legislative or regulatory eligibility criteria, improper payments indicate
that agencies are spending more than necessary to meet program goals.
Conversely, for programs with fixed funds, any waste of federal funds
translates into serving fewer recipients or accomplishing less
programmatically than could be expected.

Despite a climate of increased scrutiny, most improper payments associated
with federal programs continue to go unidentified as they drain taxpayer
resources away from the missions and goals of our government. They occur for
many reasons including insufficient oversight or monitoring, inadequate
eligibility controls, and automated system deficiencies. However, one point
is clear based on our study- the basic or root causes of improper payments
can typically be traced to a lack of or breakdown in internal control.
Collectively, internal controls are an integral component of an
organization?s management that provides reasonable assurance that the
organization achieves its objectives of (1) effective and efficient
operations, (2) reliable financial reporting, and (3) compliance with laws
and regulations. Internal controls are not one event, but a series of
actions and activities that occur throughout an entity?s operations and on
an ongoing basis. People make internal controls work, and responsibility for
good internal controls rests with all managers.

The risk of improper payments increases in programs with (1) complex
criteria for computing payments, (2) a significant volume of transactions,
or (3) emphasis on expediting payments. Since these factors apply to a

GAO- 02- 69G Improper Payments Page 9

number of government programs that collectively disburse billions of
dollars, there is clearly a need for federal agencies to be ever more
vigilant in the design, implementation, and maintenance of proper controls
for safeguarding assets and preventing and detecting fraud and errors.

The risk of improper payments and the government's ability to prevent them
will continue to be of concern in the future. Under current federal budget
policies, as the baby boom generation leaves the workforce, spending
pressures will grow rapidly due to increased costs of programs such as
Medicare, Medicaid, and Social Security. Other federal expenditures are also
likely to increase. The increased size of federal programs, spending
pressures, implementation of new programs, and changes in existing programs
all but guarantee that, absent improvements in internal controls and other
proactive actions, the potential for additional or larger volumes of
improper payments will be present. Figure 1 illustrates the reported and
projected trends in certain federal expenditures, excluding interest on the
public debt, for fiscal years 1980 through 2006.

Figure 1: Trends in Certain Actual and Projected Federal Expenditures:
Fiscal Years 1980 Through 2006

0 200

400 600

800 1,000

1,200 1,400

1,600 1,800

2,000 2,200

2,400 1980 1982 1984 1986 1988 1990 1992 1994 1996 1998 2000 2002 2004 2006

Other Social Security Def ense Medicare Medicaid

Dollars in billions Fiscal year

Projected Actual

Source: Actual and projected amounts are from the Budget of the United
States Government, Fiscal Year 2002, Historical Tables.

GAO- 02- 69G Improper Payments Page 10

The President?s Management Agenda, Fiscal Year 2002, includes a
governmentwide initiative for improved financial performance. Under this
initiative, the administration will establish a baseline of the extent of
erroneous payments and require agencies to include, in their fiscal year
2003 budget submissions, information on erroneous payment rates, including
actual and target rates, where available, for benefit and assistance
programs over $2 billion. Using this information, the Office of Management
and Budget will work with agencies to establish goals to reduce erroneous
payments for each program.

Few would argue that the goal of reducing improper payments is not a worthy
one. But attacking the problem requires a strategy appropriate to the
organization involved and its particular risks, including a consideration of
the legal requirements surrounding security and privacy issues. The
organizations that participated in our study have taken actions that they
consider to be effective in reducing potential as well as actual improper
payments.

All of these actions shared a common focus of improving the internal control
systems over the problem area. This focus on internal controls does not
necessarily mean that the programs lacked controls but that the existing
controls needed to be updated or policies and procedures added to strengthen
the overall control system.

In this executive guide, we highlight many of the strategic actions taken by
the study participants 4 to reduce improper payments. We categorize these
actions into the five components of internal control- control environment,
risk assessment, control activities, information and communications, and
monitoring- outlined in the Comptroller General?s Standards for Internal
Control in the Federal Government (GAO- AIMD- 00- 21.3.1, November 1999). 5
For purposes of this study, we define these components as follows.

Control environment- creating a culture of accountability by establishing a
positive and supportive attitude toward improvement and the achievement of
established program outcomes. Risk assessment- performing comprehensive
reviews and analyses of program operations to determine if risks exist and
the nature and extent of the risks identified. Control activities- taking
actions to address identified risk areas and help ensure that management?s
decisions and plans are carried out and program objectives are met.
Information and communications- using and sharing relevant, reliable, and
timely financial and nonfinancial information in managing improper payment
related activities.

4 The examples we have included from these organizations are meant only to
illustrate the range and variety of internal controls that may be useful to
federal agency managers. They are not all- inclusive and may not include the
specific controls that a particular agency may need.

5 The Federal Managers? Financial Integrity Act of 1982 required that we
issue standards for internal control in the federal government.

GAO- 02- 69G Improper Payments Page 11

Monitoring- tracking improvement initiatives, over time, and identifying
additional actions needed to further improve program efficiency and
effectiveness.

Although these internal control components are applicable to the entirety of
an organization?s operations, 6 this executive guide focuses on internal
controls as they relate to reducing improper payments. The following graphic
represents the interrelationship between the components and efforts to
manage improper payments.

Figure 2: Managing Improper Payments Through Internal Controls

Information and Communications

Monitoring Control Activities Risk

Assessment Objective:

Manage Improper Payments Control

Environment

While this guide discusses each of these control areas separately, actions
to manage improper payments would typically require a continual interaction
between these areas. As depicted in the figure, the control environment
surrounds and reinforces the other components, but all components work in
concert toward a central objective, which, in this case, is managing
improper payments.

We conclude our discussion of the actions taken to address improper payments
with observations about key factors necessary for success. We have included
descriptions of the entities we visited in appendix II. Also, appendix III
identifies other sources of information that may be useful to federal
agencies in their efforts to address improper payments in their programs.

6 See also Internal Control Management and Evaluation Tool (GAO- 01- 1008G,
August 2001). The purpose of this tool is to assist agencies in maintaining
or implementing effective internal control and, as needed, to help determine
what, where, and how improvements can be implemented.

GAO- 02- 69G Improper Payments Page 12 Control Environment: Instilling a
Culture of Accountability

Of the elements that are critical to the identification, development, and
implementation of activities to reduce improper payments, perhaps the most
significant is the control environment. By focusing their attention on and
communicating their intent to reduce improper payments throughout an
organization and to all affected organizational units and individuals, top-
level officials- whether in the government or within private sector
companies- and legislative bodies set the stage for change. They instill a
culture of accountability by adopting a positive and supportive attitude
toward improvement and the achievement of established program outcomes. They
also establish a transparent environment in which their expectations for
program improvement are clearly defined and accountability for achieving
these improvements is set. The actions of the entities in our study in areas
including passing legislation, setting and maintaining the ethical tone,
delegating roles and responsibilities, and implementing human capital
initiatives clearly communicated the need for change.

We were told by many of the officials we met in the course of our work that,
without the clearly established expectations and demands for improvement by
top management and legislative officials, little would have happened to
effectively reduce fraud and errors in their programs. However, it is
important to note that, while top management sets the tone for cultural
change, everyone from program managers to staff performing day- to- day
operational activities must buy into this change and work to achieve its
overall goals. The cultural change fostered by an effective control
environment stresses the importance of improvement and efficient and
effective program operations, while maintaining a balance with concerns
raised regarding privacy and information security in a world where computers
and electronic data are indispensable for making payments. In the
legislative arena, it involved passing laws requiring certain actions by
agency or program management, the use of various prevention and/ or
detection methodologies, and periodic agency reporting on the status of
improvement efforts. At the agency or program level, it included
management?s public commitment to reduce fraud and errors, as

?Changes made in Texas might not have happened if the legislature hadn?t
become involved. Regulations should not be seen as roadblocks, but as
support or backing to achieve the agencies? mission.?

Ken Holcomb, Director of Systems Resources, Office of Investigations and
Enforcement, Texas Health and Human Services Commission

Information and Communications

Monitoring Control Activities Risk

Assessment Objective:

Manage Improper Payments Control

Environment

GAO- 02- 69G Improper Payments Page 13

well as annual performance reporting and follow- up actions based on
performance results.

Top- level interest in the amount of improper payments at the organizations
that participated in our study often resulted from program, audit, and/ or
media reports of misspent funds or fraudulent activities. As the magnitude
of these improper payments became known, pressures increased on government
officials and legislative bodies to reduce them.

In Texas, the legislature was instrumental in effecting changes to the
state?s benefit programs through provisions in several pieces of
legislation. The legislature?s involvement was precipitated in 1996 by the
reported amounts of improper payments in Texas? Medicaid program (estimated
to range from $365 million to $730 million, or 4 to 8 percent of total
expenditures) and Temporary Assistance for Needy Families (TANF) and Food
Stamp programs (estimated at a total of $222.4 million, or about 8 percent
of total expenditures for the two programs). Texas lawmakers sought to
reduce improper payments by mandating specific actions by responsible
agencies, including the use of computer technology to identify and deter
fraud and abuse in the Texas Medicaid program. In addition, the lawmakers
called for publicizing successful fraud prosecutions and fraud prevention
programs to deter benefit fraud.

Australia and New Zealand prepared and adopted a joint standard 7 on

?risk management,? to provide a cultural framework for managing risk. Risk
management is the term applied to a logical and systematic method of
managing risks associated with any activity, function, or process in a way
that will enable organizations to minimize losses and maximize
opportunities. The philosophy makes risk management a part of its
organizational culture and integrates risk management into its day- to- day
practices and business activities. When this is achieved, risk management
becomes the business of everyone in the organization.

People are what make internal controls work, and the integrity and ethical
values maintained and demonstrated by management play a key role in the
entire organization?s ethical tone. After the identification of significant
internal fraud, New Zealand?s Inland Revenue Department (IRD) created the
position of National Advisor, Fraud Prevention and Investigation, and
adopted a fraud control strategy. The primary aim of the strategy is to
enable responsible conduct, where the need to obey the law and to behave
ethically is part of the organization?s ethos. Accordingly, IRD has adopted
a code of conduct applicable to all employees that explains the standards of
integrity and behavior expected.

In the experience of IRD?s National Advisor, Fraud Prevention and
Investigation, employees are often provided a copy of the code of conduct

7 Joint Australian/ New Zealand Standard 4360: 1999 was prepared by the
Joint Technical Committee OB/ 7- Risk Management. It was approved on behalf
of the Council of Standards Australia on April 2, 1999, and on behalf of the
Council of Standards New Zealand on March 22, 1999. It was published on
April 12, 1999. Referenced material is from pages iii and 1 of the standard.

?There are two ways to stop fraud-one is to lock up everything around you,
and the other is to surround yourself with ethical people.?

Chris Linton, Certified Fraud Examiner, National Advisor, Fraud Prevention
and Investigation, New Zealand?s Inland Revenue Department

GAO- 02- 69G Improper Payments Page 14

on their first day of work, along with a large volume of other paperwork,
and never actually read the code unless the code is breached. To heighten
employee awareness, IRD holds roundtable discussions with new and seasoned
employees, which bring the code to life in terms of everyday business
activity.

While many organizations have programs to deter and detect fraudulent
payments, improper payments resulting from miscalculation and other errors
often receive inadequate attention. Centrelink, a ?one- stop shop? that pays
a variety of Australian government benefits, has recently made it its
business to improve payment accuracy. Centrelink was established in 1997
with a strong focus on customer service and the goal of paying beneficiaries
promptly. However, in recent years, internal and external audit reports
showed that Centrelink had, to some extent, traded quality for timeliness.
Centrelink?s own internal review showed that up to 30 percent of all work
was rework because it was not done correctly the first time. The
organization?s management responded by implementing a

?Getting it Right? strategy in 2000, which established a tone for change by
setting out

the roles and responsibilities of managers and team leaders, including
setting clear and measurable goals in line with Centrelink?s strategic
framework and meeting performance measures, and minimum standards to be
applied by all staff in establishing proof of identity of customers,
managing records, keeping technical knowledge and skills current, recording
reasons for payment decisions, and checking work comprehensively.

Centrelink has distributed posters and mouse pads to reinforce the

?Getting it Right? message and has provided resources to staff on how to
reach minimum standards. Through implementation of the ?Getting it Right?
strategy, the Centrelink Chief Executive Officer has stated that she expects
a reduction in improper payments as well as continued timeliness in payments
to beneficiaries. Activities that must be undertaken for each program, to
ensure the quality of assessment and services provided, are being developed.
A number have already been released for implementation in Centrelink?s
Customer Service Centre network.

?Good customer service is accurate customer service. While timeliness is
important, quality and accuracy are more important and will ultimately
improve timeliness anyway.?

Sue Vardon, Chief Executive Officer, Centrelink

GAO- 02- 69G Improper Payments Page 15

Case Illustration: Control Environment in the United Kingdom

?We made the task of tackling fraud one of our early priorities. This is
because public support is vital for welfare reform, and public support is
eroded by the failure to stop people defrauding the benefit system.?

Tony Blair, Prime Minister, United Kingdom By providing a clear and
consistent message that benefit fraud would not be tolerated and taking
initiatives to prevent or detect improper payments, the government has led
the way in setting the stage for change in the United Kingdom. In 1993, the
Comptroller and Auditor General in the United Kingdom, head of the National
Audit Office, issued a report to Parliament stating that the government did
not know enough about the level of fraud, organized or otherwise, in its
benefit programs. As a result of the report, Parliament required the
Department of Social Security 8 to improve measurement of the level of fraud
within the country?s benefit programs. In 1994, DWP conducted a benefit
review designed to identify the magnitude of fraud and error in Income
Support followed by other major benefit programs, including Housing Benefit,
Disability Living Allowance, and Retirement Pension. Based on the findings
from these reviews, the government estimated that about $3 billion 9 per
year was lost to known fraud, and noted that, if all suspicions of fraud
were well founded, the figure could be as high as $10 billion per year.

The level of improper payments captured the attention of all levels of
government- including the Prime Minister. Top British officials judged that
it was time to abandon business as usual, apply high standards of
accountability, and use creative strategies to detect and prevent erroneous
and fraudulent payments. Consequently, the British government created a
control environment that mandated improvement by setting the tone at the top
with the broad goal of reducing fraudulent and erroneous payments.

In 1998, DWP proposed a strategy to Parliament entitled Beating Fraud is
Everyone?s Business: Securing the Future that explained the government?s
commitment to reforming the welfare system and reducing improper payments
within its programs. The proposal was widely endorsed and, the following
year, DWP implemented the strategy entitled A New Contract for Welfare:
Safeguarding Social Security. The strategy addressed efforts to be taken
across four fronts:

Getting it Right- ensuring that benefit payments are correct from day one,
Keeping it Right- ensuring that payments are adjusted as circumstances
change,

8 In June 2001 the Department of Social Security was renamed the Department
for Work and Pensions (DWP). 9 Amounts included in this report have been
converted to U. S. dollars using the following exchange rates, effective
April 16, 2001, for one U. S. dollar: 0.697064 British pounds, 1.95665
Australian dollars, and 2.43533 New Zealand dollars.

GAO- 02- 69G Improper Payments Page 16

Putting it Right- detecting when payments go wrong and taking prompt action
to correct them with appropriate penalties to prevent recurrence, and Making
Sure Our Strategy Works- monitoring progress, evaluating the strength of
controls, and making adjustments where needed.

DWP?s strategy also established performance measures for the reduction of
the amount of losses from fraud and error in the Income Support and
Jobseeker?s Allowance benefit programs.

To kick off its new program, DWP launched a publicity campaign against
?benefit

cheats? to shift public attitude and promote intolerance toward those who
defraud the benefit system. Additionally, television commercials,
billboards, newspaper articles, and an antifraud Web site (www.
targetingfraud. gov. uk) communicated the government?s message to the public
that fraud and abuse of the benefits system would not be tolerated.

Parliament has also stayed actively involved in benefit payment reform and
improper payment reductions. For example, it enacted legislation authorizing
data sharing activities within and between government agencies and
departments. Also the Treasury requires departments to disclose instances of
irregular expenditures arising from erroneous benefit awards and fraud by
claimants. Further, the Comptroller and Auditor General has qualified his
opinion on DWP?s fiscal year 1995 through fiscal year 2000 financial
statements because of the level of fraud and error identified in the benefit
programs. This served to reinforce the message that high levels of improper
payments are unacceptable in the United Kingdom.

GAO- 02- 69G Improper Payments Page 17

Among the organizations we studied, the pressures applied by oversight
entities and top management were instrumental as change agents. They not
only defined and communicated a need for improved program operations but,
most important, they redefined the organizational culture. Further, by being
transparent in redefining the culture, oversight entities and top management
set expectations and obtained buy- in on the need for and importance of
change from individuals throughout the organizations. This was critical for
success since these individuals managed the day- today program activities.
Further, a culture of accountability was essential to begin the critical
next step in managing improper payments, the risk assessment process.

Strategies to Consider- Control Environment

To create a control environment that instills a culture of accountability
over improper payments, the following strategies should be considered:

provide leadership in setting and maintaining the agency?s ethical code of
conduct and in ensuring proper behavior under the code;

provide a cultural framework for managing risk by engaging everyone in the
organization in the risk management process;

increase accountability by establishing goals for reducing improper payments
for major programs; and

foster an atmosphere that regards improper payments as unacceptable.

GAO- 02- 69G Improper Payments Page 18

Information and Communications

Monitoring Objective:

Manage Improper Payments

Risk Assessment

Control Activities Control

Environment

Risk Assessment: Determining the Nature and Extent of the Problem

Strong systems of internal control provide reasonable assurance that
programs are operating as intended and are achieving expected outcomes. A
key step in the process of gaining this assurance is conducting a risk
assessment, an activity that entails a comprehensive review and analysis of
program operations to determine where risks exist and what those risks are,
and then measuring the potential or actual impact of those risks on program
operations. In performing a risk assessment, management should consider all
significant interactions between the entity and other parties, as well as
all internal factors at both the organizationwide and program levels. Once
risk areas are identified, their potential impact on programs and activities
should be measured and additional controls should be considered. As risks
are addressed and controls are changed, they should occasionally be
revisited to determine where the risks have decreased and where new areas of
risk may exist. As such, the risk assessment process should be iterative.

The information developed during a risk assessment forms the foundation or
basis upon which management can determine the nature and type of corrective
actions needed, and it gives management baseline information for measuring
progress in reducing improper payments. The specific risk analysis
methodology used can vary by organization because of differences in missions
and the difficulty in qualitatively and quantitatively assigning risk
levels. In addition, because governmental, economic, industry, regulatory,
and operating conditions continually change, risk assessments should be
periodically updated to identify and deal with any special risks prompted by
such changes.

The organizations that participated in our study found that conducting risk
assessments, to determine the nature and extent of their improper payments,
was an essential step in helping them focus on the most significant problem
areas and determine what needed to be done to address the identified risks
in those areas.

Many federal agencies, even those with recognized weaknesses that result in
improper payments, do not perform risk assessments to identify and estimate
the magnitude of improper payments within their programs.

?One of the worst problems an organization confronts is the problem of
institutional denial. An organization should not simply say, ?We know we
have a problem, but we don?t want to know how big it is.??

Aurora LeBrun, Associate Commissioner, Office of Investigations and
Enforcement, Texas Health and Human Services Commission

GAO- 02- 69G Improper Payments Page 19

However, some agencies do perform risk assessments. For example, the
Department of Health and Human Services (HHS) began reporting an annual
estimate of improper payments in the Medicare Fee- for- Service program in
1996. In fiscal year 2000, it reported estimated improper Medicare Fee- for-
Service payments of $11.9 billion, or about 7 percent of such benefits. HHS?
reporting and analysis of improper Medicare payments has helped lead to the
implementation of several initiatives to identify and reduce such payments.
These initiatives include working with providers to ensure that medical
records support billed services.

A thorough risk assessment also allows entities to target high- risk areas
and, therefore, to focus often limited resources where the greatest exposure
exists. For example, the Illinois Department of Public Aid (IDPA) conducted
a 1998 comparison of Medicaid payments made with information and
documentation associated with the claims to determine if the payments were
accurate. From this information, the IDPA calculated that the state?s
payment accuracy rate was about 95 percent. The review identified errors and
their causes and provided IDPA with information that allowed it to focus
attention on the 5 percent of inaccurate payments and target strategies to
improve the accuracy of these payments. For example, of the $37.2 million
spent for nonemergency transportation services included in the study, $11.55
million (31 percent) were estimated to be in error. The payment accuracy
review and three other studies led to a series of actions that included
assuring that transportation providers actually existed and were providing
services, assuring that providers billed Medicaid correctly, and sending
notices to let providers know what is expected of them.

Texas has performed two reviews of the accuracy of its health care payments-
one in December 1998 and a second in January 2001. Both reviews of the
Medicaid program were designed to measure the incidence of potential
overpayments that could be due to fraud and abuse. The 2001 study used three
different types of analyses- client telephone interviews, data analysis
(identifying billing trends that are known to result in overpayments), and
medical record review. Documentation errors, clerical errors, and potential
fraud and abuse were identified. Texas used the results to improve its fraud
and abuse detection process by considering certain high- risk areas in the
development of data analysis techniques in its Medicaid Fraud and Abuse
Detection System (MFADS). For example, it recommended an increase in
analyses targeted at medical supplies and durable medical equipment and at
providers who bill higher cost procedure codes to maximize their
reimbursement.

Both Texas and Illinois found the first- time payment accuracy review to be
expensive-$ 250,000 and $400,000 in direct costs, respectively. However,
both states recognized that the cost of risk assessments would decrease
after the baseline measurement had been determined, and found them to be
cost- beneficial in light of the ability to focus on high- risk areas.
Resources are maximized when strategically aimed at the areas that need the
most improvement. Thus, they regarded the payment accuracy review as an
effective and cost- beneficial way to combat improper payments.

GAO- 02- 69G Improper Payments Page 20

Government agencies in other countries also use payment accuracy reviews to
identify risk areas. For example, the Department of Social Security in the
United Kingdom uses the results of a rolling program of reviews to determine
the levels of fraud and error in its Income Support and Jobseeker?s
Allowance benefit programs. Specifically, these reviews quantify the amount
of fraud, customer error, and official error (error by government employees)
affecting benefit claims. The government uses the October 1997 through
September 1998 review results as a baseline against which the results of
subsequent reviews are measured. Further, DWP in the United Kingdom plans to
use this information to target areas for prevention and detection in the
benefit programs, to identify customers who are at risk for higher levels of
error in their claims, and to facilitate case interventions.

GAO- 02- 69G Improper Payments Page 21

Case Illustration: Risk Assessment at Centrelink

?Risk is not another thing to manage, but a way of managing.?

Dr. Helen McKenna, National Manager, Risk and Business Assurance Centrelink
was established in 1997 as a ?one- stop shop? for integrated access to
Australian government services. In this role, Centrelink pays a variety of
benefits on behalf of Australian government departments. Centrelink has 6.1
million customers, pays 9. 2 million individual entitlements each year, and
employs a staff of 22, 000 in 1, 000 service delivery locations across
Australia.

On an annual basis, Centrelink enters into business partnership agreements
with the government departments for which it administers benefits. These
agreements include provisions that Centrelink perform risk assessments,
noting that risk assessments and risk control strategies are integral to
ensuring that compliance is effectively targeted. Centrelink?s risk
assessments are performed based on information that already exists; its risk
assessment process is a joint one between Centrelink and the responsible
agency. A simplified version of Centrelink?s risk assessment of one of the
means- tested type programs it administers might look like the following
table.

Identified Risks for Improper Payments:

Fictitious or Assumed Identity/ Dual Payment Residential Qualification
Undeclared or Understated Income Payment After Death Claiming While
Imprisoned Change in Domestic Circumstances Undeclared or Understated Assets

Exposure Rating

High Medium Low I R

I R I R

I R I R

I/ R I/ R

I= Inherent risk R= Residual risk

As displayed by the risk assessment table, Centrelink is identifying both
inherent risk- the potential risk for impropriety that exists for a payment
by its very nature, based on factors such as the number of beneficiaries
receiving payment, complexity of legislation, use of discretion in decision-
making, and political and public sensitivity, and residual risk- the risk
that remains after considering the effectiveness of the controls put in
place to address inherent risk.

GAO- 02- 69G Improper Payments Page 22

To identify inherent risk for each area, Centrelink uses a variety of data
sources, including prior review results, customer statistics, staff risk
assessment workshops, and internal research papers. For example, to identify
the inherent risk for one of its programs, Centrelink used results of
reviews of 2, 000 beneficiaries that identified undeclared or understated
income as a major risk. In addition, a staff risk assessment workshop was
held in which staff expressed concern that beneficiaries were not aware of,
or did not remember, their obligation to notify Centrelink of all income
they earn. This information, along with the sample results, contributed to
Centrelink?s assessment of the inherent risk of undeclared or understated
income as high. Then, as portrayed in the table, existing controls over
undeclared or understated income were considered, resulting in an assessment
of residual risk at medium.

The risk assessment identifies ?fictitious or assumed identity? and
?undeclared or understated income? as the risk categories that pose the
greatest exposure of improper payment after existing controls have been
considered. Centrelink uses the risk assessment results to identify areas in
which to implement strategies for decreasing the level of risk of improper
payments.

GAO- 02- 69G Improper Payments Page 23

In our study of activities to reduce improper payments, risk assessments
identified problem areas and resulted in estimates of monetary values
associated with the problems. Thus, the process of doing risk assessments
was essential for evaluating the feasibility and cost- effectiveness of the
various corrective actions considered. The organizations viewed risk
assessments as opportunity, and identified risk areas were communicated
throughout the organization.

Assessing its risks allows an organization to set goals and target its
efforts to reduce improper payments. Having developed such a framework, an
organization is well positioned to determine which control activities to
implement to reduce risks and ultimately reduce fraud and errors.

Strategies to Consider- Risk Assessment

To assess risk by determining the nature and extent of improper payments,
the following strategies should be considered:

institute a systematic process to estimate the level of improper payments
being made by the organization;

based on this process, determine where risks exist, what those risks are,
and the potential or actual impact of those risks on program operations;

use risk assessment results to target high- risk areas and focus resources
where the greatest exposure exists; and

reassess risks on a recurring basis to evaluate the impact of changing
conditions, both external and internal, on program operations.

"Control

activities will not be fully effective until everyone, from the person on
the counter through to the head of the agency, takes responsibility for
managing risk from the perspective of their respective positions."

Ralph Watzlaff, General Manager, Professional Review Division, Australian
Health Insurance Commission

GAO- 02- 69G Improper Payments Page 24

Information and Communications

Monitoring Objective:

Manage Improper Payments

Risk Assessment

Control Activities Control

Environment

Control Activities: Taking Action to Address Identified Risk Areas

Once an organization has identified areas of its operations that are at risk
and quantified the possible extent of the risk, and its management and other
key officials are committed to and have set a goal for reducing the risk,
the organization must take action to achieve that goal. Control activities
are the policies, procedures, techniques, and mechanisms that are designed
to help ensure that management?s decisions and plans are carried out. They
include activities designed to address risks that lead to fraud and error.
They are an integral part of an organization?s actions in planning,
implementing, reviewing, and achieving effective results.

The control activities used by an organization to address improper payments
vary according to the specific threats faced and risks incurred; differences
in objectives; managerial judgment; size and complexity of the organization;
operational environment; sensitivity and value of data; and requirements for
system reliability, availability, and performance. Additionally, they must
comply with all relevant laws and help strike a balance between the
sometimes competing goals of privacy and program integrity. Control
activities can include both prepayment and postpayment mechanisms to manage
improper payments. Given the large volume and complexity of federal payments
and historically low recovery rates for certain programs, it is generally
most efficient to pay bills and provide benefits properly in the first
place. Aside from minimizing overpayments, proactively preventing improper
payments increases public confidence in the administration of benefit
programs and avoids the difficulties associated with the ?pay and chase? 10
aspects of recovering improper payments. However, recognizing that some
overpayments are inevitable, agencies also need to adopt effective detection
techniques to quickly identify and recover them. Detection activities play a
significant role not only in identifying improper payments, but also in
providing data

10 ?Pay and chase? refers to the labor- intensive and time- consuming
practice of trying to recover overpayments once they have already been made
rather than preventing improper payments in the first place.

?There are no brownie points for just talking about the problem.?

Joan McQuay, National Benefit Control and Debt Manager, Work and Income New
Zealand

GAO- 02- 69G Improper Payments Page 25

Data Sharing

Data Mining Neural Networking Recovery Auditing Contract Audits Prepayment
Investigations

on why these payments were made and, in turn, highlighting areas that need
strengthened prevention controls.

The organizations in our study used many different prevention and detection
control activities to manage improper payments. The nature of these
activities ranged from sophisticated computer analyses of beneficiary and
program participant data to postaward contract audits. The kinds of
activities pursued were dictated by the types of payment activities each
entity had identified as presenting the most significant risk of improper
payments as well as the kind of data and other resources that were available
to the entity in this effort. This guide discusses the following six kinds
of control activities:

data sharing, data mining, neural networking, recovery auditing, contract
audits, and prepayment investigations.

The data sharing, data mining, and neural networking techniques discussed in
this guide are powerful internal control tools that provide more useful and
timely access to information. The use of these techniques can achieve
potentially significant savings by identifying client- related reporting
errors and misinformation during the eligibility determination process-
before payments are made- or by detecting improper payments that have been
made. However, the more extensive use of personal information in an evolving
technological environment raises new questions about privacy and how it
should be protected. In the federal arena, such activities must be
implemented consistent with all protections of the Privacy Act of 1974, as
amended by the Computer Matching and Privacy Protection Act of 1988, and
other privacy statutes.

Data sharing allows entities that make payments- to contractors, vendors, or
participants in benefit programs- to compare information from different
sources to help ensure that payments are appropriate. For government
agencies, data sharing can be particularly useful in confirming initial or
continuing eligibility of participants in benefit programs and in
identifying improper payments that have already been made. 11

A form of data sharing that Texas has found to be effective for determining
the initial eligibility of individuals for Food Stamp benefits puts
information from several state and local agencies in

11 See also Benefit and Loan Programs: Improved Data Sharing Could Enhance
Program Integrity (GAO/ HEHS- 00- 119, September 13, 2000).

GAO- 02- 69G Improper Payments Page 26

the hands of state caseworkers by means of a vendor- provided software
program. The vendor maintains public information, such as that recorded by
local department of motor vehicles or municipal courts, where it can be
easily searched by caseworkers to evaluate information provided by
individuals applying for benefits. Using the software, caseworkers can
target questions to applicants when there are discrepancies between
information provided by the clients and that recorded elsewhere. Caseworkers
can search the database for data such as driver?s license information,
records showing the number of individuals or vehicles at the clients?
reported addresses, telephone numbers, vehicle values, boat and motor files,
criminal convictions, marriage/ divorce records, and consumer credit
reports. Then, for example, if the data search shows two cars at an
applicant?s address when the benefit applicant has reported only one, the
caseworker can, at the time of the benefit application, question the
applicant concerning this discrepancy. Generally, this query information is
treated only as a ?case clue? and must be verified. The database contains
reporting options that allow supervisors to monitor employees? use of the
system to ensure that all queries are appropriate- in addition, the state?s
internal auditor monitors the staff?s use of the database.

Beyond determining initial eligibility of participants in benefit programs,
data sharing can also be used to identify improper payments that have
already been made. Data sharing allows a flow of information in two
directions, which is particularly helpful to some organizations in managing
improper payments. For example, the Social Security Administration (SSA)
obtains death records from states to determine if deceased individuals are
receiving benefit checks. At the same time, SSA provides data to states and
other agencies. Among the data it shares is notification of whether there is
a valid social security number to confirm the eligibility of an applicant
for various state or federal benefit programs. The exchange of information
allows data matches to take place, a process in which information from one
source is compared with information from another to identify any
inconsistencies. Data matches of social security numbers and other data can
help determine whether beneficiaries are receiving payments inappropriately
or under more than one name or address.

SSA performs over 20 data matches with over 10 federal agencies and more
than 3,500 state and local entities using incoming information.
Additionally, SSA shares outgoing information with federal agencies through
more than 15 matches. For example, SSA shares data with the Department of
Housing and Urban Development (HUD) so it can perform a match to verify the
identity of recipients of housing benefits and identify potentially
fraudulent claims. SSA uses data matches to prevent and detect improper
payments in its programs. It estimates that it saves $350 million annually
for Old Age and Survivors Insurance and Disability Insurance, and $325
million annually for Supplemental Security Income through the use of data
matching. Further, the savings are not limited to

GAO- 02- 69G Improper Payments Page 27

those realized by SSA. According to SSA, its matches save approximately $1.5
billion each year for other agencies. 12

Data matches to identify improper payments can be performed periodically (i.
e., daily, monthly, or yearly) or on an ad hoc basis, using various sources
of data to reconfirm eligibility of beneficiaries and accuracy of payments.
Texas conducts both periodic and ad hoc matches using data including

prisoner information obtained from the Texas Department of Criminal Justice
and SSA?s Prisoner Verification System (to determine whether prisoners are
receiving benefits to which they are not entitled), deceased individuals
lists obtained from the Texas Department of Health Bureau of Vital
Statistics (to determine whether benefits are being paid to such
individuals), and income information obtained from the Texas Employees
Retirement System (to check retiree income for amounts that affect the level
of benefit eligibility).

Texas also shares data with three of its bordering states to determine
duplicity of benefits, which, for the four states, has resulted in an
average of 337 potential duplicates per state per quarter. In fiscal year
2000, after researching potential duplicate payments, Texas denied or
decreased benefits in 656 cases, resulting in approximately $578,000 in
benefits saved.

Kentucky performs data matches to determine eligibility for Food Stamps,
TANF, and Medicaid benefits using an integrated automated system that lets
caseworkers determine eligibility for the three programs simultaneously. At
the time the application is entered into the system, the system performs
several matches to obtain additional information on the applicant and
prevent duplicate participation. These matches are made through its income
eligibility and verification system using the applicant?s social security
number, name, date of birth, any previous disqualification record from
assistance programs, and income. In addition, on a monthly basis, other
matches are conducted. The state matches data with the National Crime
Information Center to check for fleeing felons, with SSA to determine if any
clients are in prison or have died, and with assistance programs in other
states to check for client disqualification. In addition, matches with
unemployment and state wages records are done monthly. When these matches
result in information that could require changes in benefits, the matches
appear on the daily case status reports, alerting caseworkers to potential
changes in benefits.

The United Kingdom formalized data matching between government organizations
in 1995, and it reported that, through March 2000, it had realized benefit
savings of about $450 million. From April 1999 through

12 SSA calculates the annual savings based on a compilation of cost- benefit
analyses performed by the matching agencies under the terms of their
matching agreements with SSA.

SSA data matches save $1.5 billion for other government agencies each year.

GAO- 02- 69G Improper Payments Page 28

Data Sharing

Data Mining

Neural Networking Recovery Auditing Contract Audits Prepayment
Investigations

March 2000, matches identified about 217,000 inconsistencies for further
investigation, and resulted in an overall benefit saving of about $53
million. Additionally, legislation has now been passed to enable the
government to obtain financial information from the private sector in
certain circumstances.

The prevalence of data sharing is evidence of the value provided to agencies
when they can obtain and use data from sources external to an individual
program?s systems. Having the two streams of data allows for matches to
occur and inconsistencies or anomalies to be flagged for further research.
Federal entities contemplating data matching must do so in accordance with
the provisions of the Computer Matching and Privacy Protection Act, which
requires that (1) the privacy of data used in computer matches be protected,
(2) agencies complete cost- benefit analyses on all computer matches and
report annually on their findings, unless the matches are exempted by law,
and (3) data integrity boards be established to approve and review the data
matches.

While data sharing gives an organization the means to compare data from
different sources, data mining offers a tool to review and analyze diverse
data. Data mining analyzes data for relationships that have not previously
been discovered. For example, the incidence of improper payments among
Medicaid claims might, if sufficiently analyzed and related to other
Medicaid data, reveal a correlation with a certain health care provider or
providers.

The central repository of data commonly used to perform data mining is
called a data warehouse. Data warehouses store historical and current data
and consist of tables of information that are logically grouped together.
The warehouse allows program and financial data from different nonintegrated
systems throughout an organization to be captured and placed in a single
database where users can query the system for information. The information
can then be ?mined? or searched according to specific criteria to identify
associations, sequences, patterns, and clusters between different pieces of
information- relationships that are often hidden in separated databases.

As a tool in managing improper payments, applying data mining to a data
warehouse allows an organization to efficiently query the system to identify
questionable activities, such as multiple payments for an individual invoice
or to an individual recipient on a certain date. This technique allows
personnel who are not computer specialists, but who may have useful program
or financial expertise, to directly access data, target queries, and analyze
results. Queries can also be made through data mining software, which
includes prepared queries that can be used in the system on a regular basis.

GAO- 02- 69G Improper Payments Page 29

IDPA began data mining in an effort to improve a system that was too slow to
provide the timely information needed for a wide range of agency functions,
including the prevention and detection of overpayments. As of December 2000,
the state had spent $29 million to create a data warehouse to supplement the
Medicaid Management Information System (MMIS), which maintains data on
Medicaid providers and beneficiaries as well as claims and payments. The
data warehouse includes over 2,000 different fields/ elements. The results
of data queries are particularly useful because the data warehouse is able
to store more current data than MMIS. At present, there is a 1- month lag in
current information, compared to the 3- to 6- month lag that existed before
IDPA began using data mining. In addition, the data warehouse can now store
up to 5 years of data, and IDPA is currently weighing the costs and benefits
of increasing this to 10 years of data.

IDPA officials noted that using data mining allows them to analyze large
amounts of data. Because the large number of transactions in the system
precludes manually examining each transaction for associations and patterns
with other transactions, data mining is an effective and efficient
alternative. The IDPA Office of Inspector General (OIG) also uses data
mining to quickly respond to requests for information for ongoing
investigations from the Federal Bureau of Investigation and the Illinois
State Police.

The IDPA OIG created the Fraud Science Team (FST), an interdisciplinary team
that includes an economist, program and policy experts, and information
specialists. FST maximizes the value of the data warehouse by performing
data mining activities and providing a research- based approach to fraud
prevention and detection. FST has produced documentation on over 800 fraud
schemes, which it has categorized into 19 different types, such as billing
for services not rendered and kickback schemes. The information on these
schemes is used in the development and implementation of targeted analyses
that are run against the data warehouse information to identify data
relationships and anomalies, which are often signs of fraud. This
information can also be used to implement specific controls in the system
intended to prevent the identified types of fraud.

During our visit, the IDPA OIG staff ran several queries and analyses. For
example, one risk area identified was health care providers that were
billing for services provided in excess of 24 hours in a single day. With
the capabilities of the data warehouse, OIG staff developed an analysis that
identified 18 providers that had billed over 24 hours for at least 1 day
during the 6 months ended December 31, 1999. A number of the identified
providers were already under investigation for other program violations. As
a result of this analysis, the OIG plans to refer serious cases to
appropriate law enforcement agencies and take administrative action against
the less serious violators.

GAO- 02- 69G Improper Payments Page 30

Data Sharing Data Mining

Neural Networking

Recovery Auditing Contract Audits Prepayment Investigations

Before the data warehouse was available, obtaining responses to queries of
this kind would have required obtaining separate reports from different
systems and could have taken up to 2 months. However, during our visit
querying the warehouse took from several seconds to a few minutes per query.

New initiatives that Illinois expects will further improve data mining at
IDPA are the development of a 3- day training course to help users properly
structure queries and the use of data mining software. In an early effort
using data mining software, IDPA OIG, as part of a partnership audit with
HHS OIG, identified 232 hospital transfers that are believed to have been
miscoded as discharges, creating a potential overpayment of $1.7 million.

The large number of computerized claims processed by Medicare also lends
itself to the application of data mining techniques. Claims administration
contractors at HHS? Centers for Medicare and Medicaid Services (formerly the
Health Care Financing Administration) use data mining and statistical
analysis as part of their postpayment review activities. Since 1993, CMS
also has contracted with a specialized statistical analysis contractor to
perform large- scale analysis of durable medical equipment claims. Data
mining can identify many potentially inappropriate payments, but determining
which ones are actual overpayments takes additional investigation.
Currently, the contractors only have the resources to investigate situations
in which the data indicate potential large- scale abusive practices.

Neural networking is a technique for extracting and analyzing data. In this
case, the system analyzes associations and patterns among data elements,
which allows it to find relationships that can result in new queries.

A neural network is intended to simulate the way in which a brain processes
information, learns, and remembers. A neural network is initially ?trained?
or fed large amounts of data and rules about data relationships (for
example, ?a person?s grandfather is older than that person?s father?).
Neural networks ?learn? by comparing new data with historical data and can
be used to detect patterns that are difficult, and sometimes impossible, to
detect without computer intervention in large volumes of data. The more data
a neural network processes the better it performs (i. e., the better it
identifies the characteristics of potentially fraudulent payments). Based
upon this knowledge, neural networks automatically alter their analytical
processes to produce more accurate detection results.

In 1997, the Texas legislature mandated the use of neural networks in the
Medicaid program. After examining the results of a pilot test

An early effort at using data mining software in Illinois has identified
$1.7 million in potential overpayments.

GAO- 02- 69G Improper Payments Page 31

of neural networks conducted by the Comptroller?s Office, Texas? Health and
Human Services Commission (HHSC) responded to the legislation and
implemented MFADS. The MFADS project was operational in January 1998 and
combines both data mining and neural network capabilities.

In Texas, models used with the neural network technology identify fraudulent
patterns from large volumes of medical claims and patient and provider
history data. For example, they can help identify perpetrators of both known
and unknown fraud schemes through the analysis of utilization trends,
patterns, and complex interrelationships in the data. The state currently
has models for physician and dental providers and plans to initiate a model
for pharmaceutical providers.

HHSC awarded a contract for the development and operational support of
MFADS. Annual contract costs range from $2.6 million to $3.1 million for
contractor operations that include the development and ongoing support of
the models. The Texas models are composed of 500 to 600 variables and
generate an annual report that identifies the potential unscrupulous
providers and ranks the providers according to how questionable their
billing patterns appear to be. The models detail the variances through
graphs that compare amounts billed and services rendered (among others
items) by the identified provider with the average of the other providers.
For example, one dental provider was ranked third on a dental model listing
due to unusual activity in areas such as multisurface restoration and root
canal activities. An investigator, using MFADS, was able to run detailed
reports on the provider's activity in the identified high- risk areas and
determined that the combination of services provided, volume of services
provided, and the recurring pattern of the services provided were indeed
suspicious. Additionally, a dental consultant reviewed 100 of the provider?s
dental charts and determined that many of the services claimed were
unnecessary. As a result, the provider agreed to a settlement and has repaid
the identified overpayments of $162,000 plus other penalties. Additionally,
the provider was excluded from the Medicaid program for 15 years.

The results from both the data mining activities and the neural network
reports are reviewed and possibly investigated to determine if the claims
are fraudulent or the providers are unscrupulous. According to Texas
officials, medical judgment is important when considering the accuracy of
claims, and, as such, medical professionals assist in reviewing medical
claims.

Texas? HHSC prepares quarterly reports for the legislature?s review. The
Second Quarter Fiscal Year 2001 Contract Performance Report for the Medicaid
Fraud and Abuse Detection System reported that it had identified 2,567 cases
(representing over $6 million) for investigation in fiscal year 2000. As a
result of

Texas? Medicaid Fraud and Abuse Detection System used neural networking to
recover $3.4 million in fiscal year 2000.

GAO- 02- 69G Improper Payments Page 32

Data Sharing Data Mining Neural Networking

Recovery Auditing

Contract Audits Prepayment Investigations

investigating these cases, approximately $3.4 million has been recovered.
These reports also show how HHSC is performing in relation to its
performance measures. In fiscal year 2000, one of the performance measures
was that total dollars identified for recoveries equal or exceed 139 percent
($ 3. 7 million) of the fiscal year contract cost amount. HHSC exceeded its
goal by identifying $6.1 million for recovery.

Recovery auditing is the practice of identifying and recovering overpayments
that examines payment file information to identify possible duplicate or
erroneous payments. For instance, vendors make pricing errors on their
invoices, forget to include discounts that have been publicized to the
general public, neglect to offer allowances and rebates, miscalculate
freight charges, and so forth. In addition, the same invoices, or portions
thereof, could be paid more than once. These mistakes, when not caught,
result in overpayments. Recovery auditing can incorporate data mining
techniques.

While traditionally used as a technique to identify improper payments
already made, organizations have also experienced success in using recovery
auditing to analyze records prior to payment. Because it helps to prevent
improper payments before they occur, this use of recovery auditing
eliminates the costs associated with obtaining reimbursements for the
erroneous payments or taking other actions needed to offset future payments
by the amount of the improper payment.

Recovery auditing started about 30 years ago, and it is used in several
industries, including the automobile, retail store, and food service
industries, and, to some extent, within the federal government. Some
entities use their employees to analyze their payment records while others
contract with recovery audit firms for the work. Contract firms often
perform this work on a contingency fee basis, that is, they only receive
compensation if they identify and recover amounts determined to be improper
payments. As discussed below, recovery auditing, which has a long- standing
track record in the private sector, offers an opportunity to identify
improper payments before they occur and to identify and recover overpayments
if they do occur.

One private sector company contracted, on a contingency fee basis, with a
recovery audit firm for a review of its accounts payable files- files in
which its systems? controls had not found errors. The review resulted in the
recovery of $8 million in improper payments. The company recently began
using recovery auditing techniques on accounts payable information to
prevent improper payments before they occurred. It expected that this
activity would identify possible duplicate payments, and the test verified
the company?s expectations. For example, during our visit, it identified and
avoided a duplicate payment of $136,000 from the reports generated by the
recovery audit

GAO- 02- 69G Improper Payments Page 33

Data Sharing Data Mining Neural Networking Recovery Auditing

Contract Audits

Prepayment Investigations

software. In addition, as a result of using recovery auditing before
payments are made, the company identified and stopped the processing of $41
million in wire payments that had already been processed. Another advantage
of the recovery audit services used by the company is that the software
identifies the employees who are making processing errors so that the
company can take appropriate counseling and training action.

Another private sector company contracted with a recovery audit firm, on a
contingency fee basis, to perform two separate reviews of its disbursements-
the first review was for disbursements made from 1992 through 1995, and the
second for disbursements made from 1996 through 1998. Both reviews
identified duplicate payments and resulted in recovery actions and in
changes to the payment system to help reduce future overpayments. For
example, from 1996 through 1998, the company processed about 9 million
invoices. The recovery audit review of these invoices identified about $5
million in potential overpayments and resulted in actions to recover these
funds, where appropriate. Further, based on an analysis of the overpayments
identified, the company has implemented procedures that have reduced its
dollar error rate per one million dollars of transactions from a reported
$65 in 1992 through 1995 to a reported $34 dollars in 1996 through 1998. In
addition, the company is now preparing to enter an agreement with the
recovery audit contractor under which the recovery auditing software will be
installed in the company?s system, allowing its staff to perform the
recovery audit function- even as part of the prepayment process.

Recovery auditing is also being used to some extent in the federal
government. For example, the Department of Veterans Affairs? (VA) Financial
Services Center (FSC) in Austin, Texas, had contracted with recovery audit
firms in the past, but now performs recovery auditing in- house using about
three full- time employees to administer the program and one employee for
software development. If a duplicate payment is identified, VA takes one of
several actions, including canceling the transaction prior to payment,
notifying Treasury to stop issuance of a check, or issuing a bill of
collection. For example, FSC has identified over $2 million in overpayments
and has collected, by either offsetting future payments or cash collection,
nearly $300,000 for the first 6 months of fiscal year 2001. A FSC official
noted that recovery auditing could be beneficial to almost any organization
that makes payments.

Postaward audits of contracts are another technique that can help to combat
improper payments and are used, to some degree, within the federal
government. These audits verify that

A private sector company recovered $8 million in improper payments as a
result of a recovery audit.

GAO- 02- 69G Improper Payments Page 34

Data Sharing Data Mining Neural Networking Recovery Auditing Contract Audits

Prepayment Investigations

payments are being made in accordance with contract terms and applicable
regulations. They can detect improper payments that have been made, help
avoid future payments of the same kind, and provide oversight of companies
conducting business with the government. For example, in fiscal year 1993,
the VA Office of Acquisition and Materiel Management partnered with the VA
OIG and the VA Office of General Counsel to establish the VA Procurement
Working Group (PWG). As a result, a Contract Review and Evaluation Division
was established to provide audit and advisory services related to contracts
awarded by contracting officers in VA?s Office of Acquisition and Materiel
Management. From 1993 through September 2000, PWG reported recoveries
resulting from postaward audits of contracts totaling about $119 million.
This represents a reported return of $18 for every dollar spent in support
of these audits. PWG attributes its success to the establishment of a
knowledgeable and professional group of contract auditors in the
pharmaceutical and medical/ surgical supply industries. As a result of the
audits and PWG?s efforts, many contractors have voluntarily elected to
perform internal reviews and have submitted 65 voluntary disclosures and
refund offers to VA. Prior to 1993, VA received almost no voluntary
disclosures. Some contractors have also developed and implemented corporate
responsibility plans to ensure compliance with acquisition regulations and
statutes.

In 1996, IDPA established a Fraud Prevention Investigations Program (FPI) to
prevent ineligible persons from receiving Food Stamps, TANF, and Medicaid.
Under this program, case managers in the Illinois Department of Human
Services (IDHS) refer applications that contain suspicious or conflicting
information to IDPA?s Bureau of Investigations (BOI) for action before
benefit payments begin. Case managers use certain referral criteria, such as
applications that contain contradictory information about household
composition or employment, to identify these applications. BOI submits
referred cases to a private investigation firm, under contract with the IDPA
OIG, which investigates the information on the application. This
investigation may consist of interviews; contacts with employers, landlords,
or neighbors; or a visit to the applicant?s home. The results are reported
to BOI within 8 business days (5 business days for food stamps) and then to
the local IDHS office for appropriate action- approval, denial, or reduction
of benefits.

The program was piloted in 1995 and was implemented in 1996, with five Cook
County (Chicago) IDHS offices participating. Currently, all 23 IDHS local
offices in Cook County participate in the program. FPI reports total
savings, since program inception, of about $12 for every dollar spent.

Illinois reports saving $12 for every dollar spent on fraud prevention
investigations.

VA reported recoveries of $119 million from contract audits.

GAO- 02- 69G Improper Payments Page 35

Specifically, in fiscal year 2000, FPI prevented $9.5 million in improper
payments from being issued at a cost of $823,000. Savings are calculated
based on the administrative and contract costs of the program as a
percentage of gross savings and cost avoidance for cases that resulted in
denied or reduced benefits.

The preceding examples of control activities are meant to illustrate a
sample of the type of activities that may be useful to agency managers. An
agency?s internal control activities should be flexible, weighing costs and
benefits, to allow agencies to tailor control activities to fit their
special needs. Once control activities are in place, the internal control
cycle continues with the prompt communication of information that managers
need to help them carry out these activities and run their operations
efficiently and effectively.

Strategies to Consider- Control Activities

In taking action to address identified risks, the following strategies
should be considered:

based on an analysis of the specific risks facing the organization, and
taking into consideration the nature of the organization and the environment
in which it operates, determine which types of control activities would be
most effective in addressing the identified risks;

where in- house expertise is not available, investigate the possibility of
contracting activities out to firms that specialize in specific areas, such
as recovery auditing and neural networking;

perform cost- benefit analyses of potential control activities before
implementation to help ensure that the cost of those activities to the
organization is not greater than the potential benefit control;

ensure that personnel involved in developing, maintaining, and implementing
control activities have the requisite skills and knowledge, recognizing that
staff expertise needs to be frequently updated in evolving areas such as
information technology and fraud investigation; and

recognize and consider the importance of privacy and information security
issues when developing and implementing control activities.

GAO- 02- 69G Improper Payments Page 36

Objective: Manage Improper Payments

Risk Assessment

Control Activities Information and

Communications Monitoring

Control Environment

Information and Communications: Using and Sharing Knowledge to Manage
Improper Payments

Top- level agency officials, program managers, and others responsible for
managing and controlling program operations need relevant, reliable, and
timely financial and nonfinancial information to make operating decisions,
monitor performance, and allocate resources. This information can be
obtained from a variety of sources using a wide range of data collection
methodologies. The organizations that participated in our study used
internal and external sources to obtain needed information. Further, these
sources varied widely, from information contained in multiple computer
databases to periodic meetings of individuals to share information on
emerging issues and other areas relevant to effective program operations.

The need for information and communication extends beyond organizational
boundaries. Many of the governmental programs with improper payments are
benefit programs that involve recipients and providers of services.
Organizations in our study developed educational programs to assist these
participants in understanding eligibility and other requirements and, for
service providers, information on issues including common claim filing
errors.

Having information available to provide feedback to management on
initiatives is necessary to adequately evaluate performance. At Centrelink
in Australia, information showing achievement against key performance
indicators (KPI) for compliance activity is provided to managers monthly,
within 9 days of the end of the month. Information is provided about the
number of compliance reviews (cases identified as high risk for incorrect
payment) completed, savings, incorrect payments identified for recovery, and
the level of incorrect payment. Information is also provided on prosecution
activity. In addition, comparative information is made available so that the
managers see how they are doing compared to other managers. While these
reports are available within 9 days of the end of the reporting period, a
database containing review information can be accessed within 48 hours. This
enables managers to produce detailed, flexible, reports on- line. As a
result

GAO- 02- 69G Improper Payments Page 37

of having this timely information, managers can more effectively manage the
resources available to them.

Minimizing improper payments often requires the exchange of relevant,
reliable, and timely information between individuals and units within an
organization and with external entities with oversight and monitoring
responsibilities. This can be achieved by establishing working groups. For
example, in 1997 Illinois established its Medicaid Fraud Prevention
Executive Workgroup. The purpose of the workgroup is to develop reasonable
and prudent measures consistent with the provision of quality health care to
combat fraud and abuse in the Medical Assistance Program.

The workgroup has approximately 15 members from both the program and
integrity sides of IDPA, including members from claims processing, technical
support, budget and analysis, fraud research, investigations, information
technology, and information systems. The cooperation between the program and
the integrity divisions is the vehicle by which emerging issues are
addressed. The group meets monthly to discuss the status of previously
discussed and/ or implemented initiatives and to propose and discuss current
problems and potential initiatives. Topics discussed have resulted in
ongoing changes to computer edits and policies, reflecting the dynamic
nature of fraud.

While timely, accurate, and reliable information is necessary for internal
use, the organizations we visited stressed that communication with the
public, benefit providers, and beneficiaries was also necessary. Educating
the parties involved in the transaction reduces the risk of potential errors
and strengthens joint responsibility and accountability of those involved.

Texas considers the various forms of education to be costbeneficial in its
Medicaid program. For example, in 1997 it implemented several initiatives to
educate new providers before they enroll in the Texas Medicaid program.
First, each new Medicaid provider receives a ?Success with Medicaid? package
containing information on claim filing, including helpful tips, and
instructions on how to use the automated phone system for inquiries. This
?welcome? package is hand delivered during a site visit by one of Texas? 19
Medicaid field representatives. Three months after enrollment, the field
representatives evaluate a sample of each new provider?s claims to see if
there are any issues that should be discussed. Then, the same representative
who made the initial visit revisits the new provider to answer questions and
discuss any problems noted in the claims sample. In addition, program
personnel conduct various workshops for and make educational materials
available to new providers.

In another example, Australia?s Health Insurance Commission (HIC)
implemented a feedback program to provide medical

"We are always working to achieve balance between program integrity and
access to health care for recipients."

Robb Miller, Inspector General, Illinois Department of Public Aid

GAO- 02- 69G Improper Payments Page 38

practitioners with regular information about their own benefit
authorization, age and gender patient demographics, and comparative
statistical information showing the number of services rendered and dollar
value of benefits paid. All 32,000 practitioners receive correspondence once
a year from HIC. The program?s educational feedback encourages compliance
and can act as a deterrent to future wrongdoing, as practitioners are aware
that HIC tracks what is claimed for reimbursement on an annual basis. While,
at first, most practitioners did not realize that HIC was able to accumulate
and analyze this information, the program has now become both an effective
deterrent and a desired source of information for the practitioners. For
example, some practitioners have asked for additional information or
statistics prior to the annual feedback report. In October 1999, the HIC
Internet Feedback Reporting Facility was established to provide on- line
feedback and statistics to general practitioners. About 2,100 general
practitioners accessed their feedback reports on- line during 1999, and HIC
implemented further enhancements to include feedback to other medical
practitioners.

Also in Australia, Centrelink has determined that 65 percent of its
preventable incorrect payments 13 relate to incorrect declaration of income
by the customer or beneficiary. Based on this risk assessment, Centrelink
developed a range of specific prevention strategies aimed at educating
beneficiaries and employers on income reporting requirements.

These include educating the beneficiaries on the correct way to declare
earnings and reminding them of the consequences of failing to correctly
declare earnings and outreaching employers in industries whose employees are
traditionally more likely to receive improper payments, such as those with
seasonal or part- time employees.

In the latter case, Centrelink provides these employers with materials to
distribute to existing and new employees who are receiving benefits from
Centrelink. For example, to encourage accurate income reporting, the
employers distribute ?payslips? envelopes to employees for their use in
storing their wage records.

In addition to working groups, coordination and cooperation with local law
enforcement and other sources external to an agency can establish an
infrastructure conducive to preventing and detecting fraud. Our case
illustration shows the value of such an

13 Centrelink defines all incorrect payments as preventable unless the
payment is unavoidable, such as legislated advance payments. Furthermore,
Centrelink categorizes preventable payments into three areas: preventable by
the customer, preventable by staff, and preventable by the system.
Centrelink reports $410 million to $460 million in incorrect payments a
year, of which 70 percent is classified as preventable payments.

GAO- 02- 69G Improper Payments Page 39

infrastructure in preventing large- scale Medicaid fraud perpetrators from
receiving payment for fraudulent claims.

GAO- 02- 69G Improper Payments Page 40

Case Illustration: Information and Communications in Illinois

To coordinate fraud efforts, IDPA OIG established the position of Fraud and
Abuse Executive (FAE) whose objective is to develop and maintain
relationships with internal and external parties and be the conduit for all
fraud issues. Earlier this year, the following events occurred,
demonstrating the importance of direct and clear communication.

An Illinois bank teller, suspicious of a bank customer?s attempt to cash an
improperly endorsed Medicaid check, which was made out to a provider for
$123,000, phoned the State Treasurer?s Office, which referred the teller to
the FAE.

Based on the referral, the FAE queried the data warehouse and ascertained
that checks totaling $700,000 in payments had been issued to a provider
within a 2- week period, based on 40, 000 claims that had been filed for 43
recipients, 4 of whom were deceased. The FAE contacted the Illinois State
Police Medicaid Fraud Control Unit and requested that officers drive by the
mailing address identified on the checks, and that they also investigate a
sample of the recipients. The Illinois State Police Medicaid Fraud Control
Unit immediately investigated and reported that the location was vacant and
that periodically two people checked the mail. Based on this information,
the FAE stopped payment on all checks to the potentially fraudulent provider
and notified the Controller?s Office that outgoing checks to the provider
should be removed from the mailroom.

A few days later, another bank customer attempted to cash one of the checks
made to the provider in the amount of $185, 000. The corporate investigator
at the bank contacted the FAE. The FAE called the Illinois State Police
Medicaid Fraud Control Unit who then coordinated with the bank, the state
investigator with the Medicaid Fraud Control Unit, the U. S. Attorney?s
Office, and the Attorney General?s office for possible arrests.

A sting operation followed. The bank called its customer to come into the
bank to pick up the money. Two suspects were subsequently arrested. While
under arrest, one suspect received a cell- phone call from a person
notorious for Medicaid fraud, who had previously been permanently excluded
from the Medicaid program. The police were able to lure this suspect to the
police station, where the person was promptly arrested. One suspect was
recently sentenced to 4 years in state prison; the other suspect is awaiting
trial.

The FAE continues to use the data warehouse to develop possible
relationships between the suspects and other providers. The OIG attributes
the speed and success of this investigation to the cooperation between
investigative bodies throughout the state and to the data warehouse
technology.

GAO- 02- 69G Improper Payments Page 41

Effective communications should occur in a broad sense with information
flowing down, across, and up the organization. In addition to internal
communications, management should ensure there are adequate means of
communicating with, and obtaining information from, external stakeholders
that may have a significant impact on the agency achieving its goals.
Moreover, effective information technology management is critical to
achieving useful, reliable, and continual recording and communication of
information. Program managers need operational and financial data to monitor
whether they are meeting their agencies? strategic and annual performance
plans and meeting their goals for accountability and effective use of
resources. Monitoring strategies are discussed in the next section.

Strategies to Consider- Information and Communications

To effectively use and share knowledge to manage improper payments, the
following strategies should be considered:

determine what information is needed by managers to meet and support
initiatives aimed at reducing improper payments;

ensure that needed information is provided to managers in an accurate and
timely manner;

provide managers with timely feedback on applicable performance measures so
they can use the information to effectively manage their programs;

develop educational programs to assist program participants in understanding
program requirements;

ensure that there are adequate means of communicating with, and obtaining
information from, external stakeholders that may have a significant impact
on improper payment initiatives, such as periodic meetings with oversight
bodies; and

develop working relationships with other organizations to share information
and pursue potential instances of fraud or other wrongdoing.

GAO- 02- 69G Improper Payments Page 42

Objective: Manage Improper Payments

Risk Assessment

Control Activities Information and

Communications Monitoring

Control Environment

Monitoring: Tracking the Success of Improvement Initiatives

Monitoring performance, over time, is critical to program management and
oversight. Evaluation of an organization?s programs and its successes in
meeting its established goals and in identifying additional actions is an
integral element of performance measurement and continued improvement in
operations. Monitoring focuses on the assessment of the quality of
performance over time and on the prompt resolution of problems identified
either through separate program evaluations or audits. Once an organization
has identified its risks related to improper payments and undertaken
activities to reduce such risks by upgrading its control activities,
monitoring performance allows the organization to gauge how well its efforts
are working.

In the United Kingdom, the Department for Work and Pensions (DWP) annually
reviews its Income Support and Jobseeker?s Allowance programs to estimate
the level of fraud and error in the programs, measure progress toward
meeting established performance goals, and report performance results to
Parliament. As a result of the program monitoring and evaluation activities
these reviews permit, the government has set new, more challenging targets
for future performance.

In addition, the National Audit Office (NAO) in the United Kingdom uses the
review results in its annual audits of DWP?s financial statements. NAO
reviews DWP?s sampling methodology and sample results, reviews some of the
cases DWP examined, and selects its own sample to verify the accuracy of the
reviews. The auditing standards issued by the United Kingdom?s Audit
Practices Board require NAO to plan and perform its audits to provide for
reasonable assurance that the financial statements are ?free from material
misstatement, whether caused by error, or by fraud or other irregularity.?
Further, Her Majesty?s Treasury requires disclosure in the notes to the
financial statements on a cash basis of all instances of significant
irregular expenditures arising from erroneous benefit awards and fraud by
claimants. After considering the results of DWP?s review and its evaluation
of those results, NAO qualified its fiscal year 1995 through fiscal year
2000 opinions on DWP?s financial statements because of the amount of fraud
and error in the benefit programs. NAO has also provided

?We will want to know what action is being taken and what more could be done
to get a grip on the burgeoning levels of fraud and inaccuracy in benefit
claims.?

David Davis, Chairman of the Parliamentary Committee of Public Accounts,
United Kingdom

GAO- 02- 69G Improper Payments Page 43

constructive advice on how DWP might improve its internal control and risk
management procedures.

Illinois assessed the risk of improper payments in its Medicaid program,
and, based on the results, implemented initiatives designed to improve
payment accuracy. To monitor the effects of the new initiatives, Illinois
will use random claims sampling to test the accuracy of the payments by
reviewing 150 randomly selected claims per month, or 1,800 per year. The
goal of this project is to ensure that every paid claim faces an equal,
random chance of review. The judgment of field staff, auditors, nurses, and
policy experts will be used to determine if they are paid correctly. This
approach not only provides periodic estimates of payment and service
accuracy rates to help measure the results of existing enforcement and
detection efforts, but also helps deter future erroneous and fraudulent
billings.

Performance measures are key to monitoring progress in addressing improper
payments. New Zealand requires entities from which the government purchases
a significant quantity of goods and services to include audited statements
of objectives and statements of service performance with their financial
statements. These statements include, where appropriate, performance
measures related to improper payments. For example, performance measures
relating to entitlement accuracy, services to reduce benefit crime, and debt
management have been established for Work and Income New Zealand (WINZ), a
government agency that provides income support and/ or employment assistance
to eligible people. WINZ?s financial statements are the main accountability
reports used by Parliament to monitor the agency?s performance. In addition,
Parliament uses the audited information to make informed decisions on
resource allocation, and, through a Public Service Monitoring Body (the
State Services Commission), to hold the entity?s chief executive officer
responsible if performance standards are not met. For example, the
government, in its role as purchaser, can offer rewards and apply sanctions
to a chief executive officer to ensure performance. In addition, the
government may seek to purchase goods and services from more than one
source.

WINZ?s monitoring of its payment accuracy is discussed further in the case
illustration on the following page.

?The probability of review should never be zero. Not for any provider, no
matter how reputable; nor for any claim, no matter how small.?

Malcolm K. Sparrow, License to Steal; Why Fraud Plagues America?s Health
Care System,

1996

GAO- 02- 69G Improper Payments Page 44

Case Illustration: Monitoring at the Department of Work and Income New
Zealand

WINZ is one of the largest government departments in New Zealand. It
administers over $5 billion of transfer payments on behalf of the
government, and is expected to affect the lives of at least one- third of
the people in New Zealand at any one time. The primary purpose of WINZ is to
help eligible people participate in employment, education, training, and
community life through income support and/ or employment assistance.

The purchase agreements between WINZ and the government include performance
measures related to the accuracy of entitlement benefit decisions and the
timeliness with which the decisions are made. WINZ established an Accuracy
Reporting Program to help ensure that its contractual performance goals
would be met. Through a monthly sampling process, cases are reviewed for
accuracy and timeliness- that the right person was paid the right benefit in
the right amount at the right time. Results of the accuracy reporting
reviews are incorporated into the monthly service delivery KPI reports
provided to regional operations managers for monthly monitoring. Performance
reports are also provided quarterly to Responsible Ministers of Parliament.

WINZ officials stated that payment accuracy was just over 70 percent when it
began the program in 1996. When the first KPI reports came out, staff were
surprised by the areas that were below standard and wanted to know how they
could improve. Some regional managers wondered why and how certain regions
were doing better than their own. To monitor performance, WINZ utilized
performance summaries, which include information about each region?s
standing in relation to the performance goals. An example of such a
performance summary is depicted below.

First Quarter Performance

7 5 4

2 Exceptional 1 Over Standard 0 Below Standard Region A

Region B Region C

Services to Working Age Beneficiaries KPIs

Benefit Accuracy Benefit

Timeliness Client

Satisfaction Total Score Stable Employment

GAO- 02- 69G Improper Payments Page 45

Several years ago, the performance summaries reflected numerous areas of
below standard achievement. Over time, staff found it rewarding to track
their progress. An official told us that comparing performance between
regions fostered an atmosphere of healthy competition and a focus on ongoing
improvement. In addition to this summary level performance reporting, WINZ
implemented a team coaching program to monitor individual employee
performance and provide individual feedback and support to case managers.
The team coach reviews each case manager?s work based on his/ her level of
experience. For example, a trainee has five cases per month selected for
review of timeliness and accuracy. WINZ attributes team coaching, in part,
to its recently reported increase in accuracy. For the period from June 30,
1999 through June 30, 2000, WINZ reported that the accuracy rate improved
from 88 to 94 percent for Services to Seniors and from 89 to 90 percent for
Services to Working Age Beneficiaries.

GAO- 02- 69G Improper Payments Page 46

Monitoring the activities used by an organization to address improper
payments should be performed continually and should be ingrained in the
entity?s operations. Ongoing monitoring enables an organization to measure
how well it is doing, track performance measures, and adjust control
activities based on the results of monitoring activities. The monitoring
process should also include policies and procedures for ensuring that the
results of the reviews are communicated to the appropriate individuals
within the organization so that they can be promptly resolved.

Strategies to Consider- Monitoring

To track the success of improvement initiatives, the following strategies
should be considered:

establish agency- specific goals and measures for reducing improper
payments;

using baseline information for comparison, periodically monitor the progress
in achieving the established performance measures;

make the results of performance reviews widely available to permit
independent evaluations of the success of efforts to reduce improper
payments;

ensure timely resolution of problems identified by audits and other reviews;
and

adjust control activities, as necessary, based on the results of monitoring
activities.

GAO- 02- 69G Improper Payments Page 47 Observations

Our study identified many techniques and approaches that organizations have
used and found effective in reducing their levels of improper payments that
could be used by federal agencies to help reduce improper payments in their
programs. The techniques and approaches shared a common focus of improving
the internal control systems over the problem areas and generally included
actions in five areas- control environment, risk assessment, control
activities, information and communications, and monitoring. Our observations
on the key factors for successful actions in each of these areas follow.

In the area of control environment, we found that, for improper payment
initiatives to be successful, setting the tone at the top is critical. The
pressures applied by top management and oversight entities are instrumental
in clearly defining and communicating the need for improved program
operations and, most important, in redefining the organizational culture.
The goals and objectives of the initiatives being implemented must be
transparent to all in the organization. Without ongoing strong support, both
in spirit and in action, of top- level program officials and legislative
bodies, the chances for success in implementing the changes needed to
address improper payments are slim. This top- level support is especially
critical given that an investment of time and money is often needed in these
types of efforts.

One of the biggest hurdles that many entities face in the process of
managing improper payments is overcoming the propensity toward denial of the
problem. It is easy to rationalize avoiding or deferring taking action to
address a problem if you do not know how big the problem is. The nature and
magnitude of the problem- determined through a systematic risk assessment
process- needs to be determined and openly communicated to all relevant
parties. When this occurs, especially in a strong control environment,
denial is no longer an option, and managers have the information, as well as
the incentive, to begin addressing improper payments. This risk assessment
is used to determine where risks exist, what those risks are, and the
potential or actual impact of those risks on program operations. As such, it
helps identify the areas most in need of corrective action and helps form a
basis for determining how to allocate resources, human and monetary, to the
problem areas. By performing risk assessments on a recurring basis,
organizations also obtain information on the status of their efforts to
reduce improper payments and on areas needing further attention.

In the area of control activities, we found that organizations need to
tailor their actions to fit their particular needs. There is a wide range of
activities that can be used to effectively address improper payments. These
include the use of computer- assisted activities ranging from simple

GAO- 02- 69G Improper Payments Page 48

comparative analyses (e. g., comparing beneficiaries with mortality rolls)
to the use of sophisticated computer models for interactive analysis of
large amounts of information (e. g., using neural networking to identify
suspicious patterns of payments). Regardless of the level of sophistication
involved, the key to success is having the right people perform the right
jobs. While these technology- based solutions can be expensive, such
investments usually more than pay for themselves in terms of dollars saved.
They also can be a significant deterrent and provide for a level of program
integrity that could not otherwise be achieved.

When obtaining, storing, and using computer- generated information, an
organization must always be mindful of privacy and security issues. In the
federal arena, including federal programs managed by state organizations,
computer- assisted activities must be implemented consistent with all
protections of the Privacy Act of 1974, as amended by the Computer Matching
and Privacy Protection Act of 1988, and other privacy statutes.

We also found that organizations use both computer- generated information
and nontechnical methods to obtain, summarize, and communicate information
needed to evaluate program performance. Whatever method is used, the flow of
relevant, reliable, and timely information regarding performance should lead
to improved performance, particularly if an atmosphere of healthy
competition is introduced into the process.

Educational activities for both beneficiaries and other program participants
also serve as an effective communication approach to help reduce improper
payments and strengthen program operations. The better educated agency
employees, contractors, and beneficiaries are about what is expected of them
and the consequences of not meeting those expectations, the greater the
chances for reducing fraud and errors in the payment process.

Another key point is that just putting control activities in place is not
the end of the process- monitoring progress and results is essential and
must include the involvement of top- level officials. In addition to
monitoring day- to- day performance, it is important for an organization to
track performance over time and measure it against established performance
goals or indicators. This monitoring activity provides information on the
effectiveness of the control activities implemented and helps oversight and
top- level management officials identify areas needing further attention or
a shift in focus.

High levels of improper payments need not and should not be an accepted cost
of running federal programs. The organizations that participated in our
study found they could effectively and efficiently manage improper payments
by (1) changing their organizations? control environments or cultures, (2)
performing risk assessments, (3) implementing activities to reduce fraud and
errors, (4) providing relevant, reliable, and timely information and
communication of results to management, and (5) monitoring performance over
time.

GAO- 02- 69G Improper Payments Page 49

In the federal government, implementation of this process will likely not be
easy or quick. It will require strong support, not just in words but in
actions, from the President, the Congress, top- level administration
appointees, and agency management officials. Once committed to a plan of
action, they must remain steadfast supporters of the end goals and their
support must be transparent to all.

Further, there must be a willingness to dedicate the human capital and
monetary resources needed to implement the changes. In the human capital
area, this could involve performing needs assessments and taking the actions
necessary to hire individuals with the skills and knowledge necessary to
turn the planned actions into reality. Regarding funding, many actions that
proved successful to the organizations in our study involved computer-
assisted analyses of data. Effectively and efficiently implementing some of
these practices could require funding for computer software and hardware,
additional staff, and/ or training.

In addition, it is important that the results of the actions taken be openly
communicated or available not only to the Congress and agency management,
but also to the general public. This transparency demonstrates the
importance that the government places on the need for change and openly
communicates performance results. It also acts as an incentive for agencies
to be ever vigilant in their efforts to address the wasteful spending that
results from lapses in controls that lead to improper payments.

GAO- 02- 69G Improper Payments Page 50 Appendix I

Objectives, Scope, and Methodology

The objectives of this study were to identify effective practices and
provide case illustrations and other information for federal agencies?
consideration when developing strategies and planning and implementing
actions to manage improper payments. In performing this study, we conducted
extensive research and identified three federal agencies, three state
governments, three foreign countries, and three private sector companies
that took actions that they considered effective in reducing improper
payments in their programs.

In general, for the organizations that participated in this study, we (1)
conducted extensive Internet and literature searches to identify actions
that each had taken to reduce improper payments, (2) made site visits to
interview representatives involved in identifying and taking actions to
reduce improper payments, and (3) obtained and reviewed organization reports
and other documentation describing the actions taken, the results of those
actions, and future plans in the area.

As outlined below, we used several techniques to identify the study
participants.

Federal Agencies

We formed a focus group within GAO that was composed of program and
financial analysts familiar with each federal agency. This group identified
agencies that had implemented practices to reduce improper payments.
Additionally, we contacted the inspectors general of the 24 Chief Financial
Officers (CFO) Act agencies to obtain their views on agency activities, if
any, designed to reduce improper payments. Once we identified potential
participants, we conducted extensive Internet searches of their Web sites
and reviewed entity and GAO audit reports and other documents to obtain
background and other information for potential best practice efforts. We
then contacted three agencies, discussed our study objectives and planned
approach, and asked each if it had any programs in which actions to reduce
improper payments were effective. Representatives at the three agencies (the
Department of Veterans Affairs, the Social Security Administration, and the
Department of Health and Human Services? Centers for Medicare and Medicaid
Services (formerly the Health Care Financing Administration) identified
programs in which their organizations had taken actions considered effective
and agreed to participate.

State Governments

We conducted extensive Internet searches for all 50 states to identify
reports and other studies that identified states that had taken actions that

GAO- 02- 69G Improper Payments Page 51

appeared to identify and reduce improper payments. We also coordinated with
other GAO representatives to identify states that had taken actions to
reduce improper payments in federal programs in which program management is
a state responsibility, such as the Food Stamp program. Based on the
information obtained, we asked representatives in the states of Illinois,
Kentucky, and Texas if they had any activities that they believed were
effective in reducing improper payments. Each identified some actions and
agreed to participate in the study.

Private Sector Organizations

We contacted the Private Sector Council, a public service organization that
assists in the sharing of knowledge between the private and public sectors.
Through this organization, three companies volunteered to participate in our
study and supplied us with information on the techniques they used and
considered effective in reducing improper payments.

Foreign Governments

Our External Liaison Office contacted our counterparts in 12 countries and
two world organizations to explain our study objective and ask for input on
activities, if any, each had taken to reduce improper payments in its
programs. We also conducted extensive Internet searches to identify programs
in each of these entities in which actions had been taken to reduce improper
payments. Based on the responses from our initial requests for information
from the countries and organizations and our Internet search results, we
selected three countries (Australia, New Zealand, and the United Kingdom) as
possible study participants. We contacted representatives for each, and they
agreed to participate.

In the course of identifying actions that possible participants in our study
had taken to reduce improper payments, we identified numerous Web sites that
might provide organizations with useful information that they can consider
when attempting to address improper payment or other problems in their
programs. Appendix III lists these resources.

We conducted our fieldwork from May 2000 through March 2001. We asked
officials of the various organizations highlighted in the case illustrations
and throughout the report to verify the accuracy of the information
presented on their activities and incorporated their comments as
appropriate. We did not independently verify the accuracy of that
information. In addition, we issued an exposure draft of this executive
guide to obtain comments from interested parties including members of the
CFO and OIG community, OMB, and selected professional organizations in the
United States and abroad. We incorporated comments as appropriate.

GAO- 02- 69G Improper Payments Page 52 Appendix II

Entity Descriptions

This appendix provides descriptions of the foreign governments? agencies and
U. S. federal agencies, state governments, and private sector organizations
that participated in this study. For our study, we contacted and visited
various people from the listed organizations who spent many hours planning
and hosting our visits, coordinating meetings, and preparing and presenting
information. We thank them for their willingness to participate in our
study, for the valuable information and insights they provided, and for
their hospitality.

Foreign Governments

Several agencies responsible for delivering a variety of government services
in Australia, New Zealand, and the United Kingdom participated in our study.
The government services provided by the agencies range from providing audit
oversight and tax collection activities to benefit administration and
benefit payments.

Australia

The Australian Federation has a three- tier system of government, under the
provisions of a written constitution that includes the legislative,
executive, and judicial branches of government at both the national and
state levels. The division of powers between the federal and state
parliaments broadly follows the American model- states and territories are
responsible for matters not assigned to the federal government. Australia is
an independent nation and retains constitutional links with Queen Elizabeth
II of Great Britain who is Queen of Australia. A Minister of State is
accountable to Parliament for each department?s functions and activities.
Under the Minister is the head of a department, usually referred to as the
Secretary.

Centrelink Centrelink is a ?one- stop shop? that pays a variety of
Australian government benefits. Centrelink is an agency not individually
funded by the Treasury, but rather through business partnership agreements
with government departments. The agency has agreements with 11 government
departments, including the Department of Family and Community Services
(FACS); the Department of Employment, Workplace Relations and Small
Business; the Department of Veterans? Affairs; and the Department of
Education, Training and Youth Affairs. The one- stop shop was formed by
merging functions and staff from the social security and employment
departments with strong support from the Department of Finance. It is in the
top 100 of Australian companies in terms of size and turnover. Its budget is
$818 million, and it distributes $22.4 billion social security

GAO- 02- 69G Improper Payments Page 53

payments on behalf of FACS. 14 Centrelink has 6.1 million customers, pays
9.2 million individual entitlements each year, and employs a staff of 22,000
in 1,000 service delivery locations across Australia.

Health Insurance Commission The Health Insurance Commission (HIC) is a
government agency that administers Australian health programs such as
Medicare and the Pharmaceutical Benefits Scheme. In addition to
administering these programs, HIC is charged with preventing and detecting
fraud and abuse. Medicare is a universal health insurance scheme available
to all Australian citizens. From 1999 through 2000, HIC paid over $3. 5
billion in benefits, processing over 209 million claims to 11 million active
enrollees in Medicare. Through the Pharmaceutical Benefits Scheme during the
same year, HIC processed over 149 million claims totaling over $1.8 billion
in benefits.

New Zealand

New Zealand is an independent nation within the British Commonwealth. Queen
Elizabeth II of Great Britain is represented in New Zealand by the Governor-
General. New Zealand has no written constitution but rather it has two
documents of importance- the Treaty of Waitangi and the Bill of Rights Act.
Much of the business of government is performed by ministries, government
departments, and other government agencies, which are collectively known as
the public sector.

Inland Revenue Department The Inland Revenue Department (IRD) provides tax
services as well as social policy services, including the administration of
child support and family assistance programs and the collection of student
loan repayments. IRD revenues include $7 billion in individual taxes, $3.76
billion in Goods and Services Tax revenue, and $1.85 billion in company tax.
Total tax revenue in 1999 was $13.5 billion. During the 1999/ 2000 year, IRD
processed 7.2 million tax returns. Additionally, IRD processed 7.3 million
payments during the same year.

Work and Income New Zealand The Department of Work and Income New Zealand
(WINZ) is a government agency that aids job seekers, pays income support,
and administers superannuation (retirement) payments and student loans and
allowances. WINZ was established in 1998 by combining the income support
function from the Department of Social Welfare and the employment services
and local employment coordination functions from

14 Amounts included in this report have been converted to U. S. dollars
using the following exchange rates, effective April 16, 2001, for one U. S.
dollar: 0.697064 British pounds, 1.95665 Australian dollars, and 2.43533 New
Zealand dollars.

GAO- 02- 69G Improper Payments Page 54

the Department of Labor. Total benefits exceed $5.34 billion in transfer
payments to

 over 460,000 seniors for superannuation and transitional retirement
benefits payments,

 over 404,000 people for income support payments,

 approximately 56,000 students for student allowances, and

 approximately 143,000 students for student loans.

United Kingdom

The United Kingdom is a constitutional monarchy and parliamentary democracy
under Queen Elizabeth II and two houses of Parliament- the House of Lords
and the House of Commons. The executive power rests with the Cabinet, headed
by the Prime Minister.

National Audit Office The National Audit Office (NAO) scrutinizes public
spending on behalf of Parliament. It is an independent body that audits the
accounts of all government departments and agencies, as well as a wide range
of other public bodies, and reports to Parliament on the economy,
efficiency, and effectiveness of government agencies.

NAO is headed by the Comptroller and Auditor General, who is also an officer
of the House of Commons. NAO employs 750 people in offices throughout the
United Kingdom.

Department for Work and Pensions The Department for Work and Pensions
(formerly the Department of Social Security) administers the United
Kingdom?s welfare programs through four agencies- the Benefits Agency, Child
Support Agency, War Pensions Agency, and Appeals Service Agency. The
Benefits Agency administers programs such as Income Support and Jobseeker?s
Allowance Benefits. The Benefits Agency employs about 71,000 people and
delivers more than 20 social security benefits, making payments in excess of
$156 billion each year.

Federal Agencies Department of Health and Human Services- Centers for
Medicare and Medicaid Services

The Department of Health and Human Services (HHS) is the U. S. government?s
principal agency for protecting the health of all Americans and providing
essential human services. In addition to the Medicare and Medicaid programs,
the department includes more than 300 programs, covering a wide spectrum of
activity from medical research, financial assistance to low- income
families, to substance abuse treatment and prevention programs.

GAO- 02- 69G Improper Payments Page 55

The Centers for Medicare and Medicaid Services (CMS) (formerly the Health
Care Financing Administration), one of HHS? operating divisions, administers
both the Medicare and Medicaid programs, which provide health care to about
one in every four Americans.

Medicaid Medicaid, established in 1965 by Title XIX of the Social Security
Act, is a federal- state matching entitlement program that pays for medical
assistance for certain vulnerable and needy individuals and families with
low incomes and resources. In fiscal year 2000, it provided health care
assistance to an estimated 33 million persons, at a cost of about $118.6
billion to the federal government. CMS is responsible for the overall
management of Medicaid; however, each state is responsible for managing its
own program. Within broad federal statutory and regulatory guidelines, each
state (1) establishes its own eligibility standards, (2) determines the
types and ranges of services, (3) sets the rate of payment for services, and
(4) administers its own program.

Medicare Fee- for- Service Authorized by Title XVIII of the Social Security
Act in 1965, Medicare is the nation?s largest health insurance program
handling more than 900 million claims per year on behalf of elderly and
disabled individuals at a cost of about $214.6 billion in fiscal year 2000.
Fee- for- service payments account for about $173.6 billion of Medicare
payments. CMS contracts with over 50 insurance companies to process fee-
for- service claims; however, CMS is responsible for overseeing these
contractors and for ensuring that claims are paid accurately and
efficiently.

Social Security Administration

In 1935, the Social Security Act established a program to help protect aged
Americans against the loss of income due to retirement. Since that time,
various amendments were added, creating the programs that the Social
Security Administration (SSA) administers today. Established in 1994 as an
independent agency within the U. S. government, SSA is responsible for
administering the Old Age and Survivors Insurance (OASI) and Disability
Insurance (DI) programs as well as the Supplemental Security Income (SSI)
program. SSA?s organization features centralized management of the programs
and a decentralized nationwide network of 10 regional offices overseeing
1,340 field offices, 138 hearings offices, 36 teleservice centers, 7
processing centers, and 1 data operations center. OASI provides for the
protection from loss of income for aged Americans as well as survivors of
deceased workers. OASI had fiscal year 2000 outlays of about $347.9 billion,
with about 39 million beneficiaries. DI protects disabled workers and their
dependents from loss of income, and had fiscal year 2000 outlays of $54.2
billion, serving about 6.6 million beneficiaries. Workers are considered
disabled if they have severe physical or mental conditions that prevent them
from engaging in substantial gainful activity.

GAO- 02- 69G Improper Payments Page 56

SSI had outlays of $30.8 billion in fiscal year 2000, providing cash
assistance to about 6.6 million financially needy individuals who are
elderly, blind, or disabled.

Department of Veterans Affairs

In 1930, the Congress consolidated and coordinated various veterans?
programs with the establishment of the Veterans Administration. It became a
cabinet- level position in March 1989- the Department of Veterans Affairs
(VA). VA administers the laws providing benefits and other services to
veterans and their dependents and beneficiaries. Through 21 organizations,
including the Veterans Health Administration and the Veterans Benefits
Administration, VA ensures that veterans receive medical care, benefits, and
social support. Major programs of VA include medical care, education,
research, compensation, pension, education, and burial. In fiscal year 2000,
more than 3.8 million patients used VA health care, over 2.6 million
veterans and family members received monthly VA disability compensation
payments, and nearly 2.4 million graves were maintained at national
cemeteries.

State Governments

The state agencies that participated in our study are responsible for
administering a variety of benefit programs in Illinois, Kentucky, and
Texas.

State of Illinois

The Illinois Department of Human Services (IDHS) was created in 1997 by
consolidating three human services agencies, one of which was the Illinois
Department of Public Aid (IDPA), and parts of three others. IDHS assumed the
responsibility for administering cash assistance, food stamps, and Medicaid
eligibility programs. However, IDPA retains most of the responsibility for
administering Medicaid. IDPA has an Office of Inspector General (OIG) that
helps enforce policies and investigates misconduct in the Medicaid, Food
Stamp, and welfare programs administered by IDPA and IDHS. IDPA OIG includes
a staff of 311 employees, and, in fiscal year 2000, it operated under a
budget of $19.6 million and collected or avoided costs totaling $38.3
million. According to preliminary fiscal year 2000 data, Illinois? Food
Stamp program provided approximately $777 million in benefits to over
779,000 recipients. In fiscal year 1999, Illinois spent approximately $390
million of its Temporary Assistance for Needy Families (TANF) funds. In
fiscal year 1998, Illinois spent approximately $6.2 billion for Medicaid
covering over 1.3 million recipients.

Commonwealth of Kentucky

Kentucky?s Cabinet for Families and Children protects and promotes the well
being of Kentuckians by delivering quality human services. It administers
the state?s human services programs, such as Food Stamps, foster care,
disability, and cash assistance. Meanwhile, the state?s Cabinet

GAO- 02- 69G Improper Payments Page 57

for Health Services administers programs to promote mental and physical
health, emphasizing education and prevention. It administers Medicaid
through the Department of Medicaid Services. According to preliminary fiscal
year 2000 data, Kentucky?s Food Stamp program provided approximately $337
million in benefits to over 403,000 recipients. In fiscal year 1999,
Kentucky spent approximately $82 million of its TANF funds. In fiscal year
1998, Kentucky spent approximately $2.4 billion for Medicaid covering over
644,000 recipients.

State of Texas

Texas has a number of departments involved in the administration of its
medical and general assistance programs. Its Health and Human Services
Commission (HHSC), which provides overall leadership and strategic direction
to the health and human services system in Texas, oversees the work of 13
state agencies, including the Texas Department of Health (TDH) and the Texas
Department of Human Services (TDHS). TDH administers more than 200 separate
programs and operational units, including Medicaid. This department has more
than 5,500 employees and an annual appropriation of approximately $6.5
billion. TDHS administers state and federal human services programs,
including TANF and the Food Stamp program, to more than 2 million needy,
elderly, or disabled Texans each month. As one of the largest human services
agencies in the country, TDHS employs more than 15,000 and has an annual
budget of $3.5 billion. According to fiscal year 2000 data, Texas? Food
Stamp program provided approximately $1.2 billion in benefits to over 1.3
million recipients. In addition, Texas spent approximately $228 million of
its TANF funds in serving more than 300,000 recipients. In fiscal year 1998,
Texas spent approximately $7.1 billion for Medicaid covering over 2.3
million recipients.

Private Sector Companies Private Sector Council

The Private Sector Council (PSC) is a nonprofit, nonpartisan public service
organization committed to assisting the federal government in improving its
efficiency, management, and productivity. Since its founding in 1983, PSC
has continued to promote and further the notion that private sector ?know-
how? can, and should, be utilized to assist in solving public sector
challenges by supplying federal managers with modern ideas, methodologies,
and applications through over 300 projects. Member companies consist of
prominent Fortune 500 companies from across North America, including
telecommunications, defense, finance, and energy businesses. PSC assembled
three volunteer companies to participate in our study. These companies
included a telecommunications company with $33.6 billion in fiscal year 2000
sales, a document management company with $18.6 billion in fiscal year 2000
sales, and a consulting firm with $1. 95 billion in revenues.

GAO- 02- 69G Improper Payments Page 58 Appendix III

Other Resources

We identified the following Web sites during the course of our work, which
may be useful to organizations as sources of additional information.

Best Practice Web Sites

Best Practices in the Federal Government http:// hydra. gsa. gov/ fitec/
bestprac. htm

The CFO Electronic Commerce Task Force has created an interagency team, the
Financial Implementation Team for Electronic Commerce (FITEC), to help
create integrated strategies, execution plans, and schedules for achieving
the federal CFO financial community?s electronic commerce goals. This site,
created by FITEC, provides agencies with a resource for locating financial
and/ or electronic commerce practices that can be used throughout the
federal government.

The Cabinet Office www. cabinet- office. gov. uk/ servicefirst/ index/
guidhome. htm

The United Kingdom?s Cabinet Office works in partnership with other parts of
the central government, local government, and other bodies in the public and
private sectors to modernize and coordinate government in order to secure
excellence in policymaking and responsive, high- quality public services.
The Cabinet Office?s best practices site includes a best practice database,
best practice guides, best practice links, and different forums
organizations can use to share information on their various initiatives.

National Association of State Procurement Officials www. naspo. org

The National Association of State Procurement Officials is a nonprofit
association dedicated to strengthening the procurement community through
education, research, and communication. Under its ?Whitepapers? section,
this site includes a ?Best Practices Compendium? that lists innovative
procurement practices in state government.

Organisation for Economic Co- operation and Development www. oecd. org/
puma/ focus/ compend/ matrixframe. htm

The Organisation for Economic Co- operation and Development provides a
setting in which 30 member countries can discuss, develop, and perfect
economic and social policy. Countries can compare experiences, seek answers
to common problems, and work to coordinate domestic and international
policies. This site provides examples of public management

GAO- 02- 69G Improper Payments Page 59

initiatives in a variety of areas, including ethics, performance management,
and regulatory reform.

Award Winners

Government Technology Leadership Awards www. govexec. com/ tech/ award

Government Executive magazine annually presents Government Technology
Leadership Awards to recognize federal agencies and state governments for
their excellent performance with information technology programs. This site
includes a list of all award winners and a searchable database of Government
Executive articles.

National Association of State Information Resource Executives www. nasire.
org/ awards/ index. cfm

The National Association of State Information Resource Executives (NASIRE)
represents state chief information officers (CIO) and information resource
executives who share a mission to shape national information technology
policy through collaborative partnerships, information sharing, and
knowledge transfer. Each year, NASIRE presents Recognition Awards for
Outstanding Achievement in the Field of Information Technology to those
programs and systems that have created cost- effective, innovative solutions
in the operation of state government. This site provides a list of award
winners.

Publications

CIO Magazine www. cio. com

CIO magazine aims to provide actionable insight and decision support for
information technology and business executives so that they may use
information technology to obtain a competitive advantage. This Web site
includes discussion forums, research centers on topics such as leadership
and management and data warehouses, and a searchable database.

Federal Computer Week

www. fcw. com

Federal Computer Week (FCW) is directed toward users and buyers of federal
information technology. It focuses on desktop, client/ server, and
enterprisewide computing. This site can be used to access previous FCW
articles, which can be searched by topic or by keyword.

Government Executive Magazine www. govexec. com

Government Executive magazine provides daily news for federal managers and
executives. This site provides information about the

GAO- 02- 69G Improper Payments Page 60

Government Performance and Results Act, as well as links to research reports
and organizations. In addition, articles from past issues can be searched by
keyword.

Government Technology Magazine www. govtech. net

Government Technology magazine is dedicated to providing government
executives with key information they need to succeed in running modern
government. This site provides a solution center containing best practices
and case studies in state and local government.

Other Bookmarks

Australian National Audit Office www. anao. gov. au

The Australian National Audit Office (ANAO) is a specialist public sector
entity providing a full range of audit services to Parliament and
Commonwealth public sector agencies and statutory bodies. ANAO?s site
includes links to its various publications, including its audit reports and
better practice guides. These publications can be searched by title, theme,
or date.

C. A. MacDonald & Associates www. camacdonald. com

C. A. MacDonald & Associates, a health and human services consulting
company, was established in 1993 to assist policy developers and
decisionmakers in government in achieving their program and service goals.
This site allows users to read the company?s public reports that relate to
various fraud and error programs in both the United States and Canada.

Center for Technology in Government www. ctg. albany. edu

The Center for Technology in Government is an applied research center
devoted to improving government and public services through policy,
management, and technology innovation. The center?s Web site includes
information about its projects, research, and publications. Among the
center?s publications are a best practices starter kit, a report on data
warehousing, and information on the center?s project to find best practices
in state and local information systems. This site also includes links to
other related resources.

Chief Information Officers Council www. cio. gov

The CIO Council was established in 1996. The CIO Council serves as the
principal interagency forum for improving practices in the design,

GAO- 02- 69G Improper Payments Page 61

modernization, use, sharing, and performance of federal agency information
resources. This site contains a library of documents, a searchable database,
and a discussion area.

The Data Warehousing Institute www. dw- institute. com

The Data Warehousing Institute provides education and training in the data
warehousing and business intelligence industry. The institute is dedicated
to educating business and information technology professionals about the
strategies, techniques, and tools required to successfully design, build,
and maintain data warehouses. This site lists winners of its Best Practices
and Leadership in Data Warehousing Awards. In addition, it provides case
studies, lessons from experts, and a forum allowing users to share
information or to ask questions.

Government Performance Project www. maxwell. syr. edu/ gpp/ index. htm

The Government Performance Project is the joint effort of the Maxwell School
of Citizenship and Public Affairs at Syracuse University and

Governing magazine, which are working to rate the management capacity of
local and state governments and selected federal agencies in the United
States. This site includes reports on those rankings in addition to
highlighted innovative practices.

Illinois Department of Public Aid?s Office of Inspector General www. state.
il. us/ agency/ oig/ index. htm

IDPA?s OIG?s mission is to prevent, detect, and eliminate fraud, waste,
abuse, and misconduct in various payment programs. This site contains
research reports conducted by the OIG, including the first ever payment
accuracy review performed on Medicaid. This site also contains a searchable
database of sanctioned providers and barred individuals within the state of
Illinois.

National Medicaid Fraud and Abuse Initiative www. hcfa. gov/ medicaid/
fraud/ default. htm

HCFA (now the Centers for Medicare and Medicaid Services) began its National
Medicaid Fraud and Abuse Initiative in June 1997. This initiative works to
facilitate communication, information sharing, and a national forum for
Medicaid fraud and abuse issues for the states. This Web site contains
guidance and reports, including information about executive seminars
conducted by Dr. Malcolm Sparrow, a leading authority in the area of health
care fraud, and state Medicaid contacts.

GAO- 02- 69G Improper Payments Page 62 Related Organizations

Association of Certified Fraud Examiners www. cfenet. com

The Association of Certified Fraud Examiners consists of approximately
25,000 certified fraud examiners and associated members in 70 different
countries. The association?s mission is to reduce the incidence of fraud and
white- collar crime through prevention and education. This site provides
information about membership, events, and products and services offered by
the association.

Association for Federal Information Resources Management www. affirm. org

The Association for Federal Information Resources Management (AFFIRM) is a
nonprofit, professional organization whose overall purpose is to improve the
management of information, and related systems and resources, within the
federal government. Founded in 1979, AFFIRM?s members include information
resource management professionals within the federal, academic, and industry
sectors. This site contains information on membership, a calendar of events,
and links to AFFIRM?s publications.

Association of Government Accountants www. agacgfm. org

The Association of Government Accountants (AGA) serves the professional
interests of financial managers from local, state, and federal governments,
as well as public accounting firms responsible for effectively using
billions of dollars and other monetary resources every day. AGA is
recognized as a leading advocate for improving the quality and effectiveness
of government fiscal administration. Its Web site includes information on
membership, conferences, and its publications.

Council for Excellence in Government www. excelgov. org

The Council for Excellence in Government, whose members include former
leaders in both government and the private sector, works toward practical
public sector reform. This Web site provides information on the council?s
programs and publications.

Highway 1 www. highway1. org

Highway 1 is a nonprofit organization, made up of companies such as IBM and
Microsoft, whose goal is to educate the government on the potential of
information technology by being a source for information and by
demonstrating technologies that are shaping our society, economy, and public
policy. This Web site includes a list of Highway 1?s programs and an
information center.

GAO- 02- 69G Improper Payments Page 63

Information Technology Resources Board www. itrb. gov

The Information Technology Resources Board (ITRB) is a group of information
technology, acquisition, and program managers and practitioners with
significant experience in developing, acquiring, and managing information
systems in the federal government. The primary focus of ITRB is to provide a
review of major system initiatives at the joint request of the Office of
Management and Budget and an agency and to publicize lessons learned and
promising practices. This site includes a list of ITRB?s members, events,
publications, and related links.

The Institute of Internal Auditors www. theiia. org

Established in 1941, the Institute of Internal Auditors serves as the
profession?s watchdog and resource on significant auditing issues around the
globe. This site provides standards, guidance, and information on internal
auditing best practices for its members.

National Contract Management Association www. ncmahq. org

The mission of the National Contract Management Association (NCMA) is to
help contract managers best achieve their objectives to manage customer and
supplier expectations and relationships, control risk and cost, and
contribute to organizational profitability and success. This site contains
information about NCMA?s member services, event calendar, publications, and
professional resources.

National Health Care Anti- Fraud Association www. nhcaa. org

Founded in 1985 by several private health insurers and federal/ state law
enforcement officials, the National Health Care Anti- Fraud Association is a
unique, issue- based organization comprising private and public sector
organizations and individuals responsible for the detection, investigation,
prosecution, and prevention of health care fraud. This site includes
information on upcoming education and training events.

Private Sector Council www. privatesectorcouncil. org

PSC is a nonprofit, nonpartisan public service organization committed to
helping the federal government improve its efficiency, management, and
productivity. This site provides information about PSC?s upcoming events.

GAO- 02- 69G Improper Payments Page 64

Standards Australia www. standards. com. au

Standards Australia International Limited is an organization with principal
activities focused on business- to- business services based on the creation,
distribution, sharing, and application of knowledge using a variety of
technologies. One of the major activities of the organization is the
development of technical and business standards. This site provides a means
of acquiring the Australian/ New Zealand Standard 4360: Risk Management.

GAO- 02- 69G Improper Payments Page 65 Appendix IV

GAO Contacts and Staff Acknowledgments GAO Contacts

Tom Broderick, (202) 512- 8705 Marie Novak, (202) 512- 4079

Staff Acknowledgments

In addition to those named above, the following individuals made important
contributions to this report: Cheryl Driscoll, Valerie A. Freeman, Sharon
Loftin, Elizabeth Martinez, Mary Merrill, Debra Sebastian, Ruth Sessions,
Brooke Whittaker, and Maria Zacharias.

(190032)

The General Accounting Office, the investigative arm of Congress, exists to
support Congress in meeting its constitutional responsibilities and to help
improve the performance and accountability of the federal government for the
American people. GAO examines the use of public funds; evaluates federal
programs and policies; and provides analyses, recommendations, and other
assistance to help Congress make informed oversight, policy, and funding
decisions. GAO?s commitment to good government is reflected in its core
values of accountability, integrity, and reliability.

The fastest and easiest way to obtain copies of GAO documents is through the
Internet. GAO?s Web site (www. gao. gov) contains abstracts and full- text
files of current reports and testimony and an expanding archive of older
products. The Web site features a search engine to help you locate documents
using key words and phrases. You can print these documents in their
entirety, including charts and other graphics.

Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as ?Today?s Reports,? on its Web
site daily. The list contains links to the full- text document files. To
have GAO E- mail this list to you every afternoon, go to our home page and
complete the easy- to- use electronic order form found under ?To Order GAO
Products.?

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U. S. General Accounting Office P. O. Box 37050 Washington, D. C. 20013

To order by Phone: Voice: (202) 512- 6000 TDD: (301) 413- 0006 Fax: (202)
258- 4066

GAO Building Room 1100, 700 4th Street, NW (corner of 4th and G Streets, NW)
Washington, D. C. 20013

Contact: Web site: www. gao. gov/ fraudnet/ fraudnet. htm, E- mail:
fraudnet@ gao. gov, or 1- 800- 424- 5454 (automated answering system). GAO?s
Mission

Obtaining Copies of GAO Reports and Testimony

Order by Mail or Phone Visit GAO?s Document Distribution Center

To Report Fraud, Waste, and Abuse in Federal Programs

United States General Accounting Office Washington, D. C. 20548- 0001

Official Business Penalty for Private Use $300

Address Correction Requested Presorted Standard

Postage & Fees Paid GAO Permit No. GI00
*** End of document. ***