Improper Payments: Responses to Posthearing Questions Related to Status of Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements (20-JUN-08, GAO-08-819R). On January 31, 2008, we testified before Congress' subcommittee at a hearing entitled, "Eliminating Agency Payment Errors." At the hearing, we discussed federal agencies' progress in addressing key requirements of the Improper Payments Information Act of 2002 (IPIA) and Section 831 of the National Defense Authorization Act for Fiscal Year 2002, commonly known as the Recovery Auditing Act. Our review and testimony focused on (1) progress made in agencies' implementation and reporting under IPIA for fiscal year 2007, (2) remaining challenges with IPIA implementation, and (3) agencies' efforts to report recovery auditing information. This report responds to your March 13, 2008, request to provide answers to follow-up questions relating to our January 31, 2008, testimony. (1) What kinds of changes should be made to the Single Audit Act, which already requires recipients to have proper systems of internal control to ensure front-end compliance with Federal requirements that would assist in identification and reduction of improper payments? The FY 2007 Audit Report on the Consolidated Financial Statement indicates that the Federal government's inability to determine the extent to which improper payments occur is one of the major government-wide material weaknesses that led to GAO's adverse opinion on internal control. (2) Did this compliance issue translate to reportable conditions or limitations in opinions on financial statements at the individual departments? Are CFO Act financial statement internal control and substantive audit tests of disbursements as stringent as they need to be? The expansion of government-wide systems for third party data matches across government programs sounds like an important program integrity improvement and potential cost savings initiative. (3) How can we ensure that all agencies across government are pursuing automated data checks across agencies and programs whose data they are reliant upon wherever this makes sense? How can we provide access to necessary data across government to improve program integrity over payments without requiring new authority on a case by case basis? The role of the certifying officers at disbursing agencies provides the last line of defense in preventing many improper payments. Under Treasury regulation, certifying officers at disbursing agencies must certify that payments are legal, proper, and correct at disbursement. (4) Are these personnel provided the necessary tools to perform their jobs including proper training and authority? Are they ever pressured to release questionable payments to maintain productivity levels and thus sacrificing quality for quantity due to competing agency demands? What can Congress and Office of Management and Budget (OMB) do to strengthen their role across government? (5) Is agency management doing enough to hold people accountable for program integrity? Is success in setting improper payments reduction targets and meeting those targets a factor in managers' performance evaluations or pay and bonus determinations? Should we have government-wide performance standards for proper payment goals and expectations? Are agencies being aggressive enough with their reduction targets? There has been some debate in the subcommittee about whether the reporting threshold in the Improper Payments Information Act should be lower. (6) Can GAO explain for Congress what you do to ensure that programs that are not reporting improper payments are still doing all they can to improve program integrity? -------------------------Indexing Terms------------------------- REPORTNUM: GAO-08-819R ACCNO: A82466 TITLE: Improper Payments: Responses to Posthearing Questions Related to Status of Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements DATE: 06/20/2008 SUBJECT: Accountability Audit reports Budget obligations Data integrity Erroneous payments Federal agencies Financial management Financial statement audits Financial statements Fiscal policies Internal audits Internal controls Noncompliance Payments Program abuses Program management Questionable payments Reporting requirements DOD Military Health Benefit Program HHE Temporary Assistance for Needy Families Program ****************************************************************** ** This file contains an ASCII representation of the text of a ** ** GAO Product. ** ** ** ** No attempt has been made to display graphic images, although ** ** figure captions are reproduced. Tables are included, but ** ** may not resemble those in the printed version. ** ** ** ** Please see the PDF (Portable Document Format) file, when ** ** available, for a complete electronic file of the printed ** ** document's contents. ** ** ** ****************************************************************** GAO-08-819R This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to [email protected]. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. GAO-08-819R: United States Government Accountability Office: Washington, DC 20548: June 20, 2008: The Honorable Tom Carper: Chairman: Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security: Committee on Homeland Security and Governmental Affairs: United States Senate: Subject: Improper Payments: Responses to Posthearing Questions Related to Status of Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements: Dear Mr. Chairman: On January 31, 2008, we testified[Footnote 1] before your subcommittee at a hearing entitled, "Eliminating Agency Payment Errors." At the hearing, we discussed federal agencies' progress in addressing key requirements of the Improper Payments Information Act of 2002 (IPIA) [Footnote 2] and Section 831 of the National Defense Authorization Act for Fiscal Year 2002, commonly known as the Recovery Auditing Act. [Footnote 3] Our review and testimony focused on (1) progress made in agencies' implementation and reporting under IPIA for fiscal year 2007, (2) remaining challenges with IPIA implementation, and (3) agencies' efforts to report recovery auditing information. This report responds to your March 13, 2008, request to provide answers to follow-up questions relating to our January 31, 2008, testimony. The responses are based on work associated with our previously issued products (see the Related GAO Products list at the end of this report) and data reported in agencies' performance and accountability reports (PAR). Your questions, along with our responses, follow: 1. I understand that it is often very difficult to address improper payments problems in programs such as TANF that involve grants to states and localities. The Single Audit Act, as you know, is the tool that the federal government uses to ensure program integrity in these types of programs. What kinds of changes should be made to the Single Audit Act, which already requires recipients to have proper systems of internal control to ensure front-end compliance with Federal requirements that would assist in identification and reduction of improper payments? To date, we have not performed an analysis to determine whether any changes should be made to the Single Audit Act[Footnote 4] to specifically assist in the identification and reduction of improper payments for state-administered federal programs. However, preventing, identifying, and reporting improper payments are primarily management's responsibility. Awardees, such as states, also have a fundamental responsibility to ensure the proper administration of federal awards by using sound management practices and maintaining internal controls. That said, we support efforts to assess how the single audits can be leveraged to help achieve successful implementation of IPIA. We have testified before your subcommittee and reported on issues related to improving single audit quality; initiatives that several states have used to estimate improper payments for state-administered programs, including the Temporary Assistance For Needy Families (TANF) program; and the Office of Management and Budget's (OMB) guidance for state- administered programs to conduct risk assessments.[Footnote 5] In December 2007,[Footnote 6] we reported that the current design of the single audit is not intended to provide sufficient information for assessing and reporting on improper payments. There is currently no direct link between the assessment of programs' susceptibility to improper payments under IPIA and the level and scope of work performed in a single audit. For instance, the approach for determining which major federal programs to audit for compliance under a grantee's single audit focuses heavily on programs with the largest dollar amounts in a grantee's portfolio without concurrently considering the extent to which programs are susceptible to improper payments. Consequently, the current design of the single audit process and the related audit results are generally not effective tools for identifying susceptible programs' improper payments and systematically estimating the extent of improper payments for those programs. They can, however, provide managers added perspective on the nature and extent of risk for improper payments. Similarly, OMB testified[Footnote 7] before your subcommittee that it is exploring longer-term reforms to the single audit process that will help achieve successful results in the implementation of IPIA. OMB plans to evaluate how single audits can be expanded beyond federal program compliance to assess the risk of improper payments and extent to which improper payments are systemic throughout a program. OMB further reported that if the single audit can be leveraged in this manner, federal agencies will have an important tool for obtaining cost- effective IPIA error measurements. In addition, because single audits test internal controls, OMB believes that this change would provide greater insight on corrective action that will have a broader impact on program integrity and thus have a higher return on investment. Finally, the Association of Government Accountants (AGA) has established a partnership project for leveraging single audits to help meet the goals of IPIA while improving the usefulness of both acts to improve program integrity and reduce improper payments. This work group includes subject matter experts from GAO, OMB, and others, who will identify and prioritize issues and potential solutions to enhance IPIA and Single Audit Act implementation. 2. The FY 2007 Audit Report on the Consolidated Financial Statement indicates that the Federal government's inability to determine the extent to which improper payments occur is one of the major government- wide material weaknesses that led to GAO's adverse opinion on internal control. Did this compliance issue translate to reportable conditions or limitations in opinions on financial statements at the individual departments? It seems that the magnitude of the improper payments numbers we are seeing in programs could be exceeding materiality to these accounts. Are CFO Act financial statement internal control and substantive audit tests of disbursements as stringent as they need to be? The federal government's inability to determine the extent to which improper payments occur has not directly contributed to the audit opinion on an individual agency's financial statements. The primary purpose of a financial statement audit is to provide reasonable assurance through an opinion (or disclaim an opinion) about whether an entity's financial statements are presented fairly in all material respects in conformity with generally accepted accounting principles (GAAP). The existence of improper payments does not directly affect the auditor's opinion on financial statements. However, several auditors' reports on internal controls for specific agencies identified either material weaknesses, significant deficiencies, or both,[Footnote 8] which increase the risk of making improper payments. For example, in the Department of Health and Human Services's (HHS) fiscal year 2007 report on internal control, the agency auditor identified several material weaknesses--including one related to HHS's Medicare claims processing controls--that could increase HHS's vulnerability to improper payments. The auditor reported (1) that a significant number of contractor employees had the ability to directly change claims without a comprehensive review, (2) weaknesses in controls over edit settings in application systems, (3) a lack of controls with respect to software supplementing HHS application systems used to process Medicare claims, and (4) a lack of oversight of contractor compliance with internal control requirements. On a governmentwide level, since 2000, our audit report of the U.S. government's consolidated financial statements has stated that the material weakness related to the government's inability to determine the full extent to which improper payments occur has contributed to our adverse opinion on internal control. For fiscal year 2007, we reported[Footnote 9] that major challenges remain in meeting the goals of IPIA, including: * several agencies' noncompliance with IPIA as reported by agencies' auditors; * risk assessments not performed for all programs and activities or not performed annually; * not reporting improper payment estimates for risk-susceptible programs, and: * major management challenges and internal control weaknesses that continue to plague agency operations and programs susceptible to significant improper payments. Regarding whether financial statement internal control and substantive audit tests of disbursements are sufficiently stringent, as you are aware, we have disclaimed an opinion on the U.S. government's consolidated financial statements for the past 11 years. Because we issued a disclaimer of opinion on the federal government's fiscal year 2007 financial audit, our audit approach focused primarily on determining the current status of the material weaknesses that contributed to our disclaimer of opinion. Accordingly, we are not in a position to determine whether or not these audit tests could be more stringent. However, the Department of Defense (DOD) and certain other federal agencies reported continued weaknesses in reconciling disbursement activity, which contributed to our disclaimer of opinion. When the time comes that we may be able to render an opinion on the consolidated governmentwide financial statements, we expect to perform more extensive reviews of the agency auditors' work. 3. The expansion of government-wide systems for third party data matches across government programs sounds like an important program integrity improvement and potential cost savings initiative. How can we ensure that all agencies across government are pursuing automated data checks across agencies and programs whose data they are reliant upon wherever this makes sense? How can we provide access to necessary data across government to improve program integrity over payments without requiring new authority on a case by case basis? When effectively implemented, data sharing[Footnote 10] can be particularly useful in confirming initial or continuing eligibility of participants in benefit programs and in identifying improper payments that have already been made. For example, for the Department of Labor's Unemployment Insurance Program, states are coordinating with HHS to use the National Directory of New Hires database.[Footnote 11] The Office of Personnel Management also has data matching programs with the Departments of Defense, Labor, and Veterans Affairs, and with the Social Security Administration to verify recipient eligibility for its retirement program. Prior to identifying any steps needed to improve data sharing capabilities across government, it would be important to determine the extent to which agencies are participating in data sharing activities, and additional data sharing efforts that agencies are currently pursuing--or would like to pursue--to reduce improper payments. Equally important is the identification of barriers agencies face that limit the type of information that can be shared among agencies to verify data provided by applicants for government programs or benefits or to make eligibility decisions. As you know, these barriers can take different forms such as legislative prohibitions, institutional issues, and resource constraints. As required by the Privacy Act of 1974, as amended by the Computer Matching and Privacy Protection Act of 1988,[Footnote 12] agencies' data integrity boards are to report data matching activity to the agency head and OMB annually. Appendix I of OMB Circular No. A-130, Federal Agency Responsibilities for Maintaining Records About Individuals, lays out what the agency is to include in its report. Among the information required to be reported is a list of every matching program, by title and purpose, in which the agency participated during the reporting year. This list is to show names of participant agencies, give a brief description of the program, and give a page citation and the date of the Federal Register notice describing the data matching programs. In some cases, administrative changes may be a viable solution for addressing existing limitations on how and for what purpose data may be shared and used. For example, the Department of Education (Education) reported that the ability to perform data matching between Federal Student Aid applications and tax return data would substantially reduce improper payments in the Pell Grant program, as the large majority of errors are the result of misreporting of income and related data fields. However, according to OMB, Section 6103(c) of the Internal Revenue Code, concerning confidentiality of tax return information, precludes data matching with regard to grants by Education. Through administrative changes related to data sharing agreements, Education and the Internal Revenue Service intend to implement a process to verify students' (and their parents') income, tax, and certain household information appearing on their tax return as part of the application for federal student aid, in the absence of legislative authority. However, it is also important that any agency administrative actions in this area provide appropriate consideration to the importance of privacy and information security issues. Data sharing activities in federal agencies must be implemented consistent with all protections of the Privacy Act of 1974, as amended. Additionally, agencies must have adequate internal controls in place to ensure that employees do not misuse the data to which they have access. 4. The role of the certifying officers at disbursing agencies provides the last line of defense in preventing many improper payments. Under Treasury regulation, certifying officers at disbursing agencies must certify that payments are legal, proper, and correct at disbursement. Are these personnel provided the necessary tools to perform their jobs including proper training and authority? Are they ever pressured to release questionable payments to maintain productivity levels and thus sacrificing quality for quantity due to competing agency demands? What can Congress and OMB do to strengthen their role across government? As you pointed out in this question, certifying officers play a significant role in the accountability for public funds. A certifying officer is a government officer or employee whose job is or includes certifying vouchers, including voucher: schedules or invoices used as vouchers, for payment by disbursing officers.[Footnote 13] By federal law, certifying officers are responsible for (1) the correctness of the facts in the certificate, voucher, and supporting documentation; (2) the correctness of computations on the voucher; and (3) the legality of a proposed payment under the appropriation or fund involved.[Footnote 14] The law also provides that a certifying officer is personally, financially accountable for the amount of any "illegal, improper, or incorrect" payment resulting from his or her inaccurate or misleading certification, as well as for any payment prohibited by law or which does not represent a legal obligation of the appropriation or fund involved. The function of certification, as evidenced by the potential for personal pecuniary (financial) liability, is not perfunctory, but involves a high degree of responsibility. For that reason, a certifying officer who may have questions about a voucher is provided an opportunity to request a legal decision from GAO in advance of certifying the voucher.[Footnote 15] A critical tool that certifying officers have to carry out this responsibility is the power to question, and refuse certification of, payments that may be improper.[Footnote 16] A certifying officer found to have certified a voucher improperly may ask GAO for relief of liability, and GAO may grant that request when applicable criteria are met.[Footnote 17] Executive branch agencies are responsible for enforcing the liabilities of their certifying officers. We are not aware of any reported instances of certifying officers being pressured to release questionable payments to maintain productivity levels or sacrificing quality for quantity due to competing agency demands; however, we have not performed work designed to identify any such instances. Any certifying officer who may feel pressured to certify a questionable payment may wish to take advantage of the right to request a decision from GAO. Certifying officers have at their disposal general guidance and training to aid them in carrying out their duties, including title 7 of GAO's Policies and Procedures Manual for Guidance of Federal Agencies [Footnote 18] and GAO's Principles of Federal Appropriations Law, [Footnote 19] as well as the body of appropriations law decisions and opinions issued by GAO. In addition, Treasury publishes a desk reference[Footnote 20] for certifying officers as a supplement to chapter 4-1000 of its Treasury Financial Manual as well as manuals for certifying officers to use when certifying payments in Treasury's automated systems. GAO, Treasury, and others also offer training courses related to the responsibilities of certifying officers. In the past, certifying officers reviewed all payments they certified. Today, however, because of the volume of transactions, the geographic dispersion of activities, and the emphasis on prompt payment, certifying officers must rely on the systems, internal controls, and personnel that process the transactions. As a result, payment process oversight has generally shifted from individual transaction reviews to reviews of internal control over automated systems that process the transactions. The present-day use of automated payment systems does not alter the basic concepts of accountability for certifying officers, and the reasonableness of a certifying officer's reliance on an automated payment system to produce legal and accurate payments is a factor that GAO considers when addressing the officer's liability for illegal or improper payments. Certifying officers should be provided with information showing that the system on which they rely is functioning properly, and reviews should be made at least annually to determine that the automated system is operating effectively and can be relied upon to make accurate and legal payments.[Footnote 21] DOD recently obtained statutory authority to extend personal financial liability to additional departmental officers or employees who provide "information, data, or services that are directly relied upon by the certifying official in the certification of vouchers for payment."[Footnote 22] Currently, there are no reporting requirements for agencies to periodically provide information on the performance of certifying officers. The OMB guidance on annual reporting of estimated improper payments requires that agencies report in their performance and accountability reports on steps taken to hold managers accountable for reducing and recovering improper payments. In November 2006,[Footnote 23] we reported that the extent and level of detail in these reports varied. We also recommended that OMB expand its implementing guidance to describe in greater detail the factors agencies should use when reporting improper payments in the PAR, including baseline information on, among other things, manager accountability. OMB agreed with our recommendation and stated that it lists the requirements for agency PAR IPIA reporting in OMB Circular No. A-136, Financial Reporting Requirements. However, we found that the current OMB Circular No. A-136 (as of June 2008) remained unchanged and did not address our recommendation. We have not performed recent work[Footnote 24] that would permit us to make recommendations on strengthening the role of certifying officers across government or to opine on whether certifying officers are provided the necessary tools, such as training, authority, or information on the reliability of agencies' payment systems, to perform their jobs. 5. In your analysis, is agency management doing enough to hold people accountable for program integrity? Is success in setting improper payments reduction targets and meeting those targets a factor in managers' performance evaluations or pay and bonus determinations? Should we have government-wide performance standards for proper payment goals and expectations? Are agencies being aggressive enough with their reduction targets? Our review of agencies' fiscal year 2007 IPIA reporting did not include an in-depth analysis of the steps an agency has taken or plans to take to ensure manager accountability for reducing improper payments, set governmentwide performance standards for proper payment goals and expectations, or establish agency-reported error rate targets for reducing improper payments. However, we can offer some general observations based on our PAR reviews and previously reported work. As part of agencies' fiscal year 2007 IPIA reporting, eight agencies reported that the responsibility for improper payments was included in management's performance appraisals, they had established performance measures to address this issue, accountability existed through legislation governing certifying and disbursing officers, or a combination of these actions. However, the agencies did not provide specific details on how these responsibilities were addressed in the performance appraisals or other measures. Thus, we are unable to determine whether success in setting improper payment reduction targets and meeting those targets are factors in managers' performance evaluations or pay and bonus determinations. Nevertheless, we believe that these types of initiatives help to foster a strong control environment and are fundamental to creating a culture of accountability by establishing a positive and supportive attitude toward improvement and the achievement of established program outcomes, including protecting taxpayer interests via program integrity. We also found that other agencies' reporting on manager accountability could be improved. For example, the Departments of Energy and of Housing and Urban Development did not report on manager accountability as part of their IPIA: reporting.[Footnote 25] While another six agencies did include a section on manager accountability, their IPIA reporting did not specifically describe how agency managers and accountable officers, such as agency certifying officers, are held accountable for reducing and recovering improper payments.[Footnote 26] Generally, these agency descriptions cited one or more of the following initiatives as part of their reporting on manager accountability: * implementation of OMB Circular No. A-123, including the annual assurance statement on internal controls; * the President's Management Agenda (PMA) program-specific initiative "Eliminating Improper Payments;" * financial management certifications; * workshops and status meetings held; or: * the designation of an official tasked with establishing policies and procedures to address the assessment of improper payments risk, actions to reduce those payments, and reporting on the results of those actions. Several existing governmentwide standards, such as legislative requirements for proper payments,[Footnote 27] and federal standards[Footnote 28] related to internal control, financial management systems, and financial and appropriations accounting, assist agencies in their efforts to make proper payments and protect federal resources. Similarly, our executive guide on strategies to manage improper payments[Footnote 29] provides that establishing goals--such as proper payment goals--for reducing improper payments is an effective strategy for instilling a culture of accountability and ensuring effective use of resources. Having additional governmentwide guidance to establish and monitor performance against proper payment goals may provide congressional and other decision makers supplementary information on the effectiveness of agencies' efforts to improve the accuracy and integrity of federal payments while carrying out program objectives. However, when establishing such goals, agencies should apply a cost benefit and risk-based approach to achieve a balance between value, risk, and cost. Greater use of governmentwide performance standards coupled with effective implementation of OMB's Eliminating Improper Payments initiative under the President's Management Agenda (PMA)[Footnote 30] could further enhance the transparency of the status of actions to address the improper payment problem. The objective of the PMA initiative for improper payments was to ensure that agency managers are held accountable for meeting the goals of IPIA and are therefore dedicating the necessary attention and resources to meeting IPIA requirements. With this PMA initiative, 15 agencies[Footnote 31] are to measure their improper payments annually, develop improvement targets and corrective actions, and track the results annually to ensure the corrective actions are effective. The scope of the PMA initiative does not include 24 agencies included in the scope of our fiscal year 2007 improper payment review. While we recognize that some of the 24 agencies did not report improper payment estimates for fiscal year 2007, 6 of these agencies that are not covered by the Eliminating Improper Payments PMA initiative did report improper payment estimates totaling about $1.2 billion. The Federal Communications Commission makes up the bulk of this total with reported estimates of about $906 million for fiscal year 2007. As more agencies identify and make estimates for their risk-susceptible programs, additional mechanisms, such as establishing and measuring performance against governmentwide proper payment goals, may provide additional accountability, particularly with respect to agencies not covered by the Eliminating Improper Payments PMA initiative. We are unable to address your question regarding whether agencies are being aggressive enough with their improper payment error rate reduction targets, because agencies are not required to report on the basis or rationale used to establish target rates as part of their IPIA reporting. However, we noted that for the 3-year period--fiscal years 2005 through 2007--agency programs[Footnote 32] generally adjusted their expected target rates from year to year to better align with actual rates reported from the prior year. Yet, we found one instance, at the Social Security Administration, where the agency continued to decrease its target error rate for its Supplemental Security Income program, even though the actual error rate continued to increase from year to year. We also found a few instances of reported target error rates that remained unchanged for the entire 3-year period, such as for the Department of Defense's Military Health Benefit program and the Department of Energy's payment program, or instances where the error rates were unchanged for 2 consecutive years, such as for the Department of the Treasury's Earned Income Tax Credit program and Department of Veterans Affairs' Education programs. 6. As you know, there has been some debate in this subcommittee about whether the reporting threshold in the Improper Payments Information Act should be lower. I've actually introduced legislation that would do that, among other things. Can you explain for us what you do to ensure that programs that are not reporting improper payments are still doing all they can to improve program integrity? In a March 12, 2008, letter, we provided your subcommittee general observations as well as some suggestions on the provisions introduced to amend IPIA and recovery auditing requirements under Section 831 of the National Defense Authorization Act for Fiscal Year 2002. Our letter addressed several key issues, including (1) identification of susceptible programs and activities and risk assessments, (2) improper payment reporting, (3) recovery auditing, and (4) internal control requirements. We pointed out that programs and activities determined not to be susceptible to significant improper payments are still subject to several complementary statutory requirements, including those for grantees to undergo audits, for executive branch agencies to issue audited financial reports, and for agency payment certifying officers to examine payments and have their accounts administratively audited. Regarding the reporting threshold used to trigger IPIA reporting, we suggested that the term "significant" be defined in a way that reflects both the risk to the government and the size variability among programs and activities and provided your subcommittee some examples to illustrate this point. In addition, we recommended in March 2005, [Footnote 33] and reiterated in November 2006,[Footnote 34] that OMB require those agencies that did not address the IPIA requirements or did not perform risk assessments of all of their programs and activities to establish time frames and identify resources needed to perform risk assessments and satisfy reporting requirements. In addition, since fiscal year 2000, we have issued several reports and testimonies aimed at raising the level of attention given to improper payments across government. The provisions of IPIA coincide with our recommendations that agencies take actions to estimate, reduce, and publicly report improper payments, including reporting to Congress, OMB, and the agency head on the progress made in achieving improper payment reduction targets and future action plans for controlling improper payments. Our products have shed light on agencies that were not timely in their development and implementation of risk assessments and quantification efforts to allow more targeted legislative and executive branch oversight. This work complements our periodic audits of eligibility and benefit determinations for individual programs. From a broader perspective, GAO performs a range of oversight-, insight- and foresight-related engagements, a vast majority of which are conducted in response to congressional mandates or requests. These engagements include evaluations of federal programs and performance, financial and management audits, policy analyses, legal opinions, bid protest adjudications, and investigations. Collectively, this body of work is intended to identify opportunities to enhance agencies' efforts to improve program integrity, which would include reducing improper payments. We are sending a copy of this report to the Director of the Office of Management and Budget, and other interested parties. This report is also available on GAO's home page at [hyperlink, http://www.gao.gov]. Should you have any questions on matters discussed in this report or need additional information, please contact me at (202) 512-2600 or by e- mail at [email protected]. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Major contributors to this report included Kay Daly, Acting Director; Carla Lewis, Assistant Director; Abe Dymond, Assistant General Counsel; Jason Kirwan; Christina Quattrociocchi; and Donell Ries. Sincerely yours, Signed by: McCoy Williams: Managing Director: Financial Management and Assurance: [End of correspondence] Related GAO Products: Improper Payments: Status of Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-438T]. Washington, D.C.: January 31, 2008. Improper Payments: Federal Executive Branch Agencies' Fiscal Year 2007 Improper Payment Estimate Reporting. [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-08-377R]. Washington, D.C.: January 23, 2008. Responses to Posthearing Questions Related to Improving Single Audit Quality. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-318R]. Washington, D.C.: Dec. 7, 2007. Single Audit Quality: Actions Needed to Address Persistent Audit Quality Problems. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08- 213T]. Washington, D.C.: Oct. 25, 2007. Improper Payments: Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements Continue. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-635T]. Washington, D.C.: March 29, 2007. Improper Payments: Posthearing Responses on a December 5, 2006, Hearing to Assess the Improper Payments Information Act of 2002. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-533R]. Washington, D.C.: February 27, 2007. Improper Payments: Incomplete Reporting under the Improper Payments Information Act Masks the Extent of the Problem. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-254T]. Washington, D.C.: December 5, 2006. Improper Payments: Agencies' Fiscal Year 2005 Reporting under the Improper Payments Information Act Remains Incomplete. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-92]. Washington, D.C.: November 14, 2006. Improper Payments: Posthearing Questions Related to Agencies Meeting the Requirements of the Improper Payments Information Act of 2002. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-1067R]. Washington, D.C.: September 6, 2006. Improper Payments: Federal and State Coordination Needed to Report National Improper Payment Estimates on Federal Programs. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-347]. Washington, D.C.: April 14, 2006. Financial Management: Challenges Continue in Meeting Requirements of the Improper Payments Information Act. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-581T]. Washington, D.C.: April 5, 2006. Financial Management: Challenges Remain in Meeting Requirements of the Improper Payments Information Act. [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-06-482T]. Washington, D.C.: March 9, 2006. Financial Management: Challenges in Meeting Governmentwide Improper Payment Requirements. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO- 05-907T]. Washington, D.C.: July 20, 2005. Financial Management: Challenges in Meeting Requirements of the Improper Payments Information Act. [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-05-605T]. Washington, D.C.: July 12, 2005. Financial Management: Challenges in Meeting Requirements of the Improper Payments Information Act. [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-05-417]. Washington, D.C.: March 31, 2005. Financial Management: Fiscal Year 2003 Performance and Accountability Reports Provide Limited Information on Governmentwide Improper Payments. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-04-631T]. Washington, D.C.: April 15, 2004. Financial Management: Status of the Governmentwide Efforts to Address Improper Payment Problems. [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-04-99]. Washington, D.C.: October 17, 2003. [End of section] Footnotes: [1] GAO, Improper Payments: Status of Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-438T] (Washington, D.C.: Jan. 31, 2008). [2] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002). [3] National Defense Authorization Act for Fiscal Year 2002, Pub. L. No. 107-107, div. A, title VIII, � 831, 115 Stat. 1012, 1186 (Dec. 28, 2001) codified at 31 U.S.C. �� 3561-3567. [4] 31 U.S.C. �� 7501-7507. Under the Single Audit Act, as amended, and implementing guidance, independent auditors audit state and local governments and nonprofit organizations that expend federal awards to assess, among other things, compliance with laws, regulations, and the provisions of contracts or grant agreements material to the entities' major federal programs. Organizations are required to have single audits if they annually expend $500,000 or more in federal awards. [5] GAO, Responses to Posthearing Questions Related to Improving Single Audit Quality, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08- 318R] (Washington, D.C.: Dec. 7, 2007); GAO, Single Audit Quality: Actions Needed to Address Persistent Audit Quality Problems, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-213T] (Washington, D.C.: Oct. 25, 2007); GAO, Improper Payments: Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements Continue, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-635T] (Washington, D.C.: Mar. 29, 2007); and GAO, Improper Payments: Federal and State Coordination Needed to Report National Improper Payment Estimates on Federal Programs, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06- 347] (Washington, D.C.: Apr. 14, 2006). [6] [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-318R]. [7] OMB, Statement of the Honorable Daniel I. Werfel, Acting Controller, Office of Federal Financial Management, Office of Management and Budget, before the Senate Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security (Oct. 25, 2007). [8] A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected. A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the entity's ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity's financial statements that is more than inconsequential will not be prevented or detected. A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. [9] See our audit report on the audit of the federal government's fiscal year 2007 financial statements that was incorporated in the 2007 Financial Report of the U.S. Government published by the Department of the Treasury. [10] Data sharing allows entities that make payments--to contractors, vendors, participants in benefit programs, and others--to compare information from different sources to help ensure that payments are appropriate. [11] The National Directory of New Hires database, maintained by HHS, contains information on all newly hired employees, quarterly wage reports for all employees, and unemployment insurance claims nationwide. [12] 5 U.S.C. � 552a(u)(3)(D). [13] B-280764, May 4, 2000. Disbursing officers, who generally are appointed by the Department of the Treasury for civilian agencies' payments and the Department of Defense for its payments, actually make the payments and are responsible for examining vouchers to verify their propriety and to make payments only on certified vouchers. 31 U.S.C. �� 3322, 3325(a). [14] 31 U.S.C. � 3528. [15] 31 U.S.C. � 3529. [16] In a recent Comptroller General decision, we noted that a "critical tool" that certifying officers have to carry out their statutory responsibilities is the power to question and refuse certification of payments that may be improper (B-307693, Apr. 12, 2007). Language in agency regulations and the government's purchase card contract appeared to eliminate the opportunity for the certifying officer to dispute questionable transactions. We said that to interpret the regulations and contract to eliminate the certifying officer's opportunity to question, and refuse to certify, improper payments would be contrary to the certifying officer's statutory responsibilities. We emphasized that to execute his or her statutory responsibility fully and faithfully, a certifying officer must have the opportunity to question information appearing on the billing statements. [17] Available at [hyperlink, http://www.gao.gov/legal/resources.html]. [18] Available at [hyperlink, http://www.gao.gov/legal/redbook.html]. [19] Department of the Treasury, Now that You're a Certifying Officer, supplement to the Treasury Financial Manual (November 2007), available at [hyperlink, http://www.fms.treas.gov/tfm/related.html] (last visited Apr. 22, 2008). [20] 69 Comp. Gen. 85 (1989). See GAO, Streamlining the Payment Process While Maintaining Effective Internal Control, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-21.3.2] (Washington, D.C.: May 2000), at 10-11, for further guidance. [21] Bob Stump National Defense Authorization Act for Fiscal Year 2003, Pub. L. No. 107-314, div. A, title X, � 1005(a), 116 Stat. 2458, 2631 (Dec. 2, 2002), codified at 10 U.S.C. � 2773a. In its proposal to Congress, the Department of Defense observed in April 2002 that, "the centralization of disbursing processes and the increased use of automated systems, coupled with the volume and complexity of business processes, reduces the ability of the department's officials to exercise direct personal control over all aspects of each business transaction." [22] GAO, Improper Payments: Agencies' Fiscal Year 2005 Reporting under the Improper Payments Information Act Remains Incomplete, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-92] (Washington, D.C.: Nov. 14, 2006). [23] Past GAO work involving certifying officers includes [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-21.3.2]; New Methods Needed for Checking Payments Made by Computers, FGMSD-76-82 (Washington, D.C.: Nov. 7, 1977); and Comptroller General decisions. The Joint Financial Management Improvement Program issued a report in 1980, entitled Assuring Accurate and Legal Payments--The Roles of Certifying Officers in Federal Government (Washington, D.C.: June 1980). [24] For agency programs with estimated improper payments exceeding $10 million, IPIA requires that agencies report on actions they are taking to reduce improper payments, including a description of the steps the agency has taken to ensure that agency managers (including the agency head) are held accountable for reducing improper payments. Both the Department of Energy and the Department of Housing and Urban Development had programs or activities exceeding $10 million in estimated improper payments for fiscal year 2007 and, thus, were required to address manager accountability as part of their IPIA reporting. [25] As noted in response to question 4, certifying officers frequently rely on payment systems and processes and supporting information that is not under their control, so they must rely on assessments and assurances of the adequacy of internal controls by systems administrators, program managers, and other managers or executives. In our reviews of agency IPIA reporting, we found no reporting on whether or how managers communicated the results of internal control assessments related to payment processes or how any assessments may have been used by certifying officers. See GAO's Policies and Procedures Manual for Guidance of Federal Agencies, Title 7, pg. 7.7- 12. [26] As stated in response to question 4, the fiscal laws, certifying and disbursing officer statutes, and the decisions of the Comptroller General comprise these standards. [27] GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999); OMB Circular No. A-127, Financial Management Systems (revised Dec. 1, 2004); Federal Accounting Standards Advisory Board, Statements of Federal Financial Accounting Concepts and Standards (as of June 30, 2007); and OMB Circular No. A-11, Preparation, Submission, and Execution of the Budget (revised July 2, 2007). [28] GAO, Executive Guide, Strategies to Manage Improper Payments: Learning from Public and Private Sector Organizations, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-02-69G] (Washington, D.C.: October 2001). [29] In August 2004, OMB established Eliminating Improper Payments as a new program-specific initiative. This separate PMA program initiative began in the first quarter of fiscal year 2005. Previously, agency efforts related to improper payments were tracked along with other financial management activities as part of the Improving Financial Performance initiative of the PMA. [30] The 15 agencies include 14 that were previously required to report improper payment information under OMB Circular No. A-11, plus the Department of Homeland Security. According to OMB, these 15 agencies have programs and activities with the highest risk of improper payments. With this PMA initiative, OMB has stated that it can better ensure that those taxpayer dollars most susceptible to risk for improper payments receive the greatest amount of focus and review. [31] U.S.C. � 3528. The Department of Justice has opined that section 3528 is unconstitutional insofar as it authorizes the Comptroller General, an officer of the legislative branch, to relieve executive branch certifying officials from liability. See, e.g., Comptroller General's Authority to Relieve Disbursing and Certifying Officials from Liability, 15 Op. Off. Legal Counsel 80 (1991). We are aware of no judicial opinion addressing the constitutionality of this section, and there is no other statute granting federal administrative officers the authority to relieve certifying officers, except for 31 U.S.C. � 3527 for certain Department of Defense officials. [32] Our analysis included only the 39 agency programs that reported improper payment estimated error rates for each of the 4 fiscal years- -2004 through 2007. [33] GAO, Financial Management: Challenges in Meeting Requirements of the Improper Payments Information Act, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-417] (Washington, D.C.: Mar. 31, 2005). [34] GAO, Improper Payments: Agencies' Fiscal Year 2005 Reporting under the Improper Payments Information Act Remains Incomplete, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-92] (Washington, D.C.: Nov. 14, 2006). [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: [email protected]: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, [email protected]: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, [email protected]: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: *** End of document. ***