Improper Payments: Responses to Posthearing Questions Related to
Status of Agencies' Efforts to Address Improper Payment and
Recovery Auditing Requirements (20-JUN-08, GAO-08-819R).
On January 31, 2008, we testified before Congress' subcommittee
at a hearing entitled, "Eliminating Agency Payment Errors." At
the hearing, we discussed federal agencies' progress in
addressing key requirements of the Improper Payments Information
Act of 2002 (IPIA) and Section 831 of the National Defense
Authorization Act for Fiscal Year 2002, commonly known as the
Recovery Auditing Act. Our review and testimony focused on (1)
progress made in agencies' implementation and reporting under
IPIA for fiscal year 2007, (2) remaining challenges with IPIA
implementation, and (3) agencies' efforts to report recovery
auditing information. This report responds to your March 13,
2008, request to provide answers to follow-up questions relating
to our January 31, 2008, testimony. (1) What kinds of changes
should be made to the Single Audit Act, which already requires
recipients to have proper systems of internal control to ensure
front-end compliance with Federal requirements that would assist
in identification and reduction of improper payments? The FY 2007
Audit Report on the Consolidated Financial Statement indicates
that the Federal government's inability to determine the extent
to which improper payments occur is one of the major
government-wide material weaknesses that led to GAO's adverse
opinion on internal control. (2) Did this compliance issue
translate to reportable conditions or limitations in opinions on
financial statements at the individual departments? Are CFO Act
financial statement internal control and substantive audit tests
of disbursements as stringent as they need to be? The expansion
of government-wide systems for third party data matches across
government programs sounds like an important program integrity
improvement and potential cost savings initiative. (3) How can we
ensure that all agencies across government are pursuing automated
data checks across agencies and programs whose data they are
reliant upon wherever this makes sense? How can we provide access
to necessary data across government to improve program integrity
over payments without requiring new authority on a case by case
basis? The role of the certifying officers at disbursing agencies
provides the last line of defense in preventing many improper
payments. Under Treasury regulation, certifying officers at
disbursing agencies must certify that payments are legal, proper,
and correct at disbursement. (4) Are these personnel provided the
necessary tools to perform their jobs including proper training
and authority? Are they ever pressured to release questionable
payments to maintain productivity levels and thus sacrificing
quality for quantity due to competing agency demands? What can
Congress and Office of Management and Budget (OMB) do to
strengthen their role across government? (5) Is agency management
doing enough to hold people accountable for program integrity? Is
success in setting improper payments reduction targets and
meeting those targets a factor in managers' performance
evaluations or pay and bonus determinations? Should we have
government-wide performance standards for proper payment goals
and expectations? Are agencies being aggressive enough with their
reduction targets? There has been some debate in the subcommittee
about whether the reporting threshold in the Improper Payments
Information Act should be lower. (6) Can GAO explain for Congress
what you do to ensure that programs that are not reporting
improper payments are still doing all they can to improve program
integrity?
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-08-819R
ACCNO: A82466
TITLE: Improper Payments: Responses to Posthearing Questions
Related to Status of Agencies' Efforts to Address Improper
Payment and Recovery Auditing Requirements
DATE: 06/20/2008
SUBJECT: Accountability
Audit reports
Budget obligations
Data integrity
Erroneous payments
Federal agencies
Financial management
Financial statement audits
Financial statements
Fiscal policies
Internal audits
Internal controls
Noncompliance
Payments
Program abuses
Program management
Questionable payments
Reporting requirements
DOD Military Health Benefit Program
HHE Temporary Assistance for Needy
Families Program
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-08-819R
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to [email protected].
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
GAO-08-819R:
United States Government Accountability Office:
Washington, DC 20548:
June 20, 2008:
The Honorable Tom Carper:
Chairman:
Subcommittee on Federal Financial Management, Government Information,
Federal Services, and International Security:
Committee on Homeland Security and Governmental Affairs:
United States Senate:
Subject: Improper Payments: Responses to Posthearing Questions Related
to Status of Agencies' Efforts to Address Improper Payment and Recovery
Auditing Requirements:
Dear Mr. Chairman:
On January 31, 2008, we testified[Footnote 1] before your subcommittee
at a hearing entitled, "Eliminating Agency Payment Errors." At the
hearing, we discussed federal agencies' progress in addressing key
requirements of the Improper Payments Information Act of 2002 (IPIA)
[Footnote 2] and Section 831 of the National Defense Authorization Act
for Fiscal Year 2002, commonly known as the Recovery Auditing Act.
[Footnote 3] Our review and testimony focused on (1) progress made in
agencies' implementation and reporting under IPIA for fiscal year 2007,
(2) remaining challenges with IPIA implementation, and (3) agencies'
efforts to report recovery auditing information.
This report responds to your March 13, 2008, request to provide answers
to follow-up questions relating to our January 31, 2008, testimony. The
responses are based on work associated with our previously issued
products (see the Related GAO Products list at the end of this report)
and data reported in agencies' performance and accountability reports
(PAR). Your questions, along with our responses, follow:
1. I understand that it is often very difficult to address improper
payments problems in programs such as TANF that involve grants to
states and localities. The Single Audit Act, as you know, is the tool
that the federal government uses to ensure program integrity in these
types of programs. What kinds of changes should be made to the Single
Audit Act, which already requires recipients to have proper systems of
internal control to ensure front-end compliance with Federal
requirements that would assist in identification and reduction of
improper payments?
To date, we have not performed an analysis to determine whether any
changes should be made to the Single Audit Act[Footnote 4] to
specifically assist in the identification and reduction of improper
payments for state-administered federal programs. However, preventing,
identifying, and reporting improper payments are primarily management's
responsibility. Awardees, such as states, also have a fundamental
responsibility to ensure the proper administration of federal awards by
using sound management practices and maintaining internal controls.
That said, we support efforts to assess how the single audits can be
leveraged to help achieve successful implementation of IPIA. We have
testified before your subcommittee and reported on issues related to
improving single audit quality; initiatives that several states have
used to estimate improper payments for state-administered programs,
including the Temporary Assistance For Needy Families (TANF) program;
and the Office of Management and Budget's (OMB) guidance for state-
administered programs to conduct risk assessments.[Footnote 5]
In December 2007,[Footnote 6] we reported that the current design of
the single audit is not intended to provide sufficient information for
assessing and reporting on improper payments. There is currently no
direct link between the assessment of programs' susceptibility to
improper payments under IPIA and the level and scope of work performed
in a single audit. For instance, the approach for determining which
major federal programs to audit for compliance under a grantee's single
audit focuses heavily on programs with the largest dollar amounts in a
grantee's portfolio without concurrently considering the extent to
which programs are susceptible to improper payments. Consequently, the
current design of the single audit process and the related audit
results are generally not effective tools for identifying susceptible
programs' improper payments and systematically estimating the extent of
improper payments for those programs. They can, however, provide
managers added perspective on the nature and extent of risk for
improper payments.
Similarly, OMB testified[Footnote 7] before your subcommittee that it
is exploring longer-term reforms to the single audit process that will
help achieve successful results in the implementation of IPIA. OMB
plans to evaluate how single audits can be expanded beyond federal
program compliance to assess the risk of improper payments and extent
to which improper payments are systemic throughout a program. OMB
further reported that if the single audit can be leveraged in this
manner, federal agencies will have an important tool for obtaining cost-
effective IPIA error measurements. In addition, because single audits
test internal controls, OMB believes that this change would provide
greater insight on corrective action that will have a broader impact on
program integrity and thus have a higher return on investment. Finally,
the Association of Government Accountants (AGA) has established a
partnership project for leveraging single audits to help meet the goals
of IPIA while improving the usefulness of both acts to improve program
integrity and reduce improper payments. This work group includes
subject matter experts from GAO, OMB, and others, who will identify and
prioritize issues and potential solutions to enhance IPIA and Single
Audit Act implementation.
2. The FY 2007 Audit Report on the Consolidated Financial Statement
indicates that the Federal government's inability to determine the
extent to which improper payments occur is one of the major government-
wide material weaknesses that led to GAO's adverse opinion on internal
control. Did this compliance issue translate to reportable conditions
or limitations in opinions on financial statements at the individual
departments? It seems that the magnitude of the improper payments
numbers we are seeing in programs could be exceeding materiality to
these accounts. Are CFO Act financial statement internal control and
substantive audit tests of disbursements as stringent as they need to
be?
The federal government's inability to determine the extent to which
improper payments occur has not directly contributed to the audit
opinion on an individual agency's financial statements. The primary
purpose of a financial statement audit is to provide reasonable
assurance through an opinion (or disclaim an opinion) about whether an
entity's financial statements are presented fairly in all material
respects in conformity with generally accepted accounting principles
(GAAP). The existence of improper payments does not directly affect the
auditor's opinion on financial statements.
However, several auditors' reports on internal controls for specific
agencies identified either material weaknesses, significant
deficiencies, or both,[Footnote 8] which increase the risk of making
improper payments. For example, in the Department of Health and Human
Services's (HHS) fiscal year 2007 report on internal control, the
agency auditor identified several material weaknesses--including one
related to HHS's Medicare claims processing controls--that could
increase HHS's vulnerability to improper payments. The auditor reported
(1) that a significant number of contractor employees had the ability
to directly change claims without a comprehensive review, (2)
weaknesses in controls over edit settings in application systems, (3) a
lack of controls with respect to software supplementing HHS application
systems used to process Medicare claims, and (4) a lack of oversight of
contractor compliance with internal control requirements.
On a governmentwide level, since 2000, our audit report of the U.S.
government's consolidated financial statements has stated that the
material weakness related to the government's inability to determine
the full extent to which improper payments occur has contributed to our
adverse opinion on internal control. For fiscal year 2007, we
reported[Footnote 9] that major challenges remain in meeting the goals
of IPIA, including:
* several agencies' noncompliance with IPIA as reported by agencies'
auditors;
* risk assessments not performed for all programs and activities or not
performed annually;
* not reporting improper payment estimates for risk-susceptible
programs, and:
* major management challenges and internal control weaknesses that
continue to plague agency operations and programs susceptible to
significant improper payments.
Regarding whether financial statement internal control and substantive
audit tests of disbursements are sufficiently stringent, as you are
aware, we have disclaimed an opinion on the U.S. government's
consolidated financial statements for the past 11 years. Because we
issued a disclaimer of opinion on the federal government's fiscal year
2007 financial audit, our audit approach focused primarily on
determining the current status of the material weaknesses that
contributed to our disclaimer of opinion. Accordingly, we are not in a
position to determine whether or not these audit tests could be more
stringent. However, the Department of Defense (DOD) and certain other
federal agencies reported continued weaknesses in reconciling
disbursement activity, which contributed to our disclaimer of opinion.
When the time comes that we may be able to render an opinion on the
consolidated governmentwide financial statements, we expect to perform
more extensive reviews of the agency auditors' work.
3. The expansion of government-wide systems for third party data
matches across government programs sounds like an important program
integrity improvement and potential cost savings initiative. How can we
ensure that all agencies across government are pursuing automated data
checks across agencies and programs whose data they are reliant upon
wherever this makes sense? How can we provide access to necessary data
across government to improve program integrity over payments without
requiring new authority on a case by case basis?
When effectively implemented, data sharing[Footnote 10] can be
particularly useful in confirming initial or continuing eligibility of
participants in benefit programs and in identifying improper payments
that have already been made. For example, for the Department of Labor's
Unemployment Insurance Program, states are coordinating with HHS to use
the National Directory of New Hires database.[Footnote 11] The Office
of Personnel Management also has data matching programs with the
Departments of Defense, Labor, and Veterans Affairs, and with the
Social Security Administration to verify recipient eligibility for its
retirement program.
Prior to identifying any steps needed to improve data sharing
capabilities across government, it would be important to determine the
extent to which agencies are participating in data sharing activities,
and additional data sharing efforts that agencies are currently
pursuing--or would like to pursue--to reduce improper payments. Equally
important is the identification of barriers agencies face that limit
the type of information that can be shared among agencies to verify
data provided by applicants for government programs or benefits or to
make eligibility decisions.
As you know, these barriers can take different forms such as
legislative prohibitions, institutional issues, and resource
constraints. As required by the Privacy Act of 1974, as amended by the
Computer Matching and Privacy Protection Act of 1988,[Footnote 12]
agencies' data integrity boards are to report data matching activity to
the agency head and OMB annually. Appendix I of OMB Circular No. A-130,
Federal Agency Responsibilities for Maintaining Records About
Individuals, lays out what the agency is to include in its report.
Among the information required to be reported is a list of every
matching program, by title and purpose, in which the agency
participated during the reporting year. This list is to show names of
participant agencies, give a brief description of the program, and give
a page citation and the date of the Federal Register notice describing
the data matching programs.
In some cases, administrative changes may be a viable solution for
addressing existing limitations on how and for what purpose data may be
shared and used. For example, the Department of Education (Education)
reported that the ability to perform data matching between Federal
Student Aid applications and tax return data would substantially reduce
improper payments in the Pell Grant program, as the large majority of
errors are the result of misreporting of income and related data
fields. However, according to OMB, Section 6103(c) of the Internal
Revenue Code, concerning confidentiality of tax return information,
precludes data matching with regard to grants by Education. Through
administrative changes related to data sharing agreements, Education
and the Internal Revenue Service intend to implement a process to
verify students' (and their parents') income, tax, and certain
household information appearing on their tax return as part of the
application for federal student aid, in the absence of legislative
authority.
However, it is also important that any agency administrative actions in
this area provide appropriate consideration to the importance of
privacy and information security issues. Data sharing activities in
federal agencies must be implemented consistent with all protections of
the Privacy Act of 1974, as amended. Additionally, agencies must have
adequate internal controls in place to ensure that employees do not
misuse the data to which they have access.
4. The role of the certifying officers at disbursing agencies provides
the last line of defense in preventing many improper payments. Under
Treasury regulation, certifying officers at disbursing agencies must
certify that payments are legal, proper, and correct at disbursement.
Are these personnel provided the necessary tools to perform their jobs
including proper training and authority? Are they ever pressured to
release questionable payments to maintain productivity levels and thus
sacrificing quality for quantity due to competing agency demands? What
can Congress and OMB do to strengthen their role across government?
As you pointed out in this question, certifying officers play a
significant role in the accountability for public funds. A certifying
officer is a government officer or employee whose job is or includes
certifying vouchers, including voucher:
schedules or invoices used as vouchers, for payment by disbursing
officers.[Footnote 13] By federal law, certifying officers are
responsible for (1) the correctness of the facts in the certificate,
voucher, and supporting documentation; (2) the correctness of
computations on the voucher; and (3) the legality of a proposed payment
under the appropriation or fund involved.[Footnote 14] The law also
provides that a certifying officer is personally, financially
accountable for the amount of any "illegal, improper, or incorrect"
payment resulting from his or her inaccurate or misleading
certification, as well as for any payment prohibited by law or which
does not represent a legal obligation of the appropriation or fund
involved.
The function of certification, as evidenced by the potential for
personal pecuniary (financial) liability, is not perfunctory, but
involves a high degree of responsibility. For that reason, a certifying
officer who may have questions about a voucher is provided an
opportunity to request a legal decision from GAO in advance of
certifying the voucher.[Footnote 15] A critical tool that certifying
officers have to carry out this responsibility is the power to
question, and refuse certification of, payments that may be
improper.[Footnote 16] A certifying officer found to have certified a
voucher improperly may ask GAO for relief of liability, and GAO may
grant that request when applicable criteria are met.[Footnote 17]
Executive branch agencies are responsible for enforcing the liabilities
of their certifying officers.
We are not aware of any reported instances of certifying officers being
pressured to release questionable payments to maintain productivity
levels or sacrificing quality for quantity due to competing agency
demands; however, we have not performed work designed to identify any
such instances. Any certifying officer who may feel pressured to
certify a questionable payment may wish to take advantage of the right
to request a decision from GAO.
Certifying officers have at their disposal general guidance and
training to aid them in carrying out their duties, including title 7 of
GAO's Policies and Procedures Manual for Guidance of Federal Agencies
[Footnote 18] and GAO's Principles of Federal Appropriations Law,
[Footnote 19] as well as the body of appropriations law decisions and
opinions issued by GAO. In addition, Treasury publishes a desk
reference[Footnote 20] for certifying officers as a supplement to
chapter 4-1000 of its Treasury Financial Manual as well as manuals for
certifying officers to use when certifying payments in Treasury's
automated systems. GAO, Treasury, and others also offer training
courses related to the responsibilities of certifying officers.
In the past, certifying officers reviewed all payments they certified.
Today, however, because of the volume of transactions, the geographic
dispersion of activities, and the emphasis on prompt payment,
certifying officers must rely on the systems, internal controls, and
personnel that process the transactions. As a result, payment process
oversight has generally shifted from individual transaction reviews to
reviews of internal control over automated systems that process the
transactions.
The present-day use of automated payment systems does not alter the
basic concepts of accountability for certifying officers, and the
reasonableness of a certifying officer's reliance on an automated
payment system to produce legal and accurate payments is a factor that
GAO considers when addressing the officer's liability for illegal or
improper payments. Certifying officers should be provided with
information showing that the system on which they rely is functioning
properly, and reviews should be made at least annually to determine
that the automated system is operating effectively and can be relied
upon to make accurate and legal payments.[Footnote 21] DOD recently
obtained statutory authority to extend personal financial liability to
additional departmental officers or employees who provide "information,
data, or services that are directly relied upon by the certifying
official in the certification of vouchers for payment."[Footnote 22]
Currently, there are no reporting requirements for agencies to
periodically provide information on the performance of certifying
officers. The OMB guidance on annual reporting of estimated improper
payments requires that agencies report in their performance and
accountability reports on steps taken to hold managers accountable for
reducing and recovering improper payments. In November 2006,[Footnote
23] we reported that the extent and level of detail in these reports
varied. We also recommended that OMB expand its implementing guidance
to describe in greater detail the factors agencies should use when
reporting improper payments in the PAR, including baseline information
on, among other things, manager accountability. OMB agreed with our
recommendation and stated that it lists the requirements for agency PAR
IPIA reporting in OMB Circular No. A-136, Financial Reporting
Requirements. However, we found that the current OMB Circular No. A-136
(as of June 2008) remained unchanged and did not address our
recommendation.
We have not performed recent work[Footnote 24] that would permit us to
make recommendations on strengthening the role of certifying officers
across government or to opine on whether certifying officers are
provided the necessary tools, such as training, authority, or
information on the reliability of agencies' payment systems, to perform
their jobs.
5. In your analysis, is agency management doing enough to hold people
accountable for program integrity? Is success in setting improper
payments reduction targets and meeting those targets a factor in
managers' performance evaluations or pay and bonus determinations?
Should we have government-wide performance standards for proper payment
goals and expectations? Are agencies being aggressive enough with their
reduction targets?
Our review of agencies' fiscal year 2007 IPIA reporting did not include
an in-depth analysis of the steps an agency has taken or plans to take
to ensure manager accountability for reducing improper payments, set
governmentwide performance standards for proper payment goals and
expectations, or establish agency-reported error rate targets for
reducing improper payments. However, we can offer some general
observations based on our PAR reviews and previously reported work.
As part of agencies' fiscal year 2007 IPIA reporting, eight agencies
reported that the responsibility for improper payments was included in
management's performance appraisals, they had established performance
measures to address this issue, accountability existed through
legislation governing certifying and disbursing officers, or a
combination of these actions. However, the agencies did not provide
specific details on how these responsibilities were addressed in the
performance appraisals or other measures. Thus, we are unable to
determine whether success in setting improper payment reduction targets
and meeting those targets are factors in managers' performance
evaluations or pay and bonus determinations. Nevertheless, we believe
that these types of initiatives help to foster a strong control
environment and are fundamental to creating a culture of accountability
by establishing a positive and supportive attitude toward improvement
and the achievement of established program outcomes, including
protecting taxpayer interests via program integrity.
We also found that other agencies' reporting on manager accountability
could be improved. For example, the Departments of Energy and of
Housing and Urban Development did not report on manager accountability
as part of their IPIA:
reporting.[Footnote 25] While another six agencies did include a
section on manager accountability, their IPIA reporting did not
specifically describe how agency managers and accountable officers,
such as agency certifying officers, are held accountable for reducing
and recovering improper payments.[Footnote 26] Generally, these agency
descriptions cited one or more of the following initiatives as part of
their reporting on manager accountability:
* implementation of OMB Circular No. A-123, including the annual
assurance statement on internal controls;
* the President's Management Agenda (PMA) program-specific initiative
"Eliminating Improper Payments;"
* financial management certifications;
* workshops and status meetings held; or:
* the designation of an official tasked with establishing policies and
procedures to address the assessment of improper payments risk, actions
to reduce those payments, and reporting on the results of those
actions.
Several existing governmentwide standards, such as legislative
requirements for proper payments,[Footnote 27] and federal
standards[Footnote 28] related to internal control, financial
management systems, and financial and appropriations accounting, assist
agencies in their efforts to make proper payments and protect federal
resources. Similarly, our executive guide on strategies to manage
improper payments[Footnote 29] provides that establishing goals--such
as proper payment goals--for reducing improper payments is an effective
strategy for instilling a culture of accountability and ensuring
effective use of resources. Having additional governmentwide guidance
to establish and monitor performance against proper payment goals may
provide congressional and other decision makers supplementary
information on the effectiveness of agencies' efforts to improve the
accuracy and integrity of federal payments while carrying out program
objectives. However, when establishing such goals, agencies should
apply a cost benefit and risk-based approach to achieve a balance
between value, risk, and cost.
Greater use of governmentwide performance standards coupled with
effective implementation of OMB's Eliminating Improper Payments
initiative under the President's Management Agenda (PMA)[Footnote 30]
could further enhance the transparency of the status of actions to
address the improper payment problem. The objective of the PMA
initiative for improper payments was to ensure that agency managers are
held accountable for meeting the goals of IPIA and are therefore
dedicating the necessary attention and resources to meeting IPIA
requirements. With this PMA initiative, 15 agencies[Footnote 31] are to
measure their improper payments annually, develop improvement targets
and corrective actions, and track the results annually to ensure the
corrective actions are effective. The scope of the PMA initiative does
not include 24 agencies included in the scope of our fiscal year 2007
improper payment review. While we recognize that some of the 24
agencies did not report improper payment estimates for fiscal year
2007, 6 of these agencies that are not covered by the Eliminating
Improper Payments PMA initiative did report improper payment estimates
totaling about $1.2 billion. The Federal Communications Commission
makes up the bulk of this total with reported estimates of about $906
million for fiscal year 2007. As more agencies identify and make
estimates for their risk-susceptible programs, additional mechanisms,
such as establishing and measuring performance against governmentwide
proper payment goals, may provide additional accountability,
particularly with respect to agencies not covered by the Eliminating
Improper Payments PMA initiative.
We are unable to address your question regarding whether agencies are
being aggressive enough with their improper payment error rate
reduction targets, because agencies are not required to report on the
basis or rationale used to establish target rates as part of their IPIA
reporting. However, we noted that for the 3-year period--fiscal years
2005 through 2007--agency programs[Footnote 32] generally adjusted
their expected target rates from year to year to better align with
actual rates reported from the prior year. Yet, we found one instance,
at the Social Security Administration, where the agency continued to
decrease its target error rate for its Supplemental Security Income
program, even though the actual error rate continued to increase from
year to year. We also found a few instances of reported target error
rates that remained unchanged for the entire 3-year period, such as for
the Department of Defense's Military Health Benefit program and the
Department of Energy's payment program, or instances where the error
rates were unchanged for 2 consecutive years, such as for the
Department of the Treasury's Earned Income Tax Credit program and
Department of Veterans Affairs' Education programs.
6. As you know, there has been some debate in this subcommittee about
whether the reporting threshold in the Improper Payments Information
Act should be lower. I've actually introduced legislation that would do
that, among other things. Can you explain for us what you do to ensure
that programs that are not reporting improper payments are still doing
all they can to improve program integrity?
In a March 12, 2008, letter, we provided your subcommittee general
observations as well as some suggestions on the provisions introduced
to amend IPIA and recovery auditing requirements under Section 831 of
the National Defense Authorization Act for Fiscal Year 2002. Our letter
addressed several key issues, including (1) identification of
susceptible programs and activities and risk assessments, (2) improper
payment reporting, (3) recovery auditing, and (4) internal control
requirements. We pointed out that programs and activities determined
not to be susceptible to significant improper payments are still
subject to several complementary statutory requirements, including
those for grantees to undergo audits, for executive branch agencies to
issue audited financial reports, and for agency payment certifying
officers to examine payments and have their accounts administratively
audited.
Regarding the reporting threshold used to trigger IPIA reporting, we
suggested that the term "significant" be defined in a way that reflects
both the risk to the government and the size variability among programs
and activities and provided your subcommittee some examples to
illustrate this point. In addition, we recommended in March 2005,
[Footnote 33] and reiterated in November 2006,[Footnote 34] that OMB
require those agencies that did not address the IPIA requirements or
did not perform risk assessments of all of their programs and
activities to establish time frames and identify resources needed to
perform risk assessments and satisfy reporting requirements.
In addition, since fiscal year 2000, we have issued several reports and
testimonies aimed at raising the level of attention given to improper
payments across government. The provisions of IPIA coincide with our
recommendations that agencies take actions to estimate, reduce, and
publicly report improper payments, including reporting to Congress,
OMB, and the agency head on the progress made in achieving improper
payment reduction targets and future action plans for controlling
improper payments. Our products have shed light on agencies that were
not timely in their development and implementation of risk assessments
and quantification efforts to allow more targeted legislative and
executive branch oversight. This work complements our periodic audits
of eligibility and benefit determinations for individual programs.
From a broader perspective, GAO performs a range of oversight-,
insight- and foresight-related engagements, a vast majority of which
are conducted in response to congressional mandates or requests. These
engagements include evaluations of federal programs and performance,
financial and management audits, policy analyses, legal opinions, bid
protest adjudications, and investigations. Collectively, this body of
work is intended to identify opportunities to enhance agencies' efforts
to improve program integrity, which would include reducing improper
payments.
We are sending a copy of this report to the Director of the Office of
Management and Budget, and other interested parties. This report is
also available on GAO's home page at [hyperlink, http://www.gao.gov].
Should you have any questions on matters discussed in this report or
need additional information, please contact me at (202) 512-2600 or by
e- mail at [email protected]. Contact points for our Offices of
Congressional Relations and Public Affairs may be found on the last
page of this report. Major contributors to this report included Kay
Daly, Acting Director; Carla Lewis, Assistant Director; Abe Dymond,
Assistant General Counsel; Jason Kirwan; Christina Quattrociocchi; and
Donell Ries.
Sincerely yours,
Signed by:
McCoy Williams:
Managing Director:
Financial Management and Assurance:
[End of correspondence]
Related GAO Products:
Improper Payments: Status of Agencies' Efforts to Address Improper
Payment and Recovery Auditing Requirements. [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-08-438T]. Washington, D.C.:
January 31, 2008.
Improper Payments: Federal Executive Branch Agencies' Fiscal Year 2007
Improper Payment Estimate Reporting. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-08-377R]. Washington, D.C.: January 23, 2008.
Responses to Posthearing Questions Related to Improving Single Audit
Quality. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-318R].
Washington, D.C.: Dec. 7, 2007.
Single Audit Quality: Actions Needed to Address Persistent Audit
Quality Problems. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-
213T]. Washington, D.C.: Oct. 25, 2007.
Improper Payments: Agencies' Efforts to Address Improper Payment and
Recovery Auditing Requirements Continue. [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-635T]. Washington, D.C.: March
29, 2007.
Improper Payments: Posthearing Responses on a December 5, 2006, Hearing
to Assess the Improper Payments Information Act of 2002. [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-533R]. Washington, D.C.:
February 27, 2007.
Improper Payments: Incomplete Reporting under the Improper Payments
Information Act Masks the Extent of the Problem. [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-254T]. Washington, D.C.:
December 5, 2006.
Improper Payments: Agencies' Fiscal Year 2005 Reporting under the
Improper Payments Information Act Remains Incomplete. [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-92]. Washington, D.C.:
November 14, 2006.
Improper Payments: Posthearing Questions Related to Agencies Meeting
the Requirements of the Improper Payments Information Act of 2002.
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-1067R].
Washington, D.C.: September 6, 2006.
Improper Payments: Federal and State Coordination Needed to Report
National Improper Payment Estimates on Federal Programs. [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-06-347]. Washington, D.C.: April
14, 2006.
Financial Management: Challenges Continue in Meeting Requirements of
the Improper Payments Information Act. [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-06-581T]. Washington, D.C.: April
5, 2006.
Financial Management: Challenges Remain in Meeting Requirements of the
Improper Payments Information Act. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-06-482T]. Washington, D.C.: March 9, 2006.
Financial Management: Challenges in Meeting Governmentwide Improper
Payment Requirements. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-
05-907T]. Washington, D.C.: July 20, 2005.
Financial Management: Challenges in Meeting Requirements of the
Improper Payments Information Act. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-05-605T]. Washington, D.C.: July 12, 2005.
Financial Management: Challenges in Meeting Requirements of the
Improper Payments Information Act. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-05-417]. Washington, D.C.: March 31, 2005.
Financial Management: Fiscal Year 2003 Performance and Accountability
Reports Provide Limited Information on Governmentwide Improper
Payments. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-04-631T].
Washington, D.C.: April 15, 2004.
Financial Management: Status of the Governmentwide Efforts to Address
Improper Payment Problems. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-04-99]. Washington, D.C.: October 17, 2003.
[End of section]
Footnotes:
[1] GAO, Improper Payments: Status of Agencies' Efforts to Address
Improper Payment and Recovery Auditing Requirements, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-08-438T] (Washington, D.C.: Jan.
31, 2008).
[2] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002).
[3] National Defense Authorization Act for Fiscal Year 2002, Pub. L.
No. 107-107, div. A, title VIII, � 831, 115 Stat. 1012, 1186 (Dec. 28,
2001) codified at 31 U.S.C. �� 3561-3567.
[4] 31 U.S.C. �� 7501-7507. Under the Single Audit Act, as amended, and
implementing guidance, independent auditors audit state and local
governments and nonprofit organizations that expend federal awards to
assess, among other things, compliance with laws, regulations, and the
provisions of contracts or grant agreements material to the entities'
major federal programs. Organizations are required to have single
audits if they annually expend $500,000 or more in federal awards.
[5] GAO, Responses to Posthearing Questions Related to Improving Single
Audit Quality, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-
318R] (Washington, D.C.: Dec. 7, 2007); GAO, Single Audit Quality:
Actions Needed to Address Persistent Audit Quality Problems,
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-213T] (Washington,
D.C.: Oct. 25, 2007); GAO, Improper Payments: Agencies' Efforts to
Address Improper Payment and Recovery Auditing Requirements Continue,
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-635T] (Washington,
D.C.: Mar. 29, 2007); and GAO, Improper Payments: Federal and State
Coordination Needed to Report National Improper Payment Estimates on
Federal Programs, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-
347] (Washington, D.C.: Apr. 14, 2006).
[6] [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-318R].
[7] OMB, Statement of the Honorable Daniel I. Werfel, Acting
Controller, Office of Federal Financial Management, Office of
Management and Budget, before the Senate Subcommittee on Federal
Financial Management, Government Information, Federal Services, and
International Security (Oct. 25, 2007).
[8] A material weakness is a significant deficiency, or combination of
significant deficiencies, that results in more than a remote likelihood
that a material misstatement of the financial statements will not be
prevented or detected. A significant deficiency is a control
deficiency, or combination of control deficiencies, that adversely
affects the entity's ability to initiate, authorize, record, process,
or report financial data reliably in accordance with generally accepted
accounting principles such that there is more than a remote likelihood
that a misstatement of the entity's financial statements that is more
than inconsequential will not be prevented or detected. A control
deficiency exists when the design or operation of a control does not
allow management or employees, in the normal course of performing their
assigned functions, to prevent or detect misstatements on a timely
basis.
[9] See our audit report on the audit of the federal government's
fiscal year 2007 financial statements that was incorporated in the 2007
Financial Report of the U.S. Government published by the Department of
the Treasury.
[10] Data sharing allows entities that make payments--to contractors,
vendors, participants in benefit programs, and others--to compare
information from different sources to help ensure that payments are
appropriate.
[11] The National Directory of New Hires database, maintained by HHS,
contains information on all newly hired employees, quarterly wage
reports for all employees, and unemployment insurance claims
nationwide.
[12] 5 U.S.C. � 552a(u)(3)(D).
[13] B-280764, May 4, 2000. Disbursing officers, who generally are
appointed by the Department of the Treasury for civilian agencies'
payments and the Department of Defense for its payments, actually make
the payments and are responsible for examining vouchers to verify their
propriety and to make payments only on certified vouchers. 31 U.S.C. ��
3322, 3325(a).
[14] 31 U.S.C. � 3528.
[15] 31 U.S.C. � 3529.
[16] In a recent Comptroller General decision, we noted that a
"critical tool" that certifying officers have to carry out their
statutory responsibilities is the power to question and refuse
certification of payments that may be improper (B-307693, Apr. 12,
2007). Language in agency regulations and the government's purchase
card contract appeared to eliminate the opportunity for the certifying
officer to dispute questionable transactions. We said that to interpret
the regulations and contract to eliminate the certifying officer's
opportunity to question, and refuse to certify, improper payments would
be contrary to the certifying officer's statutory responsibilities. We
emphasized that to execute his or her statutory responsibility fully
and faithfully, a certifying officer must have the opportunity to
question information appearing on the billing statements.
[17] Available at [hyperlink, http://www.gao.gov/legal/resources.html].
[18] Available at [hyperlink, http://www.gao.gov/legal/redbook.html].
[19] Department of the Treasury, Now that You're a Certifying Officer,
supplement to the Treasury Financial Manual (November 2007), available
at [hyperlink, http://www.fms.treas.gov/tfm/related.html] (last visited
Apr. 22, 2008).
[20] 69 Comp. Gen. 85 (1989). See GAO, Streamlining the Payment Process
While Maintaining Effective Internal Control, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-21.3.2] (Washington, D.C.:
May 2000), at 10-11, for further guidance.
[21] Bob Stump National Defense Authorization Act for Fiscal Year 2003,
Pub. L. No. 107-314, div. A, title X, � 1005(a), 116 Stat. 2458, 2631
(Dec. 2, 2002), codified at 10 U.S.C. � 2773a. In its proposal to
Congress, the Department of Defense observed in April 2002 that, "the
centralization of disbursing processes and the increased use of
automated systems, coupled with the volume and complexity of business
processes, reduces the ability of the department's officials to
exercise direct personal control over all aspects of each business
transaction."
[22] GAO, Improper Payments: Agencies' Fiscal Year 2005 Reporting under
the Improper Payments Information Act Remains Incomplete, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-92] (Washington, D.C.: Nov.
14, 2006).
[23] Past GAO work involving certifying officers includes [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-21.3.2]; New Methods Needed
for Checking Payments Made by Computers, FGMSD-76-82 (Washington, D.C.:
Nov. 7, 1977); and Comptroller General decisions. The Joint Financial
Management Improvement Program issued a report in 1980, entitled
Assuring Accurate and Legal Payments--The Roles of Certifying Officers
in Federal Government (Washington, D.C.: June 1980).
[24] For agency programs with estimated improper payments exceeding $10
million, IPIA requires that agencies report on actions they are taking
to reduce improper payments, including a description of the steps the
agency has taken to ensure that agency managers (including the agency
head) are held accountable for reducing improper payments. Both the
Department of Energy and the Department of Housing and Urban
Development had programs or activities exceeding $10 million in
estimated improper payments for fiscal year 2007 and, thus, were
required to address manager accountability as part of their IPIA
reporting.
[25] As noted in response to question 4, certifying officers frequently
rely on payment systems and processes and supporting information that
is not under their control, so they must rely on assessments and
assurances of the adequacy of internal controls by systems
administrators, program managers, and other managers or executives. In
our reviews of agency IPIA reporting, we found no reporting on whether
or how managers communicated the results of internal control
assessments related to payment processes or how any assessments may
have been used by certifying officers. See GAO's Policies and
Procedures Manual for Guidance of Federal Agencies, Title 7, pg. 7.7-
12.
[26] As stated in response to question 4, the fiscal laws, certifying
and disbursing officer statutes, and the decisions of the Comptroller
General comprise these standards.
[27] GAO, Standards for Internal Control in the Federal Government,
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1]
(Washington, D.C.: November 1999); OMB Circular No. A-127, Financial
Management Systems (revised Dec. 1, 2004); Federal Accounting Standards
Advisory Board, Statements of Federal Financial Accounting Concepts and
Standards (as of June 30, 2007); and OMB Circular No. A-11,
Preparation, Submission, and Execution of the Budget (revised July 2,
2007).
[28] GAO, Executive Guide, Strategies to Manage Improper Payments:
Learning from Public and Private Sector Organizations, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-02-69G] (Washington, D.C.:
October 2001).
[29] In August 2004, OMB established Eliminating Improper Payments as a
new program-specific initiative. This separate PMA program initiative
began in the first quarter of fiscal year 2005. Previously, agency
efforts related to improper payments were tracked along with other
financial management activities as part of the Improving Financial
Performance initiative of the PMA.
[30] The 15 agencies include 14 that were previously required to report
improper payment information under OMB Circular No. A-11, plus the
Department of Homeland Security. According to OMB, these 15 agencies
have programs and activities with the highest risk of improper
payments. With this PMA initiative, OMB has stated that it can better
ensure that those taxpayer dollars most susceptible to risk for
improper payments receive the greatest amount of focus and review.
[31] U.S.C. � 3528. The Department of Justice has opined that section
3528 is unconstitutional insofar as it authorizes the Comptroller
General, an officer of the legislative branch, to relieve executive
branch certifying officials from liability. See, e.g., Comptroller
General's Authority to Relieve Disbursing and Certifying Officials from
Liability, 15 Op. Off. Legal Counsel 80 (1991). We are aware of no
judicial opinion addressing the constitutionality of this section, and
there is no other statute granting federal administrative officers the
authority to relieve certifying officers, except for 31 U.S.C. � 3527
for certain Department of Defense officials.
[32] Our analysis included only the 39 agency programs that reported
improper payment estimated error rates for each of the 4 fiscal years-
-2004 through 2007.
[33] GAO, Financial Management: Challenges in Meeting Requirements of
the Improper Payments Information Act, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-05-417] (Washington, D.C.: Mar.
31, 2005).
[34] GAO, Improper Payments: Agencies' Fiscal Year 2005 Reporting under
the Improper Payments Information Act Remains Incomplete, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-92] (Washington, D.C.: Nov.
14, 2006).
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office:
441 G Street NW, Room LM:
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: [email protected]:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, [email protected]:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, [email protected]:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
*** End of document. ***