DOD Travel Cards

Control Weaknesses Resulted in Millions of Dollars of Improper Payments Gao ID: GAO-04-576 June 9, 2004

Ineffective management and oversight of the Department of Defense's (DOD) premium class travel and unused airline tickets led to concerns about DOD's overall management of the centrally billed accounts. GAO was asked to determine whether (1) DOD improperly reimbursed travelers for airline tickets DOD paid for using centrally billed accounts, (2) internal controls were effective in preventing issuance of unauthorized airline tickets, and (3) other control weaknesses led to compromised and fraudulently used centrally billed accounts.

A weak control environment and breakdowns in key controls over centrally billed accounts resulted in DOD paying travelers for airline tickets they did not purchase, issuing and paying for unauthorized airline tickets, and paying for goods and services obtained with compromised centrally billed accounts. Based on mining of limited fiscal year 2001 and 2002 data provided by the Army, Navy, and Marine Corps, GAO identified about 27,000 transactions totaling more than $8 million in which DOD potentially reimbursed travelers for airline tickets paid for by DOD--not the travelers. Requesting reimbursement for items that the traveler knowingly did not pay for may be a crime that could result in imprisonment or a monetary fine, or both. GAO's subsequent tests of a nonrepresentative selection of 124 individuals who submitted 204 of these 27,000 transactions confirmed that DOD improperly paid 91 individuals almost $98,000 for 123 airline tickets DOD purchased with centrally billed accounts. Only 4 travelers voluntarily reimbursed DOD prior to GAO initiating the audit, even though typically, more than a year had passed since the improper payments. Several travelers submitted multiple claims for airline tickets they did not purchase, which could indicate intent to defraud the government. In 2003, the Air Force Audit Agency reported that this same problem existed at the Air Force and estimated that, if not corrected, this problem will cost the Air Force more than $6 million over 6 years. Examples of Potentially Fraudulent Travel Claims Grade/rank Cost Number Nature of cases GS-15 $9,700 13 Traveler claimed he did not notice the additional $9,700 in his bank account. GS-13 3,600 6 Traveler continued to submit false claims after DOD told the traveler to stop requesting reimbursement for airline tickets purchased with centrally billed accounts. The traveler also rented luxury vehicles--such as a Mercedes Benz--while on government travel and approved his own travel vouchers. E-9 1,400 2 Traveler told us he knew of the improper payment, but he was waiting for DOD to request repayment. Source: GAO review of DOD travel data. GAO also determined that key internal controls did not provide DOD reasonable assurance that (1) airline tickets purchased and paid for with the centrally billed accounts were based on valid travel orders and (2) centrally billed account numbers were adequately protected against unauthorized use. To demonstrate weaknesses in DOD's system of internal controls, GAO submitted a fictitious travel order to a commercial travel office to obtain an airline ticket from Washington, D.C., to Atlanta, Ga. DOD issued GAO the airline ticket, established an obligation, and paid for the ticket without detecting the fictitious nature of the request. GAO also found instances where a lack of physical safeguards resulted in the centrally billed account numbers being stolen and used for personal gain. One DOD traveler stole a centrally billed account number to purchase over 70 airline tickets totaling more than $60,000, which he sold at a discounted rate to coworkers and their family members for personal travel. Because DOD disputed those fraudulent charges, DOD did not pay for those tickets. However, not all DOD units dispute unauthorized charges. As a result, DOD is vulnerable to paying for fraudulent charges on compromised centrally billed accounts.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:

GAO-04-576, DOD Travel Cards: Control Weaknesses Resulted in Millions of Dollars of Improper Payments This is the accessible text file for GAO report number GAO-04-576 entitled 'DOD Travel Cards: Control Weaknesses Resulted in Millions of Dollars of Improper Payments' which was released on June 09, 2004. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Requesters: June 2004: DOD TRAVEL CARDS: Control Weaknesses Resulted in Millions of Dollars of Improper Payments: GAO-04-576: GAO Highlights: Highlights of GAO-04-576, a report to congressional requesters Why GAO Did This Study: Ineffective management and oversight of the Department of Defense‘s (DOD) premium class travel and unused airline tickets led to concerns about DOD‘s overall management of the centrally billed accounts. GAO was asked to determine whether (1) DOD improperly reimbursed travelers for airline tickets DOD paid for using centrally billed accounts, (2) internal controls were effective in preventing issuance of unauthorized airline tickets, and (3) other control weaknesses led to compromised and fraudulently used centrally billed accounts. What GAO Found: A weak control environment and breakdowns in key controls over centrally billed accounts resulted in DOD paying travelers for airline tickets they did not purchase, issuing and paying for unauthorized airline tickets, and paying for goods and services obtained with compromised centrally billed accounts. Based on mining of limited fiscal year 2001 and 2002 data provided by the Army, Navy, and Marine Corps, GAO identified about 27,000 transactions totaling more than $8 million in which DOD potentially reimbursed travelers for airline tickets paid for by DOD”not the travelers. Requesting reimbursement for items that the traveler knowingly did not pay for may be a crime that could result in imprisonment or a monetary fine, or both. GAO‘s subsequent tests of a nonrepresentative selection of 124 individuals who submitted 204 of these 27,000 transactions confirmed that DOD improperly paid 91 individuals almost $98,000 for 123 airline tickets DOD purchased with centrally billed accounts. Only 4 travelers voluntarily reimbursed DOD prior to GAO initiating the audit, even though typically, more than a year had passed since the improper payments. Several travelers submitted multiple claims for airline tickets they did not purchase, which could indicate intent to defraud the government. In 2003, the Air Force Audit Agency reported that this same problem existed at the Air Force and estimated that, if not corrected, this problem will cost the Air Force more than $6 million over 6 years. Examples of Potentially Fraudulent Travel Claims: [See PDF for image] [End of table] GAO also determined that key internal controls did not provide DOD reasonable assurance that (1) airline tickets purchased and paid for with the centrally billed accounts were based on valid travel orders and (2) centrally billed account numbers were adequately protected against unauthorized use. To demonstrate weaknesses in DOD‘s system of internal controls, GAO submitted a fictitious travel order to a commercial travel office to obtain an airline ticket from Washington, D.C., to Atlanta, Ga. DOD issued GAO the airline ticket, established an obligation, and paid for the ticket without detecting the fictitious nature of the request. GAO also found instances where a lack of physical safeguards resulted in the centrally billed account numbers being stolen and used for personal gain. One DOD traveler stole a centrally billed account number to purchase over 70 airline tickets totaling more than $60,000, which he sold at a discounted rate to coworkers and their family members for personal travel. Because DOD disputed those fraudulent charges, DOD did not pay for those tickets. However, not all DOD units dispute unauthorized charges. As a result, DOD is vulnerable to paying for fraudulent charges on compromised centrally billed accounts. What GAO Recommends: To prevent DOD from paying for airline tickets twice, GAO continues to recommend that DOD evaluate the feasibility of requiring DOD personnel to use individually billed travel cards to purchase airline tickets. GAO makes 11 new recommendations to improve DOD management of centrally billed accounts including the following: * determine the feasibility of establishing control procedures to validate the authenticity of travel orders prior to issuing airline tickets purchased with the centrally billed accounts; * implement physical safeguards over centrally billed account numbers; and * recover payments made to travelers who were improperly reimbursed for airline tickets that DOD paid for with centrally billed accounts. DOD concurred with all 11 recommendations. www.gao.gov/cgi-bin/getrpt?GAO-04-576. To view the full product, including the scope and methodology, click on the link above. For more information, contact Greg Kutz at 202-512-9505 or kutzg@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: DOD Made Improper Payments for Potentially Fraudulent Travel Claims: Key Internal Controls over Issuance and Payment of Airline Tickets Are Inadequate: Centrally Billed Accounts Were Compromised and Used to Purchase Airline Tickets for Personal Use: Conclusion: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendixes: Appendix I: Objectives, Scope, and Methodology: Appendix II: Comments from the Department of Defense: Appendix III: GAO Contacts and Staff Acknowledgments: GAO Contacts: Acknowledgments: Tables: Table 1: Improper and Potentially Fraudulent Travel Claims Identified by GAO: Table 2: Improper Payments Recovered by DFAS: Table 3: Results of Statistical Sampling Tests of Proper Issuance of Airline Tickets: Table 4: Results of Statistical Sampling Tests of Proper Payment of Airline Tickets: Table 5: Airline Ticket Transactions that CTOs Identified as Unauthorized and DOD Either Did Not Dispute or Did Not Track Their Resolution: Table 6: Estimated Failure Rates for Control Tests for Fiscal Year 2001 and 2002 Airline Ticket Transactions: Figures: Figure 1: Flowchart of the Payment of Centrally Billed Accounts and Individual Travel Vouchers: Figure 2: Boarding Pass for Airline Ticket Charged to a Centrally Billed Account for Fictitious Traveler: Letter June 9, 2004: The Honorable Susan M. Collins: Chairman: Committee on Governmental Affairs: United States Senate: The Honorable Norm Coleman: Chairman: The Honorable Carl Levin: Ranking Minority Member: Permanent Subcommittee on Investigations: Committee on Governmental Affairs: United States Senate: The Honorable Charles E. Grassley: Chairman: Committee on Finance: United States Senate: The Honorable Janice Schakowsky: House of Representatives: This report is the last in our series of reports on the Department of Defense's (DOD) management of its various credit card programs. In fiscal years 2002 and 2003, we issued a series of testimonies[Footnote 1] and reports[Footnote 2] addressing problems that the Army, Navy, and Air Force had in managing individually billed travel card accounts. These testimonies and reports showed high delinquency rates and significant potential fraud and abuse related to DOD's travel card program. Due to these concerns, you asked us to audit controls over the other major form of payment used by DOD for travel expenses--centrally billed accounts. In response to your request, we first reported in October 2003[Footnote 3] that internal control weaknesses over DOD's centrally billed accounts have led to millions of dollars of improper premium class travel and increased costs to taxpayers. In our second report on control weaknesses over the centrally billed accounts, issued in March 2004,[Footnote 4] we further identified millions of dollars in airline tickets DOD purchased that were unused and not refunded. These two reports provided examples of why DOD financial management is on our list of high-risk areas,[Footnote 5] areas that are highly vulnerable to fraud, waste, and abuse. In light of these internal control problems, you asked us to perform additional work on controls over the centrally billed accounts.[Footnote 6] Specifically, you asked us to determine for fiscal years 2001 and 2002 whether (1) DOD improperly reimbursed travelers for the cost of airline tickets paid using centrally billed accounts, (2) internal controls were effective to prevent the commercial travel office (CTO) from issuing unauthorized airline tickets on the basis of invalid travel orders, and (3) other control weaknesses led to compromised and fraudulently used centrally billed accounts. To achieve these objectives, we compared airline ticket purchases reported by the Bank of America--DOD's credit card bank--to limited data provided by the Army, Navy, and Marine Corps on travel vouchers that were filed during fiscal years 2001 and 2002. The purpose of the comparison was to identify instances where voucher data indicated that DOD made improper payments to travelers for airline tickets that DOD-- not the traveler--had purchased using DOD's centrally billed accounts. We used only Army, Navy, and Marine Corps travel voucher data because the Air Force voucher data was not structured in a way that enabled us to analyze the type of expenses claimed on a travel voucher. After identifying a pool of about 27,000 improper payments, we tested a nonrepresentative selection of 124 Army, Navy, and Marine Corps travelers who submitted 204 travel vouchers during fiscal years 2001 and 2002. We also evaluated the effectiveness of controls over airline ticket issuance at one Air Force, one Army, one Marine Corps, one Navy, and one Defense Finance and Accounting Service (DFAS) location. We selected these units because they were among the largest dollar volume locations for airline tickets purchased with centrally billed accounts during fiscal years 2001 and 2002. For these units, we tested a statistical sample of airline tickets to evaluate whether the design and implementation of internal control procedures were effective in preventing airline tickets from being issued, and paid for, on the basis of invalid travel orders--that is, travel orders that were not signed by the properly designated authorizing official. Our statistical sample test results can be projected as a whole to the five locations at which we selected airline tickets to review. They cannot be projected to each location separately, to the individual service, or to DOD as a whole. To illustrate the vulnerability of the weaknesses in internal controls over airline ticket issuance, we prepared a fictitious travel order and submitted it to a CTO to test whether we could obtain an airline ticket and whether DOD would create an obligation and pay for the ticket. We also performed data mining to determine whether DOD's centrally billed accounts were compromised and used fraudulently for personal gain. However, our work was not designed to identify, and we cannot determine, the extent of potentially fraudulent and abusive activity. Appendix I provides further details on our scope and methodology. We requested comments from the Secretary of Defense or his designee on a draft of this report. We reprinted those comments in appendix II. We conducted our audit work from June 2003 through May 2004 in accordance with U.S. generally accepted government auditing standards. We performed our investigative work in accordance with standards prescribed by the President's Council on Integrity and Efficiency. Results in Brief: A weak control environment and breakdowns in key controls over the centrally billed accounts resulted in DOD paying travelers for airline tickets they did not purchase, issuing and paying for unauthorized airline tickets, and paying for personal goods and services obtained with compromised centrally billed accounts. While we cannot project the extent of this problem due to limitations in the data that DOD could provide us, these weaknesses have led to potential fraud, waste, and abuse in substantial amounts that could total millions of dollars. Our work identified numerous instances where DOD travelers submitted-- and DOD reimbursed--improper and potentially fraudulent claims for airline tickets that DOD, and not the travelers, paid for using centrally billed accounts. During fiscal years 2001 and 2002, DOD made potentially improper reimbursements on about 27,000 travel claims totaling more than $8 million to DOD travelers for airline tickets they did not purchase. We identified the $8 million based on data mining of limited fiscal year 2001 and 2002 data provided by the Army, Navy, and Marine Corps. Further, the Air Force Audit Agency estimated that this problem, if not fixed, will cost the Air Force more than $6 million over the next 6 years. Our tests on a nonrepresentative selection of 124 travelers who submitted 204 of the 27,000 travel claims confirmed that DOD made improper payments to 91 travelers for 123 airline tickets totaling almost $98,000. The improper payments were made to 77 travelers who were paid about $85,000 for airline tickets that DOD had purchased with the centrally billed accounts. Another 14 payments costing $13,000 were improper because DOD paid for two airline tickets for the same travel- -that is, DOD used the centrally billed account to purchase an airline ticket and the traveler purchased another airline ticket for the same travel, and was reimbursed by DOD. In these cases, some airline tickets remained unused and not refunded, a problem we addressed in a previous report.[Footnote 7] The remaining 32 travelers did not receive improper payments. Four of the travelers who received the improper payments reimbursed DOD for the erroneous payments prior to DOD or GAO notifying them about the improper payments. One traveler, a GS-13 employee, received improper payments after submitting 12 vouchers in a 27-month period requesting reimbursements for airline tickets totaling about $7,000 that DOD had purchased using a centrally billed account. A further review of that traveler's records showed that DOD had informed the traveler on six occasions that the airline tickets were purchased with a centrally billed account and should not be claimed as a reimbursable expense on the voucher. However, the traveler ignored these repeated warnings and continued to request reimbursements and was improperly paid $3,600 for six airline tickets DOD purchased with a centrally billed account. We determined that inadequate reviews of travel vouchers, lack of reconciliation between centrally billed account charges and travel claims, and at some locations, differences in policies as to when a ticket should be charged to the centrally billed account, enabled travelers to submit potentially fraudulent claims and receive improper payments. We also determined that weaknesses in the design and implementation of key internal controls intended to prevent DOD from issuing and paying for unauthorized airline tickets contributed to the improper payments. Specifically, our analysis of the design of DOD's centrally billed account controls determined that these controls do not provide reasonable assurance that airline tickets are issued only on the basis of valid travel orders or that DOD only pays for airline tickets that have been approved by someone who has been authorized to do so. Our assessment of the weaknesses in the design of the internal controls was confirmed by the results of our statistical sample of airline ticket transactions at five DOD locations that we tested. At those locations, we determined that existing control procedures did not provide reasonable assurance that DOD would detect unauthorized airline tickets charged to centrally billed accounts, or prevent payment for airline tickets that were not properly authorized. Consequently, it was not surprising that DOD ticket issuance controls did not detect a fictitious travel order we submitted to request an airline ticket, and DOD voucher payment controls did not prevent DOD from paying for an airline ticket that was obtained using the fictitious travel order. DOD also lacked adequate physical controls over the centrally billed account numbers, which are Bank of America credit card accounts that can be used to purchase items from merchants who take phone or Internet orders. Specifically, a number of locations we visited printed the full centrally billed account numbers on the travelers' itineraries, or left them in insecure locations. DOD's failure to maintain adequate controls over the centrally billed account numbers has contributed to these accounts being compromised and used to fraudulently purchase airline tickets. A military service member, for example, used the centrally billed account number that was included on travel itineraries to purchase over 70 tickets totaling more than $60,000, which he sold at a discounted rate to coworkers and their family members. As a result of the investigation, the seaman admitted culpability, lost all pay, and received a dishonorable discharge and 5 years confinement. Because DOD disputed these charges, which the CTOs identified as unauthorized in the reconciliation process intended to identify airline tickets that the CTO did not order, DOD received refunds from the Bank of America for these fraudulently obtained airline tickets. However, officials at a number of locations we visited did not dispute unauthorized airline tickets that were identified by the CTOs. By not disputing the unauthorized charges identified by the CTO, DOD had no assurance that the amount it paid Bank of America did not contain fraudulent charges that were the result of compromised accounts. As we have previously reported,[Footnote 8] improved controls and management of individually billed accounts would provide DOD with options to reduce the financial exposure resulting from the weaknesses in the controls over DOD's centrally billed accounts. Specifically, using a well-controlled individually billed account program to pay for airline tickets would transfer responsibility for all charges to the individual cardholder, thus limiting the government's financial exposure. However, DOD would still need to improve controls over its centrally billed account structure as not all DOD travelers would have access to an individually billed account, such as new employees and infrequent travelers. This report includes 11 recommendations for DOD to reduce the risks associated with using the centrally billed accounts to purchase airline tickets. The recommendations include DOD taking a series of immediate steps to improve controls over centrally billed accounts so that, in the future, it can prevent or detect improper payments to travelers for airline tickets not paid for by the traveler. We also recommend that DOD implement internal controls to verify that travel orders are valid before tickets are issued. Finally, we recommended that DOD safeguard centrally billed accounts from being compromised and used fraudulently. In written comments on a draft of this report, DOD concurred with our 11 recommendations and stated that it had taken actions or will take actions to address them. Background: The DOD centrally billed travel card program is part of a governmentwide travel card program started in 1983 with the express purpose of increasing convenience to the traveler and lowering the government's cost of travel by reducing the need for cash advances to the traveler, and the associated administrative costs. The travel card program includes both the individually billed accounts--accounts held and paid by the individual cardholders--and the centrally billed accounts. In general, individual cardholders use the individually billed accounts to charge nontransportation travel-related expenses, while most DOD services and units used the centrally billed accounts to purchase transportation services, such as airline and train tickets, and to pay expenses incurred for group travel.[Footnote 9] During fiscal years 2001 and 2002, DOD travelers charged more than $7.1 billion in expenses to the travel card program, with about $2.8 billion related to the use of the centrally billed accounts. Unlike the actual credit cards issued to individuals and some unit credit cards, there are no actual credit cards for the centrally billed accounts used to purchase transportation services. Instead, Bank of America issues account numbers to the government travel office (GTO) for use by the CTO--under contract with each DOD service or service location to provide travel services to military and other DOD personnel--to enable transportation charges on these accounts. Responsibility for making travel arrangements and paying the expenses associated with travel is shared between the DOD local components, contractors, and DFAS--the DOD component responsible for making nearly all of DOD's payments. The local travel-authorizing official or the resource manager at the DOD component is responsible for determining the necessity of travel, issuing the travel order, certifying the availability of funds, and recording an obligation against a unit's appropriation. The CTO makes airline reservations, issues airline tickets and charges the centrally billed account upon receipt of a signed travel order, and performs reconciliation between tickets it issued and tickets charged on the Bank of America invoice. The CTO is responsible, in the reconciliation process, for identifying each charge as being associated with a specific travel order. Within each DOD component, the GTO is generally responsible for reviewing the CTO's reconciliation, making the appropriate changes, certifying or authorizing the Bank of America's invoice for payment, and filing disputes with Bank of America for charges that the CTO did not record as having issued. After the CTO and GTO perform their monthly reconciliation, the charges are sent to DFAS for payment. Figure 1 shows the design of the processes used to issue an airline ticket on a centrally billed account and reimburse travelers for travel expenses, and explains the roles of different offices in providing reasonable assurance that airline tickets charged to these cards are appropriate and meet a valid government need. Figure 1: Flowchart of the Payment of Centrally Billed Accounts and Individual Travel Vouchers: [See PDF for image] [End of figure] Prior to paying the Bank of America invoice, DFAS is responsible for verifying fund availability for each airline ticket presented on the invoice. This process, known as prevalidation, involves DFAS checking each airline charge against the services' accounting systems to determine that the travel had been approved, and an obligation had been recorded, before approving the corresponding charge for payment. If an obligation exists for the travel order but the amount is not adequate to cover the charge, DFAS is allowed to increase the obligation up to $2,500 to pay for the ticket charge if DFAS is in possession of a valid obligating document. If an obligation has not been recorded in the services' accounting systems, but a valid obligation document exists, DFAS can also create an automatic obligation up to $2,500 to pay for the ticket charge. If an obligation needs to be created or increased by more than $2,500, DFAS is required to notify the unit and allow the unit 10 calendar days to record the obligation before DFAS is allowed to create the obligation on the unit's behalf.[Footnote 10] At the conclusion of travel, the traveler is responsible for preparing his or her DD Form 1351-2, a travel voucher form, within 5 working days after completion of travel to claim reimbursement for official travel. Travelers are to enter all reimbursable expenses on their travel vouchers, and attach all receipts for lodging expenses and for all other expenses over $75. Even if someone else prepares the voucher, the traveler is responsible for the truth and accuracy of the information. According to DOD's Financial Management Regulation, when the travelers sign the form (and this signature authority must never be delegated), they attest that the statements are true and complete, and that they are aware of their liability for filing a false claim. The travel voucher the traveler signs contains a bolded penalty statement that provides, "there are severe criminal and civil penalties for knowingly submitting a false, fictitious, or fraudulent claim (U.S. Code, Title 18, Sections 287 and 1001 and Title 31, Section 3729)." The authorizing or approving officials review the travel claim for appropriateness, then forward the travel claim to the voucher- processing unit, which might be located at the unit or at DFAS. The voucher-processing unit determines what payments the traveler is entitled to receive and computes the amounts, which are then certified for payment. DFAS then pays the vouchers, generally through an electronic fund transfer directly to the traveler's bank account. DOD Made Improper Payments for Potentially Fraudulent Travel Claims: We found numerous instances during fiscal years 2001 and 2002 where DOD travelers submitted travel vouchers and were improperly reimbursed for airline tickets they did not purchase. DOD's failure to detect or prevent these improper payments was the result of weaknesses in the design of key internal controls, as well as breakdowns in key existing controls. The weaknesses included inadequate travel voucher review, lack of reconciliation between centrally billed account charges--and payments for those charges--and travel claims, and differences in policies as to when an airline ticket should be charged to an individually billed account as opposed to a centrally billed account. These weaknesses were exacerbated by a monitoring system that primarily focused on making payments within prescribed time frames, rather than on making proper and accurate payments. Improper and Potentially Fraudulent Travel Claims: Whoever, in any matter within the jurisdiction of the executive, legislative, or judicial branch of the Government of the United States, knowingly and willfully (1) falsifies, conceals, or covers up by any trick, scheme, or device a material fact; (2) makes any materially false, fictitious, or fraudulent statement or representation; or (3) makes or uses any false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry; shall be fined under this title or imprisoned not more than 5 years, or both. (taken from U.S. Code, Title 18, Section 1001, Statements or Entries Generally). Our data mining of airline ticket data from Bank of America centrally billed account files and about half of DOD's fiscal year 2001 and 2002 travel vouchers identified about 27,000 travel claims totaling over $8 million for which DOD made potentially improper reimbursements to travelers for airline tickets that DOD purchased with the centrally billed accounts. Because the travelers had not purchased most of the airline tickets we tested, the travelers should not have requested reimbursements, nor should DOD have paid the travelers for the cost of those tickets. Requesting reimbursement for items that the traveler did not pay for may violate the False Claims Act and be punishable by imprisonment or a monetary fine, or both. From the 27,000 potential improper travel claims, we tested a nonrepresentative selection of 124 travelers to whom DOD made 204 travel claim reimbursements that may have contained improper payments. As will be discussed further, the tests we performed on the nonrepresentative selection of 124 travelers confirmed that DOD improperly paid 91 travelers for 123 airline tickets. As will be discussed in detail later, the 123 improper payments included 109 payments that were made to 77 travelers who were paid for airline tickets they did not purchase, and 14 payments in which DOD purchased two airline tickets for the same travel. Thirteen of the 77 travelers we identified submitted multiple travel vouchers requesting reimbursements for the cost of airline tickets that they did not purchase, which might indicate intent to defraud the government. The remaining improper payments were also potentially fraudulent if the traveler intentionally filed false claims or kept the improper payments after they realized that the payment was improper. The other 64 travelers received improper reimbursement for a single ticket. One traveler admitted to us that he knew DOD had improperly reimbursed him for two airline tickets that DOD purchased for his travel in April 2002 and June 2002, but did not notify DOD because he was waiting for DOD to request him to refund the improper payments. Most travelers we interviewed told us that they were not aware that the government had paid them hundreds, and sometimes thousands, of dollars for expenses that they claimed but did not incur. In many instances, the airline ticket receipt or invoice used to support the travelers' claims contained the 16-digit centrally billed account number, indicating that the airline tickets were paid for using the centrally billed accounts. Table 1 shows eight illustrative examples of the 77 travelers who we identified in this review as submitting improper and potentially fraudulent travel claims. Table 1: Improper and Potentially Fraudulent Travel Claims Identified by GAO: Case: 1; Rank/grade: GS-15; Number/value of improper payments: 13 for $9,700; Dates of Travel: August 2001 to May 2002; Nature of the case: Within a 9-month period, the traveler claimed, and DOD paid, 13 airline tickets that DOD purchased with a centrally billed account. Traveler represented that he did not know that he received almost $10,000 more in reimbursement than he paid in travel expenses; Disposition of the case: After GAO notified DOD of this traveler, the Navy Medical Inspector General substantiated that the traveler made seven false claims for airline tickets. The Navy Audit Service is conducting further review of the traveler. Case: 2; Rank/grade: GS-13; Number/value of improper payments: 6 for $3,600; Dates of Travel: March 2001 to June 2003; Nature of the case: Within a 27-month period, the traveler submitted 12 vouchers claiming about $6,800 in airline tickets DOD purchased with the centrally billed accounts. Despite DFAS notification that it was refusing payments on five of the first six claims it received, the traveler submitted six additional claims. In addition, the traveler rented luxury vehicles, and used his individually billed travel card to purchase airline tickets for family members at the discounted government rate and make various other unauthorized charges; Disposition of the case: After GAO notified DOD of this traveler, the traveler received collection notices in late fiscal year 2003 demanding the traveler repay three of the six improper payments totaling more than $2,100. Because DFAS did not complete a full audit of all the traveler's vouchers, DFAS did not find the three other claims. DFAS had started payroll deduction to collect for the three improper payments DFAS had identified. Case: 3; Rank/grade: GS-14; Number/value of improper payments: 5 for $3,400; Dates of Travel: May 2001 to July 2002; Nature of the case: Traveler represented that the improper payments were an oversight because he also charged airline tickets to his individually billed accounts and that he did not notice the improper payments that were deposited to his account; Disposition of the case: DFAS responded to our referral by sending five collection notices to the traveler in October 2003. The traveler repaid DOD $3,600 in November 2003. Case: 4; Rank/grade: O-5; Number/value of improper payments: 5 for $1,600; Dates of Travel: December 2001 to May 2002; Nature of the case: Some of the traveler's airline tickets were charged to the centrally billed accounts and others to the traveler's individually billed account. The traveler represented that she did not notice the improper payments; Disposition of the case: DFAS sent collection notices as a result of our audit in October 2003. The traveler had repaid DOD $1,600 as of November 2003. Case: 5; Rank/grade: E-9; Number/value of improper payments: 2 for $1,400; Dates of Travel: April 2002 to June 2002; Nature of the case: The traveler represented that he submitted claims for the airline tickets because he thought that the airfare was charged to his individually billed account. However, after the traveler found out that he received the improper payments, he did not notify DOD; Disposition of the case: DFAS sent collection notices in September 2003 as a result of our audit. Traveler repaid DOD $1,400 in October 2003. Case: 6; Rank/grade: GS-15; Number/value of improper payments: 1 for $3,700; Dates of Travel: January 2002; Nature of the case: Traveler represented that airfares are typically charged to his individually billed account, and that it was an oversight that he did not notice that the government had deposited into his checking account an additional $3,700 for an airline ticket that was purchased by the government--not the traveler; Disposition of the case: DFAS sent collection notices in September 2003 as a result of our audit. Traveler repaid DOD $3,700 in October 2003. Case: 7; Rank/grade: O-6; Number/value of improper payments: 1/$800; Dates of Travel: February 2002; Nature of the case: Traveler represented that he was told that the airfare would be billed to his individual government travel card because it was short notice travel. Traveler represented that he did not notice the improper payment; Disposition of the case: DFAS sent the traveler a collection notice in September 2003 in response to our audit. The traveler repaid DOD $800 in February 2004. Case: 8; Rank/grade: GS-15; Number/value of improper payments: 1 for $600; Dates of Travel: May 2002; Nature of the case: The traveler represented that he did not notice the improper payments because most of his airline tickets were charged to the individually billed account; Disposition of the case: DFAS sent the traveler a collection notice in September 2003 in response to our audit. The traveler repaid the DOD $600 in October 2003. Source: GAO analysis of Bank of America and limited voucher data, and review of supporting documentation. [End of table] The 8 travelers identified in table 1 did not notify DFAS after they had received improper payments, and only 4 of the 77 travelers that we determined had received improper payments voluntarily refunded the improper payments. The following provides detailed information on three of the cases identified in table 1. * Traveler number 1 was a GS-15 who submitted travel vouchers claiming reimbursements for 13 tickets totaling almost $10,000 between August 2001 and May 2002. The traveler told us that he did not notice that he was paid for expenses he did not incur, even though in one instance, DFAS overpaid the traveler more than $3,500 for one round-trip ticket from Washington, D.C., to Singapore. The traveler explained he did not notice the improper payments because he typically maintained a high balance in his bank account, and his wife paid all the bills. In November 2003, after we requested information from the Navy related to the traveler, the Navy Office of Medical Inspector General started an investigation. The Inspector General concluded that the traveler violated DOD travel regulations in wrongfully claiming air transportation expenses. The investigation found that the traveler was liable for seven improper reimbursements totaling about $7,300. The Navy Audit Service has expanded its review of the traveler for the additional improper payments that we identified. We referred this case to DOD's Office of the Inspector General so that it can take any action it deems appropriate, including referral of the matter to the relevant U.S. Attorney for further consideration. * Traveler number 2 is a GS-13 acquisition specialist who, between April 2001 and July 2003, submitted 12 claims totaling $6,800 for airline tickets that were charged to the centrally billed accounts; that is, airline tickets he did not purchase. DFAS denied payments on five claims that were submitted for travel in fiscal years 2001 and early fiscal year 2002, and notified the traveler in writing that payment was denied because he did not personally incur the airfare expense. However, the traveler submitted seven additional vouchers in late fiscal year 2002 and in fiscal year 2003 requesting payments for airline tickets he did not purchase. Although one more voucher was denied, overall, the traveler received six improper payments totaling more than $3,600. Despite being repeatedly informed that his airfare was not a reimbursable expense, the traveler indicated that the $3,600 in improper payments were honest mistakes, and he believed that these tickets were charged to his individually billed account, and should be claimed on the vouchers. In addition, the traveler took other questionable actions related to his travel. These actions included renting luxury vehicles, such as a Lincoln Navigator and Mercedes Benz, while on official travel--without specific authorization to rent a luxury vehicle--and using his individually billed account to obtain government-rate tickets for his family members, as the examples illustrate. * The traveler scribbled his own name as the approving official for the voucher to disguise the fact that he was approving his own voucher. DOD policy requires that each travel voucher be reviewed for accuracy and approved by the supervisor. The signature of the approving official certifies that the vouchers are accurate, and that the expenses are to be paid. * While on official travel the traveler rented luxury vehicles without special authorization documenting the need for why he needed a luxury vehicle. For example, while on travel for 2 days in Atlanta in July 2003, the traveler rented a Lincoln Navigator for more than $300. * In August 2003, the traveler used his individually billed account--a government credit card--to purchase government-rate tickets for two family members to travel from Richmond, Va., to Frankfurt, Germany, while the traveler was on official government travel for 9 days at that location. By using the government credit card, the traveler was able to obtain unrestricted coach class tickets for $546 per person, compared to an unrestricted coach class fare available to the public of more than $2,800 per person. On that 9-day trip, the government paid more than $1,000 for his rental car. Further review of the supporting documentation submitted with his travel voucher indicated that the traveler rented a luxury class car--Mercedes Benz--for use while at his travel destination. * Although the traveler informed us that he was aware the individually billed credit card assigned him was reserved for official government use only, he used the card on several occasions to make purchases at gas stations and restaurants when he was not on travel status and to charge a recurring monthly rental fee of $30 for a musical instrument. As a result of our audit, in July and September 2003, the traveler received collection vouchers demanding the traveler reimburse DOD more than $2,100 for the overpayments on three vouchers. As of November 2003, DFAS had started collection payroll deductions to collect the $2,100 in improper payments. However, because DFAS did not audit all the vouchers of this traveler, DFAS did not know that this traveler had requested other improper and potentially fraudulent claims. Because of the potential fraud, we have also referred this case to the DOD Office of the Inspector General. * Traveler number 6 was a GS-15 who in February 2002 submitted a travel voucher requesting reimbursement for an airline ticket that DOD, and not the traveler, purchased using the centrally billed account. The ticket was an international ticket costing more than $3,700 for travel from Huntsville, Ala., to Tel Aviv, Israel. The traveler asserted that he did not notice the more than $3,700 overpayment in his bank account until he received a collection notice from DFAS in September 2003. The traveler stated that he assumed all his airline tickets were purchased with his individually billed account. We found that the policy at the duty station where the traveler was assigned required that all airline tickets purchased for travel within the continental United States be purchased using the individually billed accounts, while international travel was paid for using the centrally billed account. We found that this policy may have contributed to at least three other improper payments for airfare related to international travel at this duty station. Because of the potential fraud, we referred this case to the DOD Office of the Inspector General. Amount of Improper and Potentially Fraudulent Travel Claims Is Likely Millions of Dollars: During fiscal years 2001 and 2002, DOD spent almost $10.8 billion on travel and transportation expenses for DOD military and civilian personnel.[Footnote 11] Significant limitations related to DOD travel and transportation data files prevented us from accurately estimating the total number and dollar value of the improper payments DOD made for airfare paid with a centrally billed account. It is likely that these false claims are millions of dollars annually. The Army, Navy, and Marine Corps provided us with files totaling about $4.5 billion that contained their fiscal year 2001 and 2002 travel voucher information, representing about half of the voucher payments DOD would have made during this 2-year period. These files identified the dates of travel and type of travel expenses that were incurred and contained separate fields for the traveler's per diem expenses and transportation expenses. By comparing the Bank of America centrally billed account files containing the ticket price, passenger names, and travel dates, to the travel voucher files, we were able to data mine for instances where DOD purchased an airline ticket with the centrally billed accounts and the traveler may have been improperly reimbursed for the cost of the airline tickets. Our analyses of the Army's, Navy's, and Marine Corps' fiscal years 2001 and 2002 travel and transportation expenses identified about 27,000 travel claims containing airline tickets valued at more than $8 million during that 2-year period that were potentially improper. Similarly, the Air Force Audit Agency had reported that if not corrected, improper payments would cost the Air Force $6.5 million over 6 years. To determine whether DOD improperly paid travelers for the airline tickets purchased with centrally billed accounts, we tested a nonrepresentative selection of 124 travelers who submitted 204 travel claims that may have contained improper payments totaling about $154,000. The 124 travelers were chosen based primarily on the amount and frequency of the potential improper payments. We tested a nonrepresentative selection of travelers because we could not obtain assurance that the data files provided by the Army, Navy, and Marine Corps were complete and reliable. Further, the Air Force travel voucher data did not contain detailed information to enable us to perform improper payment analysis. Due to these data limitations, we were unable to test a statistically valid sample of improper payments. Consequently, we could not project the magnitude of the improper payments. As shown in table 2, our tests, which consisted of comparing what the travelers claimed on the travel vouchers to charges made to the centrally billed accounts, confirmed that DOD made improper payments to 91 travelers for 123 travel claims containing airline tickets totaling almost $98,000. The 123 improper payments included 109 payments totaling almost $85,000 that were made to 77 travelers who were paid for airline tickets they did not purchase, and 14 payments totaling about $13,000 to 14 travelers in which DOD paid the traveler and the airline for two airline tickets purchased for the same travel. These instances could occur if, for example, the airline did not have a record that the ticket was issued on the centrally billed account when the traveler arrived at the airport, resulting in the traveler having to purchase another ticket. Emergency circumstances, such as weather problems, have also resulted in travelers purchasing another airline ticket even when a ticket was already purchased on the centrally billed account. Because DOD purchased two tickets for the same travel, the centrally billed ticket was typically unused and not refunded. The remaining 32 travelers did not submit improper or potentially fraudulent claims. Table 2: Improper Payments Recovered by DFAS: Total improper payments[A]; Number of Travelers: 91; Number of Payments: 123; Total value of payments: $97,800. Total improper payments[A]: Repayments prior to GAO audit; Number of Travelers: (15); Number of Payments: (17); Total value of payments: ($14,600). Total improper payments[A]: Repayments initiated by GAO audit; Number of Travelers: (46); Number of Payments: (63); Total value of payments: ($42,700). Total recoveries of improper payments[B]; Number of Travelers: 61; Number of Payments: 80; Total value of payments: $57,300. Outstanding improper payments; Number of Travelers: 30; Number of Payments: 43; Total value of payments: $40,500. Source: GAO analysis of DOD documentation. [A] The 123 in improper payments include 14 payments--made to 14 travelers--costing about $13,000 where DOD paid for two airline tickets for the same travel--that is, DOD used the centrally billed account to purchase an airline ticket and the traveler purchased another airline ticket for the same travel, and was reimbursed by DOD. [End of table] Our testing also determined that 15 of the 77 travelers had refunded DOD almost $15,000 for 17 improper payments prior to our audit. Only four travelers notified DFAS--and made restitution--on the improper payments prior to our audit even though typically more than a year had passed since the improper payment. Eleven other travelers made restitution after DFAS detected the overpayments based on postpayment audits DFAS performed--that is, audits it conducted after payments had been made. In addition, on the basis of findings from our audit, DOD collected almost $43,000 from 46 travelers for 63 additional improper airfare payments. As shown in table 2, DOD is in the process of recovering 43 improper payments totaling more than $40,000 that we identified. We referred the 27,000 potentially improper payments to DOD for further review. Further evidence exists that DOD improperly reimbursed travelers for the cost of a substantial number of airline tickets purchased with centrally billed accounts in the portion of DOD's travel and transportation expenses that we did not analyze, either because the data were not provided, or the data were not in the format to allow analysis. For example, the Air Force did not provide data in a format that would help us identify instances in which the Air Force reimbursed travelers for the cost of an airline ticket purchased with a centrally billed account. Our work indicated that the Air Force did not have a uniform policy as to whether a ticket should be charged to the centrally billed accounts as opposed to the individually billed accounts. This could create confusion and expose the Air Force to an even higher risk than the other services, which provided us with usable voucher data of improper payments. While the other military services typically use the centrally billed accounts to purchase airline tickets, Air Force officials told us that the Air Force uses both types of accounts to purchase airline tickets. Further, work performed by the Air Force Audit Agency[Footnote 12] in 2003 on a sample of travel vouchers filed at 40 Air Force locations found that the Air Force inappropriately reimbursed travelers for 142 airline tickets totaling almost $82,000 that were purchased with the centrally billed accounts. The Air Force Audit Agency projected that, "This condition, if not corrected, will result in the Air Force inappropriately reimbursing individuals at least $6.5 million" over the next 6 years. Although the millions of dollars of improper payments account for a very small percentage of DOD travel overall, they nevertheless represented wasted resources in a time of increasing fiscal constraint. Improper Payments Resulted from Inadequate Review of Travel Vouchers, Lack of Adequate Reconciliations, and Inconsistent Policies Over the Use of Centrally Billed Accounts: Transactions and other significant events need to be clearly documented and the documentation should be readily available for examination. Agency internal control should be flexible to allow agencies to tailor control activities to fit their special needs. GAO's Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999). We determined that weaknesses in both the design and execution of DOD's system of internal controls permitted DOD to make these improper payments. We found that DOD relies on the approving official's review of travel vouchers as the key control to prevent travelers from claiming unauthorized expenses--such as airline tickets purchased with a centrally billed account--on a travel voucher. However, we determined that many approving officials did not conduct adequate reviews of the travel vouchers and the supporting documentation before authorizing the vouchers for payment. Many of the airline receipts submitted as supporting documentation for improper claims clearly showed that the airline ticket was purchased using the centrally billed accounts. In these instances, if the approving officials had conducted careful review of the travel vouchers and supporting documentation, the official would have noted that the traveler was not entitled to the travel reimbursement. Further, the reviewing officials should have been knowledgeable about local and component policy that called for the use of centrally billed accounts to purchase the airline tickets that were claimed as a reimbursable expense on the vouchers. In addition, DOD travel and transportation systems do not contain edit checks (system controls) to help detect false claims and prevent improper payments when the first line of defense--the approving official's review of the travel voucher--does not detect the false claims. Specifically, DOD's current travel order, ticket issuance, and travel voucher systems are not integrated, and DOD has not implemented other control procedures to compare key data in the different systems to help detect false claims overlooked in the travel voucher review process. Further, DFAS officials informed us that post audit reviews, which are designed to detect erroneous voucher payments, were not conducted by all of the disbursing centers for the payments being audited. Thus, DOD has not established, or effectively implemented, compensating controls to detect improper payments in instances where the approving officials fail to detect false claims made on a travel voucher. If DOD had designed such a system, DOD would be able to detect instances where the traveler submitted a claim for an airline ticket purchased using a centrally billed account. These weaknesses in the design of internal controls prevented DOD from detecting claims for reimbursement that travelers should not have claimed. The failure of DOD systems to detect and prevent improper payments is exacerbated by the fact that the primary performance measure DOD uses to monitor the effectiveness of the centrally billed account program is whether DFAS pays the Bank of America invoices within 30 days of their receipt. According to DOD officials, DOD has not established a performance measure to monitor the accuracy of payments. For example, DOD does not have a measure to determine whether centrally billed account payments--and the related payments for airline tickets claimed on the travel vouchers--are accurate. DOD officials informed us that the Defense Travel System (DTS), which is currently under development, will include a capability to routinely match travel vouchers to tickets issued through the centrally billed accounts. In 1995, DOD established the DTS program management office to develop DTS as a DOD-wide travel and transportation system that would replace the more than 30 travel systems currently operating within the department. DTS was originally scheduled to be fully operational in 2002, and it was to provide an integrated process of preparing travel orders and making travel arrangements, including airline reservations, and filing and paying travel vouchers. However, according to a 2002 DOD Office of Inspector General report,[Footnote 13] DTS has experienced cost increases and schedule delays. According to the program management office, DTS should be implemented for about 80 percent of DOD personnel by 2006. Key Internal Controls over Issuance and Payment of Airline Tickets Are Inadequate: We found weaknesses in key internal control activities designed to provide DOD reasonable assurance during fiscal years 2001 and 2002 that (1) airline tickets were issued on the basis of valid travel orders and (2) payments were made only for authorized airline tickets. Specifically, DOD did not provide the CTOs with the tools to determine that the travel orders used as a basis for charging airline tickets to the centrally billed accounts were valid--that is, the individuals who signed the travel orders had the authority to do so. In addition, the design of internal controls was not effective in providing assurance that DOD only paid the Bank of America for tickets that were issued on the basis of valid travel orders. Our statistical sampling at five DOD locations confirmed that, lacking effective design of internal controls, these five locations as a whole could not provide assurance that only authorized airline tickets were charged to the centrally billed accounts. Our concerns with these weaknesses in internal controls led us to perform additional work to determine if these control weaknesses could be exploited. The additional work demonstrated that someone with knowledge of the DOD travel system could fraudulently obtain an airline ticket, and have DOD pay for that ticket, with a centrally billed account. DOD Units Issued Airline Tickets Using Centrally Billed Accounts without Verifying Validity of Travel Orders: Transactions and other significant events should be authorized and executed only by persons acting within the scope of their authority. This is the means to provide assurance that only valid transactions to commit resources are initiated and entered into. GAO's Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999). We found that DOD did not design internal controls to provide assurance that airline tickets were issued only on the basis of valid travel orders. Specifically, DOD did not have a policy to provide the CTOs with the tools necessary to determine whether the individuals who signed the travel orders authorizing the CTOs to charge the airline tickets on the centrally billed accounts had the authority to do so. According to DOD's travel regulations, a travel order is valid only after it has been authorized--signed--by an individual, such as a supervisor or resource advisor, who had been delegated the authority to authorize or approve travel. Requiring airline tickets purchased with centrally billed accounts to be issued based on valid travel orders is the first step in preventing DOD from purchasing airline tickets that are not for official government business. However, the CTOs at the locations we visited informed us that DOD had not provided them with a list of approving officials, or these officials' signature cards, to aid in determining the validity of the travel orders. Consequently, the CTOs could not provide assurance that the airline tickets they charged to the centrally billed accounts were authorized. Despite the weakness in design, we performed statistical tests of 96 transactions selected from five DOD locations to determine the extent to which airline tickets charged to the centrally billed accounts during fiscal years 2001 and 2002 were issued on the basis of valid travel orders. Our statistical sample was selected from the population of airline ticket transactions charged to the centrally billed accounts at one Air Force, one Army, one Navy, one Marine Corps, and one Defense Finance and Accounting Service location (for further details on the methodology used to select the units to be tested, see app. I). As shown in table 3, we estimated that the five DOD locations as a whole could not provide assurance that 82 percent of the airline tickets charged to the centrally billed accounts were issued on the basis of valid travel orders. Table 3: Results of Statistical Sampling Tests of Proper Issuance of Airline Tickets: Control test: Travel order not provided; Estimated percentage failure rate [A]: 3. Control test: Travel order was not signed; Estimated percentage failure rate [A]: 9. Control test: Travel order provided and signed, but no delegation of authority was available to support that the travel order was signed by an official with the authority to do so; Estimated percentage failure rate [A]: 70. Control test: Airline ticket not properly issued; Estimated percentage failure rate [A]: 82. Source: GAO analysis of DOD airline ticket transactions and supporting documentation. [A] These are estimates for the population based on our statistical sample. Information about the confidence intervals for our sample estimates is presented in appendix I. [End of table] DOD financial regulations require that individuals be delegated in writing the authority to authorize travel. However, as shown in table 3, the primary reason why the five locations as a whole did not have reasonable assurance that the airline tickets purchased with the centrally billed accounts were for valid government travel was that, although the orders were provided and were signed, the locations could not provide evidence that the individual who approved the travel orders had been delegated the authority to do so. Additionally, we estimate that we did not have reasonable assurance that 3 percent of airline ticket transactions were not properly issued because DOD could not provide us a copy of the travel order authorizing the travel. We also estimate that we did not have reasonable assurance that another 9 percent of airline ticket transactions were not properly issued because the travel order authorizing the issuance of the airline ticket, although provided, was not signed. The results in table 3 can only be projected to the five locations as a whole, and cannot be projected to the entire population of airline tickets charged to the centrally billed accounts. See appendix I for further discussion of the results of our testing. As mentioned, DOD did not design control procedures to validate travel order authenticity before issuing tickets on the centrally billed accounts. The fact that our tests at these locations could not confirm that tickets charged to the centrally billed accounts were supported by travel orders signed by individuals with delegated authority to do so further buttressed our concern that the lack of internal controls might expose DOD to increased risk of fraud and abuse. At least two options exist for DOD to determine that an authorized individual signed the travel order before issuing a ticket using the centrally billed accounts. One method involves using an electronic travel authorization system to restrict travel approval to individuals who are authorized to do so, and prevent travel orders from being approved by individuals who are not. DOD has told us that the Defense Travel System, now under development, has these controls; however, as previously discussed, the system will not be fully operational until fiscal year 2006. In the interim, some DOD locations we visited had implemented electronic travel authorization systems to generate travel orders. However, they did not always have security controls in place to provide assurance that access to these systems was restricted to individuals who had delegation of authority to approve travel orders. For example, a system administrator of one of the systems used by the Marine Corps Reserves to issue travel orders informed us that he sometimes gave approval authority to individuals who requested access through phone calls or e-mail. Without a rigorous process for determining that only individuals who have the proper delegation of authority receive access, the organization did not have assurance that only authorized individuals have access to travel authorization capability. Another method of validating the authenticity of a travel order would be to provide the CTOs copies of, or access to, the delegation of authority to approve travel orders. The CTO could use this list to verify that the approving official had the authority to authorize the travel. Some CTO officials informed us that it would not be practical to validate every travel order prior to issuing the airline tickets because of the number of tickets they issue every day. However, without such capabilities, the CTOs could not determine whether the individual who authorizes the CTO to expend federal funds by charging the airline tickets to the centrally billed accounts had the authority to do so. Obligation Controls Are Not Effective: Even if, as discussed previously, DOD had not designed controls to verify the validity of travel orders before airline tickets are charged to the centrally billed accounts, DOD could have designed effective compensating controls to provide reasonable assurance that it only paid for airline tickets that were issued based on valid travel orders. Such a compensating control would require that DOD determine the validity of travel orders used as a basis to charge airline tickets to the centrally billed accounts prior to paying the Bank of America. However, we estimated that the five locations we tested statistically did not have effective compensating controls to obtain reasonable assurance that the tickets paid for with a centrally billed account were for authorized travel. To provide reasonable assurance that DOD only pays for expenses that have been properly authorized, the Department of Defense appropriations act for fiscal year 1995[Footnote 14] required DOD to develop a plan to match disbursements to corresponding obligations before making payments. Matching payments with corresponding obligations provides assurance that funds are spent in accordance with the purposes and limitations set by Congress, and that fraudulent disbursements or erroneous payments are detected prior to payments. The process of determining whether an obligation exists prior to payments is referred to as prevalidation. DFAS prevalidates airline tickets charged to centrally billed accounts by verifying that an obligation for the travel order that authorized the airline tickets on the Bank of America's invoice had been created in a DOD component's accounting system.[Footnote 15] By verifying that an obligation exists before making payment, the prevalidation process identifies instances where obligations have not been established. DOD officials overseeing the centrally billed credit card program informed us that they rely on prevalidation to be a compensating control because, as mentioned previously, the CTOs do not validate the travel order before charging a ticket to the centrally billed account. If implemented properly, prevalidation would provide DOD reasonable assurance that each airline ticket charged to the centrally billed accounts was authorized by a valid travel order. An effective way of implementing prevalidation is for DOD to determine, prior to paying the Bank of America invoice, whether transactions that fail prevalidation fail because of a clerical or other error, or whether the travel order was not valid. However, the method in which DOD implemented prevalidation decreased its effectiveness in identifying unauthorized and potentially fraudulent airline tickets and preventing payments for these tickets. Specifically, DOD did not require that research be conducted on airline ticket transactions that failed prevalidation. Although some DOD units, such as a number of Navy units, require that DFAS return all airline ticket transactions that failed the prevalidation test to the units that created the travel order so that an obligation can be recorded, this is not a DOD-wide practice. DOD's Financial Management Regulation allows DFAS to record a new obligation, or increase an existing obligation, up to $2,500 for transactions that failed prevalidation if DFAS possesses a valid obligating document. The Financial Management Regulation defines a valid obligating document to include a travel order. However, as discussed previously, the CTOs do not determine the validity of these travel orders, and our testing demonstrated that in about 82 percent of sampled airline ticket transactions there was not evidence available indicating that the approving official had the authority to authorize the travel. Thus, if a traveler provides the CTO a travel order, DFAS does not perform additional work to determine the validity of the travel order. Consequently, DFAS does not have reasonable assurance that the obligation it created based on the travel order the CTO provided was approved by someone who has the authority to authorize the travel. Being aware of this flaw in the design of the prevalidation process, we tested a statistical sample of 96 airline tickets issued at the five locations to determine whether, in the absence of well-designed controls, an obligation existed at the time of prevalidation to confirm that the travel order was a valid order. On the basis of the results of our statistical sampling, we estimate that there is not reasonable assurance in about 48 percent of the airline ticket transactions that an obligation existed at the five locations prior to when the airline tickets were prevalidated for payment. Table 4: Results of Statistical Sampling Tests of Proper Payment of Airline Tickets: Control test: Obligation data not provided; Estimated percentage failure rate [A]: 30. Control test: Obligation data provided, but obligation did not exist at the time of prevalidation; Estimated percentage failure rate [A]: 18. Control test: Airline tickets not properly paid; Estimated percentage failure rate [A]: 48. Source: GAO analysis of DOD airline ticket airline ticket transactions and supporting documentation. [A] These are estimates for the population based on our statistical sample. Information about the confidence intervals for our sample estimates is presented in appendix I. [End of table] As shown in table 4, we estimate that in 30 percent of airline ticket transactions, the five locations--primarily the Army and Air Force-- were not able to provide evidence supporting when the obligations were recorded. Additionally, in an estimated 18 percent of airline ticket transactions, while the date of the recording of the obligation was provided, the obligation was established after the Bank of America invoice was prevalidated. In our statistical sample, we repeatedly requested the military services to provide this evidence over a 6-month period. The results in table 4 can be projected only to the five locations as a whole. They cannot be projected to the entire population of airline tickets charged to the centrally billed accounts, or to each of the five sites individually. Lack of Controls Enabled GAO to Obtain an Airline Tickets Using a Fictitious Travel Order: DOD's failure to verify the validity of travel orders before it issued airline tickets, and that it created obligations to pay for these tickets, increased our concerns that DOD would issue, and pay for, airline tickets on the basis of invalid travel orders. To determine whether these weaknesses could be exploited, we performed additional work to determine whether our concerns were warranted, or whether DOD could detect instances where invalid travel orders were used to obtain airline tickets. To test our concerns, in February 2004, we completed a DOD travel order using fictitious names for the traveler and approving official and had a GAO employee sign the travel order as the approving official using the fictitious name. We then called a CTO assigned to one of the five locations where we performed statistical sample testing and requested the CTO to purchase a round trip airline ticket from Washington, D.C., to Atlanta, Ga. and faxed the fictitious travel order to the CTO. After receipt of the fictitious travel order, the CTO issued the airline ticket and charged it to a centrally billed account. The CTO then notified us that the ticket was issued and on the day of the scheduled flight, we went to the airline's ticket counter at the airport to pick up a boarding pass (see figure 2). Figure 2: Boarding Pass for Airline Ticket Charged to a Centrally Billed Account for Fictitious Traveler: [See PDF for image] [End of figure] Finally, we determined whether DFAS would establish an obligation to pay for the airline ticket we obtained using the fictitious travel order. We obtained and reviewed the documentation used to reconcile the Bank of America invoice containing the airline ticket. This documentation indicated that neither the CTO nor the GTO was aware that the travel order that the CTO used as the basis to charge the airline ticket to the centrally billed account was fictitious. We then obtained and reviewed the documentation used to pay the Bank of America invoice containing the airline ticket in question. That review showed that DFAS recorded an obligation for the fictitious travel order and paid for the airline ticket. The ease with which this could be done and the ineffective controls buttressed our concerns that DOD does not have an adequately designed or effectively implemented internal control structure over travel tickets funded through the centrally billed accounts. Centrally Billed Accounts Were Compromised and Used to Purchase Airline Tickets for Personal Use: An agency must establish physical controls to secure and safeguard vulnerable assets. Examples include security for and limited access to assets such as cash, securities, inventories, and equipment, which might be vulnerable to risk of loss or unauthorized use. Access to resources and records should be limited to authorized individuals, and accountability for their custody and use should be assigned and maintained. GAO's Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999). During fiscal years 2001 and 2002, some centrally billed accounts were compromised and used fraudulently to purchase airline tickets. Fraudulent use of the accounts occurred because many DOD units did not restrict access to the centrally billed account numbers to authorized personnel. Although the accounts were compromised, in many instances, the government incurred no losses because (1) the CTO reconciliation process identified these tickets as being unauthorized and (2) the GTOs disputed and received credit for the unauthorized airline tickets that the CTOs had identified. Timely and consistent filing of disputes is an effective way of detecting fraudulent activities resulting from compromised accounts. However, we found that 5 of 11 DOD units we visited did not file disputes with Bank of America on unauthorized airline ticket transactions throughout fiscal years 2001 and 2002. We found that of the reconciliation: packages[Footnote 16] associated with the 96 statistical sample transactions we tested the 5 DOD locations where we performed statistical sampling did not file disputes for more than 60 airline ticket transactions totaling more than $27,000. Without disputing or researching these apparent unauthorized airline ticket transactions, DOD cannot determine the proper disposition of airline ticket transactions that CTOs identified as unauthorized. Fraudulent Airline Ticket Transactions Resulting from Compromised Accounts: DOD's centrally billed accounts require safeguarding because stolen account numbers can be repeatedly used to fraudulently purchase goods and services. We found that DOD did not adequately safeguard these account numbers from unauthorized access, resulting in instances where the accounts were compromised and used fraudulently to purchase airline tickets. We determined that the centrally billed accounts were compromised, and that unauthorized use had occurred, when individuals who did not work for the CTO--and therefore did not have the authority to charge airline tickets to the centrally billed accounts--used these accounts to purchase airline tickets and other services for personal use. The following examples illustrate this improper use. * Between August 2001 and March 2002, a Navy seaman used the centrally billed account numbers assigned to two Navy GTOs to purchase over 70 unauthorized tickets totaling more than $60,000. More than 70 tickets were detected by the GTO during its reconciliation process, and referred to the Naval Criminal Investigative Service after a GTO official suspected that the account had been compromised. The Naval Criminal Investigative Service (NCIS), which conducted an investigation, believed the seaman obtained the centrally billed accounts printed on his itinerary, called the airlines, and purchased the tickets by giving them the centrally billed account numbers. Some of the airline tickets were obtained for the seaman's personal travel, but in many instances, the tickets were sold at a discounted rate to other Navy personnel and their family members. As a result of the investigation, the seaman admitted culpability, lost all pay, received a dishonorable discharge, and 5 years confinement. The government did not incur losses because the Bank of America reimbursed the government for the fraudulent charges. * Between July 2000 and October 2000, a Marine Corps member (E-4) used the centrally billed account number printed on his itinerary to fraudulently purchase 11 airline tickets and a hotel accommodation totaling $3,360. These airline tickets and hotel accommodation were obtained from priceline.com and expedia.com for this person and three other individuals. The charges were discovered by the CTO and referred to the NCIS by the GTO. According to NCIS, the traveler initially denied culpability to fraudulently using the centrally billed accounts to acquire the airline tickets and hotel accommodation, but later disclosed the names of two coconspirators. The traveler received nonjudicial punishment of garnishing a half-month of his salary and a one-grade reduction to lance corporal. The government did not incur losses because the Bank of America reimbursed the government for the fraudulent charges. A major contributing factor to these instances was that many DOD units did not adequately protect centrally billed account numbers. Of the 11 CTOs we visited to observe control procedures and conduct statistical sampling, 8 printed the centrally billed accounts credit card number used to purchase the airline ticket on the trip itinerary that was given to each traveler along with the airline ticket. In these instances, the CTOs could have safeguarded these accounts by limiting the accounts' identity to the last four digits or simply not printing the account number on the travelers' copy of the itinerary. In fiscal year 2003, some CTOs improved their safeguards of the centrally billed account numbers by printing only the last four digits of the credit account number. However, not all CTOs have implemented this safeguard. We also found that copies of these itineraries were maintained at CTO offices that were accessible to any traveler who required assistance with travel reservations. Further, at the Pentagon, the GTO stored the reconciliation packages in boxes with the centrally billed account numbers prominently written on the outside of the boxes in an office that was not secured. Failure to safeguard centrally billed account numbers creates unnecessary risks that expose the government to fraudulent activities. Some Locations Did Not Dispute Potentially Fraudulent Airline Ticket Transactions: In the above cases, DOD discovered the fraudulent activities and averted losses to the government because the disputes had been promptly filed once the airline tickets were identified as unauthorized charges. For example, in the first case we discussed in the previous section, the GTO official disputed the 70 unauthorized airline tickets on the monthly invoices in which they appeared, and the government did not pay for the unauthorized airline tickets. In addition, because of the pattern that existed concerning how those tickets were ordered, the individual who perpetuated the fraud was identified and disciplined. If the GTO did not file disputes, the GTO would not have documented the series of events that led to the detection of the fraudulent activities. However, we found that a number of locations we visited did not research or file disputes with Bank of America for airline tickets that the commercial travel offices identified as unauthorized charges. Failure to file disputes meant that the GTO could not determine whether the airline ticket transactions were fraudulent, and in essence, the GTO waived opportunities to avoid paying invalid charges. Our observations, inquiries, and statistical testing determined that DOD does not always dispute unauthorized charges. At two offices, GTO officials told us that they did not know how to dispute unauthorized charges. For example, a Marine Corps official at Henderson Hall informed us that he did not know about the dispute process at the time he took over responsibility for reviewing for unauthorized airline ticket transactions. Similarly, the GTO official responsible for reviewing CTO reconciliation at the DFAS office where we conducted statistical sampling informed us that she never received training in the dispute process, and that in fact, she did not know what a dispute form looked like, and did not know where to get one. Five of the 11 locations that we visited did not dispute unauthorized airline ticket transactions identified by CTOs throughout fiscal years 2001 and 2002. Two locations that did not file disputes--the Marine Corps Reserves unit in New Orleans and DFAS office in Indianapolis-- were locations where we conducted statistical sampling. In addition, three other locations where we performed general control testing did not file disputes for unauthorized airline ticket transactions throughout fiscal years 2001 and 2002. The locations that filed disputes could not provide evidence that they did it consistently. For example, while GTO officials at the Navy Reserve unit in New Orleans informed us that they filed disputes for all unauthorized airline ticket transactions, these officials were not able to locate dispute forms for a number of the centrally billed accounts they managed. Similarly, the U.S. Army Service Center at the Pentagon could not provide documentation showing why disputes were not filed for some unauthorized airline ticket transactions. In addition, our review of DOD's reconciliation packages associated with the 96 statistical sample airline transactions found that DOD did not consistently or effectively disputed transactions related to 22 reconciliation packages. In particular, our review showed that DOD did not file, did not have documentation that it filed, or did not track the final disposition of more than 60 airline transactions that the CTOs identified as unauthorized. Table 5 lists some airline transactions charged to the centrally billed accounts that the CTOs identified as unauthorized and for which the GTOs did not dispute or track to their final disposition. Table 5: Airline Ticket Transactions that CTOs Identified as Unauthorized and DOD Either Did Not Dispute or Did Not Track Their Resolution: Location: U.S. Army Service Center; Itinerary: Unknown - not in Bank of America database; Amount: $4,130. Location: Navy Reserves, New Orleans; Itinerary: Colorado Springs to Honolulu to Colorado Springs; Amount: 3,500. Location: Navy Reserves, New Orleans; Itinerary: Riverton, Wyoming to Kansas City, Missouri and return; Amount: 1,220. Source: A comparison between CTO reconciliation packages and Bank of America invoices. [End of table] Without tracking the status of disputed airline transactions and determining the final disposition of disputed airline ticket transactions, DOD had no assurance that provisional credits[Footnote 17] that the Bank of America provided when the GTO disputes an unauthorized charge would not be reversed if the airline claimed that the airline ticket was a valid charge. DOD officials told us that they did not track disputed airline ticket transactions because the Bank of America does not assign a common reference number to each disputed airline ticket transaction and use that reference number for all subsequent correspondence with DOD related to that disputed transaction. Rather, DOD officials stated that because of the volume of disputed airline ticket transactions that exist and the fact that Bank of America assigns a new reference number every time it corresponds with DOD on a disputed transaction, they cannot follow the ultimate disposition of a disputed transaction. Reviewing unauthorized airline ticket transactions, filing disputes for unauthorized charges, and tracking the ultimate disposition of those disputed airline ticket transactions are key steps in detecting fraudulent charges and protecting taxpayer resources. Although some discrepancies can ultimately be traced to tickets actually purchased by DOD, other discrepancies occurred because the centrally billed accounts were compromised and used fraudulently. As the cases we discussed show, filing disputes was an effective means to identify unauthorized charges and ultimately avoid paying for tickets that travelers had obtained using compromised centrally billed accounts. Consequently, without researching and/or filing disputes for unauthorized charges, DOD cannot reduce its financial risk associated with unauthorized charges. Improvements in DOD's Management of Travel Card Programs Provide DOD with Alternatives in Purchasing Airline Tickets: During fiscal years 2002 and 2003, we issued a series of testimonies[Footnote 18] and reports[Footnote 19] that focused on problems that the Army, Navy, and Air Force had in managing the individually billed travel card accounts. These testimonies and reports showed high delinquency rates and significant potential fraud and abuse related to DOD's individually billed travel card program. However, we recently issued a report[Footnote 20] that recognized improvements that DOD has made in the management of the individually billed accounts. These improvements point to the possibility of using this program as the principal means of acquiring tickets, thereby reducing the government's risk of losses arising from the use of centrally billed accounts. In response to our testimonies and reports on the individually billed accounts, Congress took actions in the fiscal year 2003 appropriations and authorization acts[Footnote 21] and the fiscal year 2004 authorization act[Footnote 22] requiring (1) the establishment of guidelines and procedures for disciplinary actions to be taken against cardholders for improper, fraudulent, or abusive use of government travel cards; (2) the denial of government travel cards to individuals who are not creditworthy; (3) split disbursements[Footnote 23] for travel cardholders; and (4) offset of delinquent travel card debt against the pay or retirement benefits of DOD civilian and military employees and retirees. In response, DOD has implemented many of the legislatively mandated improvements--most notably the implementation of split disbursements and salary offsets and the reduction in the number of individuals with access to the travel cards. According to Bank of America, the delinquency rates we noted in our prior reports at the Army, Navy, and Air Force have decreased. For example, the delinquency rate at the Navy had decreased from an average monthly delinquency of about 11 percent during fiscal year 2002 to an average monthly delinquency rate of less than 7 percent in fiscal year 2003. Similarly, during that same period the Army's average monthly delinquency rate decreased from about 14 percent to an average monthly delinquency rate of about 9 percent. Although these rates are still substantially above the Army's and Navy's goal of 4.5 percent, the proper implementation of split disbursements should continue to reduce these delinquency rates. As previously presented in our report on unused airline tickets, the use of a well-controlled individually billed account program as the principal mechanism for acquiring airline tickets will help limit the government's financial exposure. However, the use of the individually billed accounts to acquire airline tickets would only minimize, not eliminate, the necessity of implementing internal controls over the centrally billed account program. DOD would still need to maintain a centrally billed account structure to purchase airline tickets for travelers who have been denied individually billed accounts, infrequent travelers whose individually billed credit cards have been canceled, and new employees who have not yet acquired individually billed accounts. In addition, DOD has taken actions to improve management of its centrally billed account travel program based on the results of our premium class travel and unused airline ticket reports. Specifically, DOD commissioned a task force to establish policies and procedures intended to help prevent improper use of premium class travel. The March 16, 2004, report by the premium class task force contained corrective actions in the areas of policy and controls of travel authorization, ticket issuance, and internal control and oversight to address our findings. According to the report, many of the task force's recommendations have been implemented. In the area of unused tickets, DOD has issued claim letters to five airlines demanding repayment of the over $21 million in unused tickets. Conclusion: DOD did not design effective controls, or effectively implement key existing controls, over the centrally billed component of the travel card program to adequately protect DOD from unauthorized use. We found that DOD's monitoring system for the centrally billed accounts primarily focused on making payments on time--not making timely and accurate payments. In this report, we identified that DOD paid for the same airline tickets twice, purchased airline tickets without adequate knowledge concerning the validity of the request, and did not safeguard account numbers from unauthorized use. Earlier this year, we also reported that DOD did not have adequate controls over the authorization of premium class travel, and allowed millions of dollars to be wasted on airline tickets that were unused and not refunded. These examples demonstrate why DOD financial management is one of our "high-risk" areas, and why DOD is highly vulnerable to fraud, waste, and abuse. DOD has, however, recognized the control weaknesses we have identified in this and previous reports, and has taken actions to address some of these weaknesses. Specifically, DOD has demanded that many of those travelers we identified as receiving improper payment reimburse the government for payments to which they were not entitled, started to better safeguard centrally billed account numbers, and taken action to resolve other control weakness we identified. DOD must build on these improvement initiatives and implement internal controls that can provide reasonable assurance to both DOD senior management and the taxpayers that the billions of dollars in travel expenses paid for with centrally billed accounts is spent prudently. Recommendations for Executive Action: To improve the management of DOD's centrally billed travel card program, we reaffirm a previous recommendation we made for executive action. Specifically, to detect improper claims for tickets travelers did not purchase, and prevent DOD from making improper payments on these invalid claims, we continue to recommend that the Secretary of Defense consider the feasibility of using DOD individually billed accounts as the primary means of obtaining airline tickets for DOD military and civilian personnel. As we previously recommended, DOD should use centrally billed accounts to purchase airline tickets for military and civilian personnel who do not have a DOD individually billed account travel card or who have significant restrictions on their individually billed accounts. In addition, to improve the management of DOD's centrally billed travel card program, we are making the following 11 new recommendations. To obtain reasonable assurance that DOD military and civilian personnel do not improperly request reimbursement for airline tickets purchased with centrally billed accounts and reinforce the seriousness of filing false claims against the government, we recommend that the Secretary of Defense direct the Secretaries of the Army, Navy, and Air Force, as well as the heads of all DOD agencies, to implement the following four recommendations: * Periodically issue guidance to military and civilian personnel reminding them that the cost of airfare expenses purchased with a centrally billed account should not be claimed as a reimbursable expense on travel vouchers, and of the potential penalties for doing so. * Direct the CTOs to mark all airline tickets purchased with a centrally billed account as "non-reimbursable." * Periodically issue guidance to officials responsible for processing travel vouchers instructing them on how to determine if an airline ticket was purchased with a centrally billed account or an individually billed account. * Consider taking disciplinary action against employees who submit or allow the submission of falsely stated travel vouchers, and, if warranted, refer the matter to the U.S. Attorney for further consideration. To recover previous improper payments and identify further improper payments, we recommend that the Secretary of Defense direct the Secretaries of the Army, Navy, and Air Force, as well as the heads of all DOD agencies, to implement the following two actions: * Send collection letters requesting reimbursements to all travelers identified as having been paid for airline tickets they did not purchase, and follow up to ensure that they reimburse the government for the improper payments. * Review the 27,000 instances of potential improper payments that we referred to in this report and determine whether DOD improperly paid those travelers for airline tickets purchased with the centrally billed account. If DOD made improper payments, take actions necessary to recover the costs of the airline tickets. To provide DOD with reasonable assurance that airline tickets purchased with a DOD centrally billed account are for properly authorized official DOD business, we recommend that the Secretary of Defense direct the Secretaries of the Army, Navy, and Air Force, as well as the heads of all DOD agencies, to implement the following three recommendations: * Determine the feasibility of establishing control procedures to validate the authenticity of travel orders prior to issuing airline tickets purchased with a centrally billed account. Examples of how to validate the authenticity of travel orders include the following: * An electronic travel authorization process that limits approval of travel orders to designated officials. This could be accomplished by implementing the Defense Travel System across DOD, provided that DTS contains functionality to enable only designated authorizing officials to approve travel orders. * A paper travel authorization process that is augmented by a system that provides the CTO with the capability to determine that the individual who approved a travel order can authorize the traveler to travel. * Instruct the CTO that it can use a centrally billed account to purchase airline tickets only if the CTO can obtain reasonable assurance that the travel order was properly authorized. If the CTO cannot obtain such reasonable assurance, the CTO should direct the traveler to purchase the ticket with his or her DOD individually billed account travel card. * Consider the feasibility of prohibiting DFAS from establishing an obligation for airline tickets purchased with centrally billed accounts that failed DFAS' prevalidation process without obtaining positive confirmation that an obligation should be established from the unit that authorized the travel. To prevent DOD's centrally billed account numbers from being compromised and help detect instances where they were, we recommend that the Secretary of Defense direct the Secretaries of the Army, Navy, and Air Force, as well as the heads of all DOD agencies, to implement the following two recommendations: * Direct CTOs to stop printing the centrally billed account number in its entirety on travel itineraries and any other documents that are accessible by individuals who do not need to know the account number. * Establish procedures to ensure that all airline ticket transactions identified as discrepancies by the CTOs are properly disputed, including performing any necessary follow-up actions to ensure that DOD receives appropriate credits. Agency Comments and Our Evaluation: In written comments on a draft of this report, which are reprinted in appendix II, DOD concurred with all 11 of our recommendations and stated that it had taken actions or will take actions to address these recommendations. On the basis of DOD's comment that most tickets are issued electronically, we modified our recommendation concerning marking airline tickets as "non-reimbursable" to instead mark itineraries for which the tickets were purchased with centrally billed accounts as "non-reimbursable." With respect to actions already taken, DOD has collected, or is in the process of collecting, reimbursements from travelers identified as having been reimbursed for airline tickets they did not purchase. With respect to actions under way, DOD is renegotiating contracts with the commercial travel offices to include a statement on the travelers' itineraries to indicate whether an airline ticket was purchased using the centrally billed account or the individually billed account and to stop printing the entire centrally billed account numbers on the travelers' itineraries. As agreed with your offices, unless you announce the contents of this report earlier, we will not distribute it until 30 days from its date. At that time, we will send copies to the Secretary of Defense; the Under Secretary of Defense, Comptroller; the Secretary of the Army; the Secretary of the Navy; the Secretary of the Air Force; the Director of DFAS, and interested congressional committees. We will make copies available to others upon request. In addition, the report will be available at no charge on the GAO Web site at [Hyperlink, http://www.gao.gov]. Please contact Gregory D. Kutz at (202) 512-9505 or [Hyperlink, kutzg@gao.gov], John J. Ryan at (202) 512-9587 or [Hyperlink, ryanj@gao.gov], John V. Kelly at (202) 512-6926 or [Hyperlink, kellyj@gao.gov], or Tuyet-Quan Thai at (206) 287-4889 or [Hyperlink, thait@gao.gov] if you or your staffs have any questions concerning this report. Major contributors to this report are acknowledged in appendix III. Signed by: Gregory D. Kutz, Director, Financial Management and Assurance: Signed by: Robert J. Cramer, Director Office of Special Investigations: [End of section] Appendixes: Appendix I: Objectives, Scope, and Methodology: Pursuant to a joint request by the Chairman and Ranking Minority Member of the Permanent Subcommittee on Investigations, Committee on Governmental Affairs, United States Senate; the Chairman of the Senate Committee on Finance; and Representative Schakowsky, we audited the controls over the Department of Defense's (DOD) centrally billed accounts. Our assessment covered the following: * whether DOD improperly reimbursed travelers for the cost of airline tickets paid using centrally billed accounts, * whether internal controls were effective to prevent the CTO from issuing unauthorized airline tickets on the basis of invalid travel orders, and: * whether other control weaknesses led to the centrally billed accounts being compromised and fraudulently used. Determine Whether DOD Improperly Reimbursed Travelers for Tickets DOD Purchased Using the Centrally Billed Accounts: To determine whether DOD improperly reimbursed travelers for airline tickets that DOD--not the travelers--paid for using the centrally billed accounts, we reviewed prior audit reports from DOD's Office of Inspector General and DOD's various audit agencies and interviewed DFAS officials. We also obtained from Bank of America databases of fiscal years 2001 and 2002 airline ticket transactions charged to DOD's centrally billed travel card accounts. The databases contained transaction-specific information, including ticket fare, ticket number, name of passenger, date and destination of travel, and number of travel segments in each ticket. We also requested that the services provide us with databases containing travel voucher data in sufficient detail, broken down by the type of expense, such as per diem, transportation expense, and other miscellaneous expense. To identify the pool of potential improper payments we compared the transportation expense data obtained from the services' voucher data to the Bank of America's data on airline tickets purchased using the centrally billed accounts to identify instances where DOD might have made improper reimbursements to the travelers for airline tickets they did not purchase. Then to confirm whether the payments were improper we tested a nonrepresentative selection of 124 travelers from the Army, Marine Corps, and Navy who submitted 204 travel vouchers. The 124 travelers were selected primarily based on the amount of the potential improper payments and the frequency with which the travelers submitted potential improper payments. We were not able to select a statistical sample of potential duplicate payments because of the limitations in the data DOD provided us. These limitations also prevented us from identifying all potential improper payments or to estimate their magnitude. Specifically, although the Army, Navy, and Marine Corps provided us with travel voucher data, weaknesses in DOD's financial management systems mean that these services cannot provide assurance that the travel voucher data they provided us contain complete data on fiscal years 2001 and 2002 vouchers. Further, we were not able to obtain assurance that the services accurately coded all airfare payments claimed on the travel vouchers as transportation expenses and not as other miscellaneous expenses. Finally, the Air Force did not provide us with data in the format we requested. Consequently, we were unable to analyze Air Force data. Evaluate Effectiveness of Internal Controls Over Airline Ticket Issuance: To assess whether internal controls were effective to prevent the CTO from issuing unauthorized airline tickets on the basis of invalid travel orders, we obtained an understanding of the travel process by reviewing DOD's financial and travel regulations. We visited two Army units, three Navy units, three Air Force units, and two Marine Corps units to confirm our understanding of the travel process. We also interviewed DOD officials at the GTOs and representatives of the CTOs to obtain an understanding of the process used to issue tickets, perform reconciliation between Bank of America invoices and CTO's records, file disputes, and make payments to Bank of America for the centrally billed account invoices. We tested a statistical sample of 96 airline ticket transactions to determine whether (1) the CTO issued airline tickets only on the basis of valid travel orders and (2) DOD paid for airline tickets on the basis of valid travel orders. The population from which we selected our airline ticket transactions for testing was the set of airline ticket transactions charged to the centrally billed accounts at five locations during fiscal years 2001 and 2002. The five locations comprise one Air Force, one Army, one Marine Corps, one Navy, and one DFAS location. The locations were selected based on the number and amount of airline tickets charged to the centrally billed account activities. Because our objective was to test controls over airline ticket purchases, we excluded credits and miscellaneous debits (such as fees) from the population of airline ticket transactions. For each transaction sampled, we requested that DOD provide us with the travel order, travel voucher, travel itinerary, delegation of authority to approve travel order, obligation document, reconciliation package, and other related supporting documentation. Based on the information DOD provided, we assessed whether the travel order was signed by the properly designated official before an airline ticket was issued on the travel order, and whether an obligation was created for the airline ticket in the services' accounting system before the Bank of America invoice was prevalidated. For those transactions for which DOD was unable to provide us with supporting documentation to demonstrate that the travel order was approved by a properly designated authorizing official, or that an obligation existed, we considered the transaction to have failed the proper issuance or proper payment test, respectively. The results of the samples of these control attributes can be projected to the population of airline ticket transactions at these five locations, but not to individual services or locations, or to DOD as a whole. With this statistically valid probability sample, each transaction in the population had a nonzero probability of being included, and that probability could be computed for any transaction. Each sample element was subsequently weighted in the analysis to account statistically for all the airline ticket transactions in the population, including those that were not selected. Because we followed a probability procedure based on random selections, our sample was only one of a large number of samples that we might have drawn. Since each sample could have provided different estimates, we express our confidence in the precision of our particular sample's estimates as 95 percent confidence intervals (e.g., plus or minus 7 percentage points). These are intervals that would contain the actual population value for 95 percent of the samples we could have drawn. As a result, we are 95 percent confident that each of the confidence intervals in this report will include the true values in the study population. All percentage estimates from the sample of airline transactions charged to the centrally billed accounts have sampling errors (confidence interval widths) of plus or minus 10 percentage points or less. Table 6 summarizes the results of our testing. Table 6: Estimated Failure Rates for Control Tests for Fiscal Year 2001 and 2002 Airline Ticket Transactions: Key purchase card control: Travel order provided and signed by a properly authorized approving official; Point estimate[A]: 82%. Key purchase card control: Obligation data provided and obligation existed for airline tickets prior to prevalidation of Bank of America invoice; Point estimate[A]: 48%. Source: GAO analysis of DOD documentation. [A] These are point estimates for the populations based on our statistical sample. [End of table] Because of the potential impact of a weak internal control process, we conducted additional investigative work to determine the significance of those control weaknesses. Specifically, we designed a test to determine if someone who did not work for DOD could obtain an airline ticket from a CTO using on a fictitious travel order and without entering a DOD facility. We also wanted to test whether DOD would authorize payment for an airline ticket requested in this manner. To perform this test, we completed a DOD travel order using fictitious names for the traveler and approving official. We then called a DOD CTO from a telephone not associated with a government facility requesting a round trip airline ticket from Washington, D.C., to Atlanta, Ga., and faxed the CTO the travel order we generated. Several days before our scheduled travel the CTO notified us that the ticket had been issued. On the day of the scheduled flight, we went to the airline's ticket counter at the airport to pick up a boarding pass. We then obtained and reviewed the CTO's reconciliation for the Bank of America invoice containing the ticket and DFAS payment records to determine whether an obligation was recorded. We also monitored the centrally billed account to determine whether a credit was issued for the unused portion of the airline ticket we requested. Other Control Weaknesses: To assess whether other control weaknesses contributed to the centrally billed accounts being compromised and fraudulently used, we obtained an understanding of the safeguards over the centrally billed accounts and the process used to dispute airline ticket transactions that the CTOs identified as being unauthorized at the 11 locations we visited. We data mined centrally billed accounts data provided by Bank of America for airline ticket transactions that could be potentially fraudulent. We asked DOD to provide us with supporting documentation and explanations on the potentially fraudulent airline ticket transactions. We also reviewed the reconciliation packages associated with the 96 statistical sample transactions we tested to determine whether DOD properly filed disputes for airline ticket transactions the CTOs identified as being unauthorized. We briefed DOD managers, including DOD officials in the Office of the Under Secretary of Defense (Comptroller), DFAS, and the Office of the Inspector General; Army officials in the Office of Deputy Chief of Staff for Logistics; Navy officials in the Office of the Assistant Secretary of the Navy for Financial Management and Comptroller; Air Force officials in the Office of the Deputy Chief of Staff for Installations and Logistics; and Marine Corps officials in the Office of Deputy Chief of Staff for Installations and Logistics concerning the results of our work. On April 19, 2004, we requested comments on a draft of this report from the Secretary of Defense or his designee. We conducted our audit work from June 2003 through May 2004 in accordance with U.S. generally accepted government auditing standards. [End of section] Appendix II: Comments from the Department of Defense: UNDER SECRETARY OF DEFENSE 1100 DEFENSE PENTAGON WASHINGTON, DC 20301-1100: COMPTROLLER: Mr. Gregory D. Kutz: Director: Financial Management and Assurance: U.S. General Accounting Office Washington, DC 20548: Dear Mr. Kutz: This is the Department of Defense (DoD) response to the General Accounting Office (GAO) Draft Report, "DoD Travel Cards: Control Weaknesses Resulted in Millions of Dollars of Improper Payments," dated April 19, 2004, (GAO Code 192119/GAO-04-576). The DoD concurs with the 11 recommendations in the draft report and is already taking action to correct the noted deficiencies. The Department appreciates the opportunity to comment on the draft report. My staff point of contact is Ms. Barbara Rice. She may be reached by email at barbara.rice@osd.mil or by telephone at (703) 697- 3192. Sincerely, Signed by: Lawrence J. Lanzillotta, Acting: Enclosure: As stated: GAO DRAFT REPORT DATED APRIL 19, 2004 GAO-04-576 (GAO CODE 192119): "DOD TRAVEL CARDS: CONTROL WEAKNESSES RESULTED IN MILLIONS OF DOLLARS OF IMPROPER PAYMENTS": DEPARTMENT OF DEFENSE COMMENTS TO THE GAO RECOMMENDATIONS: RECOMMENDATION 1: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy, and Air Force as well as the heads of all DoD agencies to periodically issue guidance to military and civilian personnel reminding them that the cost of airfare expenses purchased with a centrally billed account should not be claimed as a reimbursable expense on travel vouchers, and of the potential penalties for doing so. (p. 36/GAO Draft Report): DOD RESPONSE: Concur. The Comptroller will issue guidance to the Secretaries of the Army, Navy, and Air Force as well as heads of all DoD agencies to remind their military and civilian personnel to not claim centrally billed account (CBA) purchases on travel vouchers and to return unused airline tickets to their activities. A system modification to the Defense Travel System (DTS) has been generated to notify the traveler that the cost of air and rail tickets is not reimbursable to the individual if the tickets were paid for using the CBA. Expected completion date is May 31, 2004. RECOMMENDATION 2: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy, and Air Force as well as the heads of all DoD agencies to direct the CTOs to mark all airline tickets purchased with a centrally billed account as "non- reimbursable." (p. 37/Draft Report): DOD RESPONSE: Partially concur. The DoD believes that marking all airline tickets purchased with a centrally billed account as 'non- reimbursable' is not feasible. The ticketing by the CTO occurs at the beginning or midway in the travel process. The reminder of 'non- reimbursement' should be accomplished prior to submission of the traveler's settlement. In today's environment, the majority of airline tickets are e-tickets vice paper tickets. On occasions where a paper ticket is issued, the traveler's ticket is exchanged for a boarding pass. Additionally, the CTOs can not exercise control over what data and information the airline-specific reservation system imprints on a paper ticket. A memorandum from the Acting Under Secretary of Defense (Acquisition, Technology, and Logistics) (USD (AT&L)) will be distributed by May 31, 2004, to the Secretaries of the Army, Navy, and Air Force as well as the heads of DoD agencies to require CTOs to include a statement on travelers' itineraries to indicate whether the ticket was purchased using a CBA or individually billed account (IBA). The target completion date is August 15, 2004, but it is possible that some CTO contract modifications could take longer. The contract modifications for CTOs servicing activities using DTS will be in two phases. The first phase of the contract modifications for CTOs servicing activities will be the DTS Small Business CTO solicitation. This is planned for award during the fourth quarter of fiscal year (FY) 2004 with implementation beginning first quarter FY 2005. The second phase is the award of the DTS Worldwide solicitations and is planned to follow during second quarter of FY 2005. RECOMMENDATION 3: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy, and Air Force as well as the heads of all DoD agencies to periodically issue guidance to DFAS officials responsible for processing travel vouchers instructing them on how to determine if an airline ticket was purchased with a centrally billed account or an individually billed account. (p. 37/Draft Report): DOD RESPONSE: Concur. The Defense Finance and Accounting Service (DFAS) processes travel vouchers for the majority of the Army and Defense Agencies and is evaluating options to identify airline tickets purchased on the CBA or an IBA. A collaborative approach is being evaluated for those Military Components where travel claims are approved and reimbursements are calculated by that Component. It is anticipated that the evaluation for all Components will be completed by October 31, 2004. RECOMMENDATION 4: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy, and Air Force as well as the heads of all DoD agencies to consider taking disciplinary action against employees who submit or allow the submission of falsely stated travel vouchers, and, if warranted, refer to the U.S. Attorney for further consideration. (p. 37/Draft Report): DOD RESPONSE: Concur. Employees are already subject to appropriate disciplinary or administrative actions in cases of fraud against the Government. This includes referral for criminal prosecution either under the Uniform Code of Military Justice, in the case of military personnel, or to the appropriate United States Attorney for prosecution, in the case of civilian personnel. Commanders and supervisors are expected to be aware of these remedies in cases of fraud against the government committed by military personnel or civilian employees. It is also expected that commanders and supervisors would take appropriate disciplinary or administrative action in cases of demonstrable fraud. The Department will evaluate whether it is necessary to remind commanders and supervisors of the procedures that already exist to impose administrative or disciplinary action in cases of submission of fraudulent travel vouchers. Estimated completion date is September 30, 2004. RECOMMENDATION 5: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy, and Air Force as well as the heads of all DoD agencies to send collection letters requesting reimbursements to all travelers identified as having been paid for airline tickets they did not purchase, and follow-up to ensure that they reimburse the government for the improper payments. (p. 37/Draft Report): DOD RESPONSE: Concur. The Defense Finance and Accounting Service (DFAS), Travel Card Program Management Office (TCPMO), in conjunction with the Military Components and Defense Agencies, is sending collection letters to travelers identified as having been reimbursed for airline tickets they did not purchase. The DFAS will continuously follow-up to ensure that the government is reimbursed for the improper payments. RECOMMENDATION 6: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy and Air Force as well as the heads of all DoD agencies to review the 27,000 instances of potential improper payments that the GAO referred to in this report and determine whether DoD improperly paid those travelers for airline tickets purchased with the centrally billed account. If DoD made improper payments, the GAO recommended taking actions as necessary to recover the costs of the airline tickets. (p. 37/Draft Report): DOD RESPONSE: Concur. The DFAS TCPMO has coordinated with the GAO to receive information concerning the 27,000 transactions and will disseminate it to the respective components/agencies for review and collection of improper payments. The estimated completion date is December 31, 2004. RECOMMENDATION 7: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy and Air Force as well as the heads of all DoD agencies to determine the feasibility of establishing control procedures to validate the authenticity of travel orders prior to issuing airline tickets with a centrally billed account. (p. 38/ Draft Report): DOD RESPONSE: Concur. The DTS is currently deployed and operational at over 2000 sites. Full operating capability is expected to be achieved in FY 2006. DTS provides automated certification that requires electronic authenticity of travel orders by specific approving officials. For those components not currently using DTS, a memorandum from the Acting USD (AT&L) will be distributed by May 31, 2004, to the Secretaries of the Army, Navy, and Air Force as well as the heads of DoD agencies to establish a collaborative effort to evaluate the feasibility of establishing control procedures to validate the authenticity of travel orders prior to issuing airline tickets with a centrally billed account. If non-DTS control procedures are deemed to be feasible, specific procedures will be identified, developed, and promulgated with a target completion date of August 15, 2004. RECOMMENDATION 8: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy, and Air Force as well as the heads of all DoD agencies to instruct the CTO that it can use a centrally billed account to purchase airline tickets only if the CTO can obtain reasonable assurance that the travel order was properly authorized. If the CTO cannot obtain such reasonable assurance, the GAO recommends the CTO direct the traveler to purchase the ticket with his or her DoD individually billed account travel card. (p. 38/Draft Report): DOD RESPONSE: Concur. The DoD agrees that instructions should be provided to the CTOs to use CBAs only if reasonable assurance can be obtained that the travel order is properly authorized. The Department will evaluate the alternatives available for the CTOs to ensure travel orders are properly authorized and to the extent possible implement procedures until such time DTS is fully deployed. This will be undertaken in conjunction with the effort described in the response to Recommendation 7; therefore the estimated completion date to determine feasibility and to identify methods of assurance is August 15, 2004. The CTO contract modifications, if required, could take longer. Once DTS is fully deployed, it will generate authorizations that are digitally authenticated and are in full compliance of DoD policies and guidelines. The CTO will have complete assurance that these authorizations may be used for payment of travel services under a centrally billed account, or an individually billed account, as applicable. Full operating capability of DTS is expected to be achieved in FY 2006. RECOMMENDATION 9: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy, and Air Force as well as the heads of all DoD agencies to consider the feasibility of prohibiting DFAS from establishing an obligation for airline tickets purchased with centrally billed accounts that fail DFAS' prevalidation process without obtaining positive confirmation that an obligation should be established from the unit that authorized the travel. (p. 38/Draft Report): DOD RESPONSE: Concur. The DFAS will study the feasibility of prohibiting the establishment of an obligation for airline tickets purchased with centrally billed accounts that failed DFAS' prevalidation process without obtaining positive confirmation that an obligation should be established from the unit that authorized the travel. This must be viewed in the scope of the Prompt Pay Act to ensure that increases in interest payments are not the unintended result. The estimated completion date is December 31, 2004. RECOMMENDATION 10: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy, and Air Force as well as the heads of all DoD agencies to direct CTOs to stop printing the centrally billed account number in its entirety on travel itineraries and any other documents that are accessible by individuals who do not need to know the account number. (p. 39/Draft Report): DOD RESPONSE: Concur. Discussions and CTO contract modifications are underway to ensure that CTOs do not print centrally billed account numbers on travel itineraries or other documents. In addition, a memorandum from the Acting USD(AT&L) directing this will be distributed to the Secretaries of the Army, Navy, and Air Force, and to the heads of Defense agencies by May 31, 2004. Implementation dates will vary depending on difficulty of negotiating CTO contract modifications. The DTS Small Business CTO solicitation is planned for award during the fourth quarter of FY 2004 with implementation beginning first quarter FY 2005. The award of the DTS Worldwide solicitations are planned to follow during second quarter of FY 2005. RECOMMENDATION 11: The GAO recommended that the Secretary of Defense direct the Secretaries of Army, Navy, and Air Force as well as the heads of all DoD agencies to establish procedures to ensure that all airline ticket transactions identified as discrepancies by the CTOs are properly disputed, including performing any necessary follow-up actions to assure that DoD receives appropriate credits. (p. 39/Draft Report): DOD RESPONSE: Concur. A memorandum from the Acting (USD(AT&L) emphasizing the procedures to ensure that all airline ticket transactions identified as discrepancies by the CTOs are properly disputed and follow-up actions are performed will be distributed to the Secretaries of the Army, Navy, and Air Force, and to the heads of Defense agencies by May 31, 2004. The Department has notified employees through comments on their leave and earnings statement of their responsibilities to return unused airline tickets to their activities and will be publishing an update to the Department of Defense Financial Management Regulation (DoDFMR), Volume 9. The estimated completion date is September 30, 2004. Additionally, the DTS CBA reconciliation module includes the capability to match travel vouchers to tickets. This reconciliation module is currently being tested operationally at certain pilot sites, with an anticipated release for deployment in the fourth quarter of FY 2004. It should be noted that this capability is applicable only if DTS is used end-to-end (i.e. tickets are obtained through DTS and the DTS CBA reconciliation module is used to certify payment). The goal is for all DoD entities to be using this DTS capability by FY 2006. [End of section] Appendix III: GAO Contacts and Staff Acknowledgments: GAO Contacts: John V. Kelly, (202) 512-6926 Quan Thai, (206) 287-4889: Acknowledgments: Staff making key contributions to this report were Beverly Burke, Matthew Brown, Francine DelVecchio, Aaron Holling, Jeffrey Jacobson, Barbara Lewis, Julie Matta, Kristen Plungas, John Ryan, and Sidney H. Schwartz. (192119): FOOTNOTES [1] U.S. General Accounting Office, Travel Cards: Control Weaknesses Leave Army Vulnerable to Potential Fraud and Abuse, GAO-02-863T (Washington, D.C.: July 17, 2002), and Travel Cards: Control Weaknesses Leave Navy Vulnerable to Fraud and Abuse, GAO-03-148T (Washington, D.C.: Oct. 8, 2002). [2] U.S. General Accounting Office, Travel Cards: Control Weaknesses Leave Army Vulnerable to Potential Fraud and Abuse, GAO-03-169 (Washington, D.C.: Oct. 11, 2002); Travel Cards: Control Weaknesses Leave Navy Vulnerable to Fraud and Abuse, GAO-03-147 (Washington, D.C.: Dec. 23, 2002); and Travel Cards: Air Force Management Focus Has Reduced Delinquencies, but Improvements in Controls Are Needed, GAO-03- 298 (Washington, D.C.: Dec. 20, 2002). [3] U.S. General Accounting Office, Travel Cards: Internal Control Weaknesses at DOD Led to Improper Use of First and Business Class Travel, GAO-04-88 (Washington, D.C.: Oct. 24, 2003) and Travel Cards: Internal Control Weaknesses at DOD Led to Improper Use of First and Business Class Travel, GAO-04-229T (Washington, D.C.: Nov. 6, 2003). [4] U.S. General Accounting Office, DOD Travel Cards: Control Weaknesses Led to Millions of Dollars Wasted on Unused Airline Tickets, GAO-04-398 (Washington, D.C.: Mar. 31, 2004). [5] U.S. General Accounting Office, High-Risk Series: An Overview, GAO/ HR-95-1 (Washington, D.C.: February 1995), and High-Risk Series: An Update, GAO-03-119 (Washington, D.C.: January 2003). [6] The centrally billed account program consists of two components: transportation cards and unit cards. Centrally billed account transportation cards are used to purchase transportation, such as airline and train tickets, and account for about 97 percent of the money spent with centrally billed accounts. Centrally billed account unit cards are used to pay for different types of travel expenses, including hotels and meals, and account for less than 3 percent of money spent with centrally billed accounts. Because DOD did not spend much money with unit cards, we did not specifically review the internal controls over the unit cards. [7] GAO-04-398. [8] GAO-04-398. [9] The Air Force is an exception to this general rule. The Air Force uses both centrally billed and individually billed accounts for purchasing airline transportation. [10] The amount and type of obligation that DFAS can create also depends on its agreement with each service. [11] Of the roughly $10.8 billion in travel and transportation expenses incurred by DOD in fiscal years 2001 and 2002, about $2.8 billion were for charges to centrally billed accounts. The remaining $8.0 billion was for airline and other transportation expenses such as hotels, per diem, car rentals, and other miscellaneous expenses that many travelers would have charged to their individually billed accounts, or, if they did not have individually billed accounts, paid using other means. [12] Air Force Audit Agency, Centrally Billed Accounts for Travel, F2003-0003-FB1000 (Washington, D.C., Apr. 24, 2003). [13] U.S. Department of Defense, Office of the Inspector General, Allegations to the Defense Hotline on the Management of the Defense Travel System, Report No. D-2002-124 (Arlington, Va.: July 1, 2002). [14] Department of Defense Appropriations Act, 1995, Pub. L. No. 103- 335, �8137, 108 Stat. 2599, 2654 (Sept. 30, 1994). [15] DOD's financial regulations require that DOD components record an obligation within 10 days of an obligation having been incurred. [16] Upon receipt of the Bank of America invoice, the CTO reconciles ticket charges on the invoice to records of tickets they issued. To test whether DOD filed disputes for all transactions that should be disputed, we reviewed the reconciliation packages associated with the 96 statistical sample transactions. [17] Upon receipt of a disputed transaction, the Bank of America issues a provisional credit while it researches the merits of the dispute. Depending on the results of the research, the Bank of America reverses the provisional credit and either provides a refund or affirms the original charge. [18] GAO-02-863T and GAO-03-148T. [19] GAO-03-169, GAO-03-147, and GAO-03-298. [20] U.S. General Accounting Office, DOD Travel Cards: Control Weaknesses Led to Millions of Dollars Wasted on Unused Airline Tickets, GAO-04-398 (Washington, D.C.: Mar. 31, 2004). [21] Department of Defense Appropriations Act, 2003, Pub. L. No. 107- 248, 116 Stat. 1519 (2002), and the Bob Stump National Defense Authorization Act for Fiscal Year 2003, Pub. L. No. 107-314, 116 Stat. 2458 (2002). [22] National Defense Authorization Act for Fiscal Year 2004, Pub. L. No. 108-136, 117 Stat. 1392 (2003). [23] Split disbursement is a process in which DOD pays the travel-card- issuing bank directly for charges incurred on the travel card and claimed on the travel voucher. Additional money owed to the traveler is deposited directly into the traveler's bank account. Split disbursements are mandatory for all military and civilian personnel. See the National Defense Authorization Act for Fiscal Year 2004, Pub. L. No. 108-136, � 1009, 117 Stat. 1392, 1587 (2003), 10 U.S.C. � 2784a. GAO's Mission: The General Accounting Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: