Improper Payments
Significant Improvements Needed in DOD's Efforts to Address Improper Payment and Recovery Auditing Requirements Gao ID: GAO-09-442 July 29, 2009The Department of Defense (DOD) is required, as are other federal executive agencies, to report improper payment information under the Improper Payments Information Act of 2002 (IPIA) and recovery auditing information under section 831 of the National Defense Authorization Act for Fiscal Year 2002, commonly known as the Recovery Auditing Act. The DOD Office of Inspector General has previously reported deficiencies at DOD related to these acts and GAO's prior work on DOD's reporting of its fiscal year 2006 travel improper payments estimate also identified shortcomings. Because of these and other long-standing weaknesses, the subcommittee asked GAO to examine DOD's fiscal year 2007 improper payment and recovery audit reporting to determine whether adequate processes existed to address both statutory requirements. To complete this work, GAO reviewed DOD's annual reports, conducted site visits, and met with cognizant DOD officials.
DOD's process for addressing IPIA requirements had significant weaknesses. For example, as shown in the figure below, DOD did not conduct risk assessments for all of its payment activities as $322 billion in agency outlays were excluded from the amounts assessed. For those payment activities reviewed, DOD assessed the risk of improper payments occurring as low despite the department's long-standing financial management weaknesses and could not provide documentation supporting the methodologies used and the final risk level. GAO also found that DOD did not estimate improper payments for commercial pay under IPIA requirements, its largest payment activity. Further, the Office of the Comptroller's oversight and monitoring activities were inadequate because they did not include verifying the accuracy and completeness of the information in the agency's financial report (AFR). In addition to not estimating improper payments for commercial pay, DOD's processes for identifying and recovering commercial overpayments were inadequate, because they were not designed for this purpose as required by the Recovery Auditing Act. For example, GAO found that contract closeout processes were designed to ensure that applicable administrative actions had been completed (e.g., all classified documents were disposed of) and not to specifically identify contract overpayments. DOD also lacked detailed guidance on how to conduct a recovery audit program and did not fully address the recovery auditing reporting requirements in its AFR, such as disclosing the total cost associated with its recovery auditing activities. The Office of the Comptroller also did not verify the accuracy and completeness of the recovery audit information in the AFR, which resulted in $20.5 billion being excluded from its universe of commercial payments. DOD stated that its processes were sufficient to address the requirements of both acts, but since then has taken some actions, such as updating relevant guidance. Until these critical deficiencies are addressed, DOD will be unable to determine the extent to which improper payments exist and are subsequently recovered.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-09-442, Improper Payments: Significant Improvements Needed in DOD's Efforts to Address Improper Payment and Recovery Auditing Requirements
This is the accessible text file for GAO report number GAO-09-442
entitled 'Improper Payments: Significant Improvements Needed in DOD's
Efforts to Address Improper Payment and Recovery Auditing Requirements'
which was released on July 30, 2009.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Congressional Requesters:
United States Government Accountability Office:
GAO:
July 2009:
Improper Payments:
Significant Improvements Needed in DOD's Efforts to Address Improper
Payment and Recovery Auditing Requirements:
GAO-09-442:
GAO Highlights:
Highlights of GAO-09-442, a report to congressional requesters.
Why GAO Did This Study:
The Department of Defense (DOD) is required, as are other federal
executive agencies, to report improper payment information under the
Improper Payments Information Act of 2002 (IPIA) and recovery auditing
information under section 831 of the National Defense Authorization Act
for Fiscal Year 2002, commonly known as the Recovery Auditing Act. The
DOD Office of Inspector General has previously reported deficiencies at
DOD related to these acts and GAO‘s prior work on DOD‘s reporting of
its fiscal year 2006 travel improper payments estimate also identified
shortcomings. Because of these and other long-standing weaknesses, the
subcommittee asked GAO to examine DOD‘s fiscal year 2007 improper
payment and recovery audit reporting to determine whether adequate
processes existed to address both statutory requirements. To complete
this work, GAO reviewed DOD‘s annual reports, conducted site visits,
and met with cognizant DOD officials.
What GAO Found:
DOD‘s process for addressing IPIA requirements had significant
weaknesses. For example, as shown in the figure below, DOD did not
conduct risk assessments for all of its payment activities as $322
billion in agency outlays were excluded from the amounts assessed. For
those payment activities reviewed, DOD assessed the risk of improper
payments occurring as low despite the department‘s long-standing
financial management weaknesses and could not provide documentation
supporting the methodologies used and the final risk level. GAO also
found that DOD did not estimate improper payments for commercial pay
under IPIA requirements, its largest payment activity. Further, the
Office of the Comptroller‘s oversight and monitoring activities were
inadequate because they did not include verifying the accuracy and
completeness of the information in the agency‘s financial report (AFR).
Figure: DOD's Fiscal Year 2007 Payment Population Subjected to the Risk
Assessment and Estimation Processes under IPIA:
[Refer to PDF for image: horizontal bar graph]
Agency outlays: $815 billion;
Risk assessments done: $493 billion;
Risk assessments not done: $322 billion;
Estimates done for five payment activities[A]: $152.7 billion;
Estimates not done for one payment activity-commercial pay: $340.3
billion.
Source: GAO analysis of DOD fiscal year 2007 payment activity outlays.
[A] The five payment activities include civilian pay, military health
benefits, military pay, military retirement pay, and travel pay.
[End of figure]
In addition to not estimating improper payments for commercial pay, DOD‘
s processes for identifying and recovering commercial overpayments were
inadequate, because they were not designed for this purpose as required
by the Recovery Auditing Act. For example, GAO found that contract
closeout processes were designed to ensure that applicable
administrative actions had been completed (e.g., all classified
documents were disposed of) and not to specifically identify contract
overpayments. DOD also lacked detailed guidance on how to conduct a
recovery audit program and did not fully address the recovery auditing
reporting requirements in its AFR, such as disclosing the total cost
associated with its recovery auditing activities. The Office of the
Comptroller also did not verify the accuracy and completeness of the
recovery audit information in the AFR, which resulted in $20.5 billion
being excluded from its universe of commercial payments. DOD stated
that its processes were sufficient to address the requirements of both
acts, but since then has taken some actions, such as updating relevant
guidance. Until these critical deficiencies are addressed, DOD will be
unable to determine the extent to which improper payments exist and are
subsequently recovered.
What GAO Recommends:
GAO made 13 recommendations aimed at improving DOD‘s efforts to
strengthen its improper payment and recovery auditing processes. DOD
concurred with only one of our recommendations and provided technical
comments which we incorporated as appropriate. GAO continues to believe
the recommendations are appropriate to meet the intent of both acts and
improve management of these key activities.
View [hyperlink, http://www.gao.gov/products/GAO-09-442] or key
components. For more information, contact Kay L. Daly at (202) 512-9095
or dalykl@gao.gov.
[End of section]
Contents:
Letter:
Background:
Significant Weaknesses Existed in DOD's Efforts to Address IPIA
Requirements:
Much Work Remains at DOD to Effectively Address the Recovery Auditing
Act Requirements:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Objectives, Scope and Methodology:
Appendix II: List of DOD Agencies and Military Service Components
Included in the IPIA Survey:
Appendix III: DOD's Fiscal Year 2007 Improper Payment Sample Plans by
Program:
Appendix IV: Comments from the Department of Defense:
Appendix V: GAO Contacts and Staff Acknowledgments:
Tables:
Table 1: Fiscal Years 2004-2008 Improper Payment Estimates:
Table 2: Recovery Audit Results for Fiscal Years 2004 through 2008:
Table 3: DOD's Key Postpayment Processes to Identify Commercial
Overpayments for Recovery in Fiscal Year 2007:
Table 4: Military Health Benefits Program Sample Plans:
Table 5: Military Pay Program Sample Plans:
Table 6: Civilian Pay Program Sample Plans:
Table 7: Military Retirement Program Sample Plans:
Table 8: Travel Pay Program Sample Plans:
Figures:
Figure 1: IPIA Required Steps to Identify, Estimate, Reduce, and Report
Improper Payment Information:
Figure 2: DOD's Fiscal Year 2007 Payment Population Subjected to the
Risk Assessment Process under IPIA:
Figure 3: DOD's Fiscal Year 2007 Payment Population Subjected to the
Risk Assessment and Estimation Processes under IPIA:
Abbreviations:
AFR: Agency Financial Report:
BAM: Business Activity Monitoring:
BRAC: Base Realignment and Closure:
CAM: Contract Audit Manual:
CAPS-Clipper: Commercial Accounts Payable System-Clipper:
CAPS-W: Commercial Accounts Payable System-Windows:
CAS: Cost Accounting Standards:
CDS: Contractor Debt System:
DCAA: Defense Contract Audit Agency:
DCMA: Defense Contract Management Agency:
DOD: Department of Defense:
DODD: Department of Defense Directive:
DOD OIG: Department of Defense Office of the Inspector General:
DFARS: Defense Federal Acquisition Regulation Supplement:
DFAS: Defense Finance and Accounting Services:
FAR: Federal Acquisition Regulation:
FMR: Financial Management Regulation:
IAPS: Integrated Accounts Payable System:
IPIA: Improper Payments Information Act:
IPOD: Improper Payments Online Database:
MOCAS: Mechanization of Contract Administration Services:
OMB: Office of Management and Budget:
One Pay: Standard Accounting and Reporting System-One Pay:
PAR: Performance and Accountability Report:
SBR: Statement of Budgetary Resources:
TMA: TRICARE Management Activity:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
July 29, 2009:
The Honorable Thomas R. Carper:
Chairman:
The Honorable John McCain:
Ranking Member:
Subcommittee on Federal Financial Management, Government Information,
Federal Services, and International Security:
Committee on Homeland Security and Governmental Affairs:
United States Senate:
The Honorable Tom Coburn, M.D.
United States Senate:
The Department of Defense (DOD) spends hundreds of billions of dollars
on its mission to defend the United States from attack upon its
territory and secure its interests abroad. With an annual appropriation
exceeding $500 billion in fiscal year 2009, and supplemental funding of
about $77 billion for that same year to support overseas military
operations, DOD has been entrusted with more of the taxpayers' dollars
than any other federal agency. Given its size and mission, it is the
largest and most complex organization to manage in the world. As a
steward of taxpayer dollars, DOD is accountable for how it spends and
safeguards these funds against improper payments[Footnote 1] as well as
having mechanisms in place to recoup those funds when improper payments
occur.
DOD is required, as are other executive agencies, to report improper
payment information under the Improper Payments Information Act (IPIA)
of 2002.[Footnote 2] IPIA requires executive agencies, aided by
guidance from the Office of Management and Budget (OMB),[Footnote 3] to
annually identify programs and activities susceptible to significant
improper payments, estimate amounts improperly paid under those
programs and activities, and report on the amounts improperly paid and
their actions to reduce improper payments.[Footnote 4] Similarly,
agencies are also required to report on their efforts to recover
overpayments made to contractors under section 831 of the National
Defense Authorization Act for Fiscal Year 2002, commonly known as the
Recovery Auditing Act.[Footnote 5] This act requires, among other
things, that all executive branch agencies entering into contracts with
a total value exceeding $500 million in a fiscal year have cost-
effective programs for identifying errors in paying contractors and for
recovering amounts erroneously paid. Since fiscal year 2004, agencies
have been required by OMB to report on IPIA and recovery auditing
efforts in their performance and accountability reports (PAR).
For years, we have reported on long-standing weaknesses and the lack of
adequate transparency and appropriate accountability across DOD's major
business areas, resulting in billions of dollars of wasted resources
annually.[Footnote 6] In our January 2009 High-Risk Update,[Footnote 7]
we identified various DOD high-risk areas, including contract
management (designated in 1992) and financial management (designated in
1995), that make the department vulnerable to improper payments. DOD's
contract management weaknesses, such as ineffective oversight, increase
the risk that DOD will pay more than the value of the goods delivered
or services performed. Financial management deficiencies adversely
affected the department's ability to control costs; ensure basic
accountability; prevent and detect fraud, waste, and abuse; and
represent a significant obstacle to achieving an unqualified opinion on
the U.S. government's consolidated financial statements.
Given DOD's size, complexity, and history of financial management
weaknesses, you asked us to examine DOD's fiscal year 2007 improper
payment and recovery auditing reporting--the most current data
available at the time of the request--to determine whether DOD had
adequate processes in place to address IPIA and Recovery Auditing Act
reporting requirements. To address these objectives, we reviewed
applicable improper payment and recovery auditing legislation, related
OMB guidance, and past GAO and DOD Office of Inspector General (DOD
OIG) reports. We also reviewed improper payment and recovery audit
information reported in DOD's agency financial report (AFR)[Footnote 8]
for fiscal years 2004 through 2008. We obtained supporting
documentation and performed independent assessments, including
statistical sampling analysis, to determine the accuracy and
completeness of DOD's reported fiscal year 2007 improper payment and
recovery audit information. We also inquired about any improvements and
other changes made in the fiscal year 2008 improper payments and
recovery auditing processes.
We conducted site visits at two Defense Finance and Accounting Service
(DFAS) locations (DFAS-Kansas City and DFAS-Columbus).[Footnote 9]
During our site visits, we conducted walkthroughs to understand the
process for identifying, estimating, and reporting improper payment
estimates as well as the processes for identifying and recovering
overpayments. In addition, we interviewed knowledgeable agency
officials about their processes to prevent, detect, and reduce improper
payments; recover and report commercial overpayments; and oversee and
monitor these various efforts at a departmentwide level. We obtained
supporting documentation and performed independent assessments,
including legal analysis, to determine the adequacy of the processes to
meet IPIA and Recovery Auditing Act requirements and related OMB
guidance.
To assess the reliability of data reported in DOD's fiscal year 2007
AFR, we reviewed DOD's supporting improper payment and recovery audit
information as well as data from systems that produced payment
information, and interviewed knowledgeable agency officials about
procedures used to assume the quality of the data. We determined that
the data were sufficiently reliable for the purposes of this report. We
conducted this performance audit from June 2008 to July 2009 in
accordance with generally accepted government auditing
standards.[Footnote 10] Those standards require that we plan and
perform the audit to obtain sufficient, appropriate evidence to provide
a reasonable basis for our findings and conclusions based on our audit
objectives. We believe that the evidence obtained provides a reasonable
basis for our findings and conclusions based on our audit objectives.
See appendix I for more details on the scope and methodology.
Background:
Our work over the past several years has demonstrated that improper
payments are a long-standing, widespread, and significant problem in
the federal government.[Footnote 11] In December 2007, we reported on
DOD's fiscal year 2006 travel program improper payment
estimates.[Footnote 12] We found that (1) the improper payment estimate
was understated by at least $4 million, (2) several weaknesses in DOD's
sampling methodology did not result in statistically valid estimates of
travel improper payments at the component level, and (3) limited
guidance and oversight by the Office of the Comptroller contributed to
the unreliable assessment of improper payments for the travel program.
The DOD OIG also has issued reports for the past few years highlighting
weaknesses in the department's efforts to report on improper payment
information.[Footnote 13] The DOD OIG reported that the department had
not implemented guidance to address the use of valid statistical
sampling in determining programs and activities susceptible to
significant improper payments. In January 2008, it reported that DFAS
had not conducted adequate research to determine if contractor refunds
were improper and, in some cases, had not reported improper payments
associated with these refunds.[Footnote 14] The DOD OIG continues to
report that the department has not fully complied with the requirements
of IPIA and OMB's implementing guidance and does not have adequate
controls to fully implement a recovery audit program.[Footnote 15]
Overview of IPIA, the Recovery Auditing Act, and OMB Implementing
Guidance:
Guidance for reporting under IPIA and the Recovery Auditing Act is
provided in Appendix C of OMB Circular No. A-123. IPIA requires
agencies to perform four key steps in meeting the improper payment
reporting requirements as shown in figure 1.
Figure 1: IPIA Required Steps to Identify, Estimate, Reduce, and Report
Improper Payment Information:
[Refer to PDF for image: illustration]
Improper Payments - Required Steps:
1. Perform risk assessment:
Annually review all programs and activities to identify those
susceptible to significant improper payments, defined by OMB as
exceeding $10 million and 2.5 percent of program payments.
2. Estimate improper payments:
Estimate improper payments for programs susceptible to significant
improper payments.
3. Implement a plan:
Implement a plan to reduce improper payments for any program or
activity exceeding $10 million in estimated improper payments.
4. Annually report:
Annually report improper payment estimates and actions to reduce them.
Source: GAO.
[End of figure]
OMB's implementing guidance instructs agencies to carry out the four
key steps under IPIA, with one exception. For the first step--perform a
risk assessment--OMB guidance allows agency programs deemed not risk-
susceptible to conduct a risk assessment generally every 3 years.
Further, agencies need not conduct formal risk assessments for those
programs in which improper payment baselines are already established,
are in the process of being measured, or will be measured by an
established date. However, OMB guidance does state that if a program
experiences a significant change in legislation, a significant increase
in funding level, or both, agencies are required to reassess the
program's risk susceptibility during the next annual cycle, even if it
is less than 3 years from the last assessment. As we have previously
testified before your Subcommittee[Footnote 16] this is inconsistent
with the express terms of IPIA, which require that agencies annually
review all of their programs and activities.
OMB then requires that agencies estimate the gross total of both over-
and underpayments for those programs and activities identified as
susceptible. These estimates shall be based on a statistically random
sample of sufficient size to yield an estimate with a 90 percent
confidence interval of plus or minus 2.5 percentage points. If an
agency cannot determine whether a payment was proper because of
insufficient documentation, Appendix C to OMB Circular No. A-123
requires that the payment be considered improper. The guidance further
requires that agencies develop corrective action plans that include a
discussion of the causes of the improper payments identified,
corrective actions taken for each different type or cause of error, and
the results of actions taken to address those causes. In addition, OMB
Circular No. A-136, Financial Reporting Requirements requires agencies
to report, in table format, improper payment estimates and related
outlay amounts for the prior year, current year, and the following 3
years. As part of this reporting, OMB encourages agencies to report
underpayment and overpayment amounts, if available.
The Recovery Auditing Act requires each executive branch agency that
annually enters into contracts with a total value of $500 million or
more to use recovery audits and recovery activities as part of a cost-
effective recovery auditing program. The law authorizes federal
agencies to retain recovered funds to cover actual administrative
expenses as well as to pay other contractors, such as collection
agencies. OMB guidance requires, among other things, that agencies
include in their annual reporting a general description and evaluation
of the steps taken to carry out a recovery auditing program, the total
amount of contracts subject to review, the actual amount of contracts
reviewed, the amounts identified for recovery, and the amounts actually
recovered in a current year. Further, OMB Circular No. A-136 requires
agencies to report cumulative amounts identified for recovery and
amounts actually recovered as a part of their current year reporting.
Organizational Responsibility for IPIA Reporting at the Department of
Defense:
The responsibility for assessing and reporting DOD's improper payments
information rests with the Office of the Under Secretary of Defense
(Comptroller) (Office of the Comptroller). The Accounting and Finance
Policy Directorate within the Office of the Comptroller is responsible
for carrying out the day-to-day activities involved in meeting IPIA
requirements. To collect improper payment information including risk
assessments, improper payment estimates, and corrective actions, the
Accounting and Finance Policy Directorate sends out an improper payment
survey (IPIA survey)[Footnote 17] to all DOD agencies and military
services requesting improper payment information for the current fiscal
year (see appendix II for a list of the 33 agencies and military
services).[Footnote 18] The agencies and services are required to
submit improper payment estimates to the Accounting and Finance Policy
Directorate for all DOD payment activities identified under IPIA. The
Accounting and Finance Policy Directorate then aggregates and reports
the improper payment information in DOD's annual AFR.
Since implementation of IPIA, DOD has reported improper payment
estimates for the following payment activities for fiscal years 2004-
2008 as shown in table 1 below.
Table 1: Fiscal Years 2004-2008 Improper Payment Estimates:
Payment activity: Civilian pay[A];
2004: Not reported[B];
2005: Not reported[B];
2006: $16.7 million;
2007: $74.6 million;
2008: $73.9 million.
Payment activity: Commercial pay;
2004: Not reported[B];
2005: Not reported[B];
2006: $550.0 million;
2007: Not reported[C];
2008: Not reported[C].
Payment activity: Military health benefits;
2004: $99.6 million;
2005: $87.8 million;
2006: $83.5 million;
2007: $88.6 million;
2008: $178.0 million.
Payment activity: Military pay[A];
2004: Not reported[B];
2005: $432.0 million;
2006: $65.9 million;
2007: $416.4 million;
2008: $434.6 million.
Payment activity: Military retirement;
2004: $66.0 million;
2005: $49.3 million;
2006: $49.4 million;
2007: $48.7 million;
2008: $44.0 million.
Payment activity: Travel pay;
2004: Not reported[B];
2005: Not reported[B];
2006: $29.4 million;
2007: $43.6 million;
2008: $103.0 million.
Payment activity: Totals;
2004: $165.6 million;
2005: $569.1 million;
2006: $794.9 million;
2007: $671.9 million;
2008: $833.5 million.
Source: GAO analysis of DOD's fiscal years 2004 through 2008 PARs or
AFRs.
[A] Beginning in fiscal year 2007, military and civilian improper
payments included estimated and actual amounts.
[B] DOD did not report improper payment estimates for these payment
activities because it determined that they were not susceptible to
significant improper payments.
[C] DOD changed its approach, which resulted in its not calculating an
estimate for improper payments for this payment activity. Instead, DOD
decided to annually report actual overpayments discovered via its
recovery auditing program.
[End of table]
Organizational Responsibility for Recovery Auditing Reporting at the
Department of Defense:
Similarly to improper payment reporting, the Office of the Comptroller
is responsible for identifying and annually reporting recovery audit
information in DOD's AFR, while its Accounting and Finance Policy
Directorate is responsible for carrying out the day-to-day activities.
DOD's recovery auditing process over contract and vendor payments
(commercial payments) encompasses several organizations including DFAS
offices and external contractors, which are discussed later in this
report.[Footnote 19] These organizations are required to compile and
submit the universe of commercial payments, commercial overpayments
identified for recovery, and commercial payments actually recovered to
the Accounting and Finance Policy Directorate. It in turn aggregates
and reports the recovery audit information in DOD's annual AFR. DOD's
reported recovery audit information for fiscal years 2004-2008 is shown
in table 2 below.
Table 2: Recovery Audit Results for Fiscal Years 2004 through 2008
(amounts in millions):
Fiscal year: 2004[A];
Agency-reported amount subject to review for fiscal year reporting: Not
reported[B];
Agency-reported actual amount reviewed and reported in fiscal year: Not
reported[B];
Agency-reported overpayments identified for recovery in fiscal year:
Not reported[B];
Agency-reported amount recovered in fiscal year: $6.3.
Fiscal year: 2005[A];
Agency-reported amount subject to review for fiscal year reporting:
$222,800.0;
Agency-reported actual amount reviewed and reported in fiscal year:
$222,800.0;
Agency-reported overpayments identified for recovery in fiscal year:
$469.5[C];
Agency-reported amount recovered in fiscal year: $414.9[C].
Fiscal year: 2006[A];
Agency-reported amount subject to review for fiscal year reporting:
$299,400.0;
Agency-reported actual amount reviewed and reported in fiscal year:
$299,400.0;
Agency-reported overpayments identified for recovery in fiscal year:
$170.0;
Agency-reported amount recovered in fiscal year: $133.3.
Fiscal year: 2007[D, E];
Agency-reported amount subject to review for fiscal year reporting:
$189,300.0;
Agency-reported actual amount reviewed and reported in fiscal year:
$189,300.0;
Agency-reported overpayments identified for recovery in fiscal year:
$24.6;
Agency-reported amount recovered in fiscal year: $19.6.
Fiscal year: 2008[D];
Agency-reported amount subject to review for fiscal year reporting:
$331,192.0;
Agency-reported actual amount reviewed and reported in fiscal year:
$331,192.0;
Agency-reported overpayments identified for recovery in fiscal year:
$53.3;
Agency-reported amount recovered in fiscal year: $41.7.
Source: GAO analysis of DOD's fiscal years 2004 through 2008 PARs or
AFRs.
[A] Prior to fiscal year 2007, DOD generally reported recovery audit
amounts resulting from contractor-identified and DOD-identified
overpayments.
[B] For fiscal year 2004, OMB did not require agencies to report on
this information as part of their recovery auditing reporting.
[C] In fiscal year 2005, the amount identified for recovery includes
both underpayments (67 percent) and overpayments (33 percent). Also,
the amounts recovered include both recouped amounts and disbursements
for underpayments.
[D] Beginning in July 2007, DOD excluded contractor-identified vendor
overpayments from its recovery audit reporting since these overpayments
did not result from DOD's recovery auditing efforts.
[E] In fiscal year 2007, DOD excluded vendor payments from its recovery
audit reporting.
[End of table]
Significant Weaknesses Existed in DOD's Efforts to Address IPIA
Requirements:
DOD's processes to conduct risk assessments, estimate improper
payments, and develop corrective actions to reduce improper payments
for its fiscal year 2007 IPIA reporting had significant weaknesses. A
lack of detailed guidance as well as inadequate monitoring and
oversight of DOD's improper payment activities also existed, raising
doubts about the accuracy of the information reported.
Risk Assessment Process, Guidance, and Documentation Need Improvements:
DOD's risk assessment process was inadequate to ensure that appropriate
consideration was given to the risks associated with its payment
activities, thus not allowing management appropriate visibility of its
vulnerabilities. DOD lacked detailed guidance on how to conduct a risk
assessment, including identifying the universe of activities,
determining if risks exist, identifying what those risks are, and
evaluating the results, as required by our internal control
standards.[Footnote 20] Recognizing that the internal guidance and
documentation needed to be improved, in December 2008, DOD issued a new
Financial Management Regulation (FMR) chapter--Volume 4, Chapter 14,
Improper Payments--to expand existing guidance to address IPIA
requirements, by clarifying the agencies' and military services'
responsibilities for reporting improper payment information, broken
down by payment activity. Although we did not determine the adequacy of
these changes as the scope of our audit was fiscal year 2007, we noted
that DOD did not require its agencies and military services to document
their risk methodologies, including risk factors considered, the
potential or actual impact on their program operations, and the
rationale for assessing risk as either low, medium, or high.
While nine DOD components conducted risk assessments for their six
payment activities totaling about $493 billion in fiscal year 2007,
[Footnote 21] we found an additional $322 billion in outlays reported
in DOD's Statement of Budgetary Resources (SBR) that had not been
assessed[Footnote 22] although IPIA requires that agencies annually
review all programs and activities (see figure 2). According to Office
of the Comptroller officials, the six payment activities it assessed
covered all DOD outlays for fiscal year 2007 and the $322 billion
difference in outlays represented IPIA reporting differences related to
payroll payments for three of its six payment activities (net outlays
reported for IPIA purposes versus gross outlays reported for SBR
purposes), intragovernmental payments, and payments resulting from
classified activities. While DOD officials stated that it reconciled
the $322 billion difference to the SBR (with the exception of
classified activities), these officials did not provide us with this
reconciliation to enable us to independently substantiate this
difference. Further, these officials could not reconcile the $493
billion in outlays for the six payment activities to an alternative
source, such as the SBR. Based on this comparison, DOD had not reviewed
all of its programs and activities. Office of the Comptroller officials
told us that DOD agencies and the military services were required to
reconcile their payment activities with their budget data for fiscal
year 2008 to ensure that all payment activities had been accounted for
at the component level.
Figure 2: DOD's Fiscal Year 2007 Payment Population Subjected to the
Risk Assessment Process under IPIA:
[Refer to PDF for image: horizontal bar graph]
Agency outlays: $815 billion;
Risk assessments done: $493 billion;
Risk assessments not done: $322 billion.
Source: GAO analysis of DOD fiscal year 2007 payment activity outlays.
[End of figure]
In addition, DOD did not have sufficient documentation to support the
level of assessed risk for the six payment activities it did evaluate
as required by OMB guidance and our internal control standards.
[Footnote 23] For example, none of the nine components that conducted
risk assessments described their methodology or rationale for the level
of risk assigned to each applicable payment activity. For the six risk
assessments conducted, DOD had determined the risk of having
significant improper payments was low, based on OMB criteria. However,
given the lack of supporting documentation and evidence for the risk
assessments and DOD's history of long-standing weaknesses, including
GAO's designation of eight individual DOD areas as high risk,[Footnote
24] the low risk levels are not based on sufficient analysis and are
likely unrealistic and not reflective of the wide range of
vulnerabilities that exist within DOD. Office of the Comptroller
officials told us that the department calculates improper payment
estimates for the majority of the payment activities under IPIA,
regardless of risk level assessed in determination of susceptibility to
significant improper payments, because of the large volume and high
dollar amounts of the transactions. DOD did not rely on the results of
the risk assessments to determine whether to address the remaining IPIA
requirements. Although DOD did not rely on its risk assessments, the
implementation of IPIA requires agencies to make decisions as to how to
proceed based on the completion of risk assessments, which is the first
step. Therefore, DOD's failure to conduct adequate risk assessments
could negatively impact its ability to gain the information it needs to
make decisions as it proceeds through the remaining steps to ensure
proper implementation of IPIA requirements.
As we previously reported, the information developed during a risk
assessment forms the foundation or basis upon which management can
determine the nature and type of corrective actions needed.[Footnote
25] It also gives management baseline information for measuring
progress in reducing improper payments. Until the department recognizes
the importance of performing comprehensive risk assessments, the
reported information will not provide meaningful results or adequately
depict DOD's risk of improper payments, thus not providing the level of
transparency envisioned by IPIA.
Improper Payment Estimate Was Not Developed for DOD's Largest Payment
Activity:
DOD had neither established a methodology to estimate nor had it
estimated the amount of improper payments for commercial pay--its
largest payment activity with total outlays of $340.3 billion (see
figure 3). While DOD, in general, developed statistically valid
sampling methodologies and estimated improper payment amounts for its
remaining five payment activities,[Footnote 26] collectively the
proportion of these five payment activities to DOD's reported payment
population subject to IPIA was about one-third of the total. See
appendix III for a description of the sampling plans for DOD's five
payment activities. OMB guidance requires that for any programs and
activities identified as susceptible to significant improper payments,
agencies must develop a statistically valid methodology to estimate the
annual amount of improper payments, including a gross total of both
under-and overpayments. Although DOD assessed all six payment
activities to be at low risk for improper payments, it chose to develop
improper payment estimates for five of the six payment activities based
on the large volume or high dollar amounts of the transactions.
However, DOD did not estimate improper payments for commercial pay
despite the large volume and high dollar amounts of the transactions.
Figure 3: DOD's Fiscal Year 2007 Payment Population Subjected to the
Risk Assessment and Estimation Processes under IPIA:
[Refer to PDF for image: horizontal bar graph]
Agency outlays: $815 billion;
Risk assessments done: $493 billion;
Risk assessments not done: $322 billion;
Estimates done for five payment activities[A]: $152.7 billion;
Estimates not done for one payment activity-commercial pay: $340.3
billion.
Source: GAO analysis of DOD fiscal year 2007 payment activity outlays.
[A] The five payment activities include civilian pay, military health
benefits, military pay, military retirement pay, and travel pay.
[End of figure]
According to DOD officials, the department decided not to establish a
statistically valid methodology or calculate an estimate for commercial
improper payments under IPIA because (1) its past attempts to estimate
commercial improper payments had resulted in improper payment estimates
that were lower than the actual amount of overpayments identified, and
(2) it would create duplicate reporting of improper commercial payments
as this type of information was captured as part of DOD's efforts to
address Recovery Auditing Act requirements, which DOD officials
believed resulted in a better measurement because it represented actual
overpayments. However, in fiscal year 2006, DOD estimated $550 million
in improper payments, which was nearly 30 percent higher than the $426
million of actual under-and overpayment amounts reported to address
Recovery Auditing Act requirements.
Regarding DOD's point that reporting commercial improper payments under
IPIA and the Recovery Auditing Act would create duplicate reporting, we
disagree. DOD could leverage the results from its existing Recovery
Auditing Act processes used to identify actual commercial under-and
overpayments to develop its statistical sampling methodology to enhance
the reported estimate. This approach is similar to DOD's existing
statistical sampling methodologies, which also include actual amounts
for calculating improper payment estimates of civilian and military
pay. As we previously reported, the scope of review under IPIA differs
from that of the Recovery Auditing Act.[Footnote 27] Specifically, the
scope of review under the Recovery Auditing Act targets agency-
identified contract overpayments,[Footnote 28] whereas the scope of
review under IPIA targets both under-and overpayments, including agency-
and contractor-identified improper payments. Further, while OMB
guidance allows agencies to exclude certain classes of contracts from
their recovery auditing reporting, no such exclusions exist for IPIA.
[Footnote 29]
Establishing a well-designed statistical sampling methodology to
estimate DOD's improper commercial payments would not only facilitate
compliance with IPIA requirements, but also help address a current data
void on the extent of improper payments made to contractors and
vendors. For example, based on our review of DOD's fiscal year 2007
data of commercial payment errors, we identified $62 million in
commercial improper payments and another $92 million of potential
improper payments, which were not identified by DOD's current Recovery
Auditing Act processes.[Footnote 30]
DCAA and the DOD OIG also identified payment errors not captured by
DOD. For example, in August 2007, DCAA reported that a contractor had
overbilled--and DOD had overpaid--award fees[Footnote 31] totaling
about $267 million.[Footnote 32] Because DOD had not established a
methodology to estimate improper payments for its commercial payment
activity, these and other types of payment errors that meet the
definition of improper payments were not reported, and thus, lacked the
level of transparency and accountability called for under IPIA.
Further, without an across-the-board, systematic estimate of the extent
of improper commercial payments, DOD management could not determine (1)
if improper commercial payments were significant enough to require
corrective actions, (2) how much investment in new internal controls
would be cost-justified, or (3) the effectiveness of any prior
corrective actions.
Corrective Actions Not Always Linked to Causes:
Although DOD reported the corrective actions taken or planned to reduce
improper payments for its five payment activities that met its
reporting threshold, the corrective actions for three of the five
payment activities--military pay, civilian pay, and travel pay--
generally did not address the root causes of the improper payments. For
travel pay, we found that with the exception of one agency component,
root causes had not been reported in DOD's AFR, even though a
description of the corrective actions taken had been disclosed. OMB
guidance requires that, for all programs and activities with estimated
improper payments exceeding $10 million, agencies must report on the
root causes of the improper payments identified, actions taken to
prevent or reduce those root causes, and the results of actions taken.
For example, DOD reported that inaccurate or untimely reporting of
entitlement data on such areas as time and attendance, personnel
actions, and pay allowances was the primary cause for the improper
payments for military and civilian pay. As actions to address these
causes, DOD reported that it had developed performance metrics and
goals to track the timeliness and accuracy of payments and that senior
leadership had participated in quarterly meetings to discuss problem
areas and find solutions to mitigate the risk of improper payments.
While these actions measured entitlement performance, focused attention
on the effectiveness of existing processes, and facilitated the sharing
of information, it was unclear how these specific actions would address
the root causes that led to inaccurate or untimely reporting and
whether those actions would reduce improper payments. Conversely, for
travel pay, we found that except for the U.S. Army Corps of Engineers,
DOD agencies and military services did not report the associated root
causes contributing to improper travel payments, even though corrective
actions were disclosed in the AFR. The U.S. Army Corps of Engineers
reported that the primary causes of improper travel payments included
traveler input errors and inadequate supervisory review of travel
vouchers.
The Office of the Comptroller told us that the root causes and
corrective actions implemented or underway were not fully disclosed in
the AFR due to report formatting constraints, preventing the inclusion
of all detailed information. However, when we reviewed the underlying
support, we found that this documentation also lacked details as to (1)
the corrective actions taken or planned and generally mirrored the
corrective actions reported in the DOD's AFR, (2) the root causes for
improper travel payments, and (3) the results, if any, of the
corrective actions taken. Accurately characterizing and publicly
reporting the root causes and associated corrective actions to reduce
improper payments enables agencies and others with oversight and
monitoring responsibilities to measure progress over time and determine
whether further action is needed to minimize future improper payments,
thus enhancing accountability over the reduction of improper payments
by ensuring that effective corrective actions are taken.
Inadequate Monitoring and Oversight of DOD's Improper Payment
Activities:
The Office of the Comptroller's monitoring and oversight of DOD's
improper payment activities were inadequate because they did not
include verifying the accuracy and completeness of the information
reported in DOD's AFR as required by DOD guidance. Specifically, the
Office of the Comptroller issued a memorandum in November 2006 that
required the Project Officer for Improper Payments and Recovery
Auditing to, among other things, verify that DOD's reported information
was accurate, complete, and meets or exceeds the minimum OMB reporting
requirements. In addition, our internal control standards for
monitoring provide that processes should generally be designed to
ensure that ongoing monitoring occurs in the course of normal
operations and include regular management and supervisory activities,
comparisons, and reconciliations. Further, our internal control
standards provide that controls should include a wide range of diverse
activities including verification of information and be aimed at
validating the propriety and integrity of both organizational and
individual performance measures and indicators.[Footnote 33]
During our review and analysis of DOD agencies' and services' IPIA
survey responses, we found that the project officer had not conducted
adequate follow-up to ensure that (1) the information provided was
accurate and complete and sufficient to support risk assessment
conclusions, and (2) reported corrective actions planned or underway
addressed the root causes of the improper payments. For example, DOD
agencies and military services did not provide supporting documentation
for their risk assessment methodologies and conclusions, including the
risk factors considered as part of this assessment and how they arrived
at the final determination of risk for applicable payment activities.
Yet we found no evidence that the Office of the Comptroller conducted
appropriate follow-up as part of its oversight and monitoring
responsibilities to ensure payment activities had been consistently
assessed and provided some level of comparability among DOD agencies
and military services. We previously reported on similar instances of
lack of oversight and review by the Office of the Comptroller over IPIA
reporting for DOD's travel payment activity.[Footnote 34] In that
report, we found that the IPIA survey excluded about $5.1 billion in
the universe of travel payments for fiscal year 2006 and that only $824
million of the total travel payments had been reported in DOD's annual
report for the same period. We noted that these discrepancies would
have been brought to management's attention in a timely manner if
monitoring activities, such as periodic reconciliations and
comparisons, had been performed.
Office of the Comptroller officials told us that the DOD agencies and
the military services performed verification reviews prior to
submission of their improper payment information, providing assurances
that the reported information was accurate and complete. As a result,
they did not believe it was necessary for the project officer to
independently validate this information despite the requirement in the
November 2006 memorandum to do so. However, based on our findings
discussed earlier in this report, the oversight and monitoring
activities performed by the agencies and services, as well as the
Office of the Comptroller, were inadequate. Without adequate monitoring
and oversight, DOD is at risk of inaccurately reporting the extent of
its improper payments, not taking the steps needed to reduce improper
payments, and ultimately not meeting IPIA requirements.
Much Work Remains at DOD to Effectively Address the Recovery Auditing
Act Requirements:
DOD's recovery audit program[Footnote 35] was inadequate because it
leveraged existing processes that were not specifically designed to
identify and recover overpayments as stipulated in the Recovery
Auditing Act. Further, DOD's internal guidance lacked detailed
instructions to effectively address recovery auditing requirements. We
also found that DOD's reported recovery audit information for fiscal
year 2007 was unreliable, as the reported amounts were incomplete and
not fully supported. In addition, we determined that DOD's monitoring
and oversight activities were inadequate to ensure the accuracy and
completeness of the reported recovery audit information.
Processes and Guidance Were Inadequate to Effectively Implement
Recovery Auditing Requirements:
The majority of DOD's processes used to identify and recover commercial
(contractor and vendor) overpayments were inadequate because they were
not specifically designed to do so as required by OMB guidance (see
table 3 for these processes). Specifically, only DFAS's Internal Review
and DOD's two external recovery audits were specifically designed to
identify and recover commercial overpayments.[Footnote 36] We also
found that DFAS suspended its Internal Review postpayment audit of
contract payments--its largest payment activity--for fiscal year 2007,
but did not disclose this limitation in its fiscal year 2007 AFR. DFAS
officials told us that its Internal Review contract postpayment audits
were suspended and that there was a reallocation of staff resources to
support base realignment and closure (BRAC) initiatives,[Footnote 37]
specifically auditing the records of affected DFAS sites that processed
commercial payments from 2006 through 2008. According to DFAS
officials, to compensate for this suspension, DOD relied on existing
prepayment controls to identify contract overpayments, such as daily
manual reviews of a random sample of invoices with thresholds of
$500,000 or more. In January 2009, Internal Review officials informed
us that the office had reinstituted efforts to conduct audits of
contract payments. Internal Review's current audit covers the "catch
up" period of payments made between April 2006 and March 2008, and the
audit results are expected by the end of fiscal year 2009.
Table 3: DOD's Key Postpayment Processes to Identify Commercial
Overpayments for Recovery in Fiscal Year 2007:
DOD internal postpayment process:
Component: DFAS;
Process: Office of Internal Review audits of commercial payments;
Description of process: Internal Review has a nonstatutory audit
function and is responsible for conducting postpayment audits of
commercial pay (contract and vendor payments) to identify and detect
erroneous payments. It applies detective software logic against the
contract and vendor payments data. Internal Review audits DOD's
contract payment system, the Mechanization of Contract Administration
Services (MOCAS) as well as DOD's four largest vendor pay systems. For
MOCAS, prior to BRAC, Internal Review received the complete universe of
all payments on a monthly basis and ran the data mining logic. For the
vendor pay systems, prior to BRAC, Internal Review applied a threshold
between $200 and $500 dollars to its payment universe and then ran the
erroneous payment detection logic;
Designed to identify commercial overpayments for recovery (Yes/No):
Yes.
Component: DFAS;
Process: Contract reconciliations;
Description of process: Contract reconciliations involve reconstructing
a contract to determine the source and reason for an error or
discrepancy, including comparing data among the contract, disbursement,
and accounting records.These reconciliations are generally performed at
the request of the contractor, vendor, or DCMA;
Designed to identify commercial overpayments for recovery (Yes/No): No.
Component: DCMA and DCAA;
Process: DCAA interim and final voucher reviews;
Description of process: For contractors enrolled in the direct billing
program, whereby the contractor submits vouchers for payment without
prior review, DCAA performs an annual, cursory review of a
nonstatistical selection of paid vouchers. If a contractor is not
enrolled in the direct billing program, DCAA is required to review and
approve contractor interim vouchers for payment and suspend payment of
questionable costs. DCAA is required to review final vouchers and send
them to the administrative contracting officer. [Contract Audit Manual
(CAM) 6-1007.6; FAR § 42.803; DFARS § 242.803; DFARS §
242.803(b)(i)(B); DODD 5105.36, paras. 5.4 and 5.5; and DOD FMR vol.
10, ch. 10, para. 100202];
Designed to identify commercial overpayments for recovery (Yes/No): No.
Component: DCMA and DCAA;
Process: DCAA incurred cost audits;
Description of process: DCAA determines allowability of the
contractors' claimed costs incurred and submitted by contractors for
reimbursement under cost-reimbursable, fixed-price incentive, and other
types of flexibly priced contracts and compliance with contract terms,
FAR, and CAS, if applicable. [FAR §§ 42.101, 42.803(b), and DFARS §
242.803];
Designed to identify commercial overpayments for recovery (Yes/No): No.
Component: DCMA and DCAA;
Process: DCMA and DCAA contract closeout process;
Description of process: The closeout process is conducted at the end of
a contract and involves multiple steps. For example, DCAA reviews final
completion vouchers and the cumulative allowable cost worksheet and may
review a contract closing statement. [DFARS § 242.803(b)(i)(D); CAM 6-
711.3(a) and (d); CAM 6-708.2(d)];
Designed to identify commercial overpayments for recovery (Yes/No): No.
DOD internal postpayment process:
Component: TRICARE Management Activity (TMA)[A];
Process: TMA Recovery Audit;
Description of process: TMA hired a recovery audit contractor to
identify overpayments made to hospitals for medical services provided
to DOD beneficiaries. The contractor specialized in identifying
overpayments to hospitals that failed to submit amended cost reports;
Designed to identify commercial overpayments for recovery (Yes/No):
Yes.
Component: Navy[B];
Process: Navy Telecommunications Recovery Audit;
Description of process: Navy hired a recovery audit contractor to
identify overpayments made in its telecommunications program;
Designed to identify commercial overpayments for recovery (Yes/No):
Yes.
Source: GAO's analysis.
[A] Although the contract was terminated in February 2007, overpayments
were still collected in fiscal year 2007. The contractor identified
about $30 million in overpayments for the period of 1992 through 1997,
of which $27 million had been collected as of fiscal year 2008,
including $700,000 in fiscal year 2007. DCAA assumed responsibility for
this process after the contract was terminated and recently identified
$6 million in overpayments for the period of 1998 through 2004.
However, no amounts have yet been recovered.
[B] The contractor encountered problems during the audit with data
access and quality, which contributed to the difficulty in identifying
and recovering improper payments. Although the Navy projected savings
of approximately 21 percent from the recovery audit, no improper
payments were recovered through this effort. In 2007, DOD OIG reported
that other recovery audit contractors experienced instances of data
access issues and recommended that DOD remove impediments caused by
proprietary records, and allow timely access to data. DOD did not
concur with this recommendation.
[End of table]
According to DOD officials, the existing processes were adequately
designed to fulfill the requirements of the Recovery Auditing Act and
OMB guidance and thus, no further actions were needed. However, we
found the majority of the existing processes were not specifically
designed to identify overpayments. For example, DFAS's contract
reconciliations were performed upon request to resolve previously
identified discrepancies, including possible overpayments, within DOD's
contract, disbursement, and accounting records such as to correct
funding classification or lines of accounting errors. Because a
contract reconciliation would be performed only if an error related to
a specific contract was found, contracts and the associated
disbursements that did not have identified errors would not be subject
to this review. As a result, this process was not intended to identify
new, undetected contract overpayments as envisioned by the Recovery
Auditing Act. In addition, we noted that DCMA's and DCAA's contract
closeout processes were designed to ensure that applicable
administrative actions had been completed during the course of a
contract (e.g., all classified documents were disposed of) and not to
specifically identify contract overpayments. The DOD OIG has reported
instances where the department was unable to reconcile and close out
contracts due to missing documentation and staff turnover.[Footnote 38]
Further, although DOD considered DCAA contract audits an integral part
of its recovery audit program, DCAA officials pointed out that because
recovery auditing is a review of DOD components' books and records,
DCAA would generally have no role since its audits primarily focus on
contractors' records.[Footnote 39]
Moreover, based on our review, DOD's internal guidance did not identify
the applicable payment and accounting systems to be reviewed, the
frequency of this review, and the applicable roles and responsibilities
at DFAS and the military services processing commercial payments,
including coordination of these efforts. We found no discussion on how
DOD would leverage existing audits to identify commercial overpayments
performed at military service audit agencies, such as the Army Audit
Agency. Further, the guidance did not include specific actions that
addressed OMB's recovery auditing reporting requirements, including
actions to develop a corrective action plan to address the root causes
of payment errors and steps to measure the total cost of the agency's
recovery auditing program. In fiscal year 2009, DOD acknowledged the
need to clarify and update its guidance and has efforts underway to
revise the recovery auditing chapter.
DOD further reported in its fiscal year 2007 AFR that it had actions
underway to implement a Business Activity Monitoring (BAM) service to
provide a real-time or near real-time automated mechanism for analyzing
transactions to prevent and reduce the risk of duplicate payments and
other types of errors. DFAS believes this new process will reduce the
need for internal postpayment reviews of commercial payments by
identifying errors before payment occurs. DFAS anticipates DOD-wide
implementation of BAM during fiscal year 2009. Until the department
establishes processes specifically designed to address recovery
auditing and updates its internal guidance, it will be unable to
determine the extent to which contract overpayments exist and are
subsequently recovered to fulfill the Recovery Auditing Act
requirements.
DOD Reported Recovery Audit Information for Fiscal Year 2007 Was
Incomplete:
DOD did not fully address OMB recovery auditing reporting requirements
in its AFR, such as disclosing the total costs associated with its
recovery auditing activities and the associated recovered amounts
related to overpayments made to vendors. DOD's guidance did not include
the specific recovery auditing reporting requirements identified in
OMB's guidance. The following describes the status of DOD's actions on
each of the nine reporting elements under OMB's recovery auditing
reporting requirements:
* A general description and evaluation of the steps taken to carry out
a recovery auditing program.
- DOD reported a general description of the steps taken to implement
its recovery auditing program, but did not provide an evaluation.
* The total cost of the agency's recovery auditing program.
- DOD informed us that it did not report total costs because it was
unable to calculate the amount. DOD officials told us that the agency
did not have cost accountants and thus lacked the expertise needed to
calculate the total cost of the agency's recovery auditing program,
particularly the costs of the agency's internal recovery efforts
(agency salaries and expenses).
* The total amount of contracts subject to review.
- DOD did not report the full amount subject to review. Specifically,
DOD excluded from its AFR $20.5 billion of its commercial payment
universe for fiscal year 2007. According to Office of the Comptroller
officials, it did not include $20.5 billion for the U.S. Army Corps of
Engineers and Army Europe in the universe of commercial payments
because of an oversight error. The $20.5 billion represents commercial
payments processed by Army Europe and the U.S. Army Corps of Engineers.
If the $20.5 billion amount had been included, the total universe of
reported commercial payments would have increased to $340.3 billion.
* The actual amount of contracts reviewed.
- As stated above, DOD excluded $20.5 billion from the full amount
actually reviewed because of an oversight error.
* The amounts identified for recovery.
- DOD reported the overpayments identified for recovery for
contractors, but not for vendors. DFAS officials told us that they did
not report for vendor payments the amounts identified for recovery and
actually recovered because the department did not have a process to
separate and quantify DOD-identified vendor overpayments from
contractor-identified vendor overpayments. In July 2007, DFAS
introduced an automated process--the Contractor Debt System (CDS)--to
track DOD-identified overpayments to vendors, but CDS was not fully
deployed by the time DOD issued its fiscal year 2007 AFR.[Footnote 40]
* The amounts actually recovered in the current year.
- DOD reported the associated recovered amounts for contractor
overpayments, but did not report similar information for vendors. As
stated above, DOD did not report this information because it lacked the
processes needed to distinguish between DOD-identified and contractor-
identified vendor overpayments.
* A corrective action plan to address the root causes of payment
errors.
- DOD did not report on its corrective action plan to address the root
causes of payment errors. We requested--but DOD did not provide--its
corrective action plan to reduce commercial overpayments.
* A general description and evaluation of any management improvement
program carried out as part of its recovery auditing program.
- DOD reported a general description of an initiative--Business
Activity Monitoring service--it planned to implement to reduce
overpayments. However, DOD did not report a general evaluation of this
initiative, because it had not been implemented.
* A description and justification of the classes of contracts excluded
from recovery auditing review by the agency head.
- This reporting element is not applicable as DOD officials told us
that the department reviewed all classes of contracts as part of its
recovery auditing program.
DOD also could not substantiate the reported $18.9 million of DFAS
recovered contract overpayments for fiscal year 2007, because it did
not maintain the underlying documentation that supported the amount.
DOD was unable to recreate the documentation because the system data
reflected real-time information and changed daily. Although the Office
of the Comptroller reported commercial overpayment data for the Navy
for fiscal year 2008, it did not do so for fiscal year 2007 and was
unable to confirm whether it should have reported comparable data for
that period. Office of the Comptroller officials told us that they did
not follow up with the Navy to determine why it did not report recovery
audit information for fiscal year 2007. Our internal control standards
related to control activities state that all transactions and other
significant events need to be clearly documented and should be readily
available for examination, and that documentation and records should be
properly managed and maintained.[Footnote 41] Until DOD reports the
required information and ensures the accuracy of the information it
does report, the extent to which Congress, OMB, and other oversight
bodies can rely on this information to make informed decisions is
questionable.
Inadequate Monitoring and Oversight of DOD's Recovery Auditing
Activities:
The Office of the Comptroller's oversight and monitoring of DOD's
recovery auditing activities were inadequate as they indicated that
they had not verified the accuracy and completeness of the information
reported in DOD's AFR. These activities were generally limited to
compiling data received from DOD agencies and the military services and
performing a fluctuation analysis of these data to identify changes in
amounts between the current and prior year. We found that the roles and
responsibilities for the Recovery Auditing Project Officer, who was
tasked with overseeing DOD's recovery auditing efforts, were not
documented in the November 2006 memorandum from the Office of the
Comptroller establishing the position.[Footnote 42] In addition, the
project officer devoted minimal time--about 10 percent for fiscal year
2007--to overseeing DOD's recovery auditing efforts, and frequent
turnover occurred with this position. Between fiscal years 2007 and
2008 we noted that four different people had been assigned to oversee
DOD's recovery auditing program.[Footnote 43] Our internal control
standards for monitoring provide that processes should generally be
designed to ensure that ongoing monitoring occurs in the course of
normal operations and include regular management and supervisory
activities, comparisons, and reconciliations. Further, our internal
control standards provide that controls should include a wide range of
diverse activities including verification of information and be aimed
at validating the propriety and integrity of both organizational and
individual performance measures and indicators.[Footnote 44] Also,
excessive turnover could significantly impact the department's ability
to sustain the knowledge, skills, and experience needed to effectively
oversee implementation of the Recovery Auditing Act requirements.
Office of the Comptroller officials acknowledged that the recovery
audit data submitted by the DOD agencies and military services were not
independently validated to ensure that the information was accurate,
complete, and met the minimum reporting requirements. In December 2007,
DOD established a recovery auditing working group comprised of
representatives from the DOD agencies and military service components
to identify best practices for recovery auditing; however, this group
has yet to meet. At the DOD component level, we were informed that
Navy, on its own initiative, established a working group in fiscal year
2008 to identify and recover commercial overpayments and report this
information to the Office of the Comptroller. Without adequate
monitoring and oversight, the department does not have adequate
assurance that its future reporting under the Recovery Auditing Act
will be accurate and complete.
Conclusions:
DOD has not established the mechanisms--processes and detailed
implementing guidance--needed to effectively implement the requirements
for both IPIA and the Recovery Auditing Act. The department reports
that its payment activities are at low risk for improper payments
without adequate supporting analysis and documentation and despite its
history of long-standing financial management weaknesses. Because
addressing IPIA requirements is a sequential process, DOD's failure to
conduct comprehensive risk assessments, which is the first step, has
adversely affected decisions made to address subsequent steps in the
process. DOD has not accurately portrayed the full extent of improper
payments or the associated root causes. As a result, any corrective
actions taken are likely to fall short of fixing the problems that
resulted in these errors. With regard to recovery efforts, DOD
continues to rely on processes that are inadequate for identifying the
extent of overpayments to contractors and vendors and ensuring that
these amounts are recovered. Until the department takes definitive
action to fulfill the requirements of these acts and implement
preventive internal controls, it is at risk of making improper payments
and wasting taxpayer funds.
Recommendations for Executive Action:
To improve DOD's efforts to address improper payment and recovery
auditing requirements, we recommend that the Secretary of Defense
direct the DOD Comptroller to take the following 13 actions.
For IPIA, the DOD Comptroller should:
* Establish and implement a systematic approach, as a part of the risk
assessment process, to ensure all programs and activities are reviewed
to determine susceptibility to improper payments.
* Develop and implement detailed guidance for conducting risk
assessments, including the steps to determine if risk exists, what
those risks are, and the potential or actual impact of those risks on
program operations.
* Require DOD agencies and the military services to document the risk
assessment methodology used, including the risk factors considered, and
the rationale for assessing the risk level for the payment activity.
* Develop and implement a statistically valid methodology to estimate
and report commercial improper payments (contract and vendor over-and
underpayments). This methodology should include all payment errors
regardless of the source of the error--DOD, contractors, or vendors--as
required by IPIA.
* Identify and fully disclose the root causes of improper payments
annually in the AFR.
* Identify and fully disclose the corrective actions, and monitor the
corrective actions to ensure that they address applicable root causes.
* Perform oversight and monitoring activities to ensure the accuracy
and completeness of the improper payment data submitted by the DOD
agencies and the military services for inclusion in the AFR.
For Recovery Auditing Act, the DOD Comptroller should:
* Establish and implement processes specifically designed to identify
and recover commercial overpayments.
* Develop and implement detailed guidance to assist DOD agencies and
the military services in effectively carrying out recovery audits and
activities, including the payment and accounting systems to be
reviewed, the frequency of these reviews, applicable roles and
responsibilities, and reporting requirements.
* Establish and implement a process to identify costs related to the
department's recovery auditing program, including costs for employees'
salaries.
* Establish and implement a process to identify and report vendor
overpayments and the associated recovered amounts.
* Maintain documentation to support the amounts reported in the AFR to
allow for independent evaluation of this information.
* Perform oversight and monitoring activities to ensure the accuracy
and completeness of the recovery auditing data submitted by the DOD
agencies and the military services for inclusion in the AFR. Also,
document the roles and responsibilities of the Recovery Auditing
Project Officer.
Agency Comments and Our Evaluation:
DOD provided written comments on a draft of this report which are
reprinted in their entirety in appendix IV. DOD also provided technical
comments that we have incorporated as appropriate. In its written
comments, DOD disagreed with all but 1 of our 13 recommendations
designed to strengthen its improper payment and recovery auditing
processes. DOD stated that generally the actions envisioned by our
recommendations were already being accomplished within the department
or were not required by OMB and thus, such direction from GAO was not
necessary. We disagree. While DOD presently has efforts underway, as
noted in this report, it has not yet established the processes and
detailed guidance for effectively implementing either IPIA or the
Recovery Auditing Act. In its comments, DOD did not provide any new
evidence that was not considered in our report. Accordingly, we
continue to believe that our recommendations are critical for DOD to
enhance its efforts to minimize improper payments and recover those
that are made. The following paragraphs illustrate the nature of DOD's
comments and our analysis of its key points.
DOD's Processes To Address IPIA Requirements:
DOD disagreed with our three recommendations aimed at enhancing DOD's
risk assessment processes. We recommended the DOD Comptroller require
DOD agencies and the military services to establish and implement risk
assessment methodologies, along with documentation of key factors
considered and the rationale for assessing the risk level for the
payment activity. DOD stated that such direction was not necessary as
it had established IPIA program baselines and measures and reports on
all of its IPIA programs annually in accordance with OMB guidance. As
described in our report, DOD's risk assessment process was inadequate
to ensure that appropriate consideration was given to the risks
associated with its payment activities as we found an additional $322
billion in DOD outlays that had not been assessed under IPIA. For
payment activities assessed, DOD did not require its agencies and
military services to document their risk methodologies, including risk
factors considered, the potential or actual impact on their program
operations, and the rationale for assessing risk as either low, medium,
or high. As such, none of the nine DOD components that conducted risk
assessments described their methodology or rationale for the low level
of risk assigned to each applicable payment activity. Given the lack of
supporting documentation and evidence for the risk assessments as well
as DOD's history of long-standing internal control weaknesses,
including GAO's prior designation of eight functional DOD areas as high
risk, the low risk levels are not based on sufficient analysis, are
likely unrealistic, and are not reflective of the wide range of
vulnerabilities that exist within DOD.
DOD also disagreed with our recommendation that it develop and
implement a statistically valid methodology to estimate and report
commercial improper payments (contract and vendor over-and
underpayments). DOD stated that it has followed guidance provided by
OMB and that commercial improper payments are to be identified,
recovered and reported in accordance with the Recovery Auditing Act. As
described in our report, DOD stated that reporting improper commercial
payments under IPIA would create duplicate reporting because this
information was captured as part of DOD's efforts to address Recovery
Auditing Act requirements. However, we disagree because those actions
are not sufficient to address IPIA. Both acts must be addressed with
regard to commercial payment activity. Each act has a different scope
of review and reporting requirements. Based on the improper payment
definition under IPIA and OMB's guidance that instructs agencies to
develop a statistically valid estimate, the statistical sampling
requirement would apply to commercial payments under IPIA. Developing
an across-the-board, systematic estimate of the extent of improper
payments gives management baseline information for measuring progress
in reducing improper payments and how much investment in new internal
controls would be cost-justified.
DOD disagreed with our two recommendations to identify and fully
disclose in the AFR the root causes of improper payments and the
corrective actions, including monitoring those actions to ensure that
they address applicable root causes. DOD commented that the AFR was not
the appropriate forum for this detailed level information and that it
had procedures in place to identify, fully disclose, and monitor
corrections. We have two main concerns with DOD's responses to these
recommendations. First, DOD did not consistently follow OMB reporting
requirements to identify root causes and related corrective actions and
the underlying documentation of the reported corrective actions lacked
details as to the corrective actions taken or planned and the
corresponding results, if any. Second, because of the inherent
responsibility to be a good steward for public resources, it is
important that corrective actions and the effectiveness of such be
openly communicated or available not only to the Congress and agency
management but also to the general public. Balancing the benefits of
summarizing information with reporting compliance and user needs is
critical. Corrective actions cannot be effectively monitored and
assessed unless the detailed corrective actions are known and tied to
the root cause(s) of improper payments that they are intended to
address.
DOD's Processes To Address Recovery Auditing Act Requirements:
We made five recommendations aimed at strengthening DOD's recovery
audit processes related to establishing and implementing processes
specifically designed to identify and recover commercial payments,
developing detailed guidance to carry out recovery audits and
activities, identifying costs related to its recovery auditing program,
implementing a process to identify and report vendor overpayments and
associated recovered amounts, and maintaining documentation to support
reported amounts. DOD concurred with our recommendation to identify the
cost related to its recovery audit program. DOD disagreed with the
other four recovery auditing recommendations because it believed the
agency had already established and implemented such processes.
However, as we point out in this report, the majority of DOD's
processes aimed at identifying and recovering improper payments were
inadequate because the primary purpose of these processes were not to
identify commercial improper payments as required by the Recovery
Auditing Act. For example, DCMA and DCAA's contract closeout processes
were designed to ensure that applicable administrative actions had been
completed during the course of a contract (e.g., all classified
documents were disposed of) and not to specifically identify contract
overpayments.
In addition, DOD's current FMR guidance (dated December 2005) did not
include specific elements that would be necessary to effectively carry
out a recovery auditing program. Further, DOD had not established a
process to fully identify and report vendor overpayments. This problem
continued to exist as DOD acknowledged in its fiscal year 2008 AFR that
while it was able to identify DOD-identified overpayments for its DFAS
component, it was unable to identify and report vendor overpayments for
all of its components and that efforts would continue until all DOD
components achieved this capability.
DOD's Oversight and Monitoring Efforts To Address IPIA and Recovery
Auditing Act Requirements:
DOD disagreed with our two recommendations related to oversight and
monitoring and commented that they were duplicative, except for the
additional language related to documenting the roles and
responsibilities of the Recovery Auditing Project Officer. We clarified
our recommendations related to oversight and monitoring to emphasize
the need of these activities for both IPIA and the Recovery Auditing
Act. As we stated in our report, the DOD Office of the Comptroller's
oversight and monitoring of improper payment and recovery auditing
activities were inadequate as the office did not verify the accuracy
and completeness of information received from DOD agencies and military
service components and reported in its AFR.
We are sending copies of this report to interested congressional
committees; the Secretary of Defense; and the Director, Office of
Management and Budget. In addition, this report will be available at no
charge on the GAO Web site at [hyperlink, http://www.gao.gov].
If you or your staff have any questions about this report, please
contact me at (202) 512-9095 or by e-mail at dalykl@gao.gov. Contact
points for our Offices of Congressional Relations and Public Affairs
may be found on the last page of this report. GAO staff who made major
contributions to this report are listed in appendix V.
Signed by:
Kay L. Daly, Director:
Financial Management and Assurance:
[End of section]
Appendix I: Objectives, Scope and Methodology:
The objectives of this report were to determine whether the Department
of Defense (DOD) had adequate controls in place to address the Improper
Payments Information Act (IPIA) and the Recovery Auditing Act
requirements.[Footnote 45]To determine whether DOD adequately addressed
IPIA requirements, we reviewed the applicable legislation and related
OMB implementing guidance.[Footnote 46] We further reviewed DOD's
agency financial reports (AFR) for fiscal years 2004 through 2008,
internal DOD improper payment guidance,[Footnote 47] and prior GAO
[Footnote 48] and DOD Office of Inspector General (DOD OIG) reports
[Footnote 49] on improper payments. We reviewed these documents to
understand DOD's efforts to address IPIA requirements and to identify
previously reported issues with DOD's improper payment reporting. In
addition, we performed the following work:
* To assess DOD's IPIA risk assessment process to identify payment
activities susceptible to significant improper payments, we reviewed
our Standards for Internal Control in the Federal Government and
executive guide on Strategies to Manage Improper Payments: Learning
from Public and Private Sector Organizations as guidance to assess
DOD's internal controls over disbursements. We interviewed agency
officials such as the Project Officer for Improper Payment and Recovery
Auditing, and obtained and reviewed fiscal year 2007 IPIA responses,
where available. We also compared the amounts reported as the basis for
improper payments to other documentation such as the President's Budget
and Statement of Budgetary Resources to determine whether all DOD
outlays were subject to improper payment assessments.
* To assess the statistical validity of DOD's reported improper payment
estimates for fiscal year 2007, we conducted an independent analysis of
its sampling methodologies, including a review of the sampling plans
for each DOD agency and military service component. In addition, we
performed an independent assessment of DOD's IPIA processes, including
a legal analysis of the improper payment definition in relation to
DOD's classification of commercial payment errors (contract and vendor
payments) as either improper or proper to determine whether DOD had
reached appropriate conclusions. In addition, we interviewed the IPIA
Project Officer, Defense Finance Accounting Service (DFAS)-Kansas City,
and DFAS-Columbus officials, to identify, estimate, and reduce improper
payments and reviewed supporting documentation, when available, in
order to gain an understanding of DOD's IPIA process. We also
interviewed DOD OIG officials to discuss their findings and
recommendations related to DOD's efforts to address IPIA requirements.
* To assess DOD's corrective action plans to reduce improper payments,
we interviewed agency officials, reviewed corrective actions to reduce
improper payments, and reviewed corrective action plans to determine
whether appropriate linkages existed between the root causes of
improper payments and specific corrective action steps. We also
performed an analysis of DOD's improper payment error rates to
determine whether the improper payment error rates for DOD payment
activities had changed from fiscal year to fiscal year.
* To assess the accuracy and completeness of DOD's reported fiscal year
2007 improper payment amounts, we recalculated summary amounts included
on DOD's IPIA survey and traced those amounts to supporting
documentation.
To determine whether DOD had adequately addressed the Recovery Auditing
Act requirements, we reviewed applicable legislation and related OMB
implementing guidance,[Footnote 50] DOD's AFR for fiscal years 2004
through 2008, internal DOD recovery auditing guidance,[Footnote 51] and
prior GAO[Footnote 52] and DOD OIG reports[Footnote 53] on recovery
auditing. We interviewed agency officials such as the Recovery Auditing
Project Officer, the Director of Internal Review, and the Chief of
DFAS's Debt Management Office regarding DOD's process to identify and
recover commercial overpayments and reviewed accompanying and
supporting documentation, when available.
We also interviewed Defense Contract Audit Agency (DCAA) and Defense
Contract Management Agency (DCMA) officials such as the DCAA
Headquarters Program Manager of the Policy Programs Division and DMCA
contract specialists to determine their role in DOD's recovery auditing
process and reviewed applicable guidance.[Footnote 54]0Further, we
interviewed DOD OIG officials such as the DOD OIG Program Director and
the Audit Project Manager at DFAS-Columbus to discuss their findings
and recommendations related to DOD's efforts to address recovery
auditing requirements. Also, we interviewed Department of the Navy
officials regarding results of the recovery audit performed to identify
overpayments made in its telecommunications program. In addition, we
interviewed TRICARE Management Activity (TMA) officials to obtain
clarification and supporting documentation on the healthcare-recovered
amounts reported in DOD's AFR. To assess the accuracy and completeness
of DOD's reported fiscal year 2007 recovery audit information, we
reviewed DFAS and TMA supporting documentation submitted to the Office
of the Comptroller to substantiate amounts reported in the AFR. We
traced these schedules and total amounts submitted to the Office of the
Comptroller back to various supporting breakdowns (at the transaction
level). In addition, we recalculated and verified the accuracy of the
recovery audit amounts in DOD's summary recovery auditing table.
We conducted site visits at two of the five DFAS processing center
locations (Kansas City, Missouri and Columbus, Ohio). We selected the
DFAS-Kansas City site because it was responsible for receiving IPIA
survey information from other DFAS sites, compiling the information,
and checking the information for accuracy and completeness. As part of
this site visit, we obtained an understanding of DFAS's process for
conducting monthly postpayment reviews of military and civilian pay to
identify improper payments. In addition, we selected the DFAS-Columbus
site because it processed a majority of DOD's commercial payments--the
agency's largest payment activity--on behalf of the DOD agencies and
military services. Also, DFAS-Columbus was the only DFAS site that
processed DOD contract payments. At the DFAS-Columbus site, we obtained
an understanding of the commercial prepayment and postpayment controls
in place affecting IPIA and Recovery auditing requirements.
To determine the reliability of DOD's improper payment and recovery
audit information, we interviewed knowledgeable agency officials, such
as the DFAS-Indianapolis Director of Accounts Payable and DFAS-
Indianapolis Accounts Receivable specialists, to ascertain the
procedures used to assume the quality of the data. We reviewed DOD's
commercial payment activity from its contract and vendor pay systems
and its Improper Payments Online Database (IPOD) that stored the
improper payment information. We also traced data back to supporting
documentation, including DOD's fiscal year 2007 IPIA survey, the AFR,
and the recovery auditing activity schedule. We performed a data
reliability assessment of DOD's statistical sampling methodologies for
the fiscal year 2007 reported improper payment estimates, (see appendix
III). We concluded that the data were reliable for our purposes.
We conducted our audit work from June 2008 to June 2009 in accordance
with generally accepted government auditing standards. Those standards
require that we plan and perform the audit to obtain sufficient,
appropriate evidence to provide a reasonable basis for our findings and
conclusions, based on our audit objectives. We believe that the
evidence obtained provides a reasonable basis for our findings and
conclusions based on our audit objectives. We obtained written comments
on a draft of this report from the Under Secretary of Defense
(Comptroller) and have summarized these comments in the Agency Comments
and Our Evaluation section of this report.
[End of section]
Appendix II: List of DOD Agencies and Military Service Components
Included in the IPIA Survey:
1. Department of the Army:
2. Department of the Navy:
3. Department of the Air Force:
4. United States Marine Corps, Assistant Deputy Commandant for Programs
and Resources:
5. Inspector General of the Department of Defense:
6. Defense Advanced Research Projects:
7. Defense Contract Audit Agency:
8. Defense Finance and Accounting Service:
9. Defense Intelligence Agency:
10. Defense Logistics Agency:
11. Defense Security Service:
12. Missile Defense Agency:
13. National Security Agency/Central Security Service:
14. Defense Commissary Agency:
15. Defense Contract Management Agency:
16. Defense Information Systems Agency:
17. Defense Legal Services Agency:
18. Defense Security Cooperation Agency:
19. Defense Threat Reduction Agency:
20. Pentagon Force Protection Agency:
21. National Geospatial Intelligence Agency:
22. United States Army Corps of Engineers:
23. American Forces Information Services:
24. Defense Technology Security Administration:
25. Department of Defense Education Activity:
26. Department of Defense Test Resource Management Center:
27. Defense Technical Information Center:
28. Defense Prisoner of War/Missing Personnel Office:
29. Department of Defense Counterintelligence Field Activity:
30. Defense Human Resources Activity:
31. Office of Economic Adjustment:
32. TRICARE Management Activity:
33. Washington Headquarters Services:
[End of section]
Appendix III: DOD's Fiscal Year 2007 Improper Payment Sample Plans by
Program:
In its fiscal year 2007 Agency Financial Report (AFR), the Department
of Defense (DOD) reported on five payment activities as part of its
Improper Payments Information Act (IPIA) reporting: military pay,
military health benefits, civilian pay, military retirement, and travel
pay. The information reported in DOD's AFR is compiled from the IPIA
survey submitted by the DOD agencies and military services. DOD
agencies and military services used related confidence levels over
different ranges (generally, as prescribed in OMB guidance) to plan and
estimate improper payment amounts reported in DOD's fiscal year 2007
AFR. We reviewed the sample plans for each of the five payment
activities, at the component level, and determined those methodologies
generally complied with the Office of Management and Budget's (OMB)
implementing guidance.[Footnote 55]
OMB guidance requires that applicable agencies estimate the gross total
of both over-and underpayments for those programs and activities
identified as susceptible to significant improper payments.[Footnote
56] OMB also requires that the estimates be based on a statistically
valid random sample of sufficient size to yield an estimate with a 90
percent confidence interval of plus or minus 2.5 percentage points
around the estimate of the percentage of improper payments.
Alternatively, agencies may use a 95 percent confidence interval of
plus or minus 3.0 percentage points around the estimate of the
percentage of improper payments to estimate improper payments for
agency programs. If an agency cannot determine whether a payment was
proper because of insufficient documentation, OMB guidance requires
that the payment be considered an error. A brief description of each
payment activity's methodology reported in its sampling plan is
provided below.
1. Military Health Benefits Program:
The military health benefits program consists of disbursements for the
medical care of active duty military personnel, retirees, their family
members, and family members of deceased service members. TRICARE
Management Activity (TMA) processed all military health benefit
payments for DOD. To estimate military health benefits improper
payments, TMA selected samples from the two populations of its contract
payments, as shown in table 4 below. The contract samples were drawn on
a quarterly basis and stratified by dollar value. For both contract
types sampled, denied payment samples were based on the amount billed
and nondenied payment samples were based on government costs.
Table 4: Military Health Benefits Program Sample Plans:
Components: TRICARE management activity;
Annual universe of payments (Population): TRICARE Next Generation
Managed Care Support Contracts; 15,433,902;
Annual payment sample size: Nondenied claims valued at $100 to $100k:
9,481 claims;
Confidence interval: Nondenied claims: 90%+/-1%.
Components: TRICARE management activity;
Annual universe of payments (Population): TRICARE Next Generation
Managed Care Support Contracts; 15,433,902;
Annual payment sample size: 100% review of Nondenied claims greater
than $100k: 1,750 claims;
Confidence interval: Not applicable.
Components: TRICARE management activity;
Annual universe of payments (Population): TRICARE Next Generation
Managed Care Support Contracts; 15,433,902;
Annual payment sample size: Denied claims valued at $100 to $100k:
3,055 claims;
Confidence interval: Denied claims: 80% +/-2%.
Components: TRICARE management activity;
Annual universe of payments (Population): TRICARE Next Generation
Managed Care Support Contracts; 15,433,902;
Annual payment sample size: 100% review of denied claims greater than
$100k: 885 claims;
Confidence interval: Not applicable.
Components: TRICARE management activity;
Annual universe of payments (Population): TRICARE Dual Eligibility
Fiscal Intermediary Contract; 44,607,708;
Annual payment sample size: Nondenied claims valued at $1 to $25k:
4,737 claims;
Confidence interval: Nondenied claims: 90%+/-1%.
Components: TRICARE management activity;
Annual universe of payments (Population): TRICARE Dual Eligibility
Fiscal Intermediary Contract; 44,607,708;
Annual payment sample size: 100% review of Nondenied claims greater
than $25k: 1,463 claims;
Confidence interval: Not applicable.
Components: TRICARE management activity;
Annual universe of payments (Population): TRICARE Dual Eligibility
Fiscal Intermediary Contract; 44,607,708;
Annual payment sample size: Denied claims valued at $1 to $500k: 1,557
claims;
Confidence interval: Denied claims: 80% +/-2%.
Components: TRICARE management activity;
Annual universe of payments (Population): TRICARE Dual Eligibility
Fiscal Intermediary Contract; 44,607,708;
Annual payment sample size: 100% review of denied claims greater than
$500k: 385 claims;
Confidence interval: Not applicable.
Source: GAO's analysis of DOD's sampling plans.
[End of table]
2. Military Pay Program:
The military pay program consists of military payroll disbursements.
The Defense Finance and Accounting Services (DFAS) processed all
military payroll payments for DOD. To estimate improper payments, DFAS-
Kansas City conducted monthly postpayment reviews to determine the
accuracy of net military pay using a simple random attribute sample and
summed monthly results to calculate an annual estimate. In addition to
its statistical sample, the military pay program's estimate of improper
payments included actual data on improper payment amounts. Table 5
shows information reported in the sampling plan for military pay.
Table 5: Military Pay Program Sample Plans:
Components: DFAS;
Annual universe of payments (Population): Active Duty: 17,034,781;
Annual payment sample size: 7,400;
Confidence interval: 95% +/-2.5%.
Components: DFAS;
Annual universe of payments (Population): Reserve & Guard: 5,062,463;
Annual payment sample size: 13,400;
Confidence interval: 95% +/-2.5%.
Source: GAO's analysis of DOD's sampling plans.
[End of table]
3. Civilian Pay Program:
The civilian pay program consists of civilian payroll disbursements.
DFAS, Army, and Navy processed civilian payments in fiscal year 2007.
DFAS-Kansas City conducted monthly postpayment reviews to determine the
accuracy of net pay using simple random attribute samples. In addition
to monthly samples, DFAS added actual improper payment data to further
enhance its estimate. DFAS monthly results were summed to calculate the
annual estimate. Army's sample plan consisted of annual postpayment
reviews and analysis of a sample of disbursements, and Navy's sample
plan consisted of a statistical sample of Military Sealift Command
Civilian Mariners payments. Table 6 shows detailed sampling plans for
each component of the civilian pay program.
Table 6: Civilian Pay Program Sample Plans:
Components: DFAS;
Annual universe of payments (Population): 7,655,277;
Annual payment sample size: 6,350;
Confidence interval: 95% +/-2.5%.
Components: Army;
Annual universe of payments (Population): 15,128;
Annual payment sample size: 15,128;
Confidence interval: n/a.
Components: Navy;
Annual universe of payments (Population): $404,522,148;
Annual payment sample size: $404,522,148;
Confidence interval: n/a.
Source: GAO's analysis of DOD's sampling plans.
[End of table]
4. Military Retirement Program:
The military retirement program consists of disbursements to military
retirees and annuitants. DFAS processed all military retirement
payments for DOD. DFAS-Cleveland performed monthly postpayment reviews
to determine the accuracy of payments using simple random samples.
Three samples were conducted to assess the accuracy of payments--one
for deceased retirees, the other for retired accounts, and the third
for annuitant accounts, as shown in table 7. The deceased retirees
sample is designed to identify retiree payments going to deceased
individuals, while the retired and annuitant samples identify whether
regular payments are accurate.
Table 7: Military Retirement Program Sample Plans:
Components: DFAS;
Annual universe of payments (Population): Deceased retiree account
postpayment reviews: 40,392;
Annual payment sample size: 1,656;
Confidence interval: 90% +/-2.5%.
Components: DFAS;
Annual universe of payments (Population): Retired account postpayment
reviews: 2,004,706;
Annual payment sample size: 3,000;
Confidence interval: 95% +/-2.5%.
Components: DFAS;
Annual universe of payments (Population): Annuitant account postpayment
reviews: 288,749;
Annual payment sample size: 3,000;
Confidence interval: 95% +/-2.5%.
Source: GAO's analysis of DOD's sampling plans.
[End of table]
5. Travel Pay Program:
The following components processed travel payments: DFAS, Army, Navy,
and Air Force. Table 8 shows detailed sample plans for each component
of the travel pay program. DFAS-Indianapolis conducted random monthly
reviews to determine accuracy of payments and summed monthly results to
arrive at an annual sample.[Footnote 57]Army travel pay consisted of
Army Korea,[Footnote 58] Army Europe, and the Army Corps of Engineers.
Army Europe and Army Corps of Engineers components conducted monthly
postpayment reviews of travel payments. Army Korea did not provide
sampling results. Navy conducted a statistical sample of travel
payments processed through its system. Air Force conducted post audit
reviews of a random sample of travel payments.
Table 8: Travel Pay Program Sample Plans:
Components: DFAS;
Annual universe of payments (Population): 2,251,075;
Annual payment sample size: 43,635;
Confidence interval: 95% +/-2.5%.
Components: Army;
Annual universe of payments (Population): Army Europe: 80,816;
Annual payment sample size: 10% of all vouchers: 8,081 & 100% of
vouchers over $2,500: 8,331;
Confidence interval: 99% +/-1.0%.
Components: Army;
Annual universe of payments (Population): Corps of Engineers: 165,643;
Annual payment sample size: Corps of Engineers: 452;
Confidence interval: 95% +/-2.0%.
Components: Navy;
Annual universe of payments (Population): $651,374,570;
Annual payment sample size: $565,218,446;
Confidence interval: 90% +/-1.4%.
Components: Air Force;
Annual universe of payments (Population): 1,211,307;
Annual payment sample size: 186;
Confidence interval: 90%.
Source: GAO's analysis of DOD's sampling plans.
[End of table]
[End of section]
Appendix IV: Comments from the Department of Defense:
Under Secretary Of Defense:
Comptroller:
1100 Defense Pentagon:
Washington, DC 20301-1100:
June 29, 2009:
Ms. Kay L. Daly:
Director, Financial Management and Assurance:
Government Accountability Office:
441 G Street, N.W.
Washington, DC 20548:
Dear Ms. Daly,
This is the Department of Defense (DoD) response to the Government
Accountability Office (GAO) draft report, "Improper Payments.
Significant Improvements Needed in DoD's Efforts to Address Improper
Payment and Recovery Auditing Requirements," dated June 4, 2009 (GAO
Code 195140).
The Department concurs with one of the recommendations in the draft
report and corrective action will he implemented for FY 2010 reporting.
The Department does not concur with the remaining recommendations and
our response is attached.
My point of contact on this matter is Ms. Sally Beecroft. She may be
reached by email at sally.beecroft@osd.mil or telephone at (703) 602-
0193.
Signed by:
Robert F. Hale:
Attachment: As stated.
[End of letter]
GAO Draft Report Dated June 2009:
GAO-09-442 (GAO Code 195140, Formerly 195113):
"Improper Payments: Significant Improvements Needed In DOD'S Efforts To
Address Improper Payment And Recovery Auditing Requirements"
Department Of Defense Comments To The GAO Recommendations:
Recommendation 1: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to establish and implement a systematic
approach, as a part of the risk assessment process, to ensure all
programs and activities are reviewed to determine susceptibility to
improper payments. (Page 36/GAO Draft Report)
DOD Response: Nonconcur. The Department established IPIA program
baselines, and measures and reports on all of its IPIA programs
annually in accordance with OMB guidance. Risk assessments are required
for programs that are not being reported in order to make a
determination whether or not the program is at risk for significant
improper payments and initiate/resume reporting; or a significant event
has occurred that requires program reevaluation. The OMB Circular A-
123, Appendix C guidance states, "Agencies need not conduct formal risk
assessments for those programs in which improper payment baselines are
already established, are in the process of being measured, or will be
measured by an established date."
Recommendation 2: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to develop and implement detailed guidance
for conducting risk assessments, including the steps to determine if
risk exists, what those risks are, and the potential or actual impact
of those risks on program operations. (Page 36/GAO Draft Report)
DOD Response: Nonconcur. The Department established IPIA program
baselines, and measures and reports on all of its IPIA programs
annually in accordance with OMB guidance. Risk assessments are required
for programs that are not being reported in order to make a
determination whether or not the program is at risk for significant
improper payments and initiate/resume reporting; or a significant event
has occurred that requires program reevaluation. The OMB Circular A-
123, Appendix C guidance states, "Agencies need not conduct formal risk
assessments for those programs in which improper payment baselines are
already established, are in the process of being measured, or will be
measured by an established date.
Recommendation 3: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to require DoD agencies and the military
services to document the risk assessment methodology used, including
the risk factors considered, and the rationale for assessing the risk
level for the payment activity. (Page 36/GAO Draft Report)
DOD Response: Nonconcur. Such direction is not necessary because it is
already being accomplished. The Department established IPIA program
baselines, and measures and reports on all of its IPIA programs
annually in accordance with OMB guidance. Risk assessments are required
for programs that are not being reported in order to make a
determination whether or not the program is at risk for significant
improper payments and initiate/resume reporting; or a significant event
has occurred that requires program reevaluation. The OMB Circular A-
123, Appendix C guidance states, "Agencies need not conduct formal risk
assessments for those programs in which improper payment baselines are
already established, are in the process of being measured, or will be
measured by an established date.
Recommendation 4: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to develop and implement a statistically
valid methodology to estimate and report commercial improper payments
(contract and vendor over- and underpayments). (Page 36/GAO Draft
Report)
DOD Response: Nonconcur. The Department followed guidance provided by
OMB for reporting commercial payments. Commercial improper payments are
to be identified, recovered and reported in accordance with the
Recovery Auditing Act (Section 831 of Public Law 107-107) and in
accordance with OMB Circular A-123, Appendix C, Part II. Neither the
law nor the regulation require or suggest statistical sampling for this
category of payments. Recovery auditing allows for full recovery of any
identified and substantiated improper payments. Statistical sampling
only allows for recovery of improper payments identified in the sample
population and it is impossible to recover from an extrapolation of the
sample population. It omits the balance of possible improper payments
that were not a part of the sample, thus precluding recovery of a great
deal more of taxpayer funds.
Recommendation 5: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to identify and fully disclose the root
causes of improper payments annually in the Agency's Financial Report
(AFR). (Page 36/GAO Draft Report)
DOD Response: Nonconcur. We do not agree that the AFR is the
appropriate forum for detail level information. The Department
documents the root causes of improper payments, publishes summary level
information annually in the AFR, and detail level information is more
appropriately provided to the Component responsible for corrective
action.
Recommendation 6: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to identify and fully disclose the
corrective actions, and monitor the corrective actions to ensure that
they address applicable root causes. (Page 36/GAO Draft Report)
DOD Response: Nonconcur. Such direction is not necessary because it is
already being accomplished. The Department has procedures in place to
identify, fully disclose, and monitor corrective actions to ensure
these actions address applicable root causes of improper payments.
Recommendation 7: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to perform oversight and monitoring
activities to ensure the accuracy and completeness of the data
submitted by the DoD agencies and the military services for inclusion
in the AFR. (Page 36/GAO Draft Report)
DOD Response: Nonconcur. Such direction is not necessary because it is
already being accomplished. The Accounting and Finance Policy
Directorate performs oversight and monitoring activities to ensure the
accuracy and completeness of the data submitted by DoD Components for
inclusion in the AFR.
Recommendation 8: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to establish and implement processes
specifically designed to identify and recover commercial overpayments.
(Page 37/GAO Draft Report)
DOD Response: Nonconcur. Such direction is not necessary because it is
already being accomplished. The Department has established and
implemented processes specifically designed to identify and recover
improper commercial payments.
Recommendation 9: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to develop and implement detailed guidance
to assist DoD agencies and the military services in effectively
carrying out recovery audits and activities, including the payment and
accounting systems to be reviewed, the frequency of these reviews,
applicable roles and responsibilities, and reporting requirements.
(Page 37/GAO Draft Report)
DOD Response: Nonconcur. Such direction is not necessary because it is
already being accomplished. The Department developed and published the
Financial Management Regulation (FMR) Volume 10, Chapter 22, "Recovery
Auditing," in December 2005 to assist DoD Components in effectively
carrying out recovery audits and activities. An update to this chapter
is currently in Departmental coordination. We anticipate that the
updated will be published by the end of FY 2009 for FY 2010 reporting.
Recommendation 10: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to establish and implement a process to
identify costs related to the department's recovery auditing program,
including costs for employees' salaries. (Page 37/GAO Draft Report)
DOD Response: Concur. The Department will establish and implement a
process to identify costs related to the Department's recovery auditing
program, including costs for employees' salaries. We plan to begin
implementation for FY 2010 reporting.
Recommendation 11: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to establish and implement a process to
identify and report vendor overpayments and the associated recovered
amounts. (Page 37/GAO Draft Report)
DOD Response: Nonconcur. Such direction is not necessary because it is
already being accomplished. The Department has established and
implemented processes specifically designed to identify and recover
commercial (which includes vendor) overpayments and the associated
recovered amounts.
Recommendation 12: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to maintain documentation to support the
amounts reported in the AFR to allow for independent evaluation of this
information. (Page 37/GAO Draft Report)
DOD Response: Nonconcur. Such direction is not necessary because it is
already being accomplished. The Department maintains documentation to
support the amounts reported in the AFR.
Recommendation 13: The GAO recommends that the Secretary of Defense
direct the DoD Comptroller to perform oversight and monitoring
activities to ensure the accuracy and completeness of the data
submitted by the DoD agencies and the military services for inclusion
in the AFR. Also, document the roles and responsibilities of the
Recovery Auditing Project Officer. (Page 37/GAO Draft Report)
DOD Response: Recommendation 13 is a duplicate of 7 except for the last
sentence. Nonconcur with the final sentence. The roles and
responsibilities of the Recovery Auditing Project Officer already are
documented.
[End of section]
Appendix V: GAO Contacts and Staff Acknowledgments:
GAO Contact:
Kay L. Daly, (202) 512-9095 or dalykl@gao.gov:
Acknowledgments:
In addition to the contact named above, Carla Lewis, Assistant
Director; Sharon Byrd; Francis Dymond; Vanessa Estevez; Patrick Frey;
Jason Kirwan; Crystal Lazcano; Sophie Simonard-Norman; Pamela
Valentine; and David Yoder made key contributions to this report.
[End of section]
Footnotes:
[1] Improper payments are defined as any payment that should not have
been made or that was made in an incorrect amount (including
overpayments and underpayments) under statutory, contractual,
administrative, or other legally applicable requirements. It also
includes any payment to an ineligible recipient or ineligible service,
duplicate payments, payments for services not received, and any payment
for an incorrect amount.
[2] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002).
[3] Appendix C to OMB Circular No. A-123, Requirements for Effective
Measurement and Remediation of Improper Payments (Aug. 10, 2006).
[4] OMB's guidance defines significant improper payments as those in
any particular program that exceed both 2.5 percent of program payments
and $10 million annually. For improper payment estimates exceeding $10
million, IPIA and OMB guidance requires agencies to develop action
plans to reduce improper payments.
[5] National Defense Authorization Act for Fiscal Year 2002, Pub. L.
No. 107-107, div. A, title VIII, § 831, 115 Stat. 1012, 1186 (Dec. 28,
2001), codified at 31 U.S.C. §§ 3561-3567.
[6] GAO, High-Risk Series: Defense Contract Pricing, [hyperlink,
http://www.gao.gov/products/GAO/HR-93-8] (Washington, D.C.: December
1992); High-Risk Series, [hyperlink,
http://www.gao.gov/products/GAO/HR-95-1] (Washington, D.C.: February
1995); High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-07-310] (Washington, D.C.: January
2007).
[7] GAO, High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: January
2009).
[8] Prior to fiscal year 2007, executive branch agencies were required
to report improper payment information in their PAR. Beginning with
fiscal year 2007, OMB established a pilot program for the AFR in which
select agencies alternatively presented their PAR information,
including improper payment and recovery audit information, in a
condensed format. DOD is one of nine agencies that issued an AFR for
fiscal year 2008.
[9] DFAS is responsible for providing professional, financial, and
accounting services to DOD and other federal agencies. It delivers
mission-essential payroll, contract and vendor pay, and accounting
services. Five DFAS offices--Columbus, Indianapolis, Cleveland,
Limestone, and Rome--processed contract and vendor payments. DFAS-
Columbus processes DOD's largest payment activity, commercial payments.
For our period of review, DFAS-Kansas City was responsible for
identifying and estimating improper payments for military and civilian
pay. DFAS-Kansas City was closed in July 2008 due to a base realignment
and closure decision.
[10] We initiated preliminary audit work under a separate job code in
February 2008 and orally briefed your subcommittee on this work in June
2008.
[11] GAO, DOD Travel Cards: Control Weaknesses Led to Millions in
Fraud, Waste, and Improper Payments, [hyperlink,
http://www.gao.gov/products/GAO-04-825T] (Washington, D.C.: June 9,
2004); Financial Management: Challenges in Meeting Requirements of the
Improper Payments Information Act, [hyperlink,
http://www.gao.gov/products/GAO-05-417] (Washington, D.C.: Mar. 31,
2005); Improper Payments: Agencies' Fiscal Year 2005 Reporting Under
the Improper Payments Information Act Remains Incomplete, [hyperlink,
http://www.gao.gov/products/GAO-07-92] (Washington, D.C.: Nov. 14,
2006); Improper Payments: Incomplete Reporting under the Improper
Payments Information Act Masks the Extent of the Problem, [hyperlink,
http://www.gao.gov/products/GAO-07-254T] (Washington, D.C.: Dec. 5,
2006); Improper Payments: Agencies' Efforts to Address Improper Payment
and Recovery Auditing Requirements Continue, [hyperlink,
http://www.gao.gov/products/GAO-07-635T] (Washington, D.C.: Mar. 29,
2007); Improper Payments: Status of Agencies' Efforts to Address
Improper Payment and Recovery Auditing Requirements, [hyperlink,
http://www.gao.gov/products/GAO-08-438T] (Washington, D.C.: Jan. 31,
2008); and Improper Payments: Progress Made but Challenges Remain in
Estimating and Reducing Improper Payments, [hyperlink,
http://www.gao.gov/products/GAO-09-628T] (Washington, D.C.: Apr. 22,
2009).
[12] GAO, DOD Travel Improper Payments: Fiscal Year 2006 Reporting Was
Incomplete and Planned Improvement Efforts Face Challenges, [hyperlink,
http://www.gao.gov/products/GAO-08-16] (Washington, D.C.: Dec. 14,
2007).
[13] DOD OIG Report, Identification and Reporting of DOD Erroneous
Payments, D-2005-100 (Aug. 17, 2005); Identification and Reporting of
Improper Payments through Recovery Auditing, D-2007-110 (July 9, 2007);
and Identification and Reporting of Improper Payments by the Defense
Logistics Agency, D-2008-096 (May 20, 2008).
[14] DOD OIG Report, Identification and Reporting of Improper Payment
Refunds from DOD Contractors, D-2008-043 (Jan. 31, 2008).
[15] DOD OIG Report, D-2007-110.
[16] GAO, Improper Payments: Status of Agencies' Efforts to Address
Improper Payment and Recovery Auditing Requirements, [hyperlink,
http://www.gao.gov/products/GAO-08-438T] (Washington, D.C.: Jan. 31,
2008).
[17] The IPIA annual survey requires agencies and military services to
perform a risk assessment of all programs and activities that may be
susceptible to erroneous payments and to report improper payment
information. The agency and military services' submissions are to be
based on fiscal year disbursements, and identify both the gross totals
of overpayments and underpayments and the methodology used to estimate
improper payments.
[18] For fiscal year 2007, the Accounting and Finance Policy
Directorate distributed the survey to 33 entities. Of the 33 entities,
22 reported that they did not process payments for fiscal year 2007 and
deferred to their applicable payment processing center responsible for
conducting the risk assessment. The remaining 11 entities either
processed their own payments or were DOD payment processing centers.
Only 9 of those 11 DOD entities reported conducting risk assessments
for one or more of the six payment activities reviewed under IPIA.
[19] Contract payments include disbursements for complex, multi-year
purchases with high dollar amounts, such as weapon systems. Vendor
payments include purchases for day-to-day goods and services, such as
food, fuel, and transportation.
[20] GAO, Standards for Internal Control in the Federal Government,
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
(Washington, D.C.: November 1999).
[21] The nine components were the Departments of the Army, the Navy,
and the Air Force; the United States Marine Corps; the Defense Finance
and Accounting Service; the Defense Security Service; the National
Geospatial Intelligence Agency; the United States Army Corps of
Engineers; and the TRICARE Management Activity. These components
reported on one or more of the following six payment activities:
civilian pay, commercial pay, military health benefits, military pay,
military retirement pay, and travel pay.
[22] DOD's Statement of Budgetary Resources for fiscal year 2007
reported gross outlays of about $815 billion. The Statement of
Budgetary Resources is prepared independently from the DOD office
responsible for addressing IPIA requirements.
[23] Appendix C to OMB Circular No. A-123, pt. I(E); [hyperlink,
http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[24] [hyperlink, http://www.gao.gov/products/GAO-09-271].
[25] [hyperlink, http://www.gao.gov/products/GAO-07-92].
[26] For the military health benefits payment activity, the confidence
level TRICARE Management Agency used to test the denied claims
component was 80 percent, instead of the 90 percent confidence level
required by OMB guidance. However, we determined that the impact of
this deviation was immaterial. For the travel payment activity, DFAS
performed a duplicate review for one of its component systems, the
Integrated Automated Travel System. We previously reported that these
duplicate reviews could not be used to estimate the value of improper
payments to the entire population. We recommended, and DOD agreed, to
establish and implement procedures to report a valid improper payment
estimate for the population. See GAO, DOD Travel Improper Payments:
Fiscal Year 2006 Reporting Was Incomplete and Planned Improvement
Efforts Face Challenges, [hyperlink,
http://www.gao.gov/products/GAO-08-16] (Washington, D.C.: Dec. 14,
2007). We determined that for fiscal year 2008, DFAS had developed a
statistically valid methodology for the travel payment activity.
[27] [hyperlink, http://www.gao.gov/products/GAO-08-77].
[28] Appendix C to OMB Circular No. A-123, pt. II (D)(2).
[29] Examples of classes of contracts that OMB allows agencies to
exclude from recovery auditing activities include cost-type contracts
that have not been completed and whose payments are subject to further
adjustment by the government and cost-type contracts that have been
completed and subjected to a final contract audit.
[30] The $62 million comprised various types of contractor-caused
overpayments, including payments of duplicate invoices, invoice amounts
with errors, and payments made to the wrong contractor due to errors in
how the contractor entered its information. DFAS officials told us that
these payment errors are not considered improper payments because the
errors were not made or caused by DFAS. This distinction based on the
source of the error is not supported by IPIA or OMB guidance. The $92
million of potential improper payments included payments made by DFAS
prior to the receipt of a contract modification and payments subject to
court rulings and other legal settlements.
[31] An award fee is an amount that the contractor may earn, in whole
or in part, during contract performance that is sufficient to provide
motivation for excellence in such areas as quality, timeliness, and
cost-effective management.
[32] DCAA, Report on Evaluation of Over Payments and Associated
Interest, Audit Report No. 3711-2007A17900011 (Aug. 31, 2007). DCAA
performed an audit after the contractor notified DCMA and DCAA of
potential duplicate billing errors. These payment errors occurred over
a 5-year period from July 2002 through July 2007. Subsequently the
contractor reimbursed DOD for the $267 million through an offset
against a current invoice that DOD had not yet paid and wrote the
government a check for $28 million in interest.
[33] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[34] [hyperlink, http://www.gao.gov/products/GAO-08-16].
[35] OMB defines a recovery audit program as an agency's overall plan
for the performance of recovery audits and recovery activities. The
head of the agency will determine the manner and combination of
recovery audits and activities that are expected to yield the most cost-
effective recovery audit program for the agency.
[36] See Appendix C to OMB Circular No. A-123, pt. II. OMB guidance
identifies the following types of overpayments or payment errors that a
recovery audit should target: duplicate payments; errors on invoices or
financing requests; failure to reduce payments by applicable sales
discounts, cash discounts, rebates, or other allowances; payments for
items not received; mathematical or other errors in determining payment
amounts and executing payments; and failure to obtain credit for
returned merchandise.
[37] BRAC is the process DOD has used to reorganize its installation
infrastructure to more efficiently and effectively support its forces,
increase operational readiness, and facilitate new ways of doing
business. According to DFAS, its largest vendor pay systems reviewed as
part of the BRAC examination include Commercial Accounts Payable System-
Windows (CAPS-W), Commercial Accounts Payable System-Clipper (CAPS-
Clipper), Standard Accounting and Reporting System-One Pay (One Pay),
and Integrated Accounts Payable System (IAPS).
[38] DOD OIG Reports, Financial Management Contracts Classified as
Unreconcilable by the Defense Finance and Accounting Service Columbus
Contract NO. F30602-81-C-0153, D-2005-040 (Mar. 14, 2005) and Financial
Management Contracts Classified as Unreconcilable by the Defense
Finance and Accounting Service Columbus Contract DCAA09-81-G-2008/
0031, D-2005-047 (Apr. 1, 2005).
[39] We note that DCAA's voucher reviews and incurred cost audits might
find some payments that are overpayments under the Recovery Auditing
Act such as payments that are unallowable because they are duplicates.
However, DCAA's work is not designed to detect all overpayments under
the Recovery Auditing Act.
[40] CDS is a debt collection and reporting system used by the DFAS-
Columbus Debt Management Office to track new and existing contractor
debt owed to the government.
[41] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[42] On July 10, 2009, DOD informed us that the roles and
responsibilities of the Recovery Auditing Project Officer would be
included in its revised chapter in the DOD Financial Management
Regulation, Volume 10, Chapter 22, "Recovery Auditing". DOD anticipates
that the updated chapter will be published by the end of the fiscal
year 2009.
[43] For fiscal year 2007, the Project Officer for Improper Payments
and Recovery Auditing had dual responsibility for overseeing DOD's
improper payment and recovery auditing activities. In November 2007,
DOD established the Recovery Auditing Project Officer position to
oversee DOD's recovery audit program. The Office of the Comptroller
informed us that the Recovery Auditing Project Officer estimated that
up to 25 percent of her time was devoted to overseeing recovery
auditing activities, as this was an added responsibility to other
duties she was assigned in the Office of the Comptroller. From March
2008 to August 2008, due to staff turnover, DOD reverted back to one
person who had dual improper payment and recovery auditing
responsibilities. For this time period, the Project Officer for
Improper Payments and Recovery Auditing told us that she devoted only
10 percent of her time to overseeing recovery auditing activities.
Again, in September 2008, the Office of the Comptroller filled the
Recovery Auditing Project Officer position and that person devoted
between 35-40 percent of her time to overseeing recovery auditing
activities at DOD.
[44] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1].
[45] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002); and National
Defense Authorization Act for Fiscal Year 2002, Pub. L. No. 107-107,
div. A, title VIII, § 831, 115 Stat. 1012, 1186 (Dec. 28, 2001),
codified at 31 U.S.C. §§ 3561-3567.
[46] Appendix C to OMB Circular No. A-123, Requirements for Effective
Measurement and Remediation of Improper Payments (Aug. 10, 2006).
[47] DOD's Financial Management Regulation (FMR) Volume 4, Chapter 14,
Improper Payments.
[48] GAO, DOD Travel Cards: Control Weaknesses Led to Millions in
Fraud, Waste, and Improper Payments, [hyperlink,
http://www.gao.gov/products/GAO-04-825T] (Washington, D.C.: June 9,
2004); Financial Management: Challenges in Meeting the Requirements of
the Improper Payments Information Act, [hyperlink,
http://www.gao.gov/products/GAO-05-417] (Washington, D.C.: Mar. 31,
2005); Improper Payments: Agencies' Fiscal Year 2005 Reporting Under
the Improper Payments Information Act Remains Incomplete, [hyperlink,
http://www.gao.gov/products/GAO-07-92] (Washington, D.C.: Nov. 14,
2006); Improper Payments: Incomplete Reporting under the Improper
Payments Information Act Masks the Extent of the Problem, [hyperlink,
http://www.gao.gov/products/GAO-07-254T] (Washington, D.C.: Dec. 5,
2006); Improper Payments: Agencies' Efforts to Address Improper
Payments and Recovery Auditing Requirements Continue, [hyperlink,
http://www.gao.gov/products/GAO-07-635T] (Washington, D.C.: Mar. 29,
2007); and Improper Payments: Status of Agencies' Efforts to Address
Improper Payment and Recovery Auditing Requirements, [hyperlink,
http://www.gao.gov/products/GAO-08-438T] (Washington, D.C.: Jan. 31,
2008).
[49] DOD OIG Reports, Identification and Reporting of DOD Erroneous
Payments, D-2005-100 (Aug. 17, 2005); Identification and Reporting of
Improper Payments through Recovery Auditing, D-2007-110 (July 9, 2007);
and Identification and Reporting of Improper Payments by the Defense
Logistics Agency, D-2008-096 (May 20, 2008).
[50] See Appendix C to OMB Circular No. A-123, pt. II.
[51] DOD FMR, Volume 5, Chapter 1 and Volume 10, Chapters 1, 18, 20,
and 22.
[52] GAO, Contract Management: Recovery Auditing Offers Potential to
Identify Overpayments, [hyperlink,
http://www.gao.gov/products/GAO/NSIAD-99-12] (Washington, D.C.: Dec. 3,
1998); Contract Management: DOD is Examining Opportunities to further
Use Recovery Auditing, [hyperlink,
http://www.gao.gov/products/GAO/NSIAD-99-78] (Washington, D.C.: Mar.
17, 1999); Recovery Auditing: Reducing Overpayments, Achieving
Accountability, and the Government Waste Corrections Act of 1999,
[hyperlink, http://www.gao.gov/products/GAO/T-NSIAD-99-213]
(Washington, D.C.: June 29, 1999); and Contract Management: DOD Could
Benefit From the Use of Internal Recovery Auditing, [hyperlink,
http://www.gao.gov/products/GAO/NSIAD-00-66R] (Washington, D.C.: Mar.
10, 2000).
[532] DOD OIG, Financial Management: DOD Recovery Audit Program, D-2005-
101 (Aug. 17, 2005); Identification and Reporting of Improper Payments
Through Recovery Auditing, D-2007-110 (July 9, 2007).
[54] [0] DCAA Contract Audit Manual chapter 6 and DCMA Guidebook
Contract Closeout.
[55] For military health benefits, its sample of denied claims used a
confidence level of 80 percent, which was not in accordance with OMB
guidance. However, we determined that this deviation was immaterial.
[56] Appendix C to OMB Circular No. A-123, Requirements for Effective
Measurement and Remediation of Improper Payments (Aug. 10, 2006).
[57] For its other travel payment system, the Integrated Automated
Travel System, DFAS performed a duplicate payment review for fiscal
year 2007. We previously reported that these duplicate reviews cannot
be used to estimate the value of improper payments to the entire
population. DOD agreed with our recommendation to establish and
implement procedures to report a valid improper payment estimate for
the population. See GAO, DOD Travel Improper Payments: Fiscal Year 2006
Reporting Was Incomplete and Planned Improvement Efforts Face
Challenges, [hyperlink, http://www.gao.gov/products/GAO-08-16]
(Washington, D.C.: Dec. 14, 2007). We determined for fiscal year 2008
that DFAS had developed a statistically valid methodology to estimate
its travel improper payments.
[58] Army Korea did not submit its IPIA Survey response in time to be
included in the fiscal year 2007 AFR.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
