Department of Homeland Security
Challenges in Implementing the Improper Payments Information Act and Recovering Improper Payments Gao ID: GAO-07-913 September 19, 2007The federal government is accountable for how its agencies and grantees spend more than $2 trillion of taxpayer dollars and is responsible for safeguarding those funds against improper payments as well as for recouping those funds when improper payments occur. The Congress enacted the Improper Payments Information Act of 2002 (IPIA) and the Recovery Auditing Act to address these issues. Fiscal year 2006 marked the third year that agencies were required to report improper payment and recovery audit information in their Performance and Accountability Reports. The Department of Homeland Security (DHS) reported limited information during these 3 years. GAO was asked to (1) determine the extent to which DHS has implemented the requirements of IPIA, (2) identify actions DHS has under way to improve IPIA compliance and reporting, and (3) determine what efforts DHS has in place to recover improper payments. To accomplish this, GAO analyzed DHS's internal guidance and action plans, and reviewed information reported in its Performance and Accountability Reports.
DHS has made some progress in implementing IPIA requirements, but much more work remains for the agency to become compliant with IPIA. For example, while DHS has made progress in identifying its programs, for fiscal year 2006, the agency did not perform the required first step--a risk assessment--on approximately $13 billion of its more than $29 billion in disbursements subject to IPIA. Until DHS fully assesses its programs, the potential magnitude of improper payments is unknown. For the remaining $16 billion, DHS determined that two programs-- Individuals and Households Program (IHP) assistance payments and disaster-related vendor payments--were at high risk for issuing improper payments and reported related estimates. For the $13 billion for which no risk assessment was performed, DHS has encountered challenges with IPIA implementation. Of this amount, over $6 billion relates to payments for grant programs. Developing a plan to assess risk and potentially test grant payments is important given that the DHS Office of Inspector General, GAO, and other auditors have identified weaknesses in grant programs. This will allow DHS to gain a better understanding of its risk for improper payments and potentially reduce future improper payments. DHS has actions under way to improve IPIA reporting and compliance, but does not plan to be fully compliant in fiscal year 2007. DHS has prepared a plan to address its noncompliance with IPIA, which included updating its guidance to focus on program identification and risk assessments to build a foundation for a sustainable IPIA program. In addition, DHS has developed plans to reduce improper payments related to its two identified high-risk programs. However, until DHS fully completes the required risk assessments for all of its programs and then estimates for risk-susceptible programs, it is not known whether other programs have significant improper payments that also need to be addressed. In addition, DHS's efforts to recover improper payments could be improved. According to DHS, four of its components meet the criteria for recovery auditing as specified in the Recovery Auditing Act. These four components make at least $4 billion of contractor payments each fiscal year. DHS encountered problems that kept it from reporting on recovery audit efforts during fiscal year 2006 for three of the four components, and did not perform recovery auditing at the fourth component. In March 2007, DHS revised its guidance to clarify what is expected; however, ongoing oversight will be necessary to monitor the components' progress. In addition, DHS has reported limited information on its efforts to recover specific improper payments identified during its testing of high-risk programs. Although DHS is not currently required to do so, reporting this information would provide a more complete picture of the agency's actions to recover payments that it has identified as being improper.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-07-913, Department of Homeland Security: Challenges in Implementing the Improper Payments Information Act and Recovering Improper Payments
This is the accessible text file for GAO report number GAO-07-913
entitled 'Department of Homeland Security: Challenges in Implementing
the Improper Payments Information Act and Recovering Improper Payments'
which was released on October 19, 2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Congressional Requesters:
United States Government Accountability Office:
GAO:
September 2007:
Department Of Homeland Security:
Challenges in Implementing the Improper Payments Information Act and
Recovering Improper Payments:
DHS Improper Payments:
GAO-07-913:
GAO Highlights:
Highlights of GAO-07-913, a report to congressional requesters.
Why GAO Did This Study:
The federal government is accountable for how its agencies and grantees
spend more than $2 trillion of taxpayer dollars and is responsible for
safeguarding those funds against improper payments as well as for
recouping those funds when improper payments occur. The Congress
enacted the Improper Payments Information Act of 2002 (IPIA) and the
Recovery Auditing Act to address these issues. Fiscal year 2006 marked
the third year that agencies were required to report improper payment
and recovery audit information in their Performance and Accountability
Reports. The Department of Homeland Security (DHS) reported limited
information during these 3 years.
GAO was asked to (1) determine the extent to which DHS has implemented
the requirements of IPIA, (2) identify actions DHS has under way to
improve IPIA compliance and reporting, and (3) determine what efforts
DHS has in place to recover improper payments. To accomplish this, GAO
analyzed DHS‘s internal guidance and action plans, and reviewed
information reported in its Performance and Accountability Reports.
What GAO Found:
DHS has made some progress in implementing IPIA requirements, but much
more work remains for the agency to become compliant with IPIA. For
example, while DHS has made progress in identifying its programs, for
fiscal year 2006, the agency did not perform the required first step”a
risk assessment”on approximately $13 billion of its more than $29
billion in disbursements subject to IPIA. Until DHS fully assesses its
programs, the potential magnitude of improper payments is unknown.
* For the remaining $16 billion, DHS determined that two
programs”Individuals and Households Program (IHP) assistance payments
and disaster-related vendor payments”were at high risk for issuing
improper payments and reported related estimates.
* For the $13 billion for which no risk assessment was performed, DHS
has encountered challenges with IPIA implementation. Of this amount,
over $6 billion relates to payments for grant programs. Developing a
plan to assess risk and potentially test grant payments is important
given that the DHS Office of Inspector General, GAO, and other auditors
have identified weaknesses in grant programs. This will allow DHS to
gain a better understanding of its risk for improper payments and
potentially reduce future improper payments.
DHS has actions under way to improve IPIA reporting and compliance, but
does not plan to be fully compliant in fiscal year 2007. DHS has
prepared a plan to address its noncompliance with IPIA, which included
updating its guidance to focus on program identification and risk
assessments to build a foundation for a sustainable IPIA program. In
addition, DHS has developed plans to reduce improper payments related
to its two identified high-risk programs. However, until DHS fully
completes the required risk assessments for all of its programs and
then estimates for risk-susceptible programs, it is not known whether
other programs have significant improper payments that also need to be
addressed.
In addition, DHS‘s efforts to recover improper payments could be
improved. According to DHS, four of its components meet the criteria
for recovery auditing as specified in the Recovery Auditing Act. These
four components make at least $4 billion of contractor payments each
fiscal year. DHS encountered problems that kept it from reporting on
recovery audit efforts during fiscal year 2006 for three of the four
components, and did not perform recovery auditing at the fourth
component. In March 2007, DHS revised its guidance to clarify what is
expected; however, ongoing oversight will be necessary to monitor the
components‘ progress. In addition, DHS has reported limited information
on its efforts to recover specific improper payments identified during
its testing of high-risk programs. Although DHS is not currently
required to do so, reporting this information would provide a more
complete picture of the agency‘s actions to recover payments that it
has identified as being improper.
What GAO Recommends:
GAO makes four recommendations to DHS to help improve its efforts to
implement IPIA and recover improper payments. DHS concurred with the
recommendations.
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-913].
To view the full product, including the scope and methodology, click on
the link above. For more information, contact McCoy Williams at (202)
512-9095 or williamsm1@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
DHS Has Made Some Progress in Implementing the Requirements of IPIA,
but Remains Noncompliant:
While DHS Has Developed Plans to Address IPIA Requirements and Reduce
Improper Payments, Full Implementation Will Be Longer Term:
DHS's Efforts to Comply with the Recovery Auditing Act and to Recover
Improper Payments Need to Be Enhanced:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Scope and Methodology:
Appendix II: Comments from the Department of Homeland Security:
Appendix III: Prior-Year IPIA Reporting by DHS and Its Independent
Auditor:
Appendix IV: DHS Grant Programs:
Appendix V: Corrective Action Plans for High-Risk Programs:
Appendix VI: GAO Contact and Staff Acknowledgments:
Tables:
Table 1: DHS Fiscal Year 2006 IPIA Programs (based on fiscal year 2005
disbursements):
Table 2: Summary of DHS's Corrective Action Plan for IPIA Compliance as
of June 7, 2007:
Table 3: Summary of Critical Milestones in DHS's Corrective Action Plan
for IPIA Compliance Related to Fiscal Year 2007:
Table 4: Recovery Audit Results for Fiscal Years 2004 through 2006:
Table 5: Prior-Year IPIA Reporting by DHS:
Table 6: DHS Grant Programs and Related Information:
Table 7: DHS's Incomplete Critical Milestones for Its IHP Corrective
Action Plan, Status as of May 14, 2007:
Table 8: DHS's Incomplete Critical Milestones for Its Disaster-Related
Vendor Payments Corrective Action Plan, Status as of May 14, 2007:
Figure:
Figure 1: Required Steps to Identify, Estimate, Reduce, and Report
Improper Payment Information:
Abbreviations:
CBP: Customs and Border Protection:
CFDA: Catalog of Federal Domestic Assistance:
CFO: chief financial officer:
CIS: Citizenship and Immigration Services:
COTR: contracting officer technical representative:
CPO: chief procurement officer:
DHS: Department of Homeland Security:
FAC: Federal Audit Clearinghouse:
FAM: Federal Air Marshals:
FEMA: Federal Emergency Management Agency:
FLETC: Federal Law Enforcement Training Center:
FYHSP: Future Years Homeland Security Program:
GPO: Office of Grant Policy and Oversight:
GT: Office of Grants and Training:
ICE: Immigration and Customs Enforcement:
ICOFR: Internal Controls over Financial Reporting:
IFMIS: Integrated Financial Management Information System:
IHP: Individuals and Households Program:
IPIA: Improper Payments Information Act of 2002:
IT: information technology:
NEMIS: National Emergency Management Information System:
NFIP: National Flood Insurance Program:
OCFO: Office of the Chief Financial Officer:
OFM: Office of Financial Management:
OGC: Office of General Counsel:
OIG: Office of Inspector General:
OMB: Office of Management and Budget:
PAR: Performance and Accountability Report:
PMA: President's Management Agenda:
PMO: Program Management Office:
S&T: Science and Technology:
TAFS: Treasury Appropriation Fund Symbol:
TSA: Transportation Security Administration:
USCG: United States Coast Guard:
USSS: United States Secret Service:
US-VISIT: United States Visitor and Immigrant Status Indicator
Technology:
United States Government Accountability Office:
Washington, DC 20548:
September 19, 2007:
The Honorable Joseph I. Lieberman:
Chairman:
The Honorable Susan M. Collins:
Ranking Member:
Committee on Homeland Security and Governmental Affairs:
United States Senate:
The Honorable Thomas R. Carper:
Chairman:
The Honorable Tom Coburn:
Ranking Member:
Subcommittee on Federal Financial Management, Government Information,
Federal Services, and International Security:
Committee on Homeland Security and Governmental Affairs:
United States Senate:
Over the past several years, our work has shown that improper payments
continue to be a substantial problem for federal agencies. As the
steward of taxpayer dollars, the federal government is accountable for
how its agencies and grantees spend more than $2 trillion of taxpayer
dollars each year and is responsible for safeguarding those funds
against improper payments. Fiscal year 2004 marked the first year in
which agencies were required to report improper payments[Footnote 1]
information in their Performance and Accountability Reports (PAR) under
the Improper Payments Information Act of 2002 (IPIA).[Footnote 2] As a
result, federal agencies reported an estimated $46 billion in improper
payments for fiscal year 2004. Although governmentwide reported amounts
of estimated improper payments decreased between fiscal year 2004 and
fiscal year 2006, the reported amount in fiscal year 2006 included more
than $800 million as a result of improper disaster-related payments
made by the Federal Emergency Management Agency (FEMA) within the
Department of Homeland Security (DHS) in response to the 2005 Gulf
Coast hurricanes. Since its establishment in March 2003, DHS, whose
annual budget generally tops $30 billion, has yet to comply with IPIA.
Moreover, during fiscal year 2006, its independent auditors continued
to report significant internal control weaknesses such as weaknesses in
financial management and oversight, and a weak control environment. A
weak internal control environment increases an agency's susceptibility
to improper payments.
Generally, agencies, including DHS, must perform four key steps to
address the specific improper payment reporting requirements found in
IPIA and related Office of Management and Budget (OMB) guidance--(1)
perform a risk assessment of all programs and activities, (2) estimate
improper payments for risk-susceptible programs and activities, (3)
implement a plan to reduce improper payments for programs with
estimates exceeding $10 million, and (4) annually report improper
payment estimates and actions to reduce them. In addition, agencies
that enter into contracts with a total value exceeding $500 million in
a fiscal year are required under section 831 of the National Defense
Authorization Act for Fiscal Year 2002, commonly known as the Recovery
Auditing Act, to have cost-effective programs for identifying errors in
payments to contractors and for recovering amounts erroneously
paid.[Footnote 3]
Given the reported condition of DHS's internal controls and reported
noncompliance with IPIA, you asked us to conduct a review of the
department's implementation of IPIA. Specifically, our objectives were
to (1) determine the extent to which DHS has implemented the
requirements of IPIA, (2) identify actions DHS has under way to improve
IPIA compliance and reporting, and (3) determine what efforts DHS has
in place to recover improper payments. To address these objectives, we
reviewed applicable improper payments legislation, OMB guidance, and
agency Office of Inspector General (OIG) reports. We also reviewed
improper payment information reported in DHS's PARs over the past 3
fiscal years (2004-2006). In addition, we analyzed DHS's regulations
and methodology for identifying programs and activities highly
susceptible to improper payments, interviewed officials from the Office
of the Chief Financial Officer (OCFO), reviewed workpapers prepared by
DHS's independent auditor, and summarized the results of this review.
In addition, we reviewed DHS's plans to reduce improper payments and
become compliant with IPIA and the Recovery Auditing Act.
To assess the reliability of data reported in DHS's PARs related to
improper payments and recovery audit efforts, we (1) reviewed existing
information about the data and the system that produced them and (2)
interviewed agency officials knowledgeable about the data. We
determined that the data were sufficiently reliable for the purposes of
this report. We conducted our work from October 2006 through June 2007
in accordance with generally accepted government auditing standards.
See appendix I for more details on our scope and methodology.
Results in Brief:
DHS has made some progress over the last 3 fiscal years in attempting
to fully implement IPIA requirements, but much more work remains to be
done. Although DHS has made progress in identifying its programs, for
fiscal year 2006, DHS had not yet performed the required first step--a
risk assessment--on programs with approximately $13 billion of its more
than $29 billion in disbursements subject to IPIA. For the remaining
$16 billion in DHS disbursements subject to IPIA, DHS determined that
two programs were at high risk for issuing improper payments--the
Individuals and Households Program (IHP) assistance payments and
disaster-related vendor payments. DHS performed statistical sample
testing of these programs and estimated FEMA improper payments (step 2)
from September 2005 through March 2006 of $450 million (8.56 percent)
of IHP assistance payments and $319 million (7.44 percent) of disaster-
related vendor payments.[Footnote 4]
DHS has developed plans to reduce future improper payments for these
two programs (step 3) and reported these estimates in its fiscal year
2006 PAR (step 4). However, DHS's independent auditor found that the
time period covered for testing and reporting (i.e., September 2005
through March 2006) was not in accordance with OMB's implementing
guidance, which also contributed to DHS's inability to meet the
requirements of IPIA. While DHS concluded that none of its other
programs that DHS subjected to a risk assessment met OMB's criteria for
susceptibility to significant improper payments, the basis for this
conclusion was limited in scope. For example, DHS only tested programs
with disbursements greater than $100 million and did not perform a
qualitative risk assessment of all program operations such as an
assessment of internal controls, oversight and monitoring activities,
and results from external audits.[Footnote 5]
For the programs with $13 billion in payments for which no risk
assessment was performed in fiscal year 2006, DHS has encountered
challenges with IPIA implementation. Of this amount, over $6 billion
relates to payments for grant programs, including $3 billion in
payments made for the National Flood Insurance Program (NFIP).
Performing risk assessments of grant programs and testing grant
payments can be difficult because of the many layers of grant
recipients, as well as the types of recipients and number of grant
programs. During fiscal year 2006, DHS awarded grants to over 5 million
recipients for 70 different grant programs. Developing a plan to assess
risk and potentially test grant payments is important given the fact
that the DHS OIG has identified weaknesses in grant programs and
considers grants management to be one of DHS's major management
challenges. Another challenge for DHS is that we recently added the
NFIP, one of DHS's largest grant programs, to our high-risk list in
March 2006.[Footnote 6] Assessing grant programs, and if necessary,
performing IPIA testing, will allow DHS to gain an understanding of its
risk for improper payments and potentially reduce future improper
payments.
DHS has actions under way to improve IPIA reporting and compliance, but
does not plan to be compliant in fiscal year 2007 and will likely not
be compliant in fiscal year 2008. Actions under way include developing
plans to reduce improper payments related to its two identified high-
risk disaster-related programs and preparing departmentwide corrective
action plans to address internal control weaknesses and noncompliance
issues, including those related to IPIA. In addition, DHS recently
updated its guidance for implementing IPIA and plans to focus on
program identification and risk assessments to build a foundation for a
sustainable IPIA program, rather than aiming for compliance during
fiscal year 2007. The agency also plans to hold workshops for its
components on sample testing and reporting to ensure that they have a
consistent understanding of what is expected with regard to IPIA
testing and reporting. While DHS's plans appear to address IPIA
compliance issues, implementation will take significant time and effort
as DHS has already missed some key milestones related to the
identification of IPIA programs for each agency component. Solidifying
its identification of IPIA programs and completing a thorough risk
assessment process will be important first steps to adequately address
IPIA reporting requirements.
Lastly, we identified several weaknesses in DHS's efforts to recover
known improper payments and to comply with the Recovery Auditing Act.
According to DHS, four of its components--Immigration and Customs
Enforcement (ICE), Customs and Border Protection (CBP), U.S. Coast
Guard (USCG), and FEMA--meet the criteria for recovery auditing as
specified in the Recovery Auditing Act (i.e., each has over $500
million in annual contractor payments).[Footnote 7] DHS began recovery
auditing efforts during fiscal year 2004, hiring an independent
contractor who conducted recovery audit work at two major components,
ICE and CBP; however, DHS was not able to report on these efforts for
that year because initial findings were not available in time to be
included in its annual PAR. DHS continued these efforts in fiscal year
2005 and its contractor identified more than $2.1 million of improper
payments and recovered more than $1.2 million (over 50 percent of
identified improper payments). However, when DHS attempted to expand
its recovery audit efforts to USCG, it encountered problems with
obtaining disbursement data. In addition, DHS reported that delays in
obtaining security clearances for contract personnel severely hampered
completion of recovery audit work at CBP and ICE during fiscal year
2006. As a result, DHS did not report on recovery audits during fiscal
year 2006.
In March 2007, DHS revised its guidance for recovery auditing for
fiscal year 2007--noting the disbursement data and security clearance
issues encountered in previous years--emphasizing timelines to help
ensure that all applicable components are able to complete recovery
audits and report on their efforts going forward. This guidance
clarifies what is expected of components; however, ongoing oversight by
the OCFO will be necessary to help ensure that the components are
progressing with their recovery auditing efforts and will be able to
successfully report on results at year end. In addition, DHS has not
yet reported on its efforts to recover improper payments identified
during its testing of FEMA's disaster-related vendor payments and has
reported limited information on its efforts to recover identified
improper IHP assistance payments. DHS is currently not required to
report on these efforts, but reporting this information would provide a
more complete picture of the agency's actions to recover payments that
it has identified as being improper.
We are making four recommendations to DHS to help improve its efforts
to implement IPIA and recover improper payments by focusing on
performing risk assessments and reporting on efforts to recover
improper payments.
We provided a draft of this report to DHS for comment. DHS concurred
with our recommendations, and its comments, along with our evaluation,
are discussed in the Agency Comments and Our Evaluation section of this
report. The comments are also reprinted in their entirety in appendix
II.
Background:
Our work over the past several years has demonstrated that improper
payments are a long-standing, widespread, and significant problem in
the federal government. IPIA has increased visibility over improper
payments by requiring executive branch agency heads to identify
programs and activities susceptible to significant improper payments,
estimate amounts improperly paid, and report on the amounts of improper
payments and their actions to reduce them. Similarly, the Recovery
Auditing Act provides an impetus for applicable agencies to
systematically identify and recover contract overpayments. As the
steward of taxpayer dollars, the federal government is accountable for
how its agencies and grantees spend hundreds of billions of taxpayer
dollars and is responsible for safeguarding those funds against
improper payments as well as having mechanisms in place to recoup those
funds when improper payments occur.
Improper Payments Information Act of 2002:
IPIA was enacted in November 2002 with the major objective of enhancing
the accuracy and integrity of federal payments. IPIA requires executive
branch agency heads to review their programs and activities annually
and identify those that may be susceptible to significant improper
payments. For each program and activity agencies identify as
susceptible, the act requires them to estimate the annual amount of
improper payments and to submit those estimates to the Congress. The
act further requires that for programs for which estimated improper
payments exceed $10 million, agencies are to report annually to the
Congress on the actions they are taking to reduce those payments.
The act also requires the Director of OMB to prescribe guidance for
agencies to use in implementing IPIA. OMB issued implementing
guidance[Footnote 8] which requires the use of a systematic method for
the annual review and identification of programs and activities that
are susceptible to significant improper payments. The guidance defines
significant improper payments as those in any particular program that
exceed both 2.5 percent of program payments and $10 million
annually.[Footnote 9] It requires agencies to estimate improper
payments annually using statistically valid techniques for each
susceptible program or activity. For those agency programs determined
to be susceptible to significant improper payments and with estimated
annual improper payments greater than $10 million, IPIA and related OMB
guidance require each agency to annually report the results of its
efforts to reduce improper payments. OMB has stated that having high-
quality risk assessments is critical to meeting the objectives of
identifying improper payments and is essential for performing
corrective actions to eliminate payment errors.[Footnote 10] Figure 1
provides an overview of the four key steps OMB requires agencies to
perform in meeting the improper payment reporting requirements.
Figure 1: Required Steps to Identify, Estimate, Reduce, and Report
Improper Payment Information:
[See PDF for image]
Source: GAO.
[End of figure]
Recovery Auditing Act:
In addition, under certain conditions, applicable agencies are required
to report on their efforts to recover improper payments made to
contractors under section 831 of the National Defense Authorization Act
for Fiscal Year 2002, commonly known as the Recovery Auditing Act. This
legislation contains a provision that requires executive branch
agencies entering into contracts with a total value exceeding $500
million in a fiscal year to have cost-effective programs for
identifying errors in paying contractors and for recovering amounts
erroneously paid. The act further states that a required element of
such a program is the use of recovery audits and recovery activities.
The law authorizes federal agencies to retain recovered funds to cover
actual administrative costs as well as to pay other contractors, such
as collection agencies. Agencies that are required to undertake
recovery audit programs were directed by OMB to provide annual reports
on their recovery audit efforts, along with improper payment reporting
details, in an appendix to their PARs.
OMB Guidance and Initiatives:
In August 2006, OMB revised its IPIA implementing guidance. The
revision consolidates into Appendix C of OMB Circular No. A-123,
Management's Responsibility for Internal Control, all guidance for
improper payments and recovery auditing reporting.[Footnote 11] While
inconsistent with the language in IPIA, the revised guidance allows for
risk assessments to be conducted less often than annually for programs
where improper payment baselines are already established, are in the
process of being measured, or are scheduled to be measured by an
established date. Although OMB kept its criteria for defining
significant improper payments as those exceeding both 2.5 percent of
program payments and $10 million, OMB added that it may determine on a
case-by-case basis that certain programs that do not meet the threshold
may be subject to the annual reporting requirement. Additionally, the
revised guidance allows agencies to use alternative sampling
methodologies and requires agencies to report on and provide a
justification for using these methodologies in their PARs.[Footnote 12]
This revised guidance is effective for agencies' fiscal year 2006
improper payment estimating and reporting in the PARs or annual
reports.
Other OMB guidance states that agencies must describe their corrective
actions for reducing the estimate rate and amount of improper
payments.[Footnote 13] Related to corrective actions, OMB's
implementing guidance for IPIA requires that agencies implement a plan
to reduce erroneous payments, including identifying the
following.[Footnote 14]
* Root causes--For all programs and activities with erroneous payments
exceeding $10 million, agencies shall identify the reasons their
programs and activities are at risk of erroneous payments and put in
place a corrective action plan to reduce erroneous payments.
* Reduction targets--Targets are necessary for future improper payment
levels and a timeline within which the targets will be reached.
* Accountability--Ensure that their managers and accountable officers
(including the agency head) are held accountable for reducing improper
payments. Agencies shall assess whether they have the information
systems and other infrastructure needed to reduce improper payments to
minimal cost-effective levels, and identify any statutory or regulatory
barriers that may limit agencies' corrective actions in reducing
improper payments.
OMB has also established Eliminating Improper Payments as a program-
specific initiative under the President's Management Agenda (PMA). This
separate PMA program initiative began in the first quarter of fiscal
year 2005. Previously, agency efforts related to improper payments were
tracked along with other financial management activities as part of the
Improving Financial Performance initiative of the PMA. The objective of
establishing a separate initiative for improper payments was to ensure
that agency managers are held accountable for meeting the goals of IPIA
and are therefore dedicating the necessary attention and resources to
meeting IPIA requirements. This program initiative establishes an
accountability framework for ensuring that federal agencies initiate
all necessary financial management improvements for addressing this
significant and widespread problem. Specifically, agencies are to
measure their improper payments annually, develop improvement targets
and corrective actions, and track the results annually to ensure the
corrective actions are effective.
DHS Has Made Some Progress in Implementing the Requirements of IPIA,
but Remains Noncompliant:
While DHS has taken actions over the last 3 fiscal years to implement
IPIA requirements, much more work needs to be done. In each of the last
3 fiscal years, DHS was unable to perform risk assessments for all of
its programs and activities--the first step of IPIA implementation.
This and other issues, such as concerns about program identification
and testwork performed, contributed to DHS's reported noncompliance
with IPIA over the last 3 fiscal years. Until DHS is able to fully
assess its programs, the potential magnitude of improper payments
cannot be estimated.
For fiscal year 2006, DHS did not perform risk assessments on programs
with $13 billion of its $29 billion of payments subject to IPIA. Over
$6 billion of this amount related to payments for grant programs.
Performing risk assessments of grant programs and testing grant
payments can be difficult because of the many layers of grant
recipients, as well as the type of recipients and number of grant
programs. However, developing a plan to assess risk and potentially
test grant payments is important because of financial management
weaknesses reported at DHS grantees and concerns about DHS's grants
management process. Developing a plan will also allow DHS to gain an
understanding of its risk with respect to grant payments and
potentially reduce future improper payments.
DHS's Efforts to Meet IPIA Requirements:
To comply with the requirements of IPIA and related guidance from OMB,
DHS initiated a plan in fiscal year 2004 to reduce its susceptibility
to issuing improper payments by having each of its organizational
elements complete a risk assessment of major programs[Footnote 15] by
assigning each one an overall risk score. Based on this assessment,
none of DHS's programs were found to be high risk; however, DHS's
independent auditor reported that the agency was not in compliance with
IPIA mainly because it had not yet instituted a systematic method of
reviewing all programs and identifying those it believed were
susceptible to significant erroneous payments.
In fiscal year 2005, the auditor again reported noncompliance issues
regarding the adequacy of the agency's risk assessments. Based on DHS's
guidance, each component selected its largest program and completed
statistical testing. DHS regarded this quantitative selection as its
risk assessment process and did not incorporate qualitative factors. As
with fiscal year 2004, DHS reported that it did not identify any
programs or activities as being susceptible to significant improper
payments and its auditors again reported that DHS was not in compliance
with IPIA.
The DHS OCFO worked with components during fiscal year 2006 to continue
to refine the population of improper payment programs by having the
components group Treasury Appropriation Fund Symbols (TAFS)[Footnote
16] into logical, recognizable programs. After identifying the
population of disbursements for fiscal year 2006 IPIA testing, DHS
components provided the necessary payment data to a contractor with
expertise in statistical testing. The contractor constructed stratified
sampling plans and samples for DHS components to perform IPIA testing
for DHS's risk assessment process. This testing was expanded from
fiscal year 2005 to include, based on DHS's revised guidance, all DHS
programs issuing more than $100 million of IPIA-relevant
payments.[Footnote 17] Two programs were found to be high risk.
However, despite these efforts, DHS's independent auditor found that
the agency was still not in compliance with IPIA as reported in its
fiscal year 2006 PAR, primarily because not all programs subject to
IPIA were tested, and the population of disbursements tested for some
programs was not complete. Appendix III contains additional information
about DHS's prior year IPIA PAR reporting and compliance issues
reported by its independent auditor.
Required Risk Assessments Not Completed for All Programs for Fiscal
Year 2006:
Although DHS made progress in identifying its programs in fiscal year
2006, the agency did not perform a risk assessment for all programs and
activities--covering approximately $13 billion of its more than $29
billion in disbursements subject to IPIA. According to DHS, this was
primarily due to a lack of resources, guidance, and experience in
performing this work. This was a major factor in the independent
auditors' finding that DHS was noncompliant with IPIA for fiscal year
2006. DHS performed risk assessments (step 1) for programs accounting
for approximately $16 billion of the $29 billion in disbursements
subject to IPIA review. Of this $16 billion covered by risk
assessments, approximately $7 billion related to FEMA's disaster relief
programs that were found to be at high risk for issuing significant
improper payments and therefore steps 2 through 4 were completed to
estimate improper payments, develop a plan to reduce improper payments,
and report this information. This testing resulted in estimated
improper payments issued by FEMA from September 2005 through March 2006
of $450 million (8.56 percent) of IHP assistance payments and $319
million (7.44 percent) of disaster-related vendor payments.[Footnote
18] Although the necessary IPIA work--steps 1 and 2--was completed for
the two DHS high-risk programs, the time period covered for testing and
reporting (i.e., September 2005 through March 2006) was not in
accordance with OMB's implementing guidance, also contributing to DHS's
reported noncompliance with IPIA.[Footnote 19] The remaining programs
with disbursements totaling $9 billion in disbursements were not found
to be at risk for issuing significant improper payments and therefore
DHS did not report improper payments for these programs. For some of
its nondisaster programs, DHS performed statistical sample testing for
those programs with disbursements greater than $100 million, without
first performing a qualitative risk assessment such as an assessment of
internal controls, oversight and monitoring activities, and results
from external audits. While this approach is perhaps better than not
doing any assessment, DHS officials concurred that it could be
considered an inefficient use of resources, if a program is not at high
risk.
Table 1 shows DHS's population of programs identified for IPIA testing
and the status of DHS's IPIA risk assessment process performed in
fiscal year 2006.
Table 1: DHS Fiscal Year 2006 IPIA Programs (based on fiscal year 2005
disbursements):
Dollars in millions.
DHS IPIA program: Customs and Border Protection (CBP) Custodial[A];
IPIA population[B]: $ 1,116;
Risk assessment for fiscal year 2006: Performed[C]: $ 1,116;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: Other CBP programs;
IPIA population[B]: 1,713;
Risk assessment for fiscal year 2006: Performed[C]: 1,713;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: Federal Air Marshals (FAM);
IPIA population[B]: 318;
Risk assessment for fiscal year 2006: Performed[C]: [Empty];
Risk assessment for fiscal year 2006: Not performed[D]: 318.
DHS IPIA program: Federal Emergency Management Agency (FEMA) disaster-
related programs: Disaster Relief;
IPIA population[B]: 7,133;
Risk assessment for fiscal year 2006: Performed[C]: 7,133[E];
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: Federal Emergency Management Agency (FEMA) disaster-
related programs: Cerro Grande Fire Claims;
IPIA population[B]: 14;
Risk assessment for fiscal year 2006: Performed[C]: [Empty];
Risk assessment for fiscal year 2006: Not performed[D]: 14.
DHS IPIA program: FEMA nondisaster programs;
IPIA population[B]: 4,803;
Risk assessment for fiscal year 2006: Performed[C]: [Empty];
Risk assessment for fiscal year 2006: Not performed[D]: 4,803.
DHS IPIA program: Federal Law Enforcement Training Center (FLETC)
programs;
IPIA population[B]: 139;
Risk assessment for fiscal year 2006: Performed[C]: 139;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: Office of Grants and Training (GT) programs;
IPIA population[B]: 3,136;
Risk assessment for fiscal year 2006: Performed[C]: [Empty];
Risk assessment for fiscal year 2006: Not performed[D]: 3,136.
DHS IPIA program: Immigration and Customs Enforcement (ICE) and ICE
components[F]: Salaries & Expenses;
IPIA population[B]: 953;
Risk assessment for fiscal year 2006: Performed[C]: 953;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: Immigration and Customs Enforcement (ICE) and ICE
components[F]: Technology;
IPIA population[B]: 829;
Risk assessment for fiscal year 2006: Performed[C]: 829;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: Immigration and Customs Enforcement (ICE) and ICE
components[F]: Federal Protective Service;
IPIA population[B]: 548;
Risk assessment for fiscal year 2006: Performed[C]: 548;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: Immigration and Customs Enforcement (ICE) and ICE
components[F]: US-VISIT;
IPIA population[B]: 208;
Risk assessment for fiscal year 2006: Performed[C]: 208;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: Immigration and Customs Enforcement (ICE) and ICE
components[F]: Other programs;
IPIA population[B]: 649;
Risk assessment for fiscal year 2006: Performed[C]: [Empty];
Risk assessment for fiscal year 2006: Not performed[D]: 649.
DHS IPIA program: Transportation Security Administration (TSA):
Original IPIA programs[G];
IPIA population[B]: 3,414;
Risk assessment for fiscal year 2006: Performed[C]: [Empty];
Risk assessment for fiscal year 2006: Not performed[D]: 1,384[G].
DHS IPIA program: Transportation Security Administration (TSA): Revised
IPIA programs: Grant programs;
IPIA population[B]: [Empty];
Risk assessment for fiscal year 2006: Performed[C]: 343;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: Transportation Security Administration (TSA): Revised
IPIA programs: Nongrant programs;
IPIA population[B]: [Empty];
Risk assessment for fiscal year 2006: Performed[C]: 1,687;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: U.S. Coast Guard (USCG): Operating Expenses;
IPIA population[B]: 2,741;
Risk assessment for fiscal year 2006: Performed[C]: [Empty];
Risk assessment for fiscal year 2006: Not performed[D]: 2,741.
DHS IPIA program: U.S. Coast Guard (USCG): Acquisition, Construction &
Improvements (reported as Contracts);
IPIA population[B]: 867;
Risk assessment for fiscal year 2006: Performed[C]: 867;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: U.S. Coast Guard (USCG): Other[H];
IPIA population[B]: 620;
Risk assessment for fiscal year 2006: Performed[C]: 620;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
DHS IPIA program: U.S. Secret Service (USSS) Operating Expenses;
IPIA population[B]: 83;
Risk assessment for fiscal year 2006: Performed[C]: 83;
Risk assessment for fiscal year 2006: Not performed[D]: [Empty].
Total IPIA program disbursements;
IPIA population[B]: $ 29,284;
Risk assessment for fiscal year 2006: Performed[C]: $ 16,239;
Risk assessment for fiscal year 2006: Not performed[D]: $ 13,045.
Sources: DHS fiscal year 2006 IPIA programs (based on fiscal year 2005
disbursement populations) and GAO analysis of information provided by
and reported by DHS.
[A] CBP collects import duties, taxes, and fees on merchandise arriving
in the United States from foreign countries, and subsequently transfers
these receipts to other entities. Receipts of import duties and related
refunds are presented in the statement of custodial activity in the DHS
financial statements. CBP tested the custodial program as part of
remediating the Custodial Revenue and Drawback material weakness.
According to DHS, while this testing did not follow Appendix C to OMB
Circular No. A-123, it did support the conclusion that this program is
not at high risk for issuing improper payments as no significant
improper payments as defined by OMB were identified.
[B] These disbursement amounts represent the original amounts provided
by the DHS Program Management Office to the individual DHS components.
Actual amounts used by the components as they performed additional
analysis and testing may differ. Also, according to DHS, the
disbursement amounts were based on Standard Form (SF) 133 outlay
figures, and DHS found this to be problematic. DHS will address these
problems during fiscal year 2007.
[C] Unless otherwise noted, a risk assessment was performed for the
IPIA program and the program was found to be not at high risk for
issuing significant improper payments.
[D] A risk assessment was not performed for the IPIA program and,
according to its independent auditor, this contributed to DHS's
noncompliance with IPIA in fiscal year 2006.
[E] A risk assessment was performed for the IPIA program and the
program--which includes IHP assistance and disaster-related vendor
payments--was found to be at high risk for issuing significant improper
payments. Additional work was completed to estimate improper payments,
develop a plan to reduce improper payments, and report this
information.
[F] ICE components include U.S. Citizenship and Immigration Services,
the Management Directorate, the Science & Technology Directorate, the
Office of Intelligence and Analysis, and the Border and Transportation
Security Directorate, because ICE is the financial management provider
for these components.
[G] Based on additional information provided by DHS, USCG is TSA's
accounting provider. USCG staff consolidated the TSA IPIA programs into
one entitywide program which was then split into grant and nongrant
segments. A risk assessment was performed for these two segments and
neither was found to be at risk for significant improper payments. The
reason for the consolidation was concern over insufficient time to
complete testing of multiple TSA programs. According to DHS, components
in the future will need to provide ample justification and receive
formal DHS OCFO concurrence before program definitions can be changed.
[H] According to USCG, once all payroll amounts are deducted, the total
would be under $100 million.
[End of table]
Since DHS did not perform the required first step--a risk assessment--
on programs with approximately $13 billion of its more than $29 billion
in disbursements subject to IPIA, it is unknown whether these programs
are at high risk for issuing improper payments.
Grant Programs Continue to Present a Challenge for IPIA Implementation:
DHS encountered challenges implementing IPIA for the programs with $13
billion of disbursements for which no risk assessment or testing was
performed in fiscal year 2006. Over $6 billion of this amount related
to payments for grant programs. The remaining $7 billion related
primarily to FEMA nondisaster programs and TSA programs not categorized
as grant or nongrant programs, and USCG operating expenses. DHS's grant
programs include the NFIP, which had disbursements of over $3 billion
that should have been included in DHS's IPIA population for review in
fiscal year 2006. As we have previously reported, measuring improper
payments and designing and implementing actions to reduce or eliminate
them are not simple tasks, particularly for grant programs that rely on
quality administration efforts at the state level.[Footnote 20] DHS has
an even greater challenge in the diversity of recipients for its grants
which include state and local governments, individuals, and other
entities. During fiscal year 2006, DHS awarded grants to over 5 million
recipients[Footnote 21] for 70 different grant programs, including
state and local governments, nonprofits, and other entities and
individuals. Although disbursements made related to these grants are
subject to IPIA, as DHS has noted, performing risk assessments of grant
programs and testing grant payments are difficult because of the many
layers of grant recipients, as well as the type of recipients and
number of grant programs.
Developing a plan to assess risk and potentially test grant payments is
important because of noted financial management weaknesses of DHS
grantees. For example, DHS's independent auditors and the DHS OIG have
reported grants management weaknesses in part because the agency did
not adequately follow up on audit findings pertaining to grantees'
potential improper payments. In addition, the DHS OIG identified grants
management as a major management challenge facing the department. We
have also identified the NFIP as a high-risk program.[Footnote 22] A
list of DHS's grant programs is presented in appendix IV. Appendix IV
also shows the primary types of recipients and fiscal year 2006 award
information for each grant program, as well as the component that
administers the program. Given the identified weaknesses and the high-
dollar amount, as well as the inherent risk associated with grant
programs, it is important for DHS to assess grant programs for
susceptibility to significant improper payments in accordance with
IPIA. Assessing and, if necessary, testing these grant programs will
allow DHS to gain an understanding of its risk in this area related to
improper payments and potentially reduce future improper payments.
During fiscal year 2006, DHS completed a risk assessment by performing
sample testing for grants administered by the Transportation Security
Administration (TSA) with disbursements of about $343 million; however,
the department was unable to perform an assessment of its grants
programs administered by the Office of Grants and Training (GT). Of the
approximately $13 billion for which DHS did not perform a risk
assessment, over $3 billion related to grant programs administered by
GT.[Footnote 23] In addition to the NFIP, FEMA also administers other
grant programs which, with the exception of IHP,[Footnote 24] were not
tested during fiscal year 2006. DHS identified three IPIA programs
within GT, including Domestic Preparedness, State and Local Programs,
and Firefighter Assistance Grants, totaling $3.1 billion of fiscal year
2005 disbursements for fiscal year 2006 IPIA testing; however, GT did
not perform an assessment or complete statistical sample testing on
these grants programs. In its fiscal year 2006 PAR, DHS reported that
one complication that was not overcome was how to extend statistical
sample testing to grant recipients. DHS also had difficulty testing its
grant programs because of the large number of grant programs identified
for testing based on DHS's guidance for fiscal year 2006 program
identification and risk assessment methodology, which required that all
programs with total disbursements exceeding $100 million be selected
and statistically tested. DHS reported that one of the problems with
its fiscal year 2006 IPIA methodology was that its risk assessments
were based on strictly quantitative factors, instead of both
qualitative and quantitative factors. Although OMB has not yet provided
guidance as we have previously recommended,[Footnote 25] DHS issued
internal guidance recognizing the need to consider qualitative factors.
One such qualitative factor that DHS could consider as part of its risk
assessment process are the results of Single Audit Act, as
amended,[Footnote 26] reports related to its grantees. During fiscal
year 2006, DHS's independent auditors reported that the agency was not
in compliance with the Single Audit Act. According to the independent
auditors' report, FEMA and TSA are required to comply with certain
provisions of OMB Circular No. A-133, which requires agencies awarding
grants to ensure they receive grantee reports timely and to follow-up
on grantee single audit findings. Although certain procedures have been
implemented to monitor grantees and their audit findings, the auditors
noted that DHS did not have procedures in place to comply with these
provisions in OMB Circular No. A-133 and follow up on questioned
costs[Footnote 27] and other matters identified in these reports. TSA
has developed a corrective action plan to establish a new system and
processes to track and review single audit reports, but FEMA has not
completely developed its corrective action plans due to the previously
mentioned organizational changes during fiscal year 2007. We identified
37 DHS grantees--with awards totaling $2.1 billion--that had single
audit findings related to questioned costs for fiscal year 2005. Some
examples of questioned costs described in audit reports follow.
* One single audit report questioned $353,000 in unallowable charges
for salaries and benefits due to a lack of adequate documentation.
* One grantee had expenditures that did not have appropriate supporting
documentation, with the questioned amount totaling almost $80,000.
* Another grantee had costs of about $72,000 that were improperly
charged to the grant program.
* A third grantee over-claimed reimbursement amounts of about $4,000.
The DHS OIG also conducts audits relating to the programs and
operations of DHS, including grant programs. The DHS OIG reviews
several factors to determine which activities to audit, including
current or potential dollar magnitude, and reports or allegations of
impropriety or problems in implementing the programs. The objectives of
these grant program audits include determining whether the grantee
accounted for and expended funds according to federal regulations and
DHS guidelines. For certain grantees, the DHS OIG has found questioned
costs such as excessive charges, duplicate payments, ineligible
contractor costs, unsupported contractor and labor costs, and other
expenditures. The following are examples of DHS OIG findings from
fiscal years 2005 through 2007.
* The DHS OIG found that one particular grantee had questioned costs of
more than $1.8 million.
* The DHS OIG has also found instances where the grantee did not follow
all federal procurement standards or DHS guidelines in awarding
contracts, and needed improvements in procedures to make payments to
subgrantees. One instance involved awarding contracts totaling more
than $14 million and another instance involved more than $8 million in
contract work.
In an effort to address the agency's noncompliance with the Single
Audit Act, as amended, DHS's Office of Grant Policy and Oversight (GPO)
told us that it instituted an informal oversight process for single
audits during fiscal year 2007 and is in the process of developing
formal procedures. According to GPO, the development of this process is
an attempt to address some of the grants management concerns that have
been identified at DHS by its auditors and the DHS OIG. This monitoring
process will help DHS to focus on audit findings at grantees and could
help DHS with performing a risk assessment over grant programs for IPIA
purposes by providing qualitative criteria.
While DHS Has Developed Plans to Address IPIA Requirements and Reduce
Improper Payments, Full Implementation Will Be Longer Term:
DHS has taken steps to address IPIA requirements, but the agency does
not plan to be compliant in fiscal year 2007 and will likely not be
compliant in fiscal year 2008. During fiscal year 2007, DHS prepared,
and continues to refine, a departmentwide corrective action plan to
address internal control weaknesses and noncompliance issues, including
IPIA; however, the agency continues to encounter challenges in
developing a plan to fully perform a risk assessment process. DHS used
this corrective action plan to update its guidance and, according to
DHS officials, the agency plans to focus on program identification and
risk assessments during fiscal year 2007. Although DHS does not expect
to be compliant in fiscal year 2007, focusing on these areas will help
the agency build a solid foundation for its IPIA program.
In addition to its overall corrective action plan to comply with IPIA,
DHS, as required by IPIA and related OMB implementing guidance, has
developed plans to reduce improper payments related to the two high-
risk programs it has identified thus far. These plans include reducing
manual processing, improving system interfaces, and clarifying roles
and responsibilities. If properly executed, these plans should help
reduce future improper payments in these programs by strengthening
internal controls. With regard to system improvements, as we have
previously recommended,[Footnote 28] DHS needs to conduct effective
testing to provide reasonable assurance that the system will function
in a disaster recovery environment.
DHS Has Developed a Corrective Action Plan for Compliance with IPIA,
but Implementation Challenges Remain:
DHS has developed a corrective action plan to address the findings of
its independent auditor,[Footnote 29] including its noncompliance with
IPIA. In its most recent audit report for fiscal year 2006, the auditor
recommended that DHS follow OMB guidance[Footnote 30] to complete the
necessary susceptibility assessments, perform testwork over all
material programs, and institute sampling techniques to allow for
statistical projection of the results of its improper payments testing.
In its IPIA corrective action plan, DHS documented the root causes that
it believes have resulted in its noncompliance, and analyzed the key
success factors, key performance measures, verification and validation
procedures, risks, impediments, dependencies with other corrective
actions, resources required, and critical milestones needed to become
compliant with IPIA; however, implementation will take significant time
and effort. DHS cited its lack of resources, guidance, and experience
with IPIA to execute risk assessments as root causes for its
noncompliance with IPIA. The corrective action plan identified the
following items related to IPIA, including root causes.
Table 2: Summary of DHS's Corrective Action Plan for IPIA Compliance as
of June 7, 2007:
Area: Root cause;
Description:
* Lack of program-level financial reporting;
* Lack of experience and guidance with IPIA to execute risk
assessments, which led to the absence of proper risk assessments;
* Difficulty in testing DHS grant programs;
* Hurricane Katrina effects that highlight internal control weaknesses
over disbursements at FEMA.
Area: Key success factors;
Description:
* Define IPIA compliance criteria;
* Define IPIA programs;
* Complete a rigorous risk assessment;
* Develop sample test plans and execute sample testing;
* Establish a review program to ensure that an independent party
reviews preparer responses;
* Develop a corrective action plan based on test results;
* Have components update these corrective action plans periodically.
Area: Key performance measures;
Description:
* 100% identification of DHS population of programs for IPIA work;
* 100% completion of risk assessments by components;
* 100% completion of IPIA sample testing by July 31, 2007, for all
components' high-risk programs;
* 100% oversight of component corrective action plans for high-risk
programs;
* IPIA compliance guidance for fiscal year 2007 issued by May 31, 2007;
* Completion of supplemental sample payment testing that confirms that
corrective action plan targets for high-risk programs are being met or
exceeded;
* Increase recoupment (recovery) for identified improper payments;
* Completion of secondary control of recovery audit for components with
IPIA total disbursement populations above $500 million;
* Submission of corrective action plans for all high-risk IPIA programs
by September 15, 2007.
Area: Verification and validation;
Description:
* Confirm improper payment sample test populations tie to an
independent verifiable source;
* Assess the operating effectiveness of sample test results;
* Confirm claimed recovery amounts are reflected in general ledger
postings;
* Review recovery audit contract reports against general ledger
balances to confirm comprehensiveness of work;
* Test common high-risk factors identified by sample test results after
performing a cost-benefit analysis.
Area: Risks, impediments, and dependencies;
Description:
* Grant impediment: legal and political restrictions, lack of guidance;
* Budgetary and financial system impediment;
* FEMA risk: breakdown of controls and scale of disbursements for
Hurricane Katrina;
* Guidance risk: clarification of requirements in Appendix C to OMB
Circular No. A-123 would be helpful;
* Sample design impediment: the trial balance data used for IPIA
analysis does not readily yield true IPIA disbursement population
amounts;
* Recovery audit impediment: security- and staffing-related issues have
hampered the ability of recovery audit contractors.
Area: Resources required;
Description:
* DHS OCFO has hired contractor support to review DHS IPIA compliance
guidance, provide IPIA training, review DHS component-completed risk
assessments, and develop testing sample sizes to include in DHS
component-developed test plans;
* DHS components will conduct the risk assessments and develop their
own test plans for high-risk programs;
* FEMA hired contractor support to design and implement an improper
payment test plan for Hurricane Katrina- related payments for
individual housing programs, contracts, mission assignments, and
grants;
* FEMA also hired a contractor to assist with IPIA program definitions
and risk assessments for all FEMA programs.
Source: DHS Office of Financial Management, Improper Payments
Information Act Corrective Action Plan Summary Report (as of June 7,
2007).
[End of table]
DHS also identified critical milestones in its corrective action plan
for IPIA compliance, including due dates and status. However, these
efforts remain ongoing and DHS has already missed some milestones. For
example, while DHS initially planned for each component to identify its
IPIA programs and disbursement populations by January 2007, this
milestone was delayed until June 2007. As of July 8, 2007, according to
DHS, the agency was waiting for one component to submit its list of
programs, and DHS was in the process of reviewing submissions from the
other components. Because of such delays, DHS does not expect to be in
compliance with IPIA in fiscal year 2007 and will likely be
noncompliant in fiscal year 2008. DHS's updated critical milestones as
of June 7, 2007, related to fiscal year 2007 are presented in table 3.
Table 3: Summary of Critical Milestones in DHS's Corrective Action Plan
for IPIA Compliance Related to Fiscal Year 2007:
Topic: Guidance and training: Update fiscal year 2007 IPIA PAR
guidance;
Due date: 2/1/2007;
Completion status according to DHS: Completed-100%.
Topic: Guidance and training: Hold corrective action plan workshop on
program identification and risk assessments for fiscal year 2007;
Due date: 5/30/2007;
Completion status according to DHS: Completed-100%.
Topic: Guidance and training: Hold corrective action plan workshop on
sample testing and reporting for fiscal year 2007;
Due date: 6/29/2007;
Completion status according to DHS: Planning-25%.
Program identification: Program identification for fiscal year 2007;
Due date: 6/15/ 2007;
Completion status according to DHS: In progress-50%.
Topic: Risk assessment: A-123 pilot for FEMA for fiscal year 2006 IPIA
work;
Due date: 11/15/2007;
Completion status according to DHS: In progress-50%.
Topic: Sample testing:
Develop sample test plans for fiscal year 2007 IPIA work;
Due date: 6/28/2007;
Completion status according to DHS: In progress-50%.
Topic: Sample testing: Complete sample test plans for fiscal year 2007
IPIA work;
Due date: 8/31/2007;
Completion status according to DHS: Not started-0%.
Topic: Sample testing: Generate programwide error estimates for fiscal
year 2007 IPIA work;
Due date: 9/14/2007;
Completion status according to DHS: Not started-0%.
Topic: Error analysis/corrective actions for high-risk programs:
Implement corrective action plans for fiscal year 2006 IPIA work;
Due date: 11/15/2007;
Completion status according to DHS: Completed-100%.
Topic: Error analysis/corrective actions for high-risk programs:
Develop corrective action plans with projected error rate improvement
for fiscal year 2007 IPIA work;
Due date: 8/31/2007;
Completion status according to DHS: Not started-0%.
Topic: Error analysis/corrective actions for high-risk programs:
Implement corrective action plans for fiscal year 2007 IPIA work;
Due date: 11/15/2007;
Completion status according to DHS: Not started-0%.
Topic: Recovery audit/collections: Sign contract with recovery audit
firm for fiscal year 2007;
Due date: 10/2/2006;
Completion status according to DHS: Completed-100%.
Topic: Recovery audit/collections: Receive progress updates and final
report for fiscal year 2007 IPIA work;
Due date: 9/30/2007;
Completion status according to DHS: In progress-50%.
Topic: PAR reporting: Provide OMB with a draft fiscal year 2007 PAR and
address all OMB feedback;
Due date: 10/19/2007;
Completion status according to DHS: Not started-0%.
Source: DHS Office of Financial Management, IPIA Corrective Action Plan
Summary and Detailed Reports (as of June 7, 2007).
[End of table]
DHS's planning and assessment process to develop its IPIA corrective
action plan enabled the agency to update its guidance for its
components and, according to DHS, the agency plans to focus on program
identification and risk assessments during fiscal year 2007.
Strengthening risk assessments and identifying potential improper
payments are also important in order for DHS to begin taking steps to
reduce improper payments and ultimately improve the integrity of the
payments it makes. According to DHS officials, the department has been
working in close consultation with OMB, sharing guidance documents,
program test plans and results, and recovery audit status reports.
Regardless of whether DHS is able to fully complete these efforts in
fiscal year 2007, focusing on these areas will help the agency build a
solid foundation for a sustainable IPIA program.
The updated guidance was issued in May 2007 and is to be in effect for
fiscal year 2007 reporting. In this revised guidance, DHS clarifies how
its components should identify their population of programs. In
addition, DHS requires its components to perform a comprehensive risk
assessment in order to identify programs susceptible to significant
improper payments. DHS has designed a detailed methodology to conduct
the IPIA risk assessment, and this methodology is outlined in the May
2007 guidance. The methodology, which includes qualitative criteria, as
we have previously discussed, involves the creation of a program risk
matrix based upon specific risk elements that affect the likelihood of
improper payments. Further, the guidance states that a program may be
selected for testing even if it does not meet the quantitative or
qualitative assessments, noting that it is entirely possible that the
risk assessment process may not identify a program as high risk, but
component management may believe a program is high risk due to a high-
level public profile or known financial or regulatory issues (such as a
high-profile contract). For those programs found to be at high risk for
issuing improper payments, the guidance also provides instructions for
estimating improper payments, implementing a plan to reduce improper
payments, and reporting on this information. Each of these procedures
outlined in the May 2007 guidance includes instructions to submit
information or documentation to the Internal Controls over Financial
Reporting (ICOFR) Program Management Office (PMO).[Footnote 31]
DHS's May 2007 guidance for fiscal year 2007 also outlines possible
alternative approaches for testing grants. One possible alternative is
the complete documentation of the component's grant management process
and the testing of internal controls. According to DHS, this approach
helps the component identify specific weaknesses within the grant
process, rather than sampling payments at random to determine potential
errors. A second alternative is to perform a risk assessment on the
program's grant portfolio. This alternative helps the program identify
specific grants that may be more susceptible to improper payments. The
identified grants would then be subject to improper payment sampling.
If a component wishes to consider alternative approaches to grant
sampling, an explanatory memorandum must be submitted to the ICOFR PMO
for review and approval. If approved by the ICOFR PMO, DHS will submit
the alternative approach request to OMB for review and approval. Also,
OMB has reported[Footnote 32] that the Chief Financial Officers (CFO)
Council[Footnote 33] continues to play a critical role in efforts to
address and reduce improper payments through its Improper Payments
Transformation Team. This group has been collaborating with
nongovernmental entities to consolidate governmentwide best practices;
enumerate legislative and regulatory barriers that hinder program
integrity efforts; and develop forums where federal and state
stakeholders from the program, audit, and financial communities work
together to solve program integrity challenges. These activities could
provide guidance to help DHS determine how to best test its grant
programs.
DHS also plans to hold workshops for its components on statistical
sample testing and reporting to ensure that they have a consistent
understanding of what is expected with regard to IPIA testing and
reporting. Although DHS does not expect to be in compliance with IPIA
in fiscal year 2007, completing a thorough risk assessment process is
an important first step.
DHS Has a Broader Initiative to Resolve Internal Control Weaknesses
across the Department:
In addition to developing the corrective action plans described, DHS
has a broader initiative to resolve material internal control
weaknesses and build management assurances across the department.
During fiscal year 2007, DHS established the ICOFR PMO as a new office
within the DHS OCFO. The ICOFR PMO is responsible for departmentwide
implementation of OMB Circular No. A-123. In March 2007, DHS issued the
ICOFR Playbook, which outlines the department's strategy and processes
to resolve material weaknesses and build management assurances and
incorporates the departmentwide corrective action plans, which contain
more detailed information. The ICOFR PMO is responsible for the ICOFR
Playbook and, according to DHS, the agency will update the ICOFR
Playbook each year, establishing milestones and focus areas that will
be tracked during the year. One section of the ICOFR Playbook relates
to IPIA testing, and it discusses the actions taken by DHS in fiscal
year 2006 to meet IPIA requirements. This section also states that DHS
will develop policies and procedures to integrate the requirements of
OMB's implementing guidance for IPIA into annual component management
assurances of compliance with significant laws and regulations, as part
of DHS management's assertion on internal controls over financial
reporting and in an effort to strengthen internal controls to support
DHS's mission. In addition to management providing an assertion on
internal controls over financial reporting, DHS is required to obtain a
related auditor's opinion.[Footnote 34] Incorporating IPIA into this
guidance will increase the likelihood of successful implementation and
could also strengthen related internal controls.
The ICOFR Playbook draws attention to the process of addressing IPIA
requirements across the department. By successfully addressing the
requirements of IPIA, DHS will be in a better position to take steps to
reduce improper payments, as the ultimate goal of IPIA reporting is to
improve the integrity of payments that the agency makes. Further, DHS
has testified that to ensure the long-term effectiveness of the
department's efforts to reduce improper payments, DHS requested
resources in its fiscal year 2008 budget to hire additional staff so
that it can enhance risk assessment procedures and conduct oversight
and review of component test plans.
DHS Has Developed Plans to Reduce Improper Payments for FEMA's Two
Disaster-Related Programs, but Effects Remain Unknown:
In addition to its overall corrective action plan to comply with IPIA,
DHS, as required by IPIA and related OMB implementing guidance, has
developed plans to reduce improper payments related to the two high-
risk programs it identified in its fiscal year 2006 testing--FEMA's IHP
assistance payments and disaster-related vendor payment programs. These
plans highlighted improving internal controls to prevent improper
payments in each of these programs.
FEMA's testing of its two high-risk disaster-related programs
identified several key internal control weaknesses, including
ineffective system controls to review data for potential duplications
and inconsistently applied standards for supporting evidence and
documentation. To address these findings, FEMA initiated corrective
action plans aimed at reducing improper payments by strengthening
internal controls. These plans included validating Social Security
numbers during telephone registration, increasing IT systems
capabilities to handle high volume during a catastrophic disaster, and
enhancing post-payment reviews. Our prior reporting[Footnote 35] also
identified significant internal control deficiencies in the IHP
program.
To address OMB's reporting requirements on actions for reducing
improper payments, DHS included in its fiscal year 2006 PAR corrective
action plans for IHP assistance payments and disaster-related vendor
payments. For each of the two high-risk programs, DHS prepared a
schedule of corrective action plans with target completion dates. For
the IHP program, DHS included corrective action plans that were already
completed in addition to those in process and planned. DHS has also
established critical milestones for reducing improper, disaster-
related vendor payments. During fiscal year 2007, DHS updated and
tracked its corrective action plan critical milestones. Details of
these corrective action plan critical milestones can be found in
appendix V.
Based on DHS's updated corrective action plan report for IHP, as of May
14, 2007, DHS had not completed certain critical milestones by the
identified target date. These milestones included system interface
improvements and certain contract awards. Missing these established
critical milestones delays strengthening internal controls that are
necessary to reduce future improper payments, and therefore it is
important that DHS stays on track in implementing its corrective action
plans.
DHS also noted that human capital is the principal requirement to
execute these two corrective action plans; however, according to DHS,
exact requirements are not estimable at this time. With regard to
system improvements, as we have previously recommended,[Footnote 36]
DHS needs to conduct effective testing to provide reasonable assurance
that the system will function in a disaster recovery environment.
DHS's Efforts to Comply with the Recovery Auditing Act and to Recover
Improper Payments Need to Be Enhanced:
For the last 3 years, DHS has contracted with a recovery auditing firm
to perform recovery audit work to comply with the Recovery Auditing
Act; however, activities in this area could be improved. Specifically,
DHS encountered problems that kept it from reporting on recovery audit
efforts during fiscal year 2006. DHS was not able to report recovery
audit results in fiscal year 2006 for three of the four components it
identified as meeting the criteria for recovery auditing as specified
in the Recovery Auditing Act (i.e., over $500 million in contractor
payments) due to problems obtaining disbursement data and delays in
obtaining security clearances for contract personnel. In addition, DHS
did not perform recovery auditing efforts at the fourth component
identified as meeting the criteria. Further, DHS has not yet reported
on its efforts to recover improper payments identified during its
testing of FEMA's disaster-related vendor payments and has reported
limited information on its efforts to recover identified improper IHP
assistance payments.
In March 2007, DHS revised its internal guidance for recovery auditing
for fiscal year 2007 to discuss the issues encountered in previous
years and to emphasize timelines to help ensure that all applicable
components are able to report. This guidance clarifies what is expected
of applicable components, but ongoing oversight within the OCFO will be
necessary to ensure that components are progressing with their recovery
auditing efforts and will be able to successfully report on the results
of these efforts at year end. In addition, DHS's updated guidance does
not require components to report on efforts to recover improper
payments identified during IPIA testing. Reporting this information in
the annual PAR would provide a more complete picture of the agency's
actions to recover payments that it has identified as being improper.
Recovery Auditing Efforts at DHS Could Be Improved:
As an executive branch agency, DHS is required to perform recovery
audits under certain conditions as specified by the Recovery Auditing
Act. Beginning with fiscal year 2004, OMB required that applicable
agencies publicly report on their recovery auditing efforts as part of
their PAR reporting of improper payment information. Agencies are
required to discuss any contract types excluded from review and
justification for doing so. Agencies are also required to report, in
table format, various amounts related to contracts subject to review
and actually reviewed, contract amounts identified for recovery and
actually recovered, and prior-year amounts.
DHS took steps to identify and recover improperly disbursed funds by
hiring an independent contractor who conducted recovery audit work at
two major components, ICE and CBP. DHS began recovery auditing efforts
during fiscal year 2004 but was not able to report on these efforts for
that year because initial findings were not available in time to be
included in the annual PAR. This recovery audit work continued during
fiscal year 2005 and covered all fiscal year 2004 disbursements to
contractors from these two components, ultimately identifying more than
$2.1 million of improper payments and recov-ering more than $1.2
million, as reported in DHS's fiscal year 2005 PAR. While DHS was able
to recover about 55 percent of improper payments identified through its
recovery audit efforts, based on our review of other agencies, we have
previously questioned[Footnote 37] whether agency amounts identified
for recovery should have been much higher, which would thereby
significantly decrease the agency-specific and overall high rate of
recovery.
According to DHS's fiscal year 2006 PAR reporting, recovery audit
contract work over fiscal year 2005 disbursements began in fiscal year
2005 at CBP and ICE, and DHS extended its recovery audit work to
include USCG in fiscal year 2006. Delays in obtaining security
clearances for contract personnel severely hampered completion of
recovery audit work at CBP and ICE. Delays in supplying needed
disbursement information hindered recovery audit work at USCG. As a
result, DHS was not able to provide conclusive recovery audit summary
results for fiscal year 2006 PAR reporting. According to DHS, four of
its components--ICE, CBP, USCG, and FEMA--meet the criteria for
recovery auditing as specified in the Recovery Auditing Act (i.e., each
has over $500 million in contractor payments). ICE, CBP, and USCG
entered into the same recovery audit contract. FEMA's recovery audit
work in fiscal year 2006 was part of a pilot study on internal controls
over improper payments for IHP assistance and disaster-related vendor
payments. In the aftermath of Hurricane Katrina, DHS and FEMA, with the
assistance of a contractor, conducted an internal controls assessment
related to improper IHP assistance and disaster-related vendor
payments. Although this assessment identified improper payments, DHS
has not yet reported on its efforts to recover improper payments
identified during its testing of FEMA's disaster-related vendor
payments and has reported limited information, such as the dollar
amount of improper payments approved for recovery and the amount
returned to FEMA, related to its efforts to recover improper IHP
payments.
Of the 3 years agencies have been required to report on recovery audits
in table format, DHS was only able to report required recovery audit
data in its fiscal year 2005 PAR.[Footnote 38] Table 4 presents DHS's
recovery audit efforts and results for fiscal years 2004 through 2006.
Table 4: Recovery Audit Results for Fiscal Years 2004 through 2006:
PAR fiscal year: 2004;
Agency-reported amount subject to review for fiscal year reporting:
(not reported);
Agency-reported actual amount reviewed and reported in fiscal year:
(not reported);
Agency-reported amount identified for recovery in fiscal year: (not
reported);
Agency- reported amount recovered in fiscal year: (not reported);
Related components: CBP, ICE[A].
PAR fiscal year: 2005;
Agency-reported amount subject to review for fiscal year reporting:
$3,232,300,000;
Agency-reported actual amount reviewed and reported in fiscal year:
$3,232,300,000;
Agency-reported amount identified for recovery in fiscal year:
$2,191,000;
Agency- reported amount recovered in fiscal year: $1,207,000;
Related components: CBP, ICE.
PAR fiscal year: 2006;
Agency-reported amount subject to review for fiscal year reporting:
(not reported);
Agency-reported actual amount reviewed and reported in fiscal year:
(not reported);
Agency-reported amount identified for recovery in fiscal year: (not
reported);
Agency- reported amount recovered in fiscal year: (not reported);
Related components: CBP, ICE, and USCG[B].
Sources: DHS Performance and Accountability Reports for 2004, 2005, and
2006.
[A] DHS contracted for recovery audit work at CBP and ICE; however, DHS
was not able to provide recovery audit results for fiscal year 2003
disbursements in its fiscal year 2004 PAR.
[B] DHS contracted for recovery audit work at CBP, ICE, and USCG;
however, DHS was not able to provide recovery audit results for fiscal
year 2005 disbursements in its fiscal year 2006 PAR.
[End of table]
DHS's Internal Guidance for Recovering Improper Payments Has Been
Revised but Additional Information Could Be Reported:
DHS has recently revised and clarified its internal guidance related to
recovery auditing for fiscal year 2007 to discuss prior issues and
emphasize timelines to help ensure that all applicable components are
able to complete recovery audits and report on their efforts. The new
guidance requires that applicable DHS components provide the ICOFR PMO
with a general description and evaluation of the steps taken to carry
out a recovery auditing program. Components are required to include a
discussion of any security clearance requirements and show that there
is sufficient time to allow contractors to complete audit recovery work
in time to meet PAR reporting deadlines. Every update should include
the total amount of contracts subject to review, the actual amount of
contracts reviewed, the amount identified for recovery, and the amounts
actually recovered in the current year. The year-end update should
include a corrective action plan to address the root causes of payment
errors. A general description and evaluation of any management
improvements to address flaws in a component's internal controls over
contractor payments discovered during the course of implementing a
recovery audit program, or other control activities over contractor
payments, is also required. This guidance applies to the four DHS
components--CBP, FEMA, ICE, and USCG--that meet Recovery Auditing Act
criteria. In addition, according to DHS, the ICOFR PMO may expand
recovery audit contracting to other components as the benefits of this
work become clearer. Although DHS's guidance clarifies what is expected
of components, ongoing oversight within the OCFO will be necessary to
ensure that the components are progressing with their recovery auditing
efforts and will be able to successfully report on results at year end.
In addition to specific recovery audit work to identify improper
payments made to contractors, DHS also identifies improper payments
through its IPIA testing. For example, as discussed previously, DHS's
testing in fiscal year 2006 of its two high-risk programs identified
improper IHP assistance payments and disaster-related vendor payments
made by FEMA. However, DHS's internal guidance does not require
components to include information in its annual PAR related to its
efforts to recover improper payments identified during IPIA testing
and, as a result, DHS has not yet reported on its efforts to recover
improper disaster-related vendor payments identified and has reported
limited information on its efforts to recover identified improper IHP
assistance payments. Having components report this information in the
annual PAR would provide a more complete picture of the agency's
actions to recover payments that it has identified as being improper.
Conclusions:
Although DHS has made some progress in implementing the requirements of
IPIA, challenges remain in ensuring that all DHS programs and
activities, including grant programs, have been reviewed to determine
their susceptibility to significant improper payments and tested, if
applicable. As DHS continues to improve its IPIA efforts and identify
and test its high-risk programs, the agency should be better able to
identify, and ultimately strengthen controls, to reduce improper
payments.
While preventive internal controls should be maintained as the agency's
front-line defense against making improper payments, recovery auditing
holds promise as a cost-effective means of identifying contractor
overpayments. In addition, reporting on efforts to recover any other
specific improper payments identified would provide a more complete
picture of the agency's actions to recover payments that it has
identified as being improper. With the ongoing imbalance between
revenues and outlays across the federal government, and the Congress's
and the American public's increasing demands for accountability over
taxpayer funds, identifying, reducing, and recovering improper payments
become even more critical.
Recommendations for Executive Action:
To help improve its efforts to implement IPIA and recover improper
payments, we recommend that the Secretary of Homeland Security direct
the Chief Financial Officer to take the following actions.
(1) Maintain oversight and control over critical milestones identified
in the DHS corrective action plan for IPIA compliance so that DHS
components stay on track, specifically in regard to identifying
programs and performing risk assessments and any related testing.
(2) Require all applicable components to determine and document how
they plan to assess their grant programs to determine whether they are
at high risk for issuing significant improper payments, and, if
necessary, test these grant programs.
(3) Provide oversight and monitor the progress of all applicable DHS
components to successfully perform and report on their recovery
auditing efforts.
(4) Similar to the required reporting on efforts to recover improper
payments made to contractors under the Recovery Auditing Act, develop
procedures for reporting in its annual PAR on the results of yearly
efforts to recover any other known improper payments identified under
IPIA, by the DHS OIG, or other external auditors.
Agency Comments and Our Evaluation:
We requested comments on a draft of this report from the Secretary of
Homeland Security. These comments are reprinted in appendix II. DHS
concurred with the recommendations in our report. DHS noted that
significant actions under way include strengthening the department's
financial management and oversight functions to improve the DHS control
environment and implementing risk assessments to build a foundation for
a sustainable IPIA program.
As agreed with your offices, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days
after its date. At that time, we will send copies of this report to the
Secretary of Homeland Security and other interested parties. Copies
will also be made available to others upon request. In addition, this
report will also be available at no charge on GAO's Web site at
[hyperlink, http://www.gao.gov].
If you or your staff have any questions regarding this report, please
contact me at (202) 512-9095 or at williamsm1@gao.gov. Contact points
for our Offices of Congressional Relations and Public Affairs may be
found on the last page of this report. GAO staff who made contributions
to this report are listed in appendix VI.
Signed by:
McCoy Williams:
Director, Financial Management and Assurance:
[End of section]
Appendix I: Scope and Methodology:
To determine to what extent the Department of Homeland Security (DHS)
has implemented the requirements of the Improper Payments Information
Act of 2002 (IPIA), we compared the IPIA legislation, and the related
Office of Management and Budget (OMB) implementing guidance, with DHS
improper payment risk assessment methodologies, and IPIA Performance
and Accountability Report (PAR) information for fiscal years 2004
through 2006. To analyze DHS risk assessment compliance with IPIA, we
obtained and reviewed documents regarding its regulations and
methodology for identifying programs and activities highly susceptible
to improper payments. We reviewed DHS's PARs, Office of Inspector
General (OIG) semiannual reports to the Congress, and GAO reports for
fiscal years 2004 through 2006 for improper payment information. We
also reviewed procedures performed by DHS's independent financial
statement auditor related to DHS's compliance with IPIA.
We reviewed the programs that DHS identified as its IPIA population and
analyzed the risk assessments that were performed during fiscal year
2006. This allowed us to determine which components did not perform a
risk assessment and which programs were not covered. During our review,
we noted that the Office of Grants and Training (GT), a DHS component,
did not perform an assessment or complete payment statistical sample
testing on its grants programs for fiscal year 2006 as required of all
DHS programs issuing more than $100 million of IPIA relevant payments
in fiscal year 2005. To analyze improper payments related to DHS
grantees and highlight the importance of performing IPIA testing in
this area, we obtained and reviewed fiscal year 2005 single audit
reports of these entities. We used fiscal year 2005 reports because
that is the most recent year for which complete audit results have been
posted to the Federal Audit Clearinghouse (FAC).[Footnote 39] We also
reviewed GAO reports and DHS OIG Financial Assistance (Grants) Reports
for fiscal year 2005 through fiscal year 2007 to identify weaknesses
reported at DHS grantees. In addition, we reviewed DHS OIG Management
Reports (audits and inspections) for fiscal year 2005 through fiscal
year 2007 that were related to grants and DHS OIG semiannual reports to
the Congress for fiscal years 2005 and 2006 to identify questioned
costs related to DHS grantees.
To identify what actions DHS has under way to improve IPIA compliance
and reporting, we interviewed DHS staff in the Office of the Chief
Financial Officer and reviewed DHS corrective action plans and the
Internal Controls Over Financial Reporting (ICOFR) Playbook. We also
reviewed DHS's IPIA implementing guidance for fiscal year 2007--revised
in March 2007 and May 2007--and determined whether it was consistent
with IPIA requirements. We discussed these revisions with improper
payment and financial management officials from DHS to inquire about
what is currently being implemented and what will be implemented in the
future to ensure compliance with DHS's revised internal guidance.
To determine what efforts DHS has in place to recover improper
payments, we compared section 831 of the National Defense Authorization
Act for Fiscal Year 2002, commonly known as the Recovery Auditing Act,
and the related OMB implementing guidance, with DHS recovery auditing
procedures and PAR-reported information for fiscal year 2006. We also
reviewed DHS PARs, OIG semiannual reports to the Congress, and GAO
reports for fiscal years 2004 through 2006 for recovery audit
information.
To assess the reliability of data reported in DHS's PARs related to
improper payments and recovery audit efforts, we (1) reviewed existing
information about the data and the system that produced them and (2)
interviewed agency officials knowledgeable about the data. Based on
these assessments, we determined that the data were sufficiently
reliable for the purposes of this report. We conducted our work from
October 2006 through June 2007 in accordance with generally accepted
government auditing standards. We requested comments on a draft of this
report from the Secretary of Homeland Security or his designee. The
Director, Departmental GAO/OIG Liaison Office, provided written
comments, which are presented in the Agency Comments and Our Evaluation
section of this report and are reprinted in appendix II.
[End of section]
Appendix II: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security:
Washington, DC 20528:
[hyperlink, http://www/dhs.gov]:
Homeland Security:
August 30, 2007:
Mr. McCoy Williams:
Director, Financial Management And Assurance:
U.S. Government Accountability Office:
Washington, DC 20548:
Dear Mr. Williams:
Thank you for the opportunity to comment upon the draft GAO Report:
"Department of Homeland Security Challenges in Implementing the
Improper Payments Information Act and Recovering Improper Payments" GAO-
07-913.
We concur with the report's four recommendations and we will implement
corrective actions to address the challenges raised in the report.
Highlights of significant actions currently underway include
strengthening the Department's Financial Management and Oversight
functions to improve the DHS control environment and implementing risk
assessments to build a foundation for a sustainable IPIA program.
We also appreciate the balanced tone of the report and acknowledgement
of our efforts. In closing, we look forward to continuing our efforts
to enhance the accuracy and integrity of federal payments.
Sincerely,
Signed by:
Steven J. Pecinovsky:
Director:
Departmental GAO/OIG Liaison Office:
[End of section]
Appendix III: Prior-Year IPIA Reporting by DHS and Its Independent
Auditor:
Table 5 presents information on prior-year IPIA reporting by DHS,
including compliance issues reported by the independent auditor.
Table 5: Prior-Year IPIA Reporting by DHS:
Fiscal year: 2004;
Description of DHS IPIA PAR reporting: DHS's PAR presented a completed
IPIA risk matrix for all DHS programs exceeding $100 million in
nonpayroll annual disbursements. Programs were defined using the Future
Years Homeland Security Program (FYHSP) system. If a program did not
reach a $100 million nonpayroll fiscal year 2005 operating budget
level, the program was judged too small to be at risk for annually
issuing $10 million in improper payments. According to DHS, payroll
disbursements were excluded because of their repetitive, stable nature
and the extensive internal controls they are subjected to by the
National Finance Center. An overall risk score was assigned to each
FYHSP by evaluating internal control, human capital, programmatic risk,
and materiality of operating budget risk factors. The fiscal year 2004
risk matrix identified no high-risk IPIA programs;
Compliance issues reported by the independent auditor: The independent
auditor reported that DHS did not comply with IPIA. Specifically, DHS
did not:
* properly define programs and activities;
* institute a systematic method of reviewing all programs and
identifying those it believed were susceptible to significant erroneous
payments, and:
* properly sample or compute the estimated dollar amount of improper
payments;
The auditor recommended that DHS follow the guidance provided in OMB M-
03-13 in fiscal year 2005, including reexamining the definition of a
program, completing the necessary susceptibility assessments,
instituting sampling techniques to allow for statistical projection of
the results, and providing information for proper disclosure in its
PAR.
Fiscal year: 2005;
Description of DHS IPIA PAR reporting: DHS defined IPIA programs by
Treasury Appropriation Fund Symbol (TAFS). This change in program
definition reflected the absence of FYHSP detail and the presence of
TAFS detail at the transaction level and avoided testing issues
stemming from FYHSP cost allocations. Each component sample tested
major payment categories for the largest TAFS provided that total
disbursements exceeded $100 million exclusive of payroll and
intragovernmental payments. An exception was made for one component,
FEMA, which tested a TAFS that was involved in an improper payment
related OIG finding for the Individuals and Households Program (IHP).
Fiscal year 2005 sample testing identified no high-risk IPIA programs;
Compliance issues reported by the independent auditor: The auditor
identified the following instances of noncompliance with IPIA at DHS.
Specifically, DHS did not:
* institute a systematic method of reviewing all programs and
identifying those it believed were susceptible to significant erroneous
payments; and:
* perform testwork to evaluate improper payments for all material
programs; testing was only performed over the TAFS with the largest
disbursements for each component or the largest TAFS maintained by an
internal DHS accounting service provider;
The auditor recommended that DHS follow the guidance provided in OMB M-
03-13 in fiscal year 2006, including completing the necessary
susceptibility assessments, performing testwork over all material
programs, and instituting sampling techniques to allow for statistical
projection of the results.
Fiscal year: 2006;
Description of DHS IPIA PAR reporting: DHS defined IPIA programs by
management-identified groupings of TAFS. These groupings were designed
to meet the draft Appendix C definition of an IPIA program (Appendix C
was issued August 10, 2006). Sample test plans were designed by a
statistical team which used stratified sampling techniques. Sample
sizes both in number of payments and amount of payments increased
dramatically compared with previous years. Two programs were found to
be at high risk for issuing improper payments-- FEMA's IHP and disaster-
related vendor payments. Corrective action plans were developed for
each. IPIA problems included (1) required sample testing was not
completed for all programs, (2) sample test design was hampered by the
use of SF-133 outlay figures during IPIA program identification, (3)
risk assessments were based on strictly quantitative factors, and (4)
recovery audit results were not complete enough to report in the PAR;
Compliance issues reported by the independent auditor: The auditor
identified the following instances of noncompliance with IPIA at DHS
and its components;
* Not all programs subject to IPIA were tested, and the population of
disbursements tested for some programs was not complete;
* In some cases, the samples tested were not statistically derived, and
thus, identified errors could not be statistically projected to the
entire population of disbursements (including the untested portion);
* In some cases, the personnel performing the testwork were not
knowledgeable or trained on the purpose or procedures to be performed;
* The time period from which disbursements were selected for testwork
was not always in compliance with IPIA requirements. For example, the
auditor noted that one component limited the time period of
disbursement samples to October 2005 through March 2006. (Note: The
actual time period also included September 2005 but the auditors did
not note this as an exception);
* Centralized monitoring was not performed over the IPIA results to
ensure that IPIA testing was completed for all required programs in
accordance with the department's requirements;
The auditor recommended that DHS follow the guidance provided in OMB M-
03-13 in fiscal year 2007, including completing the necessary
susceptibility assessments, performing testwork over all material
programs, and instituting sampling techniques to allow for statistical
projection of the results of its improper payments testing.
Source: DHS Performance and Accountability Reports.
[End of table]
[End of section]
Appendix IV: DHS Grant Programs:
Table 6 provides a list of DHS grant programs, primary recipients, and
award information for fiscal year 2006.
Table 6: DHS Grant Programs and Related Information:
1;
DHS component: Citizenship & Immigration Services (CIS);
CFDA number: 97.009;
Program: Cuban/Haitian Entrant Program;
Primary recipients: Nonprofit organizations;
Number of awards in fiscal year 2006: 2;
Fiscal year 2006 award amount: $10,292,085;
Average award amount: $5,146,043.
2;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.017;
Program: Pre-Disaster Mitigation Competitive Grants;
Primary recipients: States and Indian tribal governments;
Number of awards in fiscal year 2006: 74;
Fiscal year 2006 award amount: 126,245,825;
Average award amount: 1,706,025.
3;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.023;
Program: Community Assistance Program State Support Services Element;
Primary recipients: States;
Number of awards in fiscal year 2006: 64;
Fiscal year 2006 award amount: 7,500,000;
Average award amount: 117,188.
4;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.024;
Program: Emergency Food and Shelter National Board Program;
Primary recipients: Community groups;
Number of awards in fiscal year 2006: 1;
Fiscal year 2006 award amount: 151,473,765;
Average award amount: 151,473,765.
5;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.025;
Program: National Urban Search and Rescue Response System;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 100;
Fiscal year 2006 award amount: 39,482,142;
Average award amount: 394,821.
6;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.026;
Program: Emergency Management Institute (EMI) Training Assistance;
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 3,424[A];
Fiscal year 2006 award amount: 1,421,511;
Average award amount: 415.
7;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.027;
Program: EMI Independent Study Program;
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 3,729,647[A];
Fiscal year 2006 award amount: 884,090;
Average award amount: < 1.
8;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.028;
Program: EMI Resident Educational Program;
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 13,605[A];
Fiscal year 2006 award amount: 3,006,705;
Average award amount: 221.
9;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.029;
Program: Flood Mitigation Assistance;
Primary recipients: States and communities;
Number of awards in fiscal year 2006: 83;
Fiscal year 2006 award amount: 17,473,353;
Average award amount: 210,522.
10;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.041;
Program: National Dam Safety Program;
Primary recipients: States;
Number of awards in fiscal year 2006: 51;
Fiscal year 2006 award amount: 3,374,476;
Average award amount: 66,166.
11;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.045;
Program: Cooperating Technical Partners;
Primary recipients: States and communities;
Number of awards in fiscal year 2006: 86;
Fiscal year 2006 award amount: 54,139,208;
Average award amount: 629,526.
12;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.047;
Program: Pre-Disaster Mitigation;
Primary recipients: State and Indian tribal governments;
Number of awards in fiscal year 2006: 178;
Fiscal year 2006 award amount: 134,880,496;
Average award amount: 757,756.
13;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.070;
Program: Map Modernization Management Support;
Primary recipients: States and communities;
Number of awards in fiscal year 2006: 69;
Fiscal year 2006 award amount: 9,769,657;
Average award amount: 141,589.
14;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.082;
Program: Earthquake Consortium;
Primary recipients: State, local, and Indian tribal governments;
Number of awards in fiscal year 2006: 3;
Fiscal year 2006 award amount: 850,000;
Average award amount: 283,333.
15;
DHS component: Federal Emergency Management Agency (FEMA)--
Nondisaster;
CFDA number: 97.095;
Program: Safe Kids Worldwide;
Primary recipients: Communities;
Number of awards in fiscal year 2006: 1;
Fiscal year 2006 award amount: 199,480;
Average award amount: 199,480.
16;
DHS component: FEMA--Disaster Assistance;
CFDA number: 97.022;
Program: Flood Insurance;
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 30,995[A];
Fiscal year 2006 award amount: 848,691,742;
Average award amount: 27,382.
17;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.030;
Program: Community Disaster Loans;
Primary recipients: Local governments;
Number of awards in fiscal year 2006: 153;
Fiscal year 2006 award amount: 1,270,501,241;
Average award amount: 8,303,930.
18;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.032;
Program: Crisis Counseling;
Primary recipients: States;
Number of awards in fiscal year 2006: 26;
Fiscal year 2006 award amount: 96,148,654;
Average award amount: 3,698,025.
19;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.033;
Program: Disaster Legal Services;
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 7[A];
Fiscal year 2006 award amount: 360,611;
Average award amount: 51,516.
20;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.034;
Program: Disaster Unemployment Assistance;
Primary recipients: States;
Number of awards in fiscal year 2006: 33;
Fiscal year 2006 award amount: 392,016,043;
Average award amount: 11,879,274.
21;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.036;
Program: Disaster Grants--Public Assistance (also includes Emergency
Assistance and Fire Suppression);
Primary recipients: State, local, and Indian tribal governments;
Number of awards in fiscal year 2006: 66,797;
Fiscal year 2006 award amount: 8,138,441,132;
Average award amount: 121,838.
22;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.039;
Program: Hazard Mitigation;
Primary recipients: State, local, and Indian tribal governments;
Number of awards in fiscal year 2006: 1,268;
Fiscal year 2006 award amount: 401,694,926;
Average award amount: 316,794.
23;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.046;
Program: Fire Management Assistance;
Primary recipients: State and Indian tribal governments;
Number of awards in fiscal year 2006: 319;
Fiscal year 2006 award amount: 68,143,552;
Average award amount: 213,616.
24;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.048;
Program: Disaster Housing Assistance to Individuals and Households in
Presidential Declared Disaster Zones[B];
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 866,268[A];
Fiscal year 2006 award amount: 2,637,939,099;
Average award amount: 3,045.
25;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.049;
Program: Presidential Declared Disaster Assistance--Disaster Housing
Operations for Individuals and Households[B];
Primary recipients: States and other entities;
Number of awards in fiscal year 2006: 123;
Fiscal year 2006 award amount: 4,773,963,866;
Average award amount: 38,812,714.
26;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.050;
Program: Presidential Declared Disaster Assistance to Individuals and
Households--Other Needs[B];
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 706,760[A];
Fiscal year 2006 award amount: 2,247,028,347;
Average award amount: 3,179.
27;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.084;
Program: Hurricane Katrina Case Management Initiative Program;
Primary recipients: Private nonprofit entities;
Number of awards in fiscal year 2006: 1;
Fiscal year 2006 award amount: 66,000,000;
Average award amount: 66,000,000.
28;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.092;
Program: Repetitive Flood Claims;
Primary recipients: States, Indian tribal governments, and communities;
Number of awards in fiscal year 2006: 39;
Fiscal year 2006 award amount: 9,821,659;
Average award amount: 251,837.
29;
DHS component: FEMA-Disaster Assistance;
CFDA number: 97.098;
Program: Disaster Donations Management Program;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 1;
Fiscal year 2006 award amount: 950,000;
Average award amount: 950,000.
30;
DHS component: FEMA--Chemical Programs;
CFDA number: 97.040;
Program: Chemical Stockpile Emergency Preparedness Program;
Primary recipients: State, local, and Indian tribal governments;
Number of awards in fiscal year 2006: 21;
Fiscal year 2006 award amount: 65,010,240;
Average award amount: 3,095,726.
31;
DHS component: FEMA--U.S. Fire Administration;
CFDA number: 97.001;
Program: Pilot Demonstration or Earmarked Projects;
Primary recipients: Nonfederal entities[C];
Number of awards in fiscal year 2006: 8;
Fiscal year 2006 award amount: 1,184,999; Average award amount:
148,125.
32;
DHS component: FEMA--U.S. Fire Administration;
CFDA number: 97.016;
Program: Reimbursement for Firefighting on Federal Property;
Primary recipients: Fire departments;
Number of awards in fiscal year 2006: 2;
Fiscal year 2006 award amount: 1,243;
Average award amount: 622.
33;
DHS component: FEMA--U.S. Fire Administration;
CFDA number: 97.018;
Program: National Fire Academy Training Assistance;
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 5,948[A];
Fiscal year 2006 award amount: 1,464,314;
Average award amount: 246.
34;
DHS component: FEMA--U.S. Fire Administration;
CFDA number: 97.019;
Program: National Fire Academy Educational Program;
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 75,107[A];
Fiscal year 2006 award amount: 5,236,342;
Average award amount: 70.
35;
DHS component: FEMA--U.S. Fire Administration;
CFDA number: 97.043;
Program: State Fire Training Systems Grants;
Primary recipients: States;
Number of awards in fiscal year 2006: 48;
Fiscal year 2006 award amount: 1,344,000;
Average award amount: 28,000.
36;
DHS component: FEMA--U.S. Fire Administration;
CFDA number: 97.093;
Program: Fire Service Hazardous Materials Preparedness and Response;
Primary recipients: Private nonprofit entities;
Number of awards in fiscal year 2006: 1;
Fiscal year 2006 award amount: 50,000;
Average award amount: 50,000.
37;
DHS component: FEMA--U.S. Fire Administration;
CFDA number: 97.094;
Program: Prevention Advocacy Resources and Data Exchange Program;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 7;
Fiscal year 2006 award amount: 21,000;
Average award amount: 3,000.
38;
DHS component: FEMA--U.S. Fire Administration;
CFDA number: 97.097;
Program: Training Resource and Data Exchange;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 9;
Fiscal year 2006 award amount: 93,000;
Average award amount: 10,333.
39;
DHS component: Federal Law Enforcement Training Center (FLETC);
CFDA number: 97.081;
Program: Law Enforcement Training and Technical Assistance;
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 1,579[A];
Fiscal year 2006 award amount: 1,136,880;
Average award amount: 720.
40;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.005;
Program: State and Local Homeland Security Training Program;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 13;
Fiscal year 2006 award amount: 82,207,860;
Average award amount: 6,323,682.
41;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.007;
Program: Homeland Security Preparedness Technical Assistance Program;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 4;
Fiscal year 2006 award amount: 16,692,768;
Average award amount: 4,173,192.
42;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.008;
Program: Urban Areas Security Initiative[E];
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 0;
Fiscal year 2006 award amount: 0;
Average award amount: 0.
43;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.042;
Program: Emergency Management Performance Grants;
Primary recipients: State, local, and Indian tribal governments;
Number of awards in fiscal year 2006: 58;
Fiscal year 2006 award amount: 177,655,500;
Average award amount: 3,063,026.
44;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.044;
Program: Assistance to Firefighters;
Primary recipients: Fire departments;
Number of awards in fiscal year 2006: 4,246;
Fiscal year 2006 award amount: 270,622,058;
Average award amount: 63,736.
45;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.053;
Program: Citizen Corps[E];
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 3;
Fiscal year 2006 award amount: 1,295,000;
Average award amount: 431,667.
46;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.056;
Program: Port Security Grant Program;
Primary recipients: Seaports and terminals;
Number of awards in fiscal year 2006: 99;
Fiscal year 2006 award amount: 168,052,500;
Average award amount: 1,697,500.
47;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.057;
Program: Intercity Bus Security Grants;
Primary recipients: Bus systems;
Number of awards in fiscal year 2006: 36;
Fiscal year 2006 award amount: 9,603,000;
Average award amount: 266,750.
48;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.059;
Program: Truck Security Program;
Primary recipients: Commercial motor carriers and national
transportation community;
Number of awards in fiscal year 2006: 1;
Fiscal year 2006 award amount: 4,801,500;
Average award amount: 4,801,500.
49;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.067;
Program: Homeland Security Grant Program;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 56;
Fiscal year 2006 award amount: 1,670,921,920;
Average award amount: 29,837,891.
50;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.068;
Program: Competitive Training Grants;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 11;
Fiscal year 2006 award amount: 28,809,000;
Average award amount: 2,619,000.
51;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.071;
Program: Metropolitan Medical Response System[E];
Primary recipients: Local and Indian tribal governments;
Number of awards in fiscal year 2006: 0;
Fiscal year 2006 award amount: 0;
Average award amount: 0.
52;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.073;
Program: State Homeland Security Program[E];
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 0;
Fiscal year 2006 award amount: 0;
Average award amount: 0.
53;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.074;
Program: Law Enforcement Terrorism Prevention Program[E];
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 0;
Fiscal year 2006 award amount: 0;
Average award amount: 0.
54;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.075;
Program: Rail and Transit Security Grant Program;
Primary recipients: Transportation systems;
Number of awards in fiscal year 2006: 21;
Fiscal year 2006 award amount: 143,240,948;
Average award amount: 6,820,998.
55;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.078;
Program: Buffer Zone Protection Plan;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 62;
Fiscal year 2006 award amount: 72,965,000;
Average award amount: 1,176,855.
56;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.083;
Program: Staffing for Adequate Fire and Emergency Response;
Primary recipients: Local communities;
Number of awards in fiscal year 2006: 243;
Fiscal year 2006 award amount: 99,394,888;
Average award amount: 409,032.
57;
DHS component: Office of Grants and Training (GT)[D];
CFDA number: 97.089;
Program: Real ID Program;
Primary recipients: States and other entities;
Number of awards in fiscal year 2006: 2;
Fiscal year 2006 award amount: 6,000,000;
Average award amount: 3,000,000.
58;
DHS component: Information Analysis and Infrastructure Protection;
CFDA number: 97.079;
Program: Public Alert Radios for Schools;
Primary recipients: Schools;
Number of awards in fiscal year 2006: 77,035;
Fiscal year 2006 award amount: 1,828,045;
Average award amount: 24.
59;
DHS component: Science & Technology (S&T);
CFDA number: 97.061;
Program: Centers for Homeland Security;
Primary recipients: U.S. institutions of higher education;
Number of awards in fiscal year 2006: 8;
Fiscal year 2006 award amount: 24,570,000;
Average award amount: 3,071,250.
60;
DHS component: Science & Technology (S&T);
CFDA number: 97.062;
Program: Scholars and Fellows;
Primary recipients: Individuals;
Number of awards in fiscal year 2006: 383[A];
Fiscal year 2006 award amount: 10,436,453;
Average award amount: 27,249.
61;
DHS component: Science & Technology (S&T);
CFDA number: 97.069;
Program: Aviation Research Grants;
Primary recipients: U.S. institutions of higher education;
Number of awards in fiscal year 2006: 36;
Fiscal year 2006 award amount: 11,824,817;
Average award amount: 328,467.
62;
DHS component: Science & Technology (S&T);
CFDA number: 97.077;
Program: Homeland Security Testing, Evaluation, and Demonstration of
Technologies;
Primary recipients: Nonfederal entities;
Number of awards in fiscal year 2006: 5;
Fiscal year 2006 award amount: 1,298,590;
Average award amount: 259,718.
63;
DHS component: Science & Technology (S&T);
CFDA number: 97.086;
Program: Homeland Security Outreach, Education, and Technical
Assistance;
Primary recipients: Federal and nonfederal entities;
Number of awards in fiscal year 2006: 10;
Fiscal year 2006 award amount: 9,626,326;
Average award amount: 962,633.
64;
DHS component: Science & Technology (S&T);
CFDA number: 97.091;
Program: Homeland Security Biowatch Program;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 52 ;
Fiscal year 2006 award amount: 45,661,986;
Average award amount: 878,115.
65;
DHS component: Transportation Security Administration (TSA);
CFDA number: 97.072;
Program: National Explosives Detection Canine Team Program;
Primary recipients: Transportation systems;
Number of awards in fiscal year 2006: 17;
Fiscal year 2006 award amount: 2,132,055;
Average award amount: 125,415.
66;
DHS component: Transportation Security Administration (TSA);
CFDA number: 97.090;
Program: Law Enforcement Officer Reimbursement Agreement Program;
Primary recipients: State and local governments;
Number of awards in fiscal year 2006: 274;
Fiscal year 2006 award amount: 67,804,209;
Average award amount: 247,461.
67;
DHS component: Transportation Security Administration (TSA);
CFDA number: 97.100;
Program: Airport Checked Baggage Screening Program;
Primary recipients: State, local, or other public entities;
Number of awards in fiscal year 2006: 7;
Fiscal year 2006 award amount: 240,447,289;
Average award amount: 34,349,613.
68;
DHS component: U.S. Coast Guard (USCG);
CFDA number: 97.012;
Program: Boating Safety Financial Assistance;
Primary recipients: States and nonprofit organizations;
Number of awards in fiscal year 2006: 79 ;
Fiscal year 2006 award amount: 87,667,046;
Average award amount: 1,109,709.
69;
DHS component: U.S. Secret Service (USSS);
CFDA number: 97.015;
Program: Secret Service Training Activities;
Primary recipients: Sworn members of a law enforcement agency;
Number of awards in fiscal year 2006: n/a[F];
Fiscal year 2006 award amount: n/a;
Average award amount: n/a.
70;
DHS component: U.S. Secret Service (USSS);
CFDA number: 97.076;
Program: National Center for Missing and Exploited Children;
Primary recipients: Private nonprofit entities;
Number of awards in fiscal year 2006: 1;
Fiscal year 2006 award amount: 5,445,000;
Average award amount: 5,445,000.
Total-all DHS components;
CFDA number: [Empty];
Program: [Empty];
Primary recipients: [Empty];
Number of awards in fiscal year 2006: 5,585,670;
Fiscal year 2006 award amount: $24,849,239,441;
Average award amount: [Empty].
Awards to individuals[A];
CFDA number: [Empty];
Program: [Empty];
Primary recipients: [Empty];
Number of awards in fiscal year 2006: 5,433,723;
Fiscal year 2006 award amount: [Empty];
Average award amount: [Empty].
Awards to others;
CFDA number: [Empty];
Program: [Empty];
Primary recipients: [Empty];
Number of awards in fiscal year 2006: 151,947;
Fiscal year 2006 award amount: [Empty];
Average award amount: [Empty].
Sources: Fiscal Year 2006 Funded Award Summary for DHS Grant Programs;
Schedule of DHS Programs as of May 9, 2007.
[A] This amount reflects either individual claims, payments to
individuals, or individuals that received training.
[B] This grant program is part of the Individuals and Households
Program (IHP).
[C] Nonfederal entities include state, local government, private,
public, profit or nonprofit organizations, Indian Tribal government, or
individuals specified in a U.S. appropriation statute.
[D] GT was incorporated into FEMA as of March 31, 2007.
[E] This grant program is incorporated into the Homeland Security Grant
Program.
[F] According to DHS, the USSS provides training as part of its routine
work and does not report this information separately.
[End of table]
[End of section]
Appendix V: Corrective Action Plans for High-Risk Programs:
Table 7 describes the details of the open corrective action plan
critical milestones as of May 14, 2007, as reported by DHS, for
reducing improper IHP assistance payments.
Table 7: DHS's Incomplete Critical Milestones for Its IHP Corrective
Action Plan, Status as of May 14, 2007:
Topic: If the Office of General Counsel (OGC) approves, provide the
contractor with requirements and obtain information from them regarding
their ability to pre-populate insurance data in applicant files;
Target date: September 2006;
Completion status according to DHS: 0%.
Topic: Improve the National Emergency Management Information System
(NEMIS) accounts receivable--Integrated Financial Management
Information System (IFMIS) interface;
Target date: November 2006;
Completion status according to DHS: 50%.
Topic: Ensure compliance with rules and regulations is part of the
annual NEMIS audit;
Target date: December 2006;
Completion status according to DHS: 50%.
Topic: Explore alternate receipt posting possibilities using electronic
files;
Target date: March 2007;
Completion status according to DHS: 25%.
Topic: Award contract(s) for up to 6,000 call center agents to private
sector business(es);
Target date: March 2007;
Completion status according to DHS: 50%.
Note: The previous items were past due as of May 14, 2007;
Completion status according to DHS.
Topic: Conduct a second round of IPIA testing on Hurricane Katrina IHP
payments made between March and September 2006;
Target date: June 2007;
Completion status according to DHS: 50%.
Topic: Put in place a contract for data verification and pre-population
of verified data;
Target date: September 2007;
Completion status according to DHS: 50%.
Topic: Make appropriate updates to NEMIS to ensure maximum use of
technology to reduce manual processing;
Target date: September 2007;
Completion status according to DHS: 50%.
Topic: Improve communications with and messaging to disaster victims;
Target date: September 2007;
Completion status according to DHS: 50%.
Topic: Clarify with OGC if FEMA can get legislative backing to allow
the collection of insurance policy data;
Target date: December 2007;
Completion status according to DHS: 50%.
Topic: Limit access to NEMIS to users authorized via the Integrated
Security and Access Control System;
Target date: January 2008;
Completion status according to DHS: 47%.
Topic: Integrate shelter tracking mechanisms into NEMIS;
Target date: January 2008;
Completion status according to DHS: 25%.
Source: DHS's IPIA Corrective Action Plan Summary and Detailed Reports
for FEMA's IHP as of May 14, 2007.
[End of table]
Based on DHS's updated corrective action plan report for IHP, as of May
14, 2007, DHS had not completed certain critical milestones by the
identified target date. These milestones included system interface
improvements and certain contract awards. Missing these established
critical milestones only delays strengthening internal controls that
are necessary to reduce future improper payments. It is important that
DHS stays on track in implementing its corrective action plans.
DHS has also established critical milestones for reducing improper
disaster-related vendor payments. Table 8 describes the details of the
open corrective action plan critical milestones as of May 14, 2007, as
reported by DHS for reducing improper disaster-related vendor payments.
Table 8: DHS's Incomplete Critical Milestones for Its Disaster-Related
Vendor Payments Corrective Action Plan, Status as of May 14, 2007:
Topic: Ensure roles and responsibilities with regard to invoice
receipt, approval, and payment of contracting officer technical
representatives (COTR), project officers, and accounting technicians
are clearly defined by conducting a review of policies, procedures, and
job descriptions;
Target date: May 2007;
Completion status according to DHS: 50%.
Topic: Review procurement language to ensure consistency and adequacy
for similar goods and services related to product substitution and
pricing variances;
Target date: May 2007;
Completion status according to DHS: 50%.
Topic: Formalize the process of receipt, issue, and follow-up on
invoices with COTRs and project officers by finance office;
Target date: May 2007;
Completion status according to DHS: 50%.
Topic: Train accounting technicians, project officers, and COTRs on the
importance of an invoice review and approval process and expectations
regarding supporting documentation, prompt pay, product substitution,
price variances, and unsupported amounts;
Target date: June 2007;
Completion status according to DHS: 50%.
Topic: Initiate a quality assurance sampling process for invoices on a
periodic basis with emphasis on adherence to metrics published in the
fiscal year 2006 PAR;
Target date: June 2007;
Completion status according to DHS: 50%.
Topic: Enter into a contract with a recovery audit firm;
Target date: June 2007;
Completion status according to DHS: 0%.
Topic: Identify vendor payments eligible for recoupment (recovery);
Target date: July 2007;
Completion status according to DHS: 50%.
Source: DHS's IPIA Corrective Action Plan Summary and Detailed Reports
for FEMA's Disaster Relief Fund Vendor Payments as of May 14, 2007.
[End of table]
DHS identified three primary root causes for why these two programs--
IHP assistance payments and disaster-related vendor payments--are at
high risk of issuing improper payments. According to DHS, these root
causes include the following.
* People--FEMA employees were not properly trained.
* Processes--The nature of FEMA's work responding to disasters explains
the reliance on people that are not trained in finance requirements and
are dispersed throughout areas with limited infrastructure.
* Policies--Policies were cited as possibly inadequate for instructing
employees on the proper supporting documentation. There is a need for
clear policy and procedural guidelines that sets standard operating
procedures for all FEMA employees, especially those outside the finance
area.
DHS also noted that human capital is the principal requirement to
execute these two corrective action plans; however, according to DHS,
exact requirements are not estimable at this time. These plans, if
properly executed, should help reduce future improper payments in these
programs by strengthening internal controls. With regard to system
improvements, as we have previously recommended,[Footnote 40] DHS needs
to conduct effective testing to provide reasonable assurance that the
system will function in a disaster recovery environment.
[End of section]
Appendix VI: GAO Contact and Staff Acknowledgments:
GAO Contact:
McCoy Williams, (202) 512-9095 or williamsm1@gao.gov:
Staff Acknowledgments:
In addition to the contact named above, the following individuals also
made significant contributions to this report: Casey Keplinger,
Assistant Director; Verginie Amirkhanian; Sharon Byrd; Francine
DelVecchio; Francis Dymond; Gabrielle Fagan; Jacquelyn Hamilton; and
Laura Stoddard.
[End of section]
Footnotes:
[1] Improper payments are defined as any payment that should not have
been made or that was made in an incorrect amount (including
overpayments and underpayments) under statutory, contractual,
administrative, or other legally applicable requirements. It includes
any payment to an ineligible recipient, any payment for an ineligible
service, any duplicate payment, payments for services not received, and
any payment that does not account for credit for applicable discounts.
[2] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002).
[3] Pub. L. No. 107-107, div. A, title VIII, § 831, 115 Stat. 1012,
1186 (Dec. 28, 2001) (codified at 31 U.S.C. §§ 3561-3567).
[4] U.S. Department of Homeland Security, Performance and
Accountability Report Fiscal Year 2006 (Washington, D.C.: Nov. 15,
2006). DHS also reported estimated improper payments for all of fiscal
year 2006 for these two programs. However, DHS calculated the fiscal
year 2006 estimates by applying the estimated error percentage rates
from the September 2005 through March 2006 testing to the fiscal year
2006 outlay figures. The estimated error percentage rates for the
September 2005 through March 2006 testing have a 90 percent confidence
interval of plus or minus 2.32 percentage points for IHP assistance
payments and plus or minus 2.62 percentage points for disaster-related
vendor payments based on statistically valid cluster samples. See IPIA
reporting details in DHS's fiscal year 2006 PAR.
[5] For those programs with disbursements between $10 million and $100
million, DHS components were instructed to complete a qualitative risk
assessment--a series of questions to qualitatively ascertain whether a
program is at high risk for issuing improper payments.
[6] GAO, High-Risk Series: An Update, GAO-07-310 (Washington, D.C.:
January 2007). We placed the National Flood Insurance Program (NFIP) on
our high-risk list in March 2006 because it is unlikely that the NFIP
will generate sufficient revenues to repay the billions borrowed from
the Department of the Treasury to cover flood claims from the 2005
hurricanes.
[7] DHS as a whole meets the criteria for recovery auditing as
specified in the Recovery Auditing Act, but the agency has identified
specific components that individually meet the requirements and focuses
its recovery auditing efforts on those components.
[8] Appendix C to OMB Circular No. A-123 consolidates three memorandums
previously issued by OMB. These memorandums are: M-03-07, "Programs to
Identify and Recover Erroneous Payments to Contractors" (Jan. 16,
2003); M-03-12, "Allowability of Contingency Fee Contracts for Recovery
Audits" (May 8, 2003); and M-03-13, "Improper Payments Information Act
of 2002 (Public Law 107-300)" (May 21, 2003).
[9] IPIA does not mention the "exceeding the 2.5 percent of program
payments" threshold that OMB uses for identifying and estimating
improper payments.
[10] OMB, Improving the Accuracy and Integrity of Federal Payments
(Washington, D.C.: Jan. 31, 2007).
[11] OMB Circular No. A-123 provides a central reference point for
guidance to federal managers on improving the accountability and
effectiveness of federal programs and operations by establishing,
assessing, correcting, and reporting on internal control. The circular
emphasizes the need for integrated and coordinated internal control
assessments that synchronize all internal control-related activities.
For prior improper payments guidance, see footnote 8.
[12] An example of an alternative sampling methodology includes
developing an annual error rate for a component of the program.
[13] OMB Circular No. A-136, Financial Reporting Requirements, § II.5.7
(June 29, 2007).
[14] Appendix C of OMB Circular No. A-123.
[15] OMB's implementing guidance defines a "program" as activities or
sets of activities recognized as programs by the public, OMB, or the
Congress, as well as those that entail program management or policy
direction. This definition includes, but is not limited to, all grants,
regulatory activities, research and development activities, direct
federal programs, procurements including capital assets and service
acquisition, and credit programs. It also includes the activities
engaged in by the agency in support of its programs.
[16] OMB Circular No. A-11, Preparation, Submission, and Execution of
the Budget (revised July 2, 2007), defines TAFS as a summary account
established in the Treasury for each appropriation and fund.
[17] DHS excluded payroll, intragovernmental, and travel payments from
IPIA testing. According to DHS, these payments were excluded because of
the following reasons: (1) payroll was excluded because DHS identified
it as having a low level of risk due to the strong internal controls
that result from payroll payments being administered by a third party,
the National Finance Center; (2) intragovernmental payments were
excluded as these do not result in net gains or losses to the federal
government; and (3) travel payments are a small population and while
they were not tested separately for IPIA purposes, they were tested as
part of internal control reviews by individual components. In addition,
purchase card transactions for the entire department were tested
centrally by the U.S. Coast Guard (USCG) during fiscal year 2006.
[18] U.S. Department of Homeland Security, Performance and
Accountability Report Fiscal Year 2006 (Washington, D.C.: Nov. 15,
2006). DHS also reported estimated improper payments for all of fiscal
year 2006 for these two programs. However, DHS calculated the fiscal
year 2006 estimates by applying the estimated error percentage rates
from the September 2005 through March 2006 testing to the fiscal year
2006 outlay figures. The estimated error percentage rates for the
September 2005 through March 2006 testing have a 90 percent confidence
interval of plus or minus 2.32 percentage points for IHP assistance
payments and plus or minus 2.62 percentage points for disaster-related
vendor payments based on statistically valid cluster samples. See IPIA
reporting details in DHS's fiscal year 2006 PAR.
[19] According to DHS, the agency chose to use this time period because
it was the period of greatest payment activity following the 2005 Gulf
Coast hurricanes.
[20] GAO, Improper Payments: Federal and State Coordination Needed to
Report National Improper Payment Estimates on Federal Programs, GAO-06-
347 (Washington, D.C.: Apr. 14, 2006).
[21] This amount includes both individual grant recipients as well as
states and other entities.
[22] GAO, High-Risk Series: An Update, GAO-07-310 (Washington, D.C.:
January 2007). We placed the National Flood Insurance Program (NFIP) on
our high-risk list in March 2006 because the NFIP will unlikely
generate sufficient revenues to repay the billions borrowed from the
Department of the Treasury to cover flood claims from the 2005
hurricanes.
[23] During fiscal year 2007, FEMA underwent a reorganization and GT
became a part of FEMA. Therefore, the grant functions for both
components are now consolidated under FEMA.
[24] IHP payments are included in disaster assistance grants
administered by FEMA.
[25] GAO, Improper Payments: Agencies' Fiscal Year 2005 Reporting under
the Improper Payments Information Act Remains Incomplete, GAO-07-92
(Washington, D.C.: Nov. 14, 2006).
[26] 31 U.S.C. §§ 7501-7507. Under the Single Audit Act, as amended,
and implementing guidance, independent auditors audit state and local
governments and nonprofit organizations that expend federal awards to
assess, among other things, compliance with laws, regulations, and the
provisions of contracts or grant agreements material to the entities'
major federal programs. Organizations are required to have single
audits if they expend $500,000 or more in federal awards.
[27] A "questioned" cost is a finding which, at the time of the audit,
is not supported by adequate documentation or is unallowable.
[28] GAO, Hurricanes Katrina and Rita: Unprecedented Challenges Exposed
the Individuals and Households Program to Fraud and Abuse; Actions
Needed to Reduce Such Problems in Future, GAO-06-1013 (Washington,
D.C.: Sept. 27, 2006).
[29] OMB Circular No. A-50, Audit Followup (revised Sept. 29, 1982),
requires agencies to develop corrective action plans to address audit
findings, stating that corrective action taken by management on audit
findings and recommendations is essential to improving the
effectiveness and efficiency of government operations. According to
OMB's guidance, each agency is required to establish systems to assure
the prompt and proper resolution and implementation of audit
recommendations.
[30] OMB Memorandum M-03-13, along with other improper payment
guidance, was consolidated into Appendix C of OMB Circular No. A-123.
Appendix C was in effect for fiscal year 2006.
[31] The ICOFR PMO, as discussed in the next section of this report, is
an office within the DHS OCFO.
[32] OMB, Improving the Accuracy and Integrity of Federal Payments
(Washington, D.C.: Jan. 31, 2007).
[33] The CFO Council is an organization comprised of the CFOs and
Deputy CFOs of the 24 CFO Act agencies, and senior officials in OMB and
the Department of the Treasury who work collaboratively to improve
financial management in the U.S. government.
[34] 31 U.S.C. 3516(f)(2).
[35] See, for example, GAO, Expedited Assistance for Victims of
Hurricanes Katrina and Rita: FEMA's Control Weaknesses Exposed the
Government to Significant Fraud and Abuse, GAO-06-655 (Washington,
D.C.: June 16, 2006); Hurricanes Katrina and Rita Disaster Relief:
Improper and Potentially Fraudulent Individual Assistance Payments
Estimated to Be Between $600 Million and $1.4 Billion, GAO-06-844T
(Washington, D.C.: June 14, 2006); and Expedited Assistance for Victims
of Hurricanes Katrina and Rita: FEMA's Control Weaknesses Exposed the
Government to Significant Fraud and Abuse, GAO-06-403T (Washington,
D.C.: Feb. 13, 2006).
[36] GAO, Hurricanes Katrina and Rita: Unprecedented Challenges Exposed
the Individuals and Households Program to Fraud and Abuse; Actions
Needed to Reduce Such Problems in Future, GAO-06-1013 (Washington,
D.C.: Sept. 27, 2006).
[37] GAO, Improper Payments: Agencies' Fiscal Year 2005 Reporting under
the Improper Payments Information Act Remains Incomplete, GAO-07-92
(Washington, D.C.: Nov. 14, 2006).
[38] Subsequent to issuing its fiscal year 2006 PAR, DHS reported
recovery audit amounts to OMB for inclusion in OMB's governmentwide
reporting of fiscal year 2006 recovery auditing information.
[39] The FAC's primary purposes are to (1) disseminate audit
information to federal agencies and the public, (2) support OMB
oversight and assessment of federal award audit requirements, (3)
assist federal cognizant and oversight agencies in obtaining OMB
Circular No. A-133 data and reporting packages, and (4) help auditors
and auditees minimize the reporting burden of complying with Circular
No. A-133 audit requirements.
[40] GAO, Hurricanes Katrina and Rita: Unprecedented Challenges Exposed
the Individuals and Households Program to Fraud and Abuse; Actions
Needed to Reduce Such Problems in Future, GAO-06-1013 (Washington,
D.C.: Sept. 27, 2006).
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office:
441 G Street NW, Room LM:
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Susan Becker, Acting Managing Director, BeckerS@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
