Financial Management
Strategies to Address Improper Payments at HUD, Education, and Other Federal Agencies Gao ID: GAO-03-167T October 3, 2002This testimony discusses (1) how internal control weaknesses make the departments of Housing and Urban Development (HUD) and Education vulnerable to, and in some cases have resulted in, improper and questionable payments and (2) strategies these and other federal agencies can use to better manage their improper payments. Despite a climate of increased scrutiny, most improper payments associated with federal programs continue to go unidentified as they drain taxpayer resources away from the missions and goals of our government. GAO found that both HUD and Education lacked fundamental internal controls over their purchase card programs that would have minimized the risk of improper purchases. Combined with a lack of monitoring, environments were created at HUD and Education where improper purchases could be made with little risk of detection. One of the most important internal controls in the purchase card process is the review of supporting documentation and approval of each purchase by the approving official. Another control that is effective in helping to prevent improper purchases is the blocking of certain merchant category codes. This control, available as part of the agencies' purchase card contracts with the card issuing financial institutions, allows agencies to prohibit certain types of purchases that are clearly not business related.
GAO-03-167T, Financial Management: Strategies to Address Improper Payments at HUD, Education, and Other Federal Agencies
This is the accessible text file for GAO report number GAO-03-167T
entitled 'Financial Management: Strategies to Address Improper Payments
at HUD, Education, and Other Federal Agencies' which was released on
October 3, 2002.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
United States General Accounting Office:
GAO:
Testimony:
Before the Subcommittee on Government Efficiency, Financial Management
and Intergovernmental Relations, Committee on Government Reform, House
of Representatives:
For Release on Delivery:
Expected at 2:00 p.m.:
Thursday, October 3, 2002:
Financial Management:
Strategies to Address Improper Payments at HUD, Education, and Other
Federal Agencies:
Statement of Linda Calbom:
Director, Financial Management and Assurance:
GAO-03-167T:
Mr. Chairman and Members of the Subcommittee:
I am pleased to be here today to discuss (1) how internal control
weaknesses we have noted make the departments of Housing and Urban
Development (HUD) and Education vulnerable to, and in some cases have
resulted in, improper and questionable payments and (2) strategies
these and other federal agencies can use to better manage their
improper payments. We are reporting our findings on HUD for the first
time today. We previously reported our Education findings in a number
of reports and testimonies. [Footnote 1] In addition, we issued an
executive guide, Strategies to Manage Improper Payments: Learning from
Public and Private Sector Organizations, [Footnote 2] last October,
which we will also focus on in this testimony.
The federal government of the United States - the largest and most
complex organization in the world - expends approximately $2 trillion a
year. As the steward of taxpayer dollars, it is accountable for how its
agencies and grantees spend those funds, and is responsible for
safeguarding against improper payments by the government - payments
that should not have been made or that were made for incorrect or
excessive amounts.
Improper payments are a widespread and significant problem receiving
increased attention not only in the federal government but also among
states, foreign governments, and private sector companies. As you know,
the President's Management Agenda, Fiscal Year 2002, included five
governmentwide initiatives, one of which is improved financial
performance. This financial management initiative calls for the
administration to establish a baseline on the extent of erroneous
payments. [Footnote 3] Under it, agencies were to include information on
improper payment rates in their 2003 budget submissions to the Office of
Management and Budget (OMB), including actual and target rates if
available for benefit and assistance programs over $2 billion annually.
Legislation that you sponsored, Mr. Chairman, and which is currently
being considered by the Senate (H.R. 4878), calls for more stringent
requirements in the areas of improper payment review and reporting than
the President's Management Agenda. Specifically, it requires agency
heads to (1) review all programs and activities that they administer,
and identify those areas that may be susceptible to improper payments,
(2) estimate the annual amount of improper payments, and (3) where
they exceed the lesser of 1 percent of the total program budget or $1
million annually, report actions the agency is taking to reduce
improper payments.
In our executive guide, we identified practices that government and
private sector organizations in the United States. and abroad have used
to combat improper payments. Despite a climate of increased scrutiny,
most improper payments associated with federal programs continue to go
unidentified as they drain taxpayer resources away from the missions
and goals of our government. They occur for many reasons, including
insufficient oversight or monitoring, inadequate eligibility control,
and automated system deficiencies. However, one point is clear based on
our study - the root causes of improper payments can typically be
traced to a breakdown in or lack of internal control. Collectively,
internal controls are an integral component of an organization's
management that provides reasonable assurance that the organization
achieves the objectives of (1) effective and efficient operations, (2)
reliable financial reporting, and (3) compliance with laws and
regulations. Internal controls are not one event, but a series of
activities
that occur throughout an entity's operations and on an ongoing basis.
People make internal controls work, and responsibility for good
internal controls rests with all managers.
Both HUD and Education have histories of financial management problems,
including serious internal control weaknesses, which have affected
their ability to provide reliable financial information to decision
makers both inside and outside the agencies and to maintain the
financial integrity of their operations. Because of this, we have
designated Education's student financial assistance programs and
HUD's single family and multifamily housing programs as high-risk areas
for waste, fraud, abuse, and mismanagement. [Footnote 4] We have also
identified weak internal controls as a major factor contributing to
improper payments at other agencies and have issued reports and
testimonies on this topic, including several to this subcommittee on
the Department of Defense's purchase card and travel card programs.
[Footnote 5]
In order to carry out our improper payments reviews at HUD and
Education, we identified disbursement processes at those agencies that
would be highly susceptible to improper payments. [Footnote 6] Based on
this analysis, we focused our reviews on (1) HUD's purchase card and
multifamily property payment processes and (2) Education's grants and
loans, purchase card, and third party draft payment processes.
[Footnote 7] Our work at both of these agencies was designed to (1)
determine if the existing controls provided reasonable assurance that
improper payments would not occur or would be detected in the normal
course of business and (2) determine if expenditures were properly
supported as a valid use of government funds. Our work at Education was
also designed to determine if computer equipment purchased with
purchase cards and third party drafts was being included in Education's
inventory and appropriately safeguarded.
Our work at Education is complete, but our HUD work is ongoing. In the
second phase of that work, we will continue to review multifamily
disbursements and will also assess single family program payments to
management and marketing contractors that maintain and sell single
family houses owned by HUD. We will also follow up on physical control
of computer equipment as we did at Education.
To accomplish our two separate reviews of HUD and Education, we used
data mining techniques [Footnote 8] and other computer analyses to
identify unusual transactions and payment patterns that may be
indicative of improper payments. Our review included the $181.4
billion in grants and loans disbursed by Education from May 1998
through September 2000, $214 million of payments made by HUD during
fiscal year 2001 for goods and services to support multifamily
properties, $22 million of purchase cards purchases made by Education
from May 1998 through September 2000, and $10 million of purchase cards
purchases made by HUD during fiscal year 2001. [Footnote 9] We
conducted our work in accordance with generally accepted government
auditing standards, as well with investigative standards established by
the President's Council on Integrity and Efficiency.
In my testimony today I will discuss:
* poor controls over purchase cards and how they resulted in some
fraudulent, improper, and questionable purchases at HUD and Education;
* the failure of controls over Education's grants disbursement process
to detect certain improper payments;
* the lack of monitoring of a key HUD contractor and how it resulted in
improper payments; and;
* strategies that HUD, Education, and other federal agencies can use to
manage improper payments.
Poor Controls over Purchase Cards Resulted in Some Fraudulent,
Improper, and Questionable Purchases at HUD and Education:
The benefits of using purchase cards versus traditional contracting and
payment processes are lower transaction processing costs and less "red
tape" for both the government and the vendor community. We support the
use of a well-controlled purchase card program to streamline the
government's acquisition processes. However, it is important that
agencies have adequate internal controls in place to protect the
government from fraud, waste, and abuse. We found that both HUD and
Education lacked fundamental internal controls over their purchase card
programs that would have minimized the risk of improper purchases. For
example, both agencies had inconsistent and inadequate pre-approval and
review processes for purchase card transactions - key preventive and
detective controls.
Combined with a lack of monitoring, environments were created at HUD and
Education where improper purchases could be made with little risk of
detection. Inadequate controls over these expenditures, along with the
inherent risk of fraud and abuse associated with purchase cards, likely
contributed to the $4.0 million of fraudulent, improper, and
questionable purchases we identified at HUD and Education through our
data mining efforts.
According to our Standards for Internal Control in the Federal
Government, [Footnote 10] transactions and other significant events
should be authorized and executed only by persons acting within the
scope of their authority. Although pre-approval and review of
transactions by persons in authority is the principal means of assuring
that transactions are valid, we found that the pre-approval and review
process for purchase card purchases was inadequate at both HUD and
Education. During our review of HUD and Education's purchase card
programs, we found that department personnel did not consistently
obtain pre-approval prior to making some or all purchases, as required
by the departments' policies. According to HUD's October 30, 1995,
purchase card policy, the approving official is required to establish a
pre-approval process for each cardholder to ensure that purchases have
the necessary technical approval or clearance before purchases are made
and that all transactions are appropriate and for official use only.
However, during our review we found that only the Information
Technology Office routinely obtained authorization prior to purchasing
items with the purchase card. Similarly, at the Department of
Education, we found that 10 of its 14 offices did not require
cardholders to obtain authorization prior to making some or all
purchases, although Education's policy required that all requests to
purchase items over $1,000 be made in writing to the applicable
department executive officer.
One of the most important internal controls in the purchase card
process is the review of supporting documentation and approval of each
purchase by the approving official. Approving officials at both HUD and
Education are required to review each monthly statement of purchases
along with the applicable supporting documentation and certify that
these purchases were appropriate, in accordance with department
regulations, and a valid use of government funds. Based on our testing
of both HUD and Education's approving officials' review of monthly
purchase card statements, we found that this key control was not an
effective means of detecting improper purchases. At HUD, we selected a
stratified random sample of 222 purchase card transactions made during
fiscal year 2001, and found that $1.4 million, or about 77 percent, of
the $1.8 million of sampled purchases lacked adequate support for the
approving official to determine what was purchased, whether the
purchase was previously authorized, and if there was a legitimate
government need for the items purchased. [Footnote 11] We found similar
problems at Education. To test the effectiveness of Education's
approving officials' review, we analyzed 5 months of cardholder
statements and found that 37 percent of the 903 monthly cardholder
statements we reviewed were not approved by the appropriate official.
These 338 unapproved statements totaled about $1.8 million.
Another control that is effective in helping to prevent improper
purchases is the blocking of certain merchant category codes (MCC).
This control, available as part of the agencies' purchase card
contracts with the card issuing financial institutions, allows agencies
to prohibit certain types of purchases that are clearly not business
related, such as purchases from jewelry stores or entertainment
establishments. During our reviews, we noted that, initially, neither
HUD nor Education was effectively using the MCC's as a preventive
control. HUD was not blocking any MCCs and Education blocked only four
MCCs. As a result, there were almost no restrictions on the types of
purchases employees could make during the period of our audit. Both
agencies took action to block more of the MCCs after we began our
reviews of their purchase card programs.
Our Standards for Internal Control in the Federal Government state that
internal control should generally be designed to assure that ongoing
monitoring occurs in the course of normal operations. Internal control
monitoring should assess the quality of performance over time and
ensure that findings of audits and other reviews are promptly resolved.
Program and operational managers should monitor the effectiveness of
control activities as part of their regular duties. HUD's purchase card
policy requires the department to perform annual program reviews and
report the results, including findings and recommendations, to the
purchase card program administrator. However, HUD officials could
locate only one such report. This November 2001 report, prepared by a
consultant, identified problems that were similar to the findings
previously reported [Footnote 12] by the Office of Inspector General
(OIG) in February 1999. Both reports documented problems with weak
internal controls and insufficient supporting documentation. The
consultant's report also noted that HUD was not performing the periodic
program reviews required by its policies and that employees were making
improper split purchases. HUD management agreed with the findings in
the OIG report and developed and implemented an action plan to address
the identified weaknesses. According to HUD OIG staff, its
recommendations were implemented and have been closed. However, based
on our findings, corrective actions taken at that time were not fully
effective.
At the time of our review, Education did not have a monitoring system
for purchase card activity to determine whether its staff was complying
with key aspects of the purchase card program. We also found that
approving officials at Education did not use monitoring reports that
were available from its purchase card contractor to identify unusual or
unauthorized purchases. However, as I will discuss later, the
department subsequently issued new policies and procedures that, among
other things, establish a quarterly quality review of a sample of
purchase card transactions to ensure compliance with key aspects of the
department's policy. The types of internal control weaknesses that I
have just described created environments where improper purchases could
be made with little risk of detection and likely contributed to the $4
million of fraudulent, improper, and questionable purchases we
identified through our data mining efforts at both HUD and Education.
We also found that property purchased with purchase cards was not
always recorded in Education's property records, which likely
contributed to missing or stolen property. This could also be an issue
at HUD based on our preliminary inquiries into its property management
system.
I will now provide a few examples of how employees used their purchase
cards to make fraudulent, improper, and questionable purchases. We
considered fraudulent purchases to be those that were unauthorized and
intended for personal use. Improper payments include errors, such as
duplicate payments and miscalculations; payments for services not
rendered; multiple payments to the same vendor for a single purchase to
circumvent existing single purchase limits - known as split purchases;
and payments resulting from fraud and abuse. We defined questionable
transactions as those that, while authorized, were for items purchased
at excessive costs, for questionable government need, or both, as well
as transactions for which the departments could not provide adequate
supporting documentation to enable us to determine whether the
purchases were valid.
In May 2002, we provided HUD with 5,459 transactions, totaling about
$3.8 million in which the (1) payee appeared to be an unusual vendor to
be engaging in commerce with the agency, (2) purchase was made on
either a holiday or weekend, or (3) purchase appeared to be a split
purchase. As of September 2002, HUD was able to provide adequate
support for 3,428 of these questionable transactions, totaling about
$1.5 million. HUD could not provide adequate supporting documentation
to enable us to assess the propriety of the remaining 2,031
transactions totaling about $2.3 million, or 38 percent of the total
questionable transactions and 61 percent of the total dollars
requested. For these transactions, HUD could not provide support to
determine what was purchased, whether it was authorized, and whether
there was a legitimate government need for the item purchased. These
purchases included (1) 1,183 questionable vendor transactions totaling
about $869,000, (2) 31 purchases made on holidays totaling about
$10,000, (3) 264 weekend purchases totaling about $354,000; and (4) 541
potential improper split transactions totaling about $1 million.
Some examples of questionable vendor transactions for which we did not
receive adequate support included (1) over $27,000 to various
department stores, such as Best Buy, Circuit City, Dillard's, JC Penny,
Lord & Taylor, Macys, and Sears, (2) over $8,900 to several music and
audio stores, including Sound Craft Systems, J&R's Music Store, Guitar
Source, and Clean Cuts Music, and (3) over $9,700 to various
restaurants, such as Legal Sea Foods, Levis Restaurant, The Cheesecake
Factory, and TGI Fridays. Additional examples of questionable or
improper purchases we found included $25,400 of "no show" hotel charges
for HUD employees who did not attend scheduled training and $21,400 of
purchases from vendors where it appears the vendors were out of
business prior to the purchases.
Because HUD was unable to provide adequate documentation for these
purchases, we consider them to be questionable uses of government funds
and therefore potentially improper purchases.
In order to identify potential improper payments in Education's
purchase card program, we requested supporting documentation for (1)
338 monthly statements totaling $1.8 million that our testing of the
approval function identified as not properly approved, and (2) other
transactions, identified using data mining techniques, that appeared
unusual. Education was unable to provide adequate supporting
documentation to enable us to determine the validity of purchases
totaling over $218,000.
Education could not provide any support for more than $152,000 of these
purchases nor could it specify what was purchased, why it was
purchased, or whether these purchases were appropriate. For the
remaining $66,000, Education was able to provide only limited
supporting documentation. As a result, we were unable to assess the
validity of these payments, and we consider these purchases to be
potentially improper. These inadequately supported or unsupported
purchases included charges to various hotels for more than $3,000,
purchases of computer equipment and software totaling more than
$22,000, and charges for various college and other training courses
totaling about $51,000. Numerous other purchases were made from home
electronics and appliance stores as well as toy, book, and furniture
stores.
In our review of the documentation Education did provide, we identified
some fraudulent, improper, and questionable purchases. Examples of
these include the following:
* In one instance, a cardholder made several fraudulent purchases from
two Internet sites for pornographic services. As a result, Education
management issued a termination letter, prompting the employee to
resign.
* Over several years, an Education employee made improper charges
totaling $11,700 for herself and a coworker to attend college classes
that were unrelated to Education's mission, such as biology, music, and
theology. [Footnote 13] This same individual also had numerous
questionable charges for other college classes totaling $24,060.
* There were restaurant charges totaling $4,427 from a Year 2000 focus
group meeting in San Juan, Puerto Rico, for meals for nonfederal
employees. We referred additional charges of this same nature totaling
approximately $45,000 to Education's OIG. [Footnote 14]
Another type of improper purchase we identified is the "split
purchase," which we defined as purchases made on the same day from the
same vendor that appear to circumvent single purchase limits. Federal
Acquisition Regulation prohibits splitting a transaction into more than
one segment to avoid the requirement to obtain competitive bids for
purchases over the $2,500 micro-purchase limit. At HUD, we identified
88 improper purchases totaling about $112,000 where employees made
multiple purchases from a single vendor on the same day in excess of
the $2,500 micro-purchase threshold. For example, one cardholder
purchased nine personal digital assistants and the related accessories
from a single vendor on the same day in two separate transactions just
5 minutes apart. Because the total purchase price of $3,788 exceeded
the cardholder's single purchase limit of $2,500, the purchase was
split into two transactions of $2,388 and $1,400, respectively. We
identified 451 additional purchases totaling $893,000 where HUD
employees made multiple purchases from a vendor on the same day in
excess of $2,500. Although we were unable to determine whether these
purchases were improper, based on the available supporting
documentation, these transactions share similar characteristics with
the 88 split purchases we identified.
We also found improper split purchases at Education. For example, one
cardholder from Education purchased two computers from the same vendor
at essentially the same time. Because the total cost of these computers
exceeded the cardholder's $2,500 single purchase limit, the total of
$4,184.90 was split into two purchases of $2,092.45 each. We found 27
additional purchases totaling almost $120,000 where Education employees
improperly made multiple purchases from a vendor on the same day.
In addition to poor internal controls over the purchase card program,
we found that Education lacked appropriate physical controls and
segregation of duties over computer equipment purchased with purchase
cards and third party drafts. According to the Education Inspector
General, the department had not taken a comprehensive physical
inventory for at least 2 years before our review. Further, one office
lacked appropriate segregation of duties where responsibility for
receiving, bar coding, securing the equipment, and delivering computers
to the end users was done by only two individuals. According to our
Standards for Internal Control in the Federal Government, an agency
must establish physical control to secure and safeguard vulnerable
assets. Such assets should be periodically counted and compared to
control records. Recording the items purchased in property records is
an important step to ensuring accountability and financial control over
these assets and, along with periodic inventory counts, to preventing
theft or improper use of government property. At Education, we found
that employees regularly purchased computers using their purchase
cards, which was a violation of the department's policy prohibiting the
use of purchase cards for this purpose. From May 1998 through September
2000, the period covered by our audit, Education made purchases
totaling more than $2.9 million from personal computer and computer-
related equipment vendors. To determine whether this computer equipment
was appropriately recorded in the department's inventory, we compared
serial numbers obtained from the department's largest computer vendor
to those in the asset management system and identified 384 pieces of
computer equipment, including desktop computers, printers, and
scanners, that were not in the property records. We conducted an
unannounced inventory to determine whether the equipment was actually
missing or inadvertently omitted from the property records. Although we
found 143 pieces of equipment during this inventory that were not
recorded on Education's books, and an additional 62 items were later
found by Education, department officials have been unable to locate the
remaining 179 pieces of missing equipment costing over $200,000. They
surmised that some of these items may have been surplused; however,
there is no documentation to determine whether this assertion is valid.
According to Education officials, new policies were implemented that do
not allow individual offices to purchase computer equipment without the
consent of the Office of the Chief Information Officer. In addition,
the new policies were designed to maintain control over the procurement
of computers and related equipment, including:
* purchasing computers from preferred vendors that apply the
department's inventory bar code label and record the serial number of
each computer on a computer disk that is sent directly to the Education
official in charge of the property records;
* loading the computer disk containing the bar code, serial number, and
description of the computer into the property records; and;
* having an employee verify that the computers received from the vendor
match the serial numbers and bar codes on the shipping documents and the
approved purchase orders.
While these are very positive steps, a continued lack of adequate
physical control could negate the effectiveness of these new
procedures. For example, during a follow-up visit to Education, we
found that the doors to the various rooms used to store computer
equipment waiting to be installed were both unlocked and unattended.
Without enhanced physical security, Education will continue to be at
risk for further computer equipment losses.
We also have concerns about HUD's accountability for computer and
related equipment purchased with purchase cards because of the large
volume of purchases for which it did not have appropriate
documentation. In these cases, HUD likely does not know what was
purchased, why it was purchased, whether there was a legitimate
government need for the item purchased, and where the item is now. For
example, HUD employees used their purchase cards to purchase portable
assets such as computer equipment and digital cameras, totaling over
$74,500, for which they have provided either no support or inadequate
support. Further, in its purchase card remedial action plan, which I
will discuss further shortly, HUD stated that not all property is
entered in its automated property inventory system. When these
purchases are not entered in an agency's inventory system, they become
more vulnerable to loss or theft. In our follow-up work, we plan to
determine whether these items are included in HUD's inventory and are
being appropriately safeguarded.
Effectiveness of Remedial Action Plans and Other Recent Steps to Curb
Purchase Card Abuse Is Mixed:
In April 2002, OMB issued a memorandum requiring all agencies to develop
remedial action plans to manage the risk associated with purchase card
usage. Agencies were required to submit their plans to the Office of
Federal Procurement Policy no later than June 1, 2002. Both HUD and
Education submitted their plans to OMB on time. While Education's plan
was accepted by OMB and addressed the findings and recommendations in
our September 2001 interim report and final Education report, HUD's
plan was rejected because it lacked a timeline for when the corrective
actions would be implemented. This plan also did not address key
weaknesses we identified.
HUD submitted a new plan to OMB on August 28, 2002. While the revised
remedial action plan includes a broad timeline for when each objective
will be completed, we found that it still does not adequately address
key control weaknesses we identified, in part because it lacks specific
steps necessary to fully address identified problem areas. For example,
HUD's plan recognizes that monitoring of purchasing activities and the
frequency of internal audits are areas that need improvement. However,
the plan does not address developing and implementing a robust review
and approval function for purchase card transactions, focusing on
identifying split purchases and other inappropriate transactions.
Further, this plan does not timely address some of the other serious
weaknesses we found. For example, the revised remedial plan does not
require the program administration staff to begin designing a
monitoring plan to assess HUD's compliance with key aspects of its
purchase card policy until the second quarter of fiscal year 2003 and
does not give an estimated completion date for when this key internal
control will be implemented. Additionally, the revised plan does not
specifically identify who is responsible for developing or implementing
any of the proposed improvements. We will be issuing a separate letter
to HUD that will include recommendations to address these and other
issues we identified during our review of its purchase card program.
In contrast, Education's plan specifically addresses the findings and
recommendations in our September 2001 interim report and final Education
reports. These recommendations included (1) emphasizing policies on
appropriate use of the purchase card and cardholder and approving
official responsibilities, (2) ensuring that approving officials are
trained on how to perform their responsibilities, and (3) ensuring that
approving officials review purchases and their supporting documentation
before certifying the statements for payment. Education took actions to
respond to these recommendations, such as (1) reducing monthly and
single purchase spending limits, (2) blocking over 300 MCCs, (3)
implementing a new approval process, and (4) issuing new policies
and procedures.
However, during our follow-up work at Education, we found that
weaknesses remained that continued to leave the department vulnerable
to fraudulent and improper payments and lost assets. For example, the
effectiveness of the department's new approval process was minimized
because approving officials were not ensuring that adequate supporting
documentation existed for all purchases. According to Education, it has
since implemented a quarterly monitoring program to assess compliance
with key aspects of the purchase card program. As discussed in our
Executive Guide, which I will cover later, managing improper payments
is a continuous cycle and includes, among other things, constant
monitoring of the effectiveness of implemented controls and adjustments
to these controls as warranted by monitoring results.
Controls over Education's Grants Disbursement Process Failed to Detect
Certain Improper Payments:
Education's grant and loan disbursement process relies on computer
systems application controls, or edit checks, to help ensure the
propriety of payments. We focused our review on these edit checks and
related controls because they are key to helping prevent or detect
improper payments in an automated process. As we testified in July
2001, [Footnote 15] controls over grant and loan disbursements at
Education did not include a key edit check or follow-up process that
would help identify schools that were disbursing Pell Grants to
ineligible students. To identify improper payments that may have
resulted from the absence of these controls, we performed a variety of
tests, including a test to identify students 70 years of age and older
because we did not expect large numbers of older students to be
receiving Pell Grants. [Footnote 16] Our review also built upon earlier
work where we identified abuses in the Pell Grant program. [Footnote
17] Based on the initial results of our tests and because of the
problems we identified in the past, we expanded our review of seven
schools that had disproportionately high numbers of older students to
include recipients 50 years of age and older. We found that three
schools fraudulently disbursed about $2 million in Pell Grants to
ineligible students, and another school improperly disbursed about $1.4
million in Pell Grants to ineligible students. We also identified 31
other schools that had similar disbursement patterns to those making
the payments to ineligible students. These 31 schools disbursed
approximately $1.6 million of Pell Grants to potentially ineligible
students. We provided information on these schools to Education for
follow-up.
Education's staff and officials told us that they have performed ad hoc
reviews in the past to identify schools that disbursed Pell Grants to
ineligible students and have recovered some improper payments as a
result. However, Education did not have a formal, systematic process in
place specifically designed to identify schools that may be improperly
disbursing Pell Grants. In our September 2001 interim report, we
recommended that the Secretary of Education (1) establish appropriate
edit checks to identify unusual grant and loan disbursement patterns
and (2) design and implement a formal, routine process to investigate
unusual disbursement patterns identified by the edit checks.
Education subsequently implemented an age limit edit check of 75 years
of age or older. If the student's date of birth indicates that he or
she is 75 years of age or older, the system edit will reject the
application and the school will not be authorized to give the student
federal education funds until the student either submits a corrected
date of birth or verifies that it is correct. However, without also
looking for unusual patterns and following up, the edit may not be very
effective, other than to correct data entry errors or confirm older
students applying for aid.
Education also implemented a new system, called the Common Origination
and Disbursement (COD) system, which became operational in April 2002.
Education officials told us that this integrated system will replace
the separate systems Education has used for Pell Grants, direct loans,
and other systems containing information on student aid, and it will
integrate with applicant data in the application processing system. The
focus of COD is to improve program and data integrity. If properly
implemented, a byproduct of this new system should be improved controls
over grant and loan disbursements. According to Education officials,
they will be able to use COD to identify schools with characteristics
like those we identified. However, until there is a mechanism in place
to investigate schools once unusual patterns are identified, Education
will continue to be vulnerable to the types of improper Pell Grant
payments we identified during our review.
We performed several additional tests of Education's disbursements to
identify potentially improper grant and loan payments that may not have
been detected because of missing or ineffective edit checks. In
addition to Pell Grant payments to students 70 years of age and older,
we identified $28.8 million of other potentially improper grant and
loan payments made by more than 1,800 schools to students who (1) were
much older or younger than would be expected, (2) had social security
numbers (SSN) that were either not in Social Security Administration
(SSA) database or were in SSA death records, or (3) received Pell
Grants in excess of statutory limits. Based on supporting documentation
provided to us by Education, we determined that $20.3 million of these
payments were proper. However, Education did not provide adequate
supporting documentation to enable us to determine the validity of the
remaining $8.5 million of payments made by these schools. Although
Education officials told us that they requested supporting
documentation from the approximately 1,800 schools that disbursed these
funds, over 1,000 schools did not provide the documentation, and
documentation provided by some of the schools was inadequate for
independent verification of the validity of these payments.
According to Education officials, if a school that did not provide
support or provided inadequate support had only a small number of
potential improper payments, the department did not follow up because
it did not consider doing so a wise use of its resources. We agree that
Education should weigh the costs of resources required to follow up on
potential improper payments with the benefits that could be obtained
when making such decisions. However, 20 of the schools that did not
provide support or provided inadequate support had from 20 to 138
instances of these potential improper payments totaling $1.5 million.
While the amount of improper and potentially improper grant and loan
payments we identified is relatively insignificant compared to the
billions of dollars disbursed for these programs annually, it
represents a control risk that could easily be exploited to a greater
extent. As I will discuss later, once such a risk has been identified,
appropriate control activities need to be implemented to respond to it.
In addition to the recommendations that I have already discussed, we
previously recommended that Education (1) conduct on-site
investigations, including interviews of school personnel and students,
at the 28 schools with characteristics similar to those we found that
improperly disbursed Pell Grants to determine whether the grants were
properly disbursed, (2) follow up with the schools that had high
concentrations of the $12 million in potential improper payments for
which the department did not provide adequate supporting documentation,
and (3) implement a process to verify borrowers' SSNs and dates of
birth submitted by schools to Loan Origination System (LOS). While
Education has implemented a process to verify borrowers' SSNs and dates
of birth submitted by schools to LOS, the other two recommendations
remain open.
Lack of Monitoring of a Key HUD Contractor Resulted in Improper
Payments:
Internal control standards state that monitoring should assess the
quality of performance over time and ensure that review findings are
promptly resolved. Due to a lack of monitoring, the internal controls
of the HUD multifamily housing program's payment processes do not
provide reasonable assurance that improper payments would be identified
and corrected in the normal course of business. As we testified in July
2002, HUD has a limited ability to effectively monitor its contractors
and as I am about to discuss, this left HUD vulnerable to abusive
billing practices by its property management firms. [Footnote 18]
HUD contracts with two property management firms, which are given a
great deal of autonomy, to manage the operation of its multifamily
properties, [Footnote 19] including apartment projects, nursing homes,
and hospitals. These management firms are charged with initiating
property renovations, hiring on-site staff, selecting vendors and
certifying the acceptable delivery and performance of these activities.
The vendors that provide the goods and services at the HUD properties
submit their invoices to the property management firm for payment by
HUD. The management firm forwards the invoices and required supporting
documentation to another HUD contractor that maintains the department's
property management system, provides a limited cursory review of the
supporting documentation, and pays the vendors. HUD pre-approval for
payment of these goods and services is not required when (1) the
vendor's estimate will cost less than agreed upon dollar thresholds,
which, depending upon the property management company, are as high as
$50,000, or (2) an emergency situation exists that affects or endangers
the health and/or safety of residents or property. The property manager
is also not required to obtain competitive bids when the work is done
to correct an emergency situation. Generally, the contractor that pays
the vendors obtains a daily E-mail authorization from HUD prior to
disbursing the funds. However, unless the amount exceeds the
predetermined thresholds, HUD does not routinely review documentation
supporting the payments and does not verify that the work was actually
performed.
Given the fairly broad delegation of authority to these contractors, it
is important that HUD have effective processes for monitoring
performance and the propriety of payment. We found that HUD did not
comply with its monitoring policy to perform quarterly, on-site
inspections and management reviews of its multifamily housing projects
and had incomplete guidance on how to do so. Inspections and reviews
were not conducted at the majority of multifamily properties and HUD
could not provide documentation for some of the limited reviews and
inspections that HUD officials said were performed. We found no on-site
inspection guidance in the multifamily handbook, which establishes the
policies and procedures to be followed by the multifamily staff.
In two instances where HUD did conduct and document reviews of one of
the property management firms, it did not follow up on or promptly
resolve its findings. Based on these two reviews of the purchasing
practices of the property management firm, HUD documented concerns
about the (1) amount of money being disbursed to a limited number of
construction companies with little control in place to ensure fair and
reasonable prices and (2) unusually high number of emergency
renovations made by this management firm. Yet HUD continued to
authorize payments of over $8 million to these construction companies
after it was known that the property management firm was not selecting
these companies in accordance with provisions of its contract that
required obtaining competitive quotes from several vendors, even for
purchases below the $50,000 pre-approval threshold. Obtaining
competitive quotes helps ensure that the government pays a reasonable
price for goods and services.
The property management firm told HUD that the vendors it used were the
only ones that would work in the neighborhoods where the properties
were located, and that other vendors did not feel comfortable with
HUD's vendor payment process. HUD's staff accepted this explanation
without independent verification. Had HUD followed up on their
findings, it may have discovered what we found - funds being disbursed
for alleged emergency goods and services that were not received or
performed.
Using computerized data mining techniques, we analyzed the $214 million
of multifamily property payments made during fiscal year 2001 to
identify potentially improper payments that could have resulted from
HUD's lack of contractor oversight. The majority of the questionable
disbursements identified by our analyses were for transactions
initiated by one of the two management firms. Hence, we concentrated
our efforts on HUD disbursements for this firm's transactions. Based on
our data mining and reviews of the supporting documentation, we
determined that a vice president and maintenance director of this
property management firm, on numerous occasions circumvented HUD
controls by (1) alleging that construction renovations were
emergencies, thus not requiring multiple bids or HUD pre-approval, and
(2) splitting renovations into multiple projects to stay below the
$50,000 threshold of HUD-required approval. Over 18 months HUD
authorized and paid for approximately $10 million of renovations, of
which each invoice was for less than $50,000, at two properties where
the above-mentioned maintenance director was employed. HUD did not
verify that any of the construction renovations were actually performed
or determine whether the emergency expenditures constituted such a
classification.
The following examples of improprieties, which are now being
investigated by the HUD OIG and our Office of Special Investigations,
could have been prevented or detected had HUD performed its contractor
monitoring responsibilities. During June 2001, the maintenance director
of the property management company falsified documents that indicated
that 15,000 square feet of concrete sidewalk, at a cost of $227,500,
was replaced and classified these repairs as an emergency. To remain
below the HUD threshold of $50,000, the property management maintenance
director had the vendor submit five separate invoices, each for
$45,500, for the replacement of 3,000 square feet of concrete sidewalk
in front of five buildings. HUD's contractor paid all five invoices.
Based on our site visits and conversation with the maintenance
director, we determined the square footage billed for sidewalk
replacement had not actually been replaced. Figure 1 illustrates how
only portions (the lighter shaded sections) of the sidewalk were
replaced and not the entire sidewalk as was listed on the paid
invoices.
Figure 1: HUD Improper Payments:
[See PDF for image]
This figure is a photograph of the sidewalk referenced in the above
paragraph.
[End of figure]
With the assistance of an independent construction firm, we hired, we
determined that only about one-third of the work HUD paid for was
actually performed. As a result, more than $164,000 of the $227,500
billed and paid for "emergency" installation of concrete sidewalk
appears to be fraudulent.
At this same property, we found instances where HUD paid construction
companies for certain apartment renovations, deemed "emergency
repairs," that were not made. Three of the 10 tenants we interviewed
told us that some work listed on the invoice that the property
management firm submitted was not performed at their homes. For
instance, while an invoice indicated that the apartment floor and
closet doors had been replaced at a cost of $10,400, the tenant stated
that the floors and doors were never replaced.
On several other occasions, HUD paid the same amount to perform
"emergency renovations" of apartments of varying sizes and, more than
likely, in differing degrees of disrepair. For example, HUD paid three
identical $32,100 invoices for the emergency renovation of a one
bedroom (600square feet), a two bedroom (800 square feet) and a three
bedroom (1000 square feet) apartment. All three invoices listed the
exact work performed. For example, each invoice listed a $4,500 cabinet
fee, yet the one bedroom unit had five fewer cabinets than the three
bedroom dwelling. We and the independent construction firm we hired
questioned the validity of the same charge for units of varying sizes
and the likelihood of numerous apartments being in identical condition
and in need of the same extensive renovations.
When confronted with these disparities, the property management
company's maintenance director told us that although he did not have
any documentation to support it, he kept mental notes of work that was
billed and not performed and had the construction company perform
additional unbilled renovations, rather than revising original
emergency invoices. Our review of the maintenance director's files
found multiple "boilerplate" copies of signed receiving reports,
indicating that acceptable emergency work had been done, that had yet
to be awarded to vendors, further evidence of ongoing improprieties.
We will be providing formal recommendations to HUD to address these
issues, as well as other acquisition management challenges, in a
separate report to be issued in November 2002.
Strategies to Manage Improper Payments:
Now I would like to talk about some of the things that HUD, Education,
and other federal agencies can do to address their improper payments
comprehensively. As we recently reported, [Footnote 20] our review of
improper payments reported in agency financial statements over the past
3 years shows some change in individual agencies and programs, but
little change in the total amount over the period. While the total
reported amount has decreased from about $20.7 billion in fiscal year
1999 to $19.1 billion in fiscal year 2001, these figures do not give a
true picture of the level of improper payments in federal programs and
activities. As significant as the $19 billion in improper payments is,
the actual extent of improper payments government wide is unknown,
likely to be billions of dollars more, and will likely grow without
concerted, coordinated efforts by agencies, the administration, and the
Congress.
As we have seen, weak or nonexistent internal controls can result in a
variety of improper payments that can affect an agency's ability to
achieve its goals. Attacking the problem of improper payments requires
strategies tailored to the organization involved and its particular
risks. To identify effective practices and provide case illustrations
and other information for federal agencies to consider when addressing
improper payments, we contacted public and private sector organizations
and talked with them about actions they had taken and considered
effective in reducing improper payments. Participants were the
Department of Health and Human Services' Health Care Financing
Administration; [Footnote 21] the Social Security Administration; the
Department of Veterans Affairs; the states of Illinois, Texas, and
Kentucky; the governments of Australia, New Zealand, and the United
Kingdom; and three private sector corporations. Our executive guide,
Strategies to Manage Improper Payments: Learning from Public and
Private Sector Organizations, issued last year, highlights the actions
taken by these organizations. We categorized the actions into the five
components of internal control outlined in the Comptroller General's
Standards for Internal control in the Federal Government. We defined
these components as follows:
* Control environment - creating a culture of accountability by
establishing a positive and supportive attitude toward improvement and
achievement of established program outcomes.
* Risk assessment - performing comprehensive reviews and analyses of
program operations to determine if risks exist and if so, their nature
and extent.
* Control activities - taking actions to address identified risk areas
and help ensure that management's decisions and plans are carried out
and program objectives are met.
* Information and communications - using and sharing relevant, reliable
and timely financial and nonfinancial information in managing
activities related to improper payments.
* Monitoring - tracking improvement initiatives over time, and
identifying additional actions needed to further improve program
efficiency and effectiveness.
I will address each of these control activities briefly in turn, giving
examples that illustrate their use in combating improper payments.
While I will discuss these activities separately, it is important to
remember that managing improper payments typically requires continuous
interaction among these areas.
Control Environment: Instilling a Culture of Accountability:
Perhaps the most significant of the elements critical to identifying,
developing and implementing activities to reduce improper payments is
the control environment. Top officials, whether in government or the
private sector, and oversight bodies such as legislatures, set the
stage for change with clearly established expectations and demands for
improvement. Many of the officials we met with in the course of our
work told us that without the clearly established demands and
expectations for improvement by top management and legislators, little
would have happened to effectively reduce fraud and errors in their
programs. In addition, while top management sets the tone for cultural
change, all personnel must buy into this change and work to achieve its
overall goals.
The cultural change fostered by an effective control environment
stresses the importance of improvement and efficient and effective
program operations while maintaining a balance with concerns about
privacy and information security in a world where computers and
electronic data are indispensable to making payments. In the oversight
and legislative arena, it involves initiatives such as those in the
President's Management Agenda, as I discussed earlier and legislation
such as that introduced by you, Mr. Chairman, which requires
comprehensive improper payment reviews and reporting.
Interest in the amount of improper payments at the organizations that
participated in our study often resulted from program, audit or media
reports of misspent funds or fraudulent activities. As the magnitude of
improper payments became known, government officials and legislative
bodies faced increased pressure to reduce them.
In Texas, for instance, the legislature was instrumental in changing in
the state's benefit programs after reports of improper payments in the
Medicaid program that ranged from $365 million to $730 million as well
as in the Temporary Assistance to Needy Families and Food Stamps
programs, estimated at a total of $222.4 million. Lawmakers sought to
reduce these improper payments by mandating specific actions that
included use of computer technology to deter fraud and abuse.
The government has led the way in setting the stage for changes in the
United Kingdom. Following Comptroller and Auditor General reports
stating that the government did not know enough about the level of
fraud in its benefits programs, Parliament required the Department of
Work and Pensions (DWP) to improve measurement of fraud in its
programs. DWP conducted a benefit review from which the government
estimated that $3 billion per year were lost to known fraud. The
government further noted that if all suspicions of fraud were well
founded, the figure could be as high as $10 billion per year. DWP
proposed a strategy to reform the welfare system and reduce improper
payments.
Through the process, Parliament has stayed actively involved, enacting
legislation to allow data sharing between government agencies and
departments. In addition, the Treasury requires departments to disclose
irregular expenditures arising from erroneous benefit awards and fraud
by claimants. Further, the Comptroller and Auditor General qualified
his opinion on DWP's fiscal years 1995 through 2000 financial
statements because of the level of fraud and error identified in the
benefit programs. This served to reinforce the message that high levels
of improper payments are unacceptable.
At the day-to-day level, improper payments resulting from
miscalculation and other errors often receive inadequate attention.
Centrelink, a "one-stop shop" that pays a variety of Australian
government benefits, found through audit reports that up to 30 percent
of its work was rework. The organization's management
responded by implementing a "Getting it Right" strategy in 2000,
setting out the roles and responsibilities of managers and team leaders
as well as minimum standards for the staff to apply when making payment
decisions. Centrelink distributed posters and mouse pads to reinforce
the "Getting it Right" message. Centrelink's Chief Executive Officer
has stated that she expects the implementation of the strategy to
result in a reduction of improper payments as well as continued
timeliness in payments to beneficiaries.
Study participants successfully used the following strategies to create
a control environment that instilled a culture of accountability over
improper payments, and could also be used at federal agencies:
* Provide leadership in setting and maintaining the agency's ethical
code of conduct and in ensuring proper behavior under the code.
* Provide a cultural framework for managing risk by engaging everyone
in the organization in the risk management process.
* Increase accountability by establishing goals for reducing improper
payments for major programs.
* Foster an atmosphere that regards improper payments as unacceptable.
Among the organizations we studied, pressures from oversight entities
and top management were instrumental in creating change. The
President's Management Agenda and the previously mentioned legislation
help define and communicate the need for improvement. By being
transparent in redefining the culture, oversight entities and top
management can set expectations and obtain agreement on the need for
change from individuals managing day-to-day program activities. This
culture of accountability is necessary to begin the critical next step
in managing improper payments, the risk assessment process.
Risk Assessment: Determining the Nature and Extent of the Problem:
Strong systems of internal control provide reasonable assurance that
programs are operating as intended and are achieving expected outcomes.
A key step in gaining this assurance is conducting a risk assessment.
This involves comprehensively reviewing and analyzing program
operations to determine where risks lie and what they are, and then
measuring the potential or actual effect of those risks on program
operations.
The information developed during a risk assessment forms the foundation
from which management can determine the corrective actions needed and
provides baseline information for measuring progress. Specific
methodologies for managing risk vary by organization depending on
mission and the difficulty in quantifying and defining risk levels. In
addition, because economic, governmental, industrial, regulatory, and
operating conditions continually change, risk assessments should be
updated to identify and address any new risks. The organizations that
participated in our study found that conducting risk assessments to
determine the nature of their improper payments was essential to
helping them focus on the most significant problem and determine what
needed to be done to address it.
While many federal agencies do not perform risk assessments, some do.
The Department of Health and Human Services, for example, began
reporting an annual estimate of improper payments in the Medicare fee-
for-service program in 1996. In fiscal year 2001, it reported estimated
improper Medicare fee-for-service payments of $12.1 billion, or about
6.3 percent of such benefits. This analysis and reporting has led to
the implementation of several initiatives to identify and reduce
improper payments, including working with medical providers to ensure
that medical records support billed services.
HUD also measures improper payments in its housing assistance programs,
reporting $1.87 billion in fiscal year 2000 and $2 billion in fiscal
year 2001. HUD has taken actions to identify the risks associated with
these programs and is working to refine the procedures currently used
to obtain more useful information. HUD has not, however, done risk
assessments in other disbursement areas.
A thorough risk assessment allows organizations to target high-risk
areas, focusing limited resources where the greatest exposure exists.
The Illinois Department of Public Aid (IDPA), for instance, found that
it had a payment accuracy rate of 95 percent. Its payment accuracy
review identified errors and their causes that allowed IDPA to focus
its attention on the 5 percent of inaccurate payments. In doing so, it
discovered that of the $37.2 million spent for nonemergency
transportation services, $11.55 million, or 31 percent, was estimated
to be in error. This discovery led to a series of actions to address
this problem.
Government agencies in other countries have also used payment accuracy
reviews to identify high-risk areas. For instance, the United Kingdom's
DPW uses the results of rolling program reviews to determine levels of
fraud and error in its Income Support and Jobseeker's Allowance benefit
programs. These reviews quantify the amount of fraud and error
affecting benefit claims and are used to target areas for prevention
and detection.
Participants in our study used the following strategies successfully to
assess risk and determine the nature and extent of improper payments.
We believe that federal agencies should also consider these strategies
to address improper payments.
* Institute a systematic process to estimate the level of improper
payments being made by the organization.
* Based on this process, determine where risks exist, what those risks
are, and the potential or actual effect of those risks on program
operations.
* Use the results of the risk assessment to target high-risk areas and
focus resources where the greatest exposure exists.
* Reassess risks on a recurring basis to evaluate the effect of changing
conditions, both external and internal, on program operations.
Assessing risk allows an organization to set goals and target its
efforts to reduce improper payments. Having developed such a framework,
an organization can then proceed to determine which control activities
to implement to reduce risks and, ultimately, fraud and errors.
Control Activities: Taking Action to Address Identified Risk Areas:
Control activities are the policies, procedures, techniques, and
mechanisms that are designed to help ensure that management's decisions
and plans are carried out. Once an organization has identified and
quantified the risks in its operations, and management has set a goal
for reducing the risks, the organization must take action to achieve
that goal. Control activities used by organizations to address improper
payments vary depending on risks faced; objectives; managerial
judgment; size and complexity of the organization; the operational
environment; sensitivity of data; and requirements for system
reliability, availability, and performance. Control activities can
include both prepayment and post payment mechanisms.
Given the large volume of federal payments, it is generally more
efficient to prevent improper payments rather than attempt to recover
overpayments that have already been made. Recognizing, however, that
some overpayments are inevitable, agencies should adopt effective
detection techniques to identify and recover them. These techniques can
range from sophisticated computer analyses of program data to post
award contract audits and are dictated by the type of payment activity
that presents the most risk in a particular organization. They include
the following:
* data sharing, which allows organizations to compare information from
different sources to help ensure that payments are appropriate;
* data mining, which analyzes data for relationships that were
previously unknown;
* neural networking, which analyzes associations and patterns among data
elements;
* recovery auditing, which is the practice of identifying and recovering
overpayments using payment file information;
* contract audits, which verify that payments are being made in
accordance with contract terms and applicable regulations, and;
* prepayment investigations, in which contradictory information is
investigated before payment is made.
Data sharing, data mining, and neural networking techniques are
powerful internal control tools that provide useful, timely access to
information. Using these techniques can provide potentially significant
savings by identifying reporting errors and misinformation before
payments are made or by detecting improper payments already made.
However, more extensive use of personal information in an evolving
technological environment raises new questions about privacy and how it
should be protected. In the federal arena, these techniques must be
implemented consistent with the protections of the Privacy Act of 1974,
as amended by the Computer Matching and Privacy Protection Act of 1988,
and other privacy statutes.
These techniques are an example of the types of activities that our
study participants found useful. For example, in 1995, the United
Kingdom formalized data matching between government organizations. It
reported that through March of 2000, it had saved about $450 million
dollars. Further, from April 1999 through March 2000, data matches
identified 217,000 inconsistencies for investigation, resulting in
another $53 million in benefit savings. In the United States, SSA
shares information with federal agencies through more than 15 data
matches to prevent and detect fraud. SSA estimates that it saves
approximately $1.5 billion each year for other agencies through data
these data matches. In its own programs, SSA estimates that it saves
$350 million annually for Old Age and Survivors Insurance and
Disability Insurance and $325 million annually for Supplemental
Security Income through the use of data matching.
While data matching or sharing gives an organization the means to
compare data from different sources, data mining offers a tool to
review and analyze diverse data. The IDPA, for instance, had identified
one of its risk areas as health care providers who were billing in
excess of 24 hours in a single day. Using its data mining capability,
the Illinois OIG identified 18 providers who had billed in excess of 24
hours for at least 1 day during a 6-month period. A number of these
providers were already under investigation for other program
violations. As a result of this analysis, the OIG planned to refer
serious cases to law enforcement agencies and take administrative
action against less serious violators. Neural networking analyzes
associations and patterns among data elements, allowing an organization
to find relationships that can result in new queries. In Texas, models
used with neural networking technology identified fraudulent patterns
from large volumes of medical claims and patient and provider history
data. Such models can help identify perpetrators of both known and
unknown fraud schemes by analyzing utilization trends, patterns, and
complex interrelationships in the data. The state currently has models
for physicians and dentists and plans to initiate a model for
pharmacies.
Recovery auditing, which came into use about 30 years ago, has a long-
standing record in the private sector, and more recently, in the
federal government. [Footnote 22] More extensive use of recovery
auditing could offer federal agencies an opportunity to prevent and
detect improper payments. One private sector company that participated
in our study contracted with a recovery audit firm to review its
accounts payable files. The company's own systems had found no errors
in these files, yet the review resulted in the recovery of $8 million
in improper payments. Subsequently, the company began to use recovery
auditing techniques on accounts payable information to prevent improper
payments, through such things as identifying potential duplicate
payments. During our visit, this system identified and avoided a
duplicate payment of $136,000 from the reports generated by the
recovery audit software. In addition, as a result of using recovery
auditing before payments are made, the company identified and stopped
the processing of $41 million in duplicative wire payments. The
particular software this company uses also identifies the employees
making the errors so that they can be trained appropriately.
The organizations that participated in our study used the following
strategies successfully to identify and address risks. We believe these
same strategies could be used successfully by federal agencies.
* Based on an analysis of the specific risks facing the organization,
and taking into consideration the nature of the organization and the
environment in which it operates, determine which types of control
activities would be most effective in addressing the identified risks.
* Where in-house expertise is not available, investigate the
possibility of contracting activities out to firms that specialize in
specific areas, such as recovery auditing and neural networking.
* Perform cost-benefit analyses of potential control activities before
implementation to help ensure that the cost is not greater than the
potential benefit.
* Ensure that personnel involved in developing, maintaining, and
implementing control activities have the requisite skills and knowledge,
recognizing that staff expertise needs to be frequently updated in
evolving areas such as information technology and fraud investigation.
* Recognize and consider the importance of privacy and information
security issues when developing and implementing control activities.
An agency's internal control activities should be flexible, weigh costs
and benefits, and be tailored to an agency's needs. Once control
activities are in place, the internal control cycle continues with the
prompt communication of information that managers need to help them
carry out these activities and run their operations efficiently and
effectively.
Information and Communications: Using and Sharing Knowledge to Manage
Improper Payments:
Those responsible for managing and controlling program operations need
relevant, reliable, and timely financial and nonfinancial information
to make operating decisions, monitor performance, and allocate
resources. This information can be obtained through a variety of
sources using a wide range of data collection methodologies. The
organizations that participated in our study used internal and external
sources to obtain the information they needed. Further, these sources
varied widely, from multiple computer databases to periodic meetings.
The need for information and communication also extends beyond
organizational boundaries. Many of the governmental programs with
improper payments are benefit programs that involve recipients and
providers of services. Organizations in our study developed educational
programs to assist these participants in understanding eligibility and
other requirements, and for service providers, information on issues
including common claim filing errors.
For instance, in 1997 Texas implemented several initiatives to educate
new medical providers before they enroll in the Texas Medicaid program.
Each new provider receives a hand-delivered package with information on
claim filing, helpful tips, and instructions on how to use the
automated phone system for inquiries. Three months after the provider
is enrolled, a field representative from Medicaid evaluates a sample of
the provider's claims and revisits the provider to answer questions and
discuss any problems noted in the claims sample.
In another example, Australia's Health Insurance Commission (HIC)
implemented a feedback program to provide medical practitioners with
regular information about their own benefit authorization, patient
demographics, and comparative statistical information showing services
rendered and the dollar value of benefits paid. All 32,000
practitioners receive correspondence once a year from HIC. While at
first most practitioners did not realize that HIC was able to
accumulate and analyze this information, the program has now become an
effective deterrent to wrongdoing as well as a desired source of
information to medical providers. Some practitioners have asked for
additional information or statistics prior to the annual feedback
report. HIC has since established an on-line feedback and statistics
site for general practitioners, 2,100 of whom accessed their reports
online in 1999.
Coordination and cooperation with local law enforcement and other
sources outside an agency can also establish an infrastructure
conducive to preventing and detecting fraud. The IDPA OIG established a
Fraud and Abuse Executive (FAE) whose objective is to be a conduit
among internal and external parties for all fraud issues. As a result
of cooperation between the Illinois State Police, one bank, and the
FAE, thousands of dollars in fraudulent payments were stopped and a
number of perpetrators were arrested.
Organizations that participated in our study used the following
strategies to help them effectively use and share knowledge to manage
improper payments. These strategies could also be used by federal
agencies.
* Determine what information is needed by managers to meet and support
initiatives aimed at reducing improper payments.
* Ensure that necessary information provided to managers is accurate and
timely.
* Provide managers with timely feedback on applicable performance
measures so they can use the information to manage their programs
effectively.
* Develop educational programs to assist program participants in
understanding program requirements.
* Ensure that there are adequate means of communicating with, and
obtaining information from, external stakeholders that may have a
significant effect on improper payment initiatives.
* Develop working relationships with other organization to share
information and pursue potential instances of fraud or other
wrongdoing.
Communications are effective when information flows up, down, and
across an organization. In addition to internal communications,
management should ensure that there are adequate means to give and
obtain information from external parties who could have an effect on
the agency's goals. Moreover, effective information technology
management is critical. Managers need operational and financial data
to monitor whether they are meeting their agency's goals with
appropriate resources.
Monitoring: Tracking the Success of Improvement Initiatives:
Monitoring focuses on assessing the quality of an organization's
performance over time and on promptly resolving problems identified
either through separate program evaluations or audits. Evaluation of an
organization's programs and its successes in meeting its established
goals and in identifying additional actions is an integral element of
performance measurement and continued improvement in operations. Once
an organization has identified its risks related to improper payments
and undertaken activities to reduce these risks through internal
controls, monitoring performance allows the organization to gauge how
well its efforts are working.
When Illinois had assessed the risk of improper payments in its Medicaid
program, based on the results, it implemented initiatives to improve
payment accuracy. To monitor the effect of the new initiatives, the
state uses random claims sampling to test the accuracy of payments. The
goal of the project, which reviews 1,800 claims per year, is to ensure
that every paid claim faces an equal chance of random review. This
approach not only provides periodic estimates of payment accuracy rates
but helps deter future erroneous and fraudulent billings.
Performance measures are key to monitoring progress in addressing
improper payments. The government of New Zealand, for instance,
requires audited statements of objectives and service performance to be
included along with financial statements. These statements include
performance measures related to improper payments. Work and Income New
Zealand (WINZ), a government agency that provides income support and
employment assistance to eligible people, has established performance
measures for entitlement accuracy, services to reduce benefit crime,
and debt management. WINZ's financial statements are the main
accountability reports used by Parliament to monitor the agency's
performance. In addition, Parliament uses the audited information to
make informed decisions on resource allocation, and through a
monitoring body, to hold the entity's chief executive officer
responsible if performance standards are not met.
Participants in our study used the following strategies successfully to
track the success of improvement initiatives. We believe the strategies
would be effective for federal agencies as well.
* Establish agency-specific goals and measures for reducing improper
payments.
* Using baseline information for comparison, periodically monitor the
progress in achieving the established performance measures.
* Make the results of performance reviews widely available to permit
independent evaluations of the success of efforts to reduce improper
payments.
* Ensure timely resolution of problems identified by audits and other
reviews.
* Adjust control activities, as necessary, based on the results of
monitoring activities.
Organizations should monitor the control activities they use to address
improper payments continuously, ingraining them in their operations.
This kind of ongoing monitoring enables organizations to measure how
well they are doing, track performance measures, and adjust control
activities based on the results. Monitoring should also include
policies and procedures for communicating review results to appropriate
individuals in the organization so any problems can be resolved.
Conclusions:
In closing, Mr. Chairman, I want to emphasize that high levels of
improper payments need not and should not be an accepted cost of
running federal programs. The organizations that participated in our
study found that they could effectively and efficiently manage improper
payments by (1) changing their organization's control environments or
cultures, (2) performing risk assessments, (3) implementing activities
to reduce fraud and errors, (4) providing relevant, reliable and timely
information and communication to management on results and (5)
monitoring performance over time. While HUD, Education, and other
agencies have taken some steps in these areas, effectively addressing
improper payments requires a comprehensive strategy that permeates the
entire organization.
Implementing such a comprehensive strategy at federal agencies will not
be easy or quick. It will require continued strong support from the
President, the Congress, top-level administration appointees, and
agency officials. The effort must include a willingness to dedicate
personnel and money to implement the changes. This could involve
performing needs assessments and hiring individuals with the necessary
skills and knowledge to turn planned actions into reality. In addition,
many actions that proved successful for organizations in our study
involved computer assisted analyses of data. Implementing some of these
practices could involve funding for computer software or hardware, and
additional staff or training.
In addition, it is important that the results of actions taken to
address improper payments be openly communicated not only to the
Congress and agency management, but to the public. This transparency
demonstrates the importance that government places on the need for
change at the same time it openly communicates performance results. It
also acts as an incentive for agencies to be ever vigilant in their
efforts to address wasteful spending that results from weak controls
that lead to improper payments.
Mr. Chairman, this concludes my statement. I would be happy to answer
any questions you or other Members of the Subcommittee may have.
Contact and Acknowledgments:
For information about this statement, please contact Linda Calbom,
Director, Financial Management and Assurance, at (202) 512-9508 or at
calboml@gao.gov. Individuals making key contributions to this statement
include Dan Blair, Don Campbell, Lisa Crye, Anh Dang, Bonnie Derby,
Kelly Lehr, Carla Lewis, Sharon Loftin, Irving McMasters, Diane Morris,
Andy O'Connell, Russell Rowe, Ruth Walk, Brooke Whittaker, and Doris
Yanger.
[End of section]
Footnotes:
[1] U.S. General Accounting Office, Financial Management: Internal
Control Weaknesses Leave Department of Education Vulnerable to Improper
Payments, GAO-01-585T (Washington, D.C.: Apr 3, 2001); Financial
Management: Poor Internal Control Exposes Department of Education to
Improper Payments, GAO-01-997T (Washington, D.C.: July 24, 2001); and
Education Financial Management: Weak Internal Controls Led to Instances
of Fraud and Other Improper Payments, GAO-02-406, (Washington, D.C.:
Mar 28, 2002).
[2] U.S. General Accounting Office, Strategies to Manage Improper
Payments: Learning from Public and Private Sector Organizations, GAO-02-
69G (Washington, D.C.: October 2001).
[3] Because of the similarity of the Office of Management and Budget‘s
definition of erroneous payments to our definition of improper
payments, we consider the terms synonymous.
[4] U.S. General Accounting Office, Major Management Challenges and
Program Risks, Department of Housing and Urban Development, GAO-01-248
(Washington, D.C.: January 2001); Major Management Challenges and
Program Risks, Department of Education GAO-01-245 (Washington, D.C.:
January 2001); and High-Risk Series: An Update, GAO-01-263,
(Washington, D.C.: January 2001).
[5] U.S. General Accounting Office, Purchase Cards: Control Weaknesses
Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-01-995T
(Washington, D.C.: July 30, 2001); Purchase Cards: Control Weaknesses
Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-02-32
(Washington, D.C.: Nov 30, 2001); Purchase Cards: Continued Control
Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-02-
506T (Washington, D.C.: Mar 13, 2002); and Government Purchase Cards:
Control Weaknesses Expose Agencies to Fraud and Abuse, GAO-02-676T
(Washington, D.C.: May 1, 2002).
[6] We did not focus on HUD‘s rental housing assistance program because
HUD is estimating improper payments for the program, and the HUD OIG
and GAO have performed extensive work in that area.
[7] Our testimony today generally will not address third party drafts,
since Education eliminated that payment process in fiscal year 2001.
However, we will discus the results of our inventory of computers and
computer equipment purchased with third party drafts.
[8] Data mining for improper payments involves using computer-aided
auditing techniques to identify hidden patterns and relationships in
data that are indicators of unusual transactions, which may be
improper payments.
[9] Due to separate congressional requests, the period of our review at
Education differed from that for HUD.
[10] Standards for Internal Control in the Federal Government (GAO/AIMD-
00-21.3.1), which was prepared to fulfill our statutory requirement the
Federal Managers‘ Financial Integrity Act, provides an overall
framework for establishing and maintaining internal control and for
identifying and addressing major management challenges and areas at
greatest risk of fraud, waste, abuse, and mismanagement.
[11] Based on our testing, we estimate that $4,678,689 (plus or minus
$678,806) of the total $10 million in purchase card transactions made
during fiscal year 2001 lacked adequate supporting documentation. Our
estimate is based on a 95 percent confidence level and a tolerable
error rate of $1,059,046 (10 percent of the population total of
$10,590,461).
[12] Department of Housing and Urban Development Office of Inspector
General, Commercial Credit Card Program, 99-DP-166-0001 (Washington,
D.C.: Feb 1, 1999).
[13] The Government Employees Training Act, 5 U.S.C. 4103 and 4107,
requires that training be related to an employee's job and prohibits
expenditures to obtain a college degree unless necessitated by
retention or recruitment needs, which was not the case here.
[14] These additional estimated charges were identified by an Education
official. Under 31 U.S.C. 1345, appropriated funds may not be used to
pay the costs of non-federal individuals to attend meetings unless
otherwise specifically authorized by law. 5 U.S.C. 5703 allows the
federal government to pay the costs of non-federal individuals to
attend meetings if the attendees are providing direct services to the
government. Education could not provide us with evidence that this was
the case.
[15] U.S. General Accounting Office, Financial Management: Poor
Internal Control Exposes Department of Education to Improper Payments,
GAO-01-997T (Washington, D. C.: July 24, 2001).
[16] A Pell Grant is a form of financial aid that is awarded to
undergraduate students who have not earned bachelor's or professional
degrees, and who are enrolled in degree or certificate programs.
[17] U.S. General Accounting Office, Student Financial Aid Programs:
Pell Grant Program Abuse, GAO/T-OSI-94-8 (Washington, D.C.: Oct 27,
1993).
[18] U.S. General Accounting Office, HUD Management: HUD‘s High-Risk
Program Areas and Management Challenges, GAO-02-869T (Washington, D.C.:
July 24, 2002).
[19] In addition, HUD and the Massachusetts Housing Finance Agency have
an agreement for the disposition and interim management of select HUD-
owned multifamily properties in Boston. This pilot project was not
implemented for other state housing agencies.
[20] U.S. General Accounting Office, Financial Management: Coordinated
Approach Needed to Address the Government‘s Improper Payments Problems,
GAO-02-749 (Washington, D.C.: Aug 9, 2002).
[21] The Health Care Financing Administration was renamed the Centers
for Medicare and Medicaid Services in July 2002.
[22] Section 831 of Pub.L. 107-107 requires executive agencies that
enter into contracts totaling greater than $500 million in a fiscal
year to have a program for recovering any amounts erroneously paid to
contractors, including the use of recovery audits.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office:
441 G Street NW, Room LM:
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Jeff Nelligan, Managing Director, AndersonP1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
