This is the accessible text file for GAO report number GAO-08-438T entitled 'Improper Payments: Status of Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements' which was released on February 1, 2008. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Before the Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee on Homeland Security and Governmental Affairs, U.S. Senate: United States Government Accountability Office: GAO: For Release on Delivery Expected at 2:30 p.m. EST: Thursday, January 31, 2008: Improper Payments: Status of Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements: Statement of McCoy Williams, Managing Director Financial Management and Assurance: Improper Payments: GAO-08-438T: GAO Highlights: Highlights of GAO-08-438T, a testimony before the Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee on Homeland Security and Governmental Affairs, U.S. Senate Why GAO Did This Study: The federal government is accountable for how its agencies and grantees spend hundreds of billions of taxpayer dollars and is responsible for safeguarding those funds against improper payments and recouping those funds when improper payments occur. The Congress enacted the Improper Payments Information Act of 2002 (IPIA) and section 831 of the National Defense Authorization Act for Fiscal Year 2002, commonly known as the Recovery Auditing Act, to address these issues. GAO was asked to testify on agencies’ efforts to eliminate and recover improper payments. Specifically, GAO focused on (1) progress made in agencies’ implementation and reporting under IPIA for fiscal year 2007, (2) major challenges that continue to hinder full reporting of improper payment information, and (3) agencies’ efforts to report on recovery auditing and recoup contract overpayments. This testimony is based in part on a recently issued report (GAO-08-377R) in addition to a further review and analysis of improper payment and recovery auditing information reported in agencies’ fiscal year 2007 performance and accountability reports (PAR) or annual reports. The Office of Management and Budget (OMB) provided technical comments which GAO incorporated as appropriate. What GAO Found: While agencies have made progress, GAO identified ongoing challenges in key areas related to IPIA and recovery auditing implementation and reporting. * Progress made in agencies’ implementation and reporting under IPIA. Agencies reported improper payment estimates of about $55 billion in their fiscal year 2007 PARs or annual reports, an increase from the almost $41 billion reported in fiscal year 2006. The reported increase was primarily attributable to a component of the Medicaid program reporting improper payments for the first time totaling about $13 billion, which GAO viewed as a positive step to improve transparency over the full magnitude of improper payments. The $55 billion estimate consists of 21 agencies reporting for 78 programs, including 19 agency programs or activities reporting for the first time in fiscal year 2007. Further, select agency programs that first reported an error rate in fiscal year 2004 reported an overall decrease in their error rate estimates when compared to fiscal year 2007. OMB noted that further reductions in error rates are expected as agencies take steps to address payment errors resulting from insufficient or no documentation. * Challenges with IPIA implementation. Not all agencies reported conducting risk assessments of all of their programs and activities as required under IPIA. Further, agencies have not estimated for 14 risk- susceptible programs with outlays totaling about $170 billion. Additionally, in some instances, agencies did not measure improper payments for a 12-month period as generally required by OMB’s implementing guidance, nor did the estimates reflect improper payments for the entire program. Four agency auditors reported noncompliance issues with IPIA regarding risk assessments, sampling methodologies, corrective actions, recovery of improper payments, and inadequate documentation. Agencies also reported that statutory or regulatory barriers may limit corrective actions to reduce improper payments. Lastly, agencies continue to face challenges in the implementation or design of internal controls to identify and prevent improper payments. Specifically, over half of agencies’ Offices of Inspectors General identified management or performance challenges that could increase the risk of improper payments. * Agencies’ efforts to report recovery auditing information continue. In total, 21 agencies reported identifying about $121 million in improper payments in fiscal year 2007 for recovery and actually recovering about $87 million, a decrease of about $217 million when compared to the reported amount identified for recovery in the prior year. Most of the decrease can be attributed to the Department of Defense’s decision to stop reporting voluntary refunds. GAO noted that few agencies reported on corrective action plans to address the root causes of contract payment errors. Also, two agencies reported that conducting recovery audits was not cost beneficial. All but two agencies reported they contracted out recovery audit services, conducted in-house recovery audits, or both. The other two were silent on this on matter. To view the full product, including the scope and methodology, click on [hyperlink, http://www.GAO-08-438T]. For more information, contact McCoy Williams at (202) 512-2600 or williamsm1@gao.gov. [End of section] Mr. Chairman and Members of the Subcommittee: Thank you for the opportunity to be here today to discuss the governmentwide problem of improper payments in federal programs and activities and executive branch agencies' efforts to address key requirements of the Improper Payments Information Act of 2002 (IPIA)[Footnote 1] and section 831 of the National Defense Authorization Act for Fiscal Year 2002, commonly known as the Recovery Auditing Act.[Footnote 2] Since fiscal year 2000, we have issued a number of reports and testimonies aimed at raising the level of attention given to improper payments. Most recently, at the Subcommittee's request, we provided a report[Footnote 3] on summary data and preliminary analysis of the improper payment estimates reported by federal executive branch agencies in their fiscal year 2007 performance and accountability reports (PAR) or annual reports. Our work over the past several years has demonstrated that improper payments are a long-standing, widespread, and significant problem in the federal government. IPIA has increased visibility over improper payments[Footnote 4] by requiring executive branch agency heads, using guidance from the Office of Management and Budget (OMB),[Footnote 5] to identify programs and activities susceptible to significant improper payments,[Footnote 6] estimate amounts improperly paid, and report on the amounts of improper payments and their actions to reduce them. Similarly, the Recovery Auditing Act provides an impetus for applicable agencies to systematically identify and recover contract overpayments. This act requires, among others things, that all executive branch agencies entering into contracts with a total value exceeding $500 million in a fiscal year have cost-effective programs for identifying errors in paying contractors and for recovering amounts erroneously paid. As the steward of taxpayer dollars, the federal government is accountable for how its agencies and grantees annually spend hundreds of billions of taxpayer dollars and is responsible for safeguarding those funds against improper payments as well as having mechanisms in place to recoup those funds when improper payments occur. OMB has played a key role in the oversight of the governmentwide improper payments problem. In 2005, OMB established Eliminating Improper Payments as a new program-specific initiative under the President's Management Agenda (PMA). This separate PMA program initiative is intended to help to ensure that agency managers are held accountable for meeting the goals of IPIA and are, therefore, dedicating the necessary attention and resources to meeting IPIA requirements. OMB continues its commitment to address governmentwide improper payments by working with agencies to establish corrective action plans and address their root causes. OMB also annually reports on agencies' efforts to address IPIA and Recovery Auditing Act requirements. Today, my testimony will focus on three key areas: * progress made in agencies' implementation and reporting under IPIA for fiscal year 2007, * several major challenges that continue to hinder full reporting of improper payment information, and: * agencies' reporting of recovery auditing efforts to recoup contract overpayments. This testimony is based on our review of available fiscal year 2007 improper payment information reported by 35 federal executive branch agencies that OMB and the Department of the Treasury (Treasury) determined to be significant to the U.S. government's consolidated financial statements. We also added 4 additional executive branch agencies included in the consolidated financial statements, increasing our universe of review to 39 executive branch agencies (agencies). (See app. I for a list of the 39 agencies.) We reviewed improper payment information reported for 35[Footnote 7] of the 39 agencies' fiscal year 2007 PARs or annual reports. We also reviewed OMB guidance on implementation of IPIA and the Recovery Auditing Act. In addition, we reviewed agency Office of Inspector General (OIG) reports on management challenges to identify internal control weaknesses and program integrity issues for agency programs reporting improper payment estimates for fiscal year 2007. We did not independently validate the data that agencies reported in their PARs or annual reports. However, we are providing agency-reported data as descriptive information that will inform interested parties about the magnitude of reported governmentwide improper payments and amounts recouped through recovery audits and other improper payment-related information. We believe the data to be sufficiently reliable for this purpose. We provided information on the major findings discussed in this statement to OMB. OMB provided technical comments that we incorporated as appropriate. We conducted this performance audit from December 2007 to January 2008 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Progress Made to Estimate and Reduce Improper Payments: Agencies reported improper payment estimates of almost $55 billion in their fiscal year 2007 PARs or annual reports, an increase from the fiscal year 2006 estimate of about $41 billion.[Footnote 8] The reported increase was primarily attributable to a component of the Medicaid program reporting improper payment estimates for the first time totaling about $13 billion for fiscal year 2007, which we view as a positive step to improve transparency over the full magnitude of improper payments. The $55 billion estimate consists of 78 programs in 21 agencies (see app. II for further details) and represents about 2 percent of total fiscal year 2007 federal executive branch agencies' government outlays of almost $2.8 trillion. In addition, the $55 billion largely consists of improper payments made in eight programs, as shown in figure 1. Collectively, the eight programs account for about $48 billion or approximately 88 percent of the total estimate. Figure 1: Fiscal Year 2007 Improper Payment Estimates by Program (Dollars in Billions): This figure is a pie chart showing fiscal year 2007 improper payment estimates by program. Medicaid: $12.9; Earned Income Tax Credit: $11.4; Medicare fee-for-service: $10.8; Other: $6.7; Supplemental Security Income: $4.1; Unemployment Insurance: $3.2; Old Age Survivors' Insurance: $2.5; Food Stamp Program: $1.8; National School Lunch Program: $1.4. [See PDF for image] Source: GAO analysis of agencies' fiscal year 2007 PARs or annual reports. [End of figure] Also, of the total improper payment estimate of $55 billion, we identified 19 programs and activities[Footnote 9] that estimated improper payments for the first time in their fiscal year 2007 PARs, totaling about $16 billion. Of these 19 programs, we identified 6-- including Medicaid--that had been required to report selected improper payment information for several years prior to the passage of IPIA.[Footnote 10] In total, these 6 programs represented $14.8 billion, or 94 percent, of the approximately $16 billion in newly reported programs. We view these agencies' efforts as a positive step toward measuring improper payments and continuing progress in meeting the goals of IPIA. Likewise, agencies continued to report that they had made progress to reduce improper payments in their programs and activities. Since initial IPIA implementation, we noted that 39 agency programs reported improper payment estimated error rates[Footnote 11] for each of the 4 fiscal years--2004 through 2007. Of the 39, 23 programs, or about 59 percent had reduced error rates when comparing each program's fiscal year 2007 error rate to the initial or baseline error rate reported for fiscal year 2004. In a separate analysis, we found that the number of programs with error rate reductions totaled 34 when comparing fiscal year 2007 error rates to the prior year rates. For example, the error rate of the U.S. Department of Agriculture's (USDA) Marketing Assistance Loan program decreased from 20.3 percent in fiscal year 2006 to 7.5 percent in fiscal year 2007, a reduction of 12.8 percent. As we testified before this Subcommittee,[Footnote 12] USDA's high error rate for the Marketing Assistance Loan program reported in its fiscal year 2006 PAR resulted from improvements in how it measured its improper payments. However, in its fiscal year 2007 PAR, USDA reported that a large percentage of fiscal year 2006 improper payments were caused by noncompliance with administrative procedures and that corrective actions had been taken to reduce the instance of improper payments. Reported examples of corrective actions taken included implementing policies related to processing payments, conducting more frequent external audits of program effectiveness, and making the delivery of services consistent across county offices. OMB noted that further reductions in agency program estimated error rates are expected as agencies take steps to address payment errors attributed to insufficient or lack of documentation. OMB's implementing guidance requires agencies to discuss in their PAR the portion of payment errors attributable to insufficient or lack of documentation, if applicable. We identified 25 programs from 10 agencies that attributed a portion of their payment errors to insufficient or no documentation. However, only 8 of these programs--all reported by USDA- -cited what portion of the error rate resulted from insufficient or no documentation. The other agencies only reported that these types of errors contributed to the cause for the improper payments in the remaining 17 programs. For example, the Department of State (State) reported that there was insufficient documentation to support eligibility for the grantee of an award, but did not cite a rate for this type of error. Similarly, the Federal Communications Commission (FCC) reported that lack of documentation was a significant concern of the auditors' review of program payments, but did not report the affected portion of the error rate. Because agencies for 17 of the 25 agency programs that attributed some of their payment errors to insufficient or no documentation did not report the portion of payment errors attributable to these problems, we could not readily determine the extent to which such errors contributed to the total improper payment estimate of $55 billion. Yet, we found that 25 of the 78 programs reporting improper payment estimates, or 32 percent, identified insufficient or no documentation errors as a cause of their improper payments. OMB anticipates that errors attributable to insufficient or no documentation will decrease significantly once agencies correct the root cause. From our review, we noted that 22 of the 25 agency programs reported corrective action plans to address errors due to insufficient or no documentation. Examples of these efforts included development of policies on documentation retention, updating processing procedures, and training for providers on the importance of supporting documentation. Challenges Continue with IPIA Implementation: While agencies have shown progress, major challenges remain in meeting the goals of IPIA and ultimately improving the integrity of payments. Specifically, some agencies have not yet reported estimates for all risk-susceptible programs, the total improper payment estimate does not yet reflect the full scope of improper payments across executive branch agencies, noncompliance issues continue to exist, reported statutory or regulatory barriers limit agencies' ability to reduce improper payments, and agencies continue to face challenges in the implementation or design of internal controls to identify and prevent improper payments. Risk Assessments: IPIA requires agencies to annually review all of their programs and activities to identify those that may be susceptible to significant improper payments. Yet, in our review, we found that not all agencies reported conducting risk assessments. We also noted that four agencies[Footnote 13] reported that they did not conduct a risk assessment of all of their programs and activities because OMB guidance allows agency programs deemed not risk-susceptible to conduct a risk assessment generally every 3 years. As we have previously reported,[Footnote 14] this is inconsistent with the express terms of IPIA, which require that agencies annually review all of their programs and activities. However, OMB guidance does state that if a program experiences a significant change in legislation, a significant increase in funding level, or both, agencies are required to reassess the program's risk susceptibility during the next annual cycle, even if it is less than 3 years from the last assessment. In its fiscal year 2007 PAR, the Department of the Interior (Interior) reported that it did not perform a risk assessment because the results of previous risk assessments demonstrated that Interior was at low risk for making improper payments. As a result, the agency reported that the next risk assessment would be completed in fiscal year 2009. HHS reported that it had last completed risk assessments in fiscal year 2006 in which HHS did not identify any new high-risk programs in its fiscal year 2006 risk assessment work. HHS reported that OMB's implementing guidance requires risk assessments once every 3 years and as a result, HHS did not perform risk assessments during fiscal year 2007.[Footnote 15] We also identified three additional agencies[Footnote 16] that reported they were not required to conduct a risk assessment for specific programs that OMB had previously designated as risk-susceptible prior to IPIA implementation. These agencies determined that those programs had continued to demonstrate over a 2-year period a low-risk level for susceptibility to improper payments and thus, OMB had granted them relief from improper payments reporting. According to their PARs, the next risk assessments for the Environmental Protection Agency's (EPA) Clean Water and Drinking Water State Revolving Funds and Department of Veterans Affairs (VA) Insurance programs will be conducted in fiscal years 2010 and 2009, respectively. The Department of Housing and Urban Development (HUD) reported that it will conduct an annual risk assessment of its Community Development and Block Grant (CDBG) program; however, because it reported over 2 consecutive years[Footnote 17] error rates of less than $10 million for this program, OMB granted it relief from annual improper payment reporting and it did not report an estimate in its fiscal year 2007 PAR. OMB reported that, in aggregate, agencies have assessed risk and measured nearly 86 percent of all high-risk outlays and that agencies were focusing their resources on programs with the highest risk levels of improper payments. While we agree that, as a practical matter, a comprehensive risk assessment may not be warranted for programs with minimal outlays or potentially low-risk programs and activities, an appropriately designed risk assessment should be performed annually as it is required of agencies to comply with IPIA. As we previously reported,[Footnote 18] OMB guidance provides that agencies annually perform risk assessments of their programs and activities, but offers limited information on how to conduct an appropriately designed risk assessment, thus allowing agencies broad flexibility for determining a methodology to meet IPIA requirements. As such, the level and extent to which agencies conduct their risk assessments can vary. This is evident in our recent work on selected agencies' IPIA implementation, in which we raised significant concerns regarding their risk assessment activities, as highlighted in the following examples: * In September 2007, we reported[Footnote 19] that for fiscal year 2006, the Department of Homeland Security (DHS) did not perform a risk assessment on approximately $13 billion of its more than $29 billion in disbursements subject to IPIA. Also, DHS only tested programs with disbursements greater than $100 million and did not perform a qualitative risk assessment of all program operations, such as an assessment of internal controls, oversight and monitoring activities, and results from external audits. * In November 2007, we reported[Footnote 20] that for fiscal years 2004 through 2006, neither the United States Agency for International Development (USAID) nor the National Aeronautics and Space Administration (NASA) had developed a systematic process to (1) identify risks that exist in their payment activities or (2) evaluate the results of their payment stream reviews, such as weighting and scoring the effectiveness of existing internal control over payments made and results from external audits. Furthermore, both USAID and NASA maintained insufficient or no risk assessment documentation to support their conclusions that no programs or activities were susceptible to significant improper payments. * In December 2007, we reported[Footnote 21] that the Department of Defense's (DOD) travel payment data used to assess the program's risk of significant improper payments only included payments processed by the Defense Travel System (DTS)--approximately 10 percent of the $8.5 billion of the department's travel obligations reported for fiscal year 2006. Further, the travel data excluded the largest user of DTS, the Army, which would likely have increased DOD's travel improper payment estimate of $8 million by over $4 million.[Footnote 22] In its fiscal year 2007 PAR, DOD reported that the agency is implementing a sampling and review process for Army travel payments processed through its Integrated Automated Travel System in fiscal year 2008 to meet improper payment reporting requirements. Although we have identified significant deficiencies in the risk assessment methodology used to address IPIA requirements at the four agencies mentioned above, not all agencies have been subjected to an independent review. Therefore, the extent to which the results of the agencies' risk assessments can be relied on may not be fully known. We have previously recommended that OMB expand its implementing guidance to describe in greater detail factors that agencies should consider when conducting their annual risk assessments, such as program complexity, operational changes, findings from investigative reports, and financial statement and performance audit reports. OMB agreed with this recommendation and stated that it has taken steps to address implementing it. Specifically, OMB stated that it had included factors to be considered in agency risk assessments in its revised implementation guidance for IPIA. Improper Payment Estimates: Our review found that not all agencies have developed improper payment estimates for all of the programs and activities they identified as susceptible to significant improper payments. As shown in table 1, the fiscal year 2007 total improper payment estimate of $55 billion did not include any amounts for 14 programs, with fiscal year 2007 outlays totaling about $170 billion. Table 1: Risk-Susceptible Programs That Did Not Report Improper Payment Estimates for Fiscal Year 2007: 1; Agency--program: Department of Health and Human Services--Child Care and Development Fund[A]; Fiscal year 2007 outlays (dollars in billions): $ 4.9; Target date for reporting improper payment estimate: 2008. 2; Agency--program: Department of Health and Human Services--Medicare Advantage; Fiscal year 2007 outlays (dollars in billions): 75.1; Target date for reporting improper payment estimate: Did not report target date. 3; Agency--program: Department of Health and Human Services--Medicare Prescription Drug Benefit; Fiscal year 2007 outlays (dollars in billions): 49.3; Target date for reporting improper payment estimate: Did not report target date. 4; Agency--program: Department of Health and Human Services--State Children's Health Insurance Program[A]; Fiscal year 2007 outlays (dollars in billions): 6.3; Target date for reporting improper payment estimate: 2008. 5; Agency--program: Department of Health and Human Services--Temporary Assistance for Needy Families[A]; Fiscal year 2007 outlays (dollars in billions): 17.3; Target date for reporting improper payment estimate: 2008. 6; Agency--program: Department of Homeland Security--Federal Emergency Management Agency--Assistance to Firefighters Grants; Fiscal year 2007 outlays (dollars in billions): 0.5; Target date for reporting improper payment estimate: 2008. 7; Agency--program: Department of Homeland Security--Federal Emergency Management Agency--Homeland Security Grant Program; Fiscal year 2007 outlays (dollars in billions): 0.8; Target date for reporting improper payment estimate: 2008. 8; Agency--program: Department of Homeland Security--Federal Emergency Management Agency--Infrastructure Protection Program; Fiscal year 2007 outlays (dollars in billions): 0.12; Target date for reporting improper payment estimate: 2008. 9; Agency--program: Department of Homeland Security--Federal Emergency Management Agency--National Flood Insurance Program; Fiscal year 2007 outlays (dollars in billions): 1.5; Target date for reporting improper payment estimate: 2008. 10; Agency--program: Department of Homeland Security--Federal Emergency Management Agency--Public Assistance Programs; Fiscal year 2007 outlays (dollars in billions): 5.1; Target date for reporting improper payment estimate: 2008. 11; Agency--program: Department of Homeland Security--Immigration and Customs Enforcement--Detention and Removal Operations; Fiscal year 2007 outlays (dollars in billions): 1.2; Target date for reporting improper payment estimate: 2008. 12; Agency--program: Department of Homeland Security--Immigration and Customs Enforcement--Investigations; Fiscal year 2007 outlays (dollars in billions): 1.1; Target date for reporting improper payment estimate: 2008. 13; Agency--program: Department of Homeland Security--Transportation Security Administration--Aviation Security--Payroll; Fiscal year 2007 outlays (dollars in billions): 2.9; Target date for reporting improper payment estimate: 2008. 14; Agency--program: Department of Homeland Security--United States Coast Guard--Military Payroll; Fiscal year 2007 outlays (dollars in billions): 3.5; Target date for reporting improper payment estimate: 2008. Total; Fiscal year 2007 outlays (dollars in billions): $ 169.6; Target date for reporting improper payment estimate: [Empty]. Source: GAO's analysis of agencies' fiscal year 2007 PARs or annual reports. [A] OMB required program to submit improper payment information prior to governmentwide IPIA reporting requirements. See footnote 10 of this testimony for a detailed description. [End of table] A majority of these programs represent newly identified risk- susceptible programs reported by DHS. The identification of these programs as risk-susceptible is a positive step toward addressing IPIA requirements. We also found, however, that three Department of Health and Human Services (HHS) programs had not reported improper payment estimates for fiscal year 2007, even though OMB had required these and other programs to report selected improper payment information for several years before passage of IPIA.[Footnote 23] After the enactment of IPIA, OMB's implementing guidance required that these programs continue to report improper payment information under IPIA. Since IPIA implementation, HHS has reported on its various improper payment pilot activities to show that efforts were underway to fully address IPIA reporting requirements. For fiscal year 2007, HHS reported that pilot reviews were conducted in various states for the Temporary Assistance for Needy Families and Child Care and Development Fund programs and that estimated improper payment rates for these programs would be reported in fiscal year 2008. Further, HHS reported that it also expects to report a comprehensive improper payment estimate rate for the State Children's Health Insurance Program that will encompass its fee-for-service, managed care, and eligibility components. We recognize that measuring improper payments for these state- administered[Footnote 24] programs and designing and implementing actions to reduce or eliminate them are not simple tasks, particularly for grant programs that rely on administration efforts at the state level. Consequently, as we previously reported in April 2006,[Footnote 25] communication, coordination, and cooperation among federal agencies and the states will be critical factors in estimating national improper payment rates and meeting IPIA reporting requirements for state- administered programs. Further, we found a few instances where estimates were not based on a 12-month reporting period. For example, HHS's Medicaid program is the largest of the programs constituting the total improper payment estimate, with an estimate of about $13 billion for fiscal year 2007. Reporting for the first time, the Medicaid program estimate is based on 6 months of fee-for-service claims processed by the states rather than a complete fiscal year. Generally, OMB guidance requires that a 12- month period be used to generate improper payment estimates as it more fully characterizes the extent of improper payments within a program for any given year. In its PAR, HHS reported that it is completing its review of the remaining 6 months and will report an annual Medicaid fee- for-service error rate, based on a full fiscal year 2006 fee-for- service claims, in its fiscal year 2008 PAR.[Footnote 26] We also found instances where agencies' estimates encompassed only one component of a particular program. For example, USDA identified two types of errors related to its Supplemental Nutrition Program for Women, Infants, and Children--vendor payment errors and certification errors. However, as part of its IPIA reporting, USDA only reported on improper payments resulting from vendor payment errors. For certification errors, USDA reported that it plans to use results from the 2008 decennial income verification study to provide a nationally representative estimate and will report the error rate in fiscal year 2009. The extent to which other agencies used a period of review less than 12 months or estimated for only a component of their program is unknown, as most of the agencies reporting estimates did not provide this level of information in their PARs. As agencies continue to enhance their measurement process and report on additional program components, it is likely the total improper payment estimate will increase. Lastly, we noted that while agencies reported improper payment estimates for their various programs and activities, only five agencies--consisting of nine programs--reported to some degree the amount of actual improper payments they expect to recover and how they will go about recovering them as part of their IPIA reporting. OMB guidance states that for program improper payment estimates exceeding $10 million, agencies must address this IPIA reporting requirement in their PARs. We would also point out that this separate reporting requirement is distinct and different from the recovery auditing reporting requirements OMB has outlined in its guidance for agencies to address in their PAR reporting. We discuss the Recovery Auditing Act and OMB reporting requirements later in this statement. We found that of the 78 programs with improper payments estimates, 47 reported improper payment estimates exceeding $10 million. Of this universe, only 9 agency programs reported on recovery of improper payments under IPIA. Of the 9, 6 programs reported on both aspects of the requirement--expected or actual recovery amount and how they will recover them. The remaining 3 programs reported a recovery amount but did not discuss how they recovered the amount, or their future plans for recovering the funds. For example, DHS reported that for its Individuals and Households program it had collected $18 million of Hurricane Katrina payments identified as improper during its payment sample testing, but did not report on its recovery method. In contrast, the Railroad Retirement Board (RRB) reported it had recovered $104.5 million for fiscal years 2003 to 2006 in Retirement and Survivors Benefits program receivables. RRB reported that its collection program is in full compliance with the Debt Collection Improvement Act of 1996 and recoveries are made through a variety of mechanisms. These include the offset of future benefits, reclamation from the financial institution of benefits erroneously paid after the death of a beneficiary, and direct payments from debtors. RRB also reported that fraudulent payments are referred to the OIG for prosecution through the Department of Justice (Justice). As agencies continue to enhance their IPIA reporting, full and reasonable disclosures regarding actual improper payments and actions to recover those payments will provide needed transparency of this issue and address the American public's increasing demands for accountability over taxpayer funds. Noncompliance Issues with IPIA: For fiscal year 2007, a limited number of agency auditors reported on compliance issues with IPIA as part of their financial statement audit, although such reporting is not specifically required by IPIA. Specifically, auditors for 5 of the 39 agencies[Footnote 27] included in our scope reported assessing the agencies' compliance with IPIA. Of the 5, agency auditors for all except USAID reported noncompliance issues related to the key requirements of the act, including risk assessments, sampling methodologies, implementing corrective actions, recovering improper payments, and inadequate documentation. Fiscal year 2007 reflected the fourth year that auditors for HHS and DHS reported noncompliance issues with IPIA, including not estimating for all risk- susceptible programs and deficiencies related to sampling and testing of transactions. Agency auditors at the Department of Transportation (Transportation) and DOD reported noncompliance with IPIA for a second year. For fiscal year 2007, Transportation auditors reported that they had not received sufficient documentation by the time of PAR issuance to determine if the department's sampling plan was statistically valid. The auditors for DOD reported for fiscal year 2007, that the department was still in the process of developing procedures to identify improper payments and that its efforts to manage recovery audit contracts had been largely unsuccessful. As we previously testified before this Subcommittee,[Footnote 28] separate assessments conducted by agency auditors provided a valuable independent validation of agencies' efforts to implement the act. Independent assessments would also enhance an agency's ability to identify sound performance measures, monitor progress against those measures, and help establish performance and results expectations. Without this type of validation or other types of reviews performed by GAO and agency OIGs, it is difficult to determine the magnitude of deficiencies that may exist in agencies' IPIA implementation efforts. Statutory or Regulatory Barriers: As previously mentioned, for fiscal year 2007, 21 agencies reported improper payment estimates for 78 programs totaling $55 billion for fiscal year 2007. Of the 21 agencies, 16 reported improper payment estimates that exceeded $10 million for one or more programs, and therefore, under OMB guidance, were required to report on various elements as part of their plan to reduce improper payments, including any statutory or regulatory barrier that may limit the agencies' corrective actions in reducing improper payments. Of the 16 agencies required to report on any statutory or regulatory barriers,[Footnote 29] 14 agencies reported on whether they had such barriers which may limit corrective actions in reducing improper payments. The remaining 2 agencies[Footnote 30] did not address whether any statutory or regulatory barriers existed. We further noted that of the 14 agencies that addressed statutory or regulatory barriers, 9 identified such barriers that may limit corrective actions to reduce improper payments. The remaining 5 agencies[Footnote 31] reported that they either had no existing statutory or regulatory barriers or were unaware of any at this time. Agencies cited various barriers that restricted their ability to better manage their programs against improper payments. For example, the Office of Personnel Management's (OPM) Retirement Program (Civil Service Retirement System and Federal Employees Retirement System) reported in its fiscal year 2007 PAR that it faces regulatory barriers that restrict its ability to recover improper payments. For instance, once OPM learns of the death of an annuitant, it requests that Treasury reclaim all posthumously issued payments from the deceased's bank account. When there is insufficient money in the account, OPM would like to seek collection from the individual who last withdrew money from the account. According to OPM, based on current law[Footnote 32] and Treasury's regulations, financial institutions are barred from providing OPM with the information necessary to recover these improper payments. The law and regulations have specifically exempted the Social Security Administration (SSA), RRB, and VA from this prohibition, but not OPM. Further, OPM reported that this situation has a substantial impact on its ability to prevent and recover improper payments. OPM has determined that the current law will need to be amended to overcome this prohibition and Treasury has drafted legislative language to address this issue. The Department of Education (Education) reported that the ability to perform data matching between Federal Student Aid applications and tax return data would substantially reduce improper payments in the Pell Grant program, as the large majority of errors are the result of misreporting of income and related data fields. However, according to OMB, Section 6103(c) of the Internal Revenue Code, concerning confidentiality of tax return information, precludes data matching with regard to grants by Education. In its January 2007 annual report[Footnote 33] on improper payments, OMB reported that the President's Fiscal Year 2008 Budget contained a series of reforms that are necessary to achieve greater program integrity and payment accuracy, including a proposal to facilitate data matching of Pell grant program data. This report indicates that, through administrative changes, Education and the Internal Revenue Service intend to implement a process to verify students' (and their parents') income, tax, and certain household information appearing on their tax return that they provided as part of their application for federal student aid. Management Challenges: Agencies continue to face challenges in the implementation or design of internal controls to identify and prevent improper payments. Over half of the agencies' OIG identified management or performance challenges that could increase the risk of improper payments, including challenges related to internal controls. In addition, several OIGs identified instances where agencies needed to improve their oversight of grantees receiving federal funds. For example, in its fiscal year 2007 PAR, Education's OIG reported that its recent investigations continued to uncover problems, including inadequate attention to improper payments and failure to identify and take corrective action to detect and prevent fraudulent activities by grantees. The Small Business Administration's (SBA) OIG included a management challenge related to the agency's controls over the section 7(a) loan guaranty purchase process. The OIG reported that the majority of the loans made under the program are made with little or no review by SBA prior to loan approval because SBA has delegated most of the credit decisions to lenders originating these loans. SBA's review of lender requests for guaranty purchases on defaulted loans is, therefore, the agency's primary tool for assessing lender compliance on individual loans and protecting SBA from making erroneous purchase payments. However, OIG audits of early defaulted loans and SBA's guaranty purchase process have shown that reviews made by the National Guaranty Purchase Center have not consistently detected lender failures to administer loans in full compliance with SBA requirements and prudent lending practices, resulting in improper payments. Management challenges were also found in agency programs that did not estimate improper payments in their fiscal year 2007 PAR. The National Science Foundation (NSF) OIG found that NSF did not have a comprehensive, risk-based system to oversee and monitor contract awards and ensure that the requirements of each contract were being met. In another example, Treasury's OIG identified erroneous and improper payments as a major management challenge and reported that some tax credits, such as the Education Credit, provide opportunities for abuse in income tax claims. Related to this issue, Treasury's independent auditor reported that weaknesses in controls over the collection of tax revenues owed to the federal government and over the issuance of tax refunds resulted in lost revenue to the federal government and potentially billions of dollars in improper payments, which the auditors classified as a material weakness. Agencies' Efforts to Report Recovery Auditing Information Continue: Section 831 of the National Defense Authorization Act for Fiscal Year 2002 provides an impetus for applicable agencies to systematically identify and recover contract overpayments. The act requires that agencies that enter into contracts with a total value in excess of $500 million in a fiscal year carry out a cost-effective program for identifying and recovering amounts erroneously paid to contractors. The law authorizes federal agencies to retain recovered funds to cover in- house administrative costs as well as to pay contractors, such as collection agencies. Any residual recoveries, net of these program costs, shall be credited back to the original appropriation from which the improper payment was made, subject to restrictions as described in the legislation. The techniques used in recovery auditing offer the opportunity for identifying weaknesses in agency internal controls, which can be modified or upgraded to be more effective in preventing improper payments before they occur for subsequent contract outlays. However, we would like to emphasize that effective internal control calls for a sound, ongoing invoice review and approval process as the first line of defense in preventing unallowable contract costs. Given the large volume and complexity of federal payments and historically low recovery rates for certain programs, it is much more efficient and effective to pay bills properly in the first place. Prevention is always preferred to detection and collection. Aside from minimizing overpayments, preventing improper payments increases public confidence in the administration of programs and avoids the difficulties associated with the "pay and chase" aspects of recovering improper payments. Without strong preventive controls, agencies' internal control activities over payments to contractors will not be effective in reducing the risk of improper payments. Beginning in fiscal year 2004, OMB required that applicable agencies publicly report on their recovery auditing[Footnote 34] efforts as part of their PAR reporting of improper payment information. Agencies are required to discuss any contract types excluded from review and justification for doing so. Agencies are also required to report, in table format, various amounts related to contracts subject to review and actually reviewed, contract amounts identified for recovery and actually recovered and prior year amounts. In addition, agencies are to discuss the following: a general description and evaluation of the steps taken to carry out a recovery auditing program,[Footnote 35] a corrective action plan to address root causes of payment error, and a general description and evaluation of any management improvement program. For fiscal year 2007, agencies reported reviewing about $329 billion in contract payments to vendors under recovery audit programs. From these reviews, agencies reported identifying about $121 million in improper payments for recovery and actually recovering about $87 million, or an estimated overall rate of recovery of approximately 72 percent, as shown in table 2. Table 2: Agency Reported Improper Payment Amounts Identified and Recovered for Fiscal Years 2006 and 2007: 1; Department or agency: Agency for International Development; Fiscal year 2006: Agency-reported amount identified for recovery: $17,100,000; Fiscal year 2006: Agency-reported amount recovered: $17,090,000; Fiscal year 2007: Agency-reported amount identified for recovery: $4,010,000; Fiscal year 2007: Agency-reported amount recovered: $4,000,000. 2; Department or agency: Department of Agriculture; Fiscal year 2006: Agency-reported amount identified for recovery: 379,000; Fiscal year 2006: Agency-reported amount recovered: 538,000[A]; Fiscal year 2007: Agency-reported amount identified for recovery: 206,000; Fiscal year 2007: Agency-reported amount recovered: 146,000. 3; Department or agency: Department of Commerce; Fiscal year 2006: Agency-reported amount identified for recovery: 96,000; Fiscal year 2006: Agency-reported amount recovered: 96,000; Fiscal year 2007: Agency-reported amount identified for recovery: 0[B]; Fiscal year 2007: Agency-reported amount recovered: 0[B]. 4; Department or agency: Department of Defense; Fiscal year 2006: Agency-reported amount identified for recovery: 195,300,000; Fiscal year 2006: Agency-reported amount recovered: 137,900,000; Fiscal year 2007: Agency-reported amount identified for recovery: 24,600,000; Fiscal year 2007: Agency-reported amount recovered: 19,600,000. 5; Department or agency: Department of Education; Fiscal year 2006: Agency-reported amount identified for recovery: did not report; Fiscal year 2006: Agency-reported amount recovered: did not report; Fiscal year 2007: Agency-reported amount identified for recovery: 1,500[C]; Fiscal year 2007: Agency-reported amount recovered: did not report[C]. 6; Department or agency: Department of Energy; Fiscal year 2006: Agency-reported amount identified for recovery: 11,900,000; Fiscal year 2006: Agency-reported amount recovered: 10,300,000; Fiscal year 2007: Agency-reported amount identified for recovery: 15,000,000; Fiscal year 2007: Agency-reported amount recovered: 10,000,000. 7; Department or agency: Environmental Protection Agency; Fiscal year 2006: Agency-reported amount identified for recovery: 1,102,000; Fiscal year 2006: Agency-reported amount recovered: 406,500[D]; Fiscal year 2007: Agency-reported amount identified for recovery: 241,800; Fiscal year 2007: Agency-reported amount recovered: 65,300. 8; Department or agency: General Services Administration; Fiscal year 2006: Agency-reported amount identified for recovery: 46,721,742; Fiscal year 2006: Agency-reported amount recovered: 45,917,920; Fiscal year 2007: Agency-reported amount identified for recovery: 11,200,000; Fiscal year 2007: Agency-reported amount recovered: 9,400,000. 9; Department or agency: Department of Health and Human Services; Fiscal year 2006: Agency-reported amount identified for recovery: 1,600,000[E]; Fiscal year 2006: Agency-reported amount recovered: 40,000[E]; Fiscal year 2007: Agency-reported amount identified for recovery: 635,728; Fiscal year 2007: Agency-reported amount recovered: 19,549. 10; Department or agency: Department of Homeland Security; Fiscal year 2006: Agency-reported amount identified for recovery: did not report; Fiscal year 2006: Agency-reported amount recovered: did not report; Fiscal year 2007: Agency-reported amount identified for recovery: 1,836,000[F]; Fiscal year 2007: Agency-reported amount recovered: 1,213,000[F]. 11; Department or agency: Department of Housing and Urban Development; Fiscal year 2006: Agency-reported amount identified for recovery: reported not cost beneficial; Fiscal year 2006: Agency-reported amount recovered: reported not cost beneficial; Fiscal year 2007: Agency-reported amount identified for recovery: reported not cost beneficial[G]; Fiscal year 2007: Agency-reported amount recovered: reported not cost beneficial[G]. 12; Department or agency: Department of the Interior; Fiscal year 2006: Agency-reported amount identified for recovery: 4,407,345; Fiscal year 2006: Agency-reported amount recovered: 505,743; Fiscal year 2007: Agency-reported amount identified for recovery: 428,332; Fiscal year 2007: Agency-reported amount recovered: 421,337. 13; Department or agency: Department of Justice; Fiscal year 2006: Agency-reported amount identified for recovery: 1,851,709; Fiscal year 2006: Agency-reported amount recovered: 1,734,421; Fiscal year 2007: Agency-reported amount identified for recovery: 4,241,765; Fiscal year 2007: Agency-reported amount recovered: 3,777,628. 14; Department or agency: Department of Labor; Fiscal year 2006: Agency-reported amount identified for recovery: reported not cost beneficial; Fiscal year 2006: Agency-reported amount recovered: reported not cost beneficial; Fiscal year 2007: Agency-reported amount identified for recovery: reported not cost beneficial[G]; Fiscal year 2007: Agency-reported amount recovered: reported not cost beneficial[G]. 15; Department or agency: National Aeronautics and Space Administration; Fiscal year 2006: Agency-reported amount identified for recovery: 256,255; Fiscal year 2006: Agency-reported amount recovered: 139,420; Fiscal year 2007: Agency-reported amount identified for recovery: did not report[H]; Fiscal year 2007: Agency-reported amount recovered: did not report[H]. 16; Department or agency: Social Security Administration; Fiscal year 2006: Agency-reported amount identified for recovery: 178,000; Fiscal year 2006: Agency-reported amount recovered: 178,000; Fiscal year 2007: Agency-reported amount identified for recovery: 1,712,000[I]; Fiscal year 2007: Agency-reported amount recovered: 1,712,000[I]. 17; Department or agency: Department of State; Fiscal year 2006: Agency-reported amount identified for recovery: 2,397,200; Fiscal year 2006: Agency-reported amount recovered: 2,276,700; Fiscal year 2007: Agency-reported amount identified for recovery: 5,353,615; Fiscal year 2007: Agency-reported amount recovered: 4,900,338. 18; Department or agency: Tennessee Valley Authority; Fiscal year 2006: Agency-reported amount identified for recovery: 6,793,581; Fiscal year 2006: Agency-reported amount recovered: 1,202,651; Fiscal year 2007: Agency-reported amount identified for recovery: 6,605,111; Fiscal year 2007: 2,715,183. 19; Department or agency: Department of Transportation; Fiscal year 2006: Agency-reported amount identified for recovery: 6,450,993; Fiscal year 2006: Agency-reported amount recovered: 45,109; Fiscal year 2007: Agency-reported amount identified for recovery: 6,546,901; Fiscal year 2007: Agency-reported amount recovered: 1,217,525. 20; Department or agency: Department of the Treasury; Fiscal year 2006: Agency-reported amount identified for recovery: 2,305,424; Fiscal year 2006: Agency-reported amount recovered: 1,442,708; Fiscal year 2007: Agency-reported amount identified for recovery: 843,230; Fiscal year 2007: Agency-reported amount recovered: 821,667. 21; Department or agency: Department of Veterans Affairs; Fiscal year 2006: Agency-reported amount identified for recovery: 39,155,454; Fiscal year 2006: Agency-reported amount recovered: 30,378,423; Fiscal year 2007: Agency-reported amount identified for recovery: 37,740,000; Fiscal year 2007: Agency-reported amount recovered: 27,000,000. Total; Fiscal year 2006: Agency-reported amount identified for recovery: $337,994,703; Fiscal year 2006: Agency-reported amount recovered: $250,191,595; Fiscal year 2007: Agency-reported amount identified for recovery: $121,201,982; Fiscal year 2007: Agency-reported amount recovered: $87,009,527. Source: GAO analysis and agencies' fiscal year 2006 and 2007 PARs. [A] According to USDA, amount recovered in fiscal year 2006 includes some recoveries identified in fiscal year 2005. [B] The Department of Commerce recovery audit was for its National Oceanic and Atmospheric Administration bureau only. The recovery auditors did not identify any overpayments during the audit. [C] Education reported that the contractor's review of fiscal year 2006 contract invoices found no more than $1,500 in potential recoveries. [D] EPA reported recovered amounts for fiscal year 2006 in its fiscal year 2007 PAR. [E] We obtained these amounts from OMB. [F] DHS reported that OMB granted it relief from recovery auditing for one of its components, Customs and Border Protection (CBP); however, the request was granted after DHS performed audit recovery work during prior years. The total agency-reported amount includes an amount recovered for CBP in fiscal year 2007. [G] The Departments of Housing and Urban Development and Labor reported that recovery auditing efforts were not cost beneficial in fiscal years 2005, 2006, and 2007. [H] NASA plans to report on its recovery audit results in fiscal year 2008. [I] SSA amounts reported are based on SSA's review of administrative contractor payments. [End of table] We found that the number of agencies reporting recovery audit information remained the same when compared to the prior year. However, the fiscal year 2007 dollar amounts identified for recovery significantly decreased by about $217 million from fiscal year 2006. We noted that a significant decrease in DOD's fiscal year 2007 reporting of amounts identified for recovery and amounts recovered from the prior year contributed to the overall decrease. For example, for fiscal year 2006 DOD reported $195.3 million for contract overpayments identified for recovery. This amount decreased sharply to $24.6 million for fiscal year 2007. Similarly, DOD reported recovering $137.9 million for fiscal year 2006 compared to just $19.6 million for fiscal year 2007. According to OMB, the significant decrease in DOD's reported amounts resulted from the department's exclusion of voluntary refunds of contract payments at the recommendation of a DOD OIG audit[Footnote 36] since the voluntary refunds did not originate from recovery audit efforts. In addition, we noted that agencies used different types of resources to carry out their recovery audit programs. Of the 21 agencies reporting recovery auditing information for fiscal year 2007, 9 reported they contracted out their recovery audit services, 3 conducted in-house recovery audits, 5 reported using both in-house and recovery audit contractors, and two were silent. The remaining 2 agencies--HUD and Labor--did not conduct recovery audits as they reported it was not cost beneficial. HUD reported in its fiscal year 2007 PAR that current internal controls over its contract payment and contract close-out processes were adequate to reduce the risks of overpayments. HUD further reported on continued initiatives such as strengthening its fund control processes. Therefore, HUD concluded that a recovery auditing program would not be cost beneficial and was not warranted. Likewise, Labor reported that its sampling and testing of nonpayroll costs, consisting of department expenses including contract payments related to the operation and administration of programs' and headquarters' activities for the current and prior fiscal years found no improper payments in its contract payments. Based on these results, Labor decided that a recovery auditing program was not warranted in fiscal year 2007. However, Labor reported that it plans to implement a recovery auditing program for contract payments in fiscal year 2008, and will report its recovery audit actions, costs, and amounts recovered on an annual basis. From our review of the PARs, we found that agencies' reporting of the various recovery auditing reporting elements[Footnote 37] was limited. For example, agencies generally provided some information on steps to carry out a recovery audit program. However, less than half, or 8 agencies reported on their corrective action plans to address root causes of contract payment errors. For example, the Department of Energy (Energy) reported that it established a policy that prescribes requirements for identifying overpayments to contractors and establishes reporting standards to track the status of recoveries. However, Energy did not report on corrective actions to address the root causes of contract overpayments. We also found that three agencies--Department of Commerce (Commerce), Justice, and SSA--reported on justifications for certain contracts that were excluded from their recovery audit review. For example, Commerce reported that travel payments, bankcards/purchase cards, all procurement vehicles with other federal agencies, and government bills of lading were excluded from its review, as the costs for recovery audit activities would likely exceed the benefits of a recovery audit. Justice reported that certain payments at foreign offices were excluded as they were processed by the Department of State. Lastly, SSA reported that it excluded cost-type contracts that either (1) had not been completed where payments are interim, provisional, or otherwise subject to further adjustment by the government in accordance with the terms and conditions of the contract, or (2) were completed, subjected to final contract audit, and prior to final payment of the contractor's final voucher, all prior interim payments were accounted for and reconciled. Concluding Observations: In closing, we recognize that measuring improper payments and designing and implementing actions to reduce them are not simple tasks or easily accomplished. Further, while internal control should be maintained as the front-line of defense against improper payments, recovery auditing holds promise as a cost-effective means of identifying contractor overpayments. We are pleased that agencies are identifying and reporting on more risk-susceptible programs and have reported that overall program error rates have decreased since IPIA implementation. Yet we also note that deficiencies continued to be identified regarding agencies' efforts to comply with IPIA based on independent assessments conducted by agency auditors or from past GAO reviews. As agencies continue to strengthen their program integrity efforts and recovery audit reviews, fulfilling the requirements of IPIA and the Recovery Auditing Act will require sustained attention to implementation and oversight to monitor whether desired results are being achieved. Mr. Chairman, this concludes my statement. I would be pleased to respond to any questions that you or other members of the Subcommittee may have. Contact and Acknowledgments: For more information regarding this testimony, please contact McCoy Williams, Managing Director, Financial Management and Assurance, at (202) 512-2600 or by e-mail at williamsm1@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this testimony. Individuals making key contributions to this testimony included Carla Lewis, Assistant Director; Gabrielle Fagan; Neeraj Goswami; Mary Osorno; Christina Quattrociocchi; Donell Ries; and Viny Talwar. [End of section] Appendix I: Agencies and Related Programs Included in Our Review of Fiscal Year 2007 Performance and Accountability Reports and Annual Reports: [See PDF for image] Source: GAO's analysis of cited agencies' fiscal year 2007 performance and accountability reports and annual reports. [A] Agency PAR or annual report was not available as of the end of fieldwork. [End of table] [End of section] Appendix II: Improper Payment Estimates Reported in Agency Fiscal Year 2006 and 2007 Performance and Accountability Reports or Annual Reports: [See PDF for image] Source: GAO's analysis of cited agencies' fiscal year 2006 and fiscal year 2007 performance and accountability reports or annual reports. [A] Agency did not report an annual improper payment estimate or error rate. [B] Agency reported that it had no programs or activities susceptible to significant improper payments. [C] Fiscal year 2006 estimate or error rate was updated to the revised estimate or error rate reported in the fiscal year 2007 PAR or annual report. [D] Agency error rate was less than one percent or error rate rounded to zero for purposes of this testimony. [E] Agency combined with the program above. [F] Agency did not address improper payments or IPIA in its PAR or annual report for fiscal year 2006, fiscal year 2007, or both. [G] Fiscal year 2007 was the first year this agency was included in our scope of review. [H] Agency PAR or annual report was not available as of the end of fieldwork. [I] Agency reported that it would estimate improper payments in the future for this program. See table 1 of this testimony. [J] Agency reported program no longer susceptible to significant improper payments. [K] Agency reported that the annual improper payment amount or error rate was zero. [End of table] [End of section] Footnotes: [1] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002). [2] National Defense Authorization Act for Fiscal Year 2002, Pub. L. No. 107-107, div. A, title VIII, § 831, 115 Stat. 1012, 1186 (Dec. 28, 2001) (codified at 31 U.S.C. §§ 3561-3567). [3] GAO, Improper Payments: Federal Executive Branch Agencies' Fiscal Year 2007 Improper Payment Estimate Reporting, GAO-08-377R (Washington, D.C.: Jan. 23, 2008). [4] IPIA defines improper payments as any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements. It includes any payment to an ineligible recipient, any payment for an ineligible service, any duplicate payment, payments for services not received, and any payment that does not account for credit for applicable discounts. [5] OMB, Circular No. A-123, Appendix C, Requirements for Effective Measurement and Remediation of Improper Payments (Aug. 10, 2006). [6] OMB's guidance defines significant improper payments as those in any particular program that exceed both 2.5 percent of program payments and $10 million annually. [7] Four of the agencies had not issued their annual reports as of the end of our fieldwork. [8] In their fiscal year 2007 PARs or annual reports, certain federal agencies updated their fiscal year 2006 improper payment estimates to reflect changes since issuance of their fiscal year 2006 PARs or annual reports. These updates decreased the governmentwide improper payment estimate for fiscal year 2006 from $42 billion to $41 billion. [9] Of the 19 programs, 5 reported an improper payment estimate of zero for fiscal year 2007. [10] Prior to the governmentwide IPIA reporting requirements beginning with fiscal year 2004, former section 57 of OMB Circular No. A-11 required certain agencies to submit similar information, including estimated improper payment target rates, target rates for future reductions in these payments, the types and causes of these payments, and variances from the targets and goals established. In addition, these agencies were to provide a description and assessment of the current methods for measuring the rate of improper payments and the quality of data resulting from these methods. [11] Reported error rates reflect the rate of error as a percentage of total program outlays. The error rates are based on estimates and not actual findings of error. [12] GAO, Improper Payments: Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements Continue, GAO-07-635T (Washington, D.C.: Mar. 29, 2007). [13] The four agencies are the General Services Administration, Department of Health and Human Services, Department of the Interior, and National Science Foundation. [14] GAO, Improper Payments: Weaknesses in USAID's and NASA's Implementation of the Improper Payments Information Act and Recovery Auditing, GAO-08-77 (Washington, D.C.: Nov. 9, 2007). [15] OMB officials stated that HHS has identified about 93 percent of its total outlays as high-risk. [16] The three agencies are the Environmental Protection Agency, Department of Housing and Urban Development, and Department of Veterans Affairs. [17] In its fiscal year 2006 PAR, HUD reported an error rate for the first time for its CDBG program for fiscal years 2003, 2004, and 2005. [18] GAO, Improper Payments: Agencies' Fiscal Year 2005 Reporting under the Improper Payments Information Act Remains Incomplete, GAO-07-92 (Washington, D.C.: Nov. 14, 2006) and GAO-08-77. [19] GAO, Department of Homeland Security: Challenges in Implementing the Improper Payments Information Act and Recovering Improper Payments, GAO-07-913 (Washington, D.C.: Sept. 19, 2007). [20] GAO-08-77. [21] GAO, DOD Travel Improper Payments: Fiscal Year 2006 Reporting Was Incomplete and Planned Improvement Efforts Face Challenges, GAO-08-16 (Washington, D.C.: Dec. 14, 2007). [22] In its fiscal year 2007 PAR, DOD restated its fiscal year 2006 estimate for travel pay from $8 million to $29.4 million. DOD reported that the restatement was made to primarily include travel payments made outside of DTS. [23] See footnote 10. [24] The term state-administered refers to federal programs that are managed on a day-to-day basis at the state level to carry out program objectives. [25] GAO, Improper Payments: Federal and State Coordination Needed to Report National Improper Payment Estimates on Federal Programs, GAO-06- 347 (Washington, D.C.: Apr. 14, 2006). [26] OMB officials added that HHS also plans to report an estimate on its fiscal year 2007 fee-for-service claims data. [27] The five agencies are USAID and the Departments of Defense, Homeland Security, Health and Human Services, and Transportation. [28] GAO-07-635T. [29] The regulatory barriers reported represent governmentwide regulations that the agency has no authority to modify. [30] The two agencies are the Department of Energy and the Department of Housing and Urban Development. [31] The five agencies are the Department of Defense, Federal Communication Commission, Department of Homeland Security, Railroad Retirement Board, and Department of Transportation. [32] Generally, the Right to Financial Privacy Act of 1978, Pub. L. No. 95-630, title XI, 92 Stat. 3641, 3697-3710 (Nov. 10, 1978) (codified, as amended, at 12 U.S.C. § 3401-3422), requires financial institutions to obtain permission from their customers to disclose financial information. According to OPM, this requirement in effect bars OPM from obtaining posthumous payments information, preventing recovery of improper payments. [33] Office of Management and Budget, Improving the Accuracy and Integrity of Federal Payments, (Washington, D.C.: Jan. 31, 2007). [34] Recovery auditing is a method that agencies can use to recoup detected improper payments. Recovery auditing is a detective control to help determine whether contractor costs were proper. Specifically, it focuses on the identification of erroneous invoices, discounts offered but not received, improper late penalty payments, incorrect shipping costs, and multiple payments for single invoices. Recovery auditing can be conducted in-house or contracted out to recovery audit firms. [35] OMB defines a recovery audit program as an agency's overall plan for the performance of recovery audits and recovery activities. The head of an agency will determine the manner and combination of recovery audits and activities that are expected to yield the most cost- effective recovery audit program. The program should include a management improvement program. A management improvement program is an agencywide program to address the flaws in an agency's internal controls over contractor payments discovered during the course of implementing a recovery audit program, or other control activities over contractor payments. [36] Department of Defense, Office of Inspector General, Identification and Reporting of Improper Payments Through Recovery Auditing, D-2007- 110 (Arlington, Va.: July 9, 2007). [37] Select reporting elements listed in OMB guidance that we reviewed include (1) a general description of steps to carry out a recovery auditing program, (2) a corrective action plan to address root causes of payment error, (3) a description and justification of the classes of contracts excluded from the auditing review by the agency head, and (4) a general description and evaluation of any management improvement program. GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: