GAO-08-438T, Improper Payments: Status of Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements


This is the accessible text file for GAO report number GAO-08-438T 
entitled 'Improper Payments: Status of Agencies' Efforts to Address 
Improper Payment and Recovery Auditing Requirements' which was released 
on February 1, 2008. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Before the Subcommittee on Federal Financial Management, Government 
Information, Federal Services, and International Security, Committee on 
Homeland Security and Governmental Affairs, U.S. Senate: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 2:30 p.m. EST: 

Thursday, January 31, 2008: 

Improper Payments: 

Status of Agencies' Efforts to Address Improper Payment and Recovery 
Auditing Requirements: 

Statement of McCoy Williams, Managing Director Financial Management and 
Assurance: 

Improper Payments: 

GAO-08-438T: 

GAO Highlights: 

Highlights of GAO-08-438T, a testimony before the Subcommittee on 
Federal Financial Management, Government Information, Federal Services, 
and International Security, Committee on Homeland Security and 
Governmental Affairs, U.S. Senate 

Why GAO Did This Study: 

The federal government is accountable for how its agencies and grantees 
spend hundreds of billions of taxpayer dollars and is responsible for 
safeguarding those funds against improper payments and recouping those 
funds when improper payments occur. The Congress enacted the Improper 
Payments Information Act of 2002 (IPIA) and section 831 of the National 
Defense Authorization Act for Fiscal Year 2002, commonly known as the 
Recovery Auditing Act, to address these issues. 

GAO was asked to testify on agencies’ efforts to eliminate and recover 
improper payments. Specifically, GAO focused on (1) progress made in 
agencies’ implementation and reporting under IPIA for fiscal year 2007, 
(2) major challenges that continue to hinder full reporting of improper 
payment information, and (3) agencies’ efforts to report on recovery 
auditing and recoup contract overpayments. This testimony is based in 
part on a recently issued report (GAO-08-377R) in addition to a further 
review and analysis of improper payment and recovery auditing 
information reported in agencies’ fiscal year 2007 performance and 
accountability reports (PAR) or annual reports. The Office of 
Management and Budget (OMB) provided technical comments which GAO 
incorporated as appropriate. 

What GAO Found: 

While agencies have made progress, GAO identified ongoing challenges in 
key areas related to IPIA and recovery auditing implementation and 
reporting. 

* Progress made in agencies’ implementation and reporting under IPIA. 
Agencies reported improper payment estimates of about $55 billion in 
their fiscal year 2007 PARs or annual reports, an increase from the 
almost $41 billion reported in fiscal year 2006. The reported increase 
was primarily attributable to a component of the Medicaid program 
reporting improper payments for the first time totaling about $13 
billion, which GAO viewed as a positive step to improve transparency 
over the full magnitude of improper payments. The $55 billion estimate 
consists of 21 agencies reporting for 78 programs, including 19 agency 
programs or activities reporting for the first time in fiscal year 
2007. Further, select agency programs that first reported an error rate 
in fiscal year 2004 reported an overall decrease in their error rate 
estimates when compared to fiscal year 2007. OMB noted that further 
reductions in error rates are expected as agencies take steps to 
address payment errors resulting from insufficient or no documentation. 

* Challenges with IPIA implementation. Not all agencies reported 
conducting risk assessments of all of their programs and activities as 
required under IPIA. Further, agencies have not estimated for 14 risk-
susceptible programs with outlays totaling about $170 billion. 
Additionally, in some instances, agencies did not measure improper 
payments for a 12-month period as generally required by OMB’s 
implementing guidance, nor did the estimates reflect improper payments 
for the entire program. Four agency auditors reported noncompliance 
issues with IPIA regarding risk assessments, sampling methodologies, 
corrective actions, recovery of improper payments, and inadequate 
documentation. Agencies also reported that statutory or regulatory 
barriers may limit corrective actions to reduce improper payments. 
Lastly, agencies continue to face challenges in the implementation or 
design of internal controls to identify and prevent improper payments. 
Specifically, over half of agencies’ Offices of Inspectors General 
identified management or performance challenges that could increase the 
risk of improper payments. 

* Agencies’ efforts to report recovery auditing information continue. 
In total, 21 agencies reported identifying about $121 million in 
improper payments in fiscal year 2007 for recovery and actually 
recovering about $87 million, a decrease of about $217 million when 
compared to the reported amount identified for recovery in the prior 
year. Most of the decrease can be attributed to the Department of 
Defense’s decision to stop reporting voluntary refunds. GAO noted that 
few agencies reported on corrective action plans to address the root 
causes of contract payment errors. Also, two agencies reported that 
conducting recovery audits was not cost beneficial. All but two 
agencies reported they contracted out recovery audit services, 
conducted in-house recovery audits, or both. The other two were silent 
on this on matter. 

To view the full product, including the scope and methodology, click on 
[hyperlink, http://www.GAO-08-438T]. For more information, contact 
McCoy Williams at (202) 512-2600 or williamsm1@gao.gov. 

[End of section] 

Mr. Chairman and Members of the Subcommittee: 

Thank you for the opportunity to be here today to discuss the 
governmentwide problem of improper payments in federal programs and 
activities and executive branch agencies' efforts to address key 
requirements of the Improper Payments Information Act of 2002 
(IPIA)[Footnote 1] and section 831 of the National Defense 
Authorization Act for Fiscal Year 2002, commonly known as the Recovery 
Auditing Act.[Footnote 2] Since fiscal year 2000, we have issued a 
number of reports and testimonies aimed at raising the level of 
attention given to improper payments. Most recently, at the 
Subcommittee's request, we provided a report[Footnote 3] on summary 
data and preliminary analysis of the improper payment estimates 
reported by federal executive branch agencies in their fiscal year 2007 
performance and accountability reports (PAR) or annual reports. Our 
work over the past several years has demonstrated that improper 
payments are a long-standing, widespread, and significant problem in 
the federal government. IPIA has increased visibility over improper 
payments[Footnote 4] by requiring executive branch agency heads, using 
guidance from the Office of Management and Budget (OMB),[Footnote 5] to 
identify programs and activities susceptible to significant improper 
payments,[Footnote 6] estimate amounts improperly paid, and report on 
the amounts of improper payments and their actions to reduce them. 
Similarly, the Recovery Auditing Act provides an impetus for applicable 
agencies to systematically identify and recover contract overpayments. 
This act requires, among others things, that all executive branch 
agencies entering into contracts with a total value exceeding $500 
million in a fiscal year have cost-effective programs for identifying 
errors in paying contractors and for recovering amounts erroneously 
paid. As the steward of taxpayer dollars, the federal government is 
accountable for how its agencies and grantees annually spend hundreds 
of billions of taxpayer dollars and is responsible for safeguarding 
those funds against improper payments as well as having mechanisms in 
place to recoup those funds when improper payments occur. 

OMB has played a key role in the oversight of the governmentwide 
improper payments problem. In 2005, OMB established Eliminating 
Improper Payments as a new program-specific initiative under the 
President's Management Agenda (PMA). This separate PMA program 
initiative is intended to help to ensure that agency managers are held 
accountable for meeting the goals of IPIA and are, therefore, 
dedicating the necessary attention and resources to meeting IPIA 
requirements. OMB continues its commitment to address governmentwide 
improper payments by working with agencies to establish corrective 
action plans and address their root causes. OMB also annually reports 
on agencies' efforts to address IPIA and Recovery Auditing Act 
requirements. 

Today, my testimony will focus on three key areas: 

* progress made in agencies' implementation and reporting under IPIA 
for fiscal year 2007, 

* several major challenges that continue to hinder full reporting of 
improper payment information, and: 

* agencies' reporting of recovery auditing efforts to recoup contract 
overpayments. 

This testimony is based on our review of available fiscal year 2007 
improper payment information reported by 35 federal executive branch 
agencies that OMB and the Department of the Treasury (Treasury) 
determined to be significant to the U.S. government's consolidated 
financial statements. We also added 4 additional executive branch 
agencies included in the consolidated financial statements, increasing 
our universe of review to 39 executive branch agencies (agencies). (See 
app. I for a list of the 39 agencies.) 

We reviewed improper payment information reported for 35[Footnote 7] of 
the 39 agencies' fiscal year 2007 PARs or annual reports. We also 
reviewed OMB guidance on implementation of IPIA and the Recovery 
Auditing Act. In addition, we reviewed agency Office of Inspector 
General (OIG) reports on management challenges to identify internal 
control weaknesses and program integrity issues for agency programs 
reporting improper payment estimates for fiscal year 2007. We did not 
independently validate the data that agencies reported in their PARs or 
annual reports. However, we are providing agency-reported data as 
descriptive information that will inform interested parties about the 
magnitude of reported governmentwide improper payments and amounts 
recouped through recovery audits and other improper payment-related 
information. We believe the data to be sufficiently reliable for this 
purpose. We provided information on the major findings discussed in 
this statement to OMB. OMB provided technical comments that we 
incorporated as appropriate. 

We conducted this performance audit from December 2007 to January 2008 
in accordance with generally accepted government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe that 
the evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives. 

Progress Made to Estimate and Reduce Improper Payments: 

Agencies reported improper payment estimates of almost $55 billion in 
their fiscal year 2007 PARs or annual reports, an increase from the 
fiscal year 2006 estimate of about $41 billion.[Footnote 8] The 
reported increase was primarily attributable to a component of the 
Medicaid program reporting improper payment estimates for the first 
time totaling about $13 billion for fiscal year 2007, which we view as 
a positive step to improve transparency over the full magnitude of 
improper payments. The $55 billion estimate consists of 78 programs in 
21 agencies (see app. II for further details) and represents about 2 
percent of total fiscal year 2007 federal executive branch agencies' 
government outlays of almost $2.8 trillion. In addition, the $55 
billion largely consists of improper payments made in eight programs, 
as shown in figure 1. Collectively, the eight programs account for 
about $48 billion or approximately 88 percent of the total estimate. 

Figure 1: Fiscal Year 2007 Improper Payment Estimates by Program 
(Dollars in Billions): 

This figure is a pie chart showing fiscal year 2007 improper payment 
estimates by program. 

Medicaid: $12.9; 
Earned Income Tax Credit: $11.4; 
Medicare fee-for-service: $10.8; 
Other: $6.7; 
Supplemental Security Income: $4.1; 
Unemployment Insurance: $3.2; 
Old Age Survivors' Insurance: $2.5; 
Food Stamp Program: $1.8; 
National School Lunch Program: $1.4. 

[See PDF for image] 

Source: GAO analysis of agencies' fiscal year 2007 PARs or annual 
reports. 

[End of figure] 

Also, of the total improper payment estimate of $55 billion, we 
identified 19 programs and activities[Footnote 9] that estimated 
improper payments for the first time in their fiscal year 2007 PARs, 
totaling about $16 billion. Of these 19 programs, we identified 6-- 
including Medicaid--that had been required to report selected improper 
payment information for several years prior to the passage of 
IPIA.[Footnote 10] In total, these 6 programs represented $14.8 
billion, or 94 percent, of the approximately $16 billion in newly 
reported programs. We view these agencies' efforts as a positive step 
toward measuring improper payments and continuing progress in meeting 
the goals of IPIA. 

Likewise, agencies continued to report that they had made progress to 
reduce improper payments in their programs and activities. Since 
initial IPIA implementation, we noted that 39 agency programs reported 
improper payment estimated error rates[Footnote 11] for each of the 4 
fiscal years--2004 through 2007. Of the 39, 23 programs, or about 59 
percent had reduced error rates when comparing each program's fiscal 
year 2007 error rate to the initial or baseline error rate reported for 
fiscal year 2004. In a separate analysis, we found that the number of 
programs with error rate reductions totaled 34 when comparing fiscal 
year 2007 error rates to the prior year rates. For example, the error 
rate of the U.S. Department of Agriculture's (USDA) Marketing 
Assistance Loan program decreased from 20.3 percent in fiscal year 2006 
to 7.5 percent in fiscal year 2007, a reduction of 12.8 percent. As we 
testified before this Subcommittee,[Footnote 12] USDA's high error rate 
for the Marketing Assistance Loan program reported in its fiscal year 
2006 PAR resulted from improvements in how it measured its improper 
payments. However, in its fiscal year 2007 PAR, USDA reported that a 
large percentage of fiscal year 2006 improper payments were caused by 
noncompliance with administrative procedures and that corrective 
actions had been taken to reduce the instance of improper payments. 
Reported examples of corrective actions taken included implementing 
policies related to processing payments, conducting more frequent 
external audits of program effectiveness, and making the delivery of 
services consistent across county offices. 

OMB noted that further reductions in agency program estimated error 
rates are expected as agencies take steps to address payment errors 
attributed to insufficient or lack of documentation. OMB's implementing 
guidance requires agencies to discuss in their PAR the portion of 
payment errors attributable to insufficient or lack of documentation, 
if applicable. We identified 25 programs from 10 agencies that 
attributed a portion of their payment errors to insufficient or no 
documentation. However, only 8 of these programs--all reported by USDA-
-cited what portion of the error rate resulted from insufficient or no 
documentation. The other agencies only reported that these types of 
errors contributed to the cause for the improper payments in the 
remaining 17 programs. For example, the Department of State (State) 
reported that there was insufficient documentation to support 
eligibility for the grantee of an award, but did not cite a rate for 
this type of error. Similarly, the Federal Communications Commission 
(FCC) reported that lack of documentation was a significant concern of 
the auditors' review of program payments, but did not report the 
affected portion of the error rate. 

Because agencies for 17 of the 25 agency programs that attributed some 
of their payment errors to insufficient or no documentation did not 
report the portion of payment errors attributable to these problems, we 
could not readily determine the extent to which such errors contributed 
to the total improper payment estimate of $55 billion. Yet, we found 
that 25 of the 78 programs reporting improper payment estimates, or 32 
percent, identified insufficient or no documentation errors as a cause 
of their improper payments. OMB anticipates that errors attributable to 
insufficient or no documentation will decrease significantly once 
agencies correct the root cause. From our review, we noted that 22 of 
the 25 agency programs reported corrective action plans to address 
errors due to insufficient or no documentation. Examples of these 
efforts included development of policies on documentation retention, 
updating processing procedures, and training for providers on the 
importance of supporting documentation. 

Challenges Continue with IPIA Implementation: 

While agencies have shown progress, major challenges remain in meeting 
the goals of IPIA and ultimately improving the integrity of payments. 
Specifically, some agencies have not yet reported estimates for all 
risk-susceptible programs, the total improper payment estimate does not 
yet reflect the full scope of improper payments across executive branch 
agencies, noncompliance issues continue to exist, reported statutory or 
regulatory barriers limit agencies' ability to reduce improper 
payments, and agencies continue to face challenges in the 
implementation or design of internal controls to identify and prevent 
improper payments. 

Risk Assessments: 

IPIA requires agencies to annually review all of their programs and 
activities to identify those that may be susceptible to significant 
improper payments. Yet, in our review, we found that not all agencies 
reported conducting risk assessments. We also noted that four 
agencies[Footnote 13] reported that they did not conduct a risk 
assessment of all of their programs and activities because OMB guidance 
allows agency programs deemed not risk-susceptible to conduct a risk 
assessment generally every 3 years. As we have previously 
reported,[Footnote 14] this is inconsistent with the express terms of 
IPIA, which require that agencies annually review all of their programs 
and activities. However, OMB guidance does state that if a program 
experiences a significant change in legislation, a significant increase 
in funding level, or both, agencies are required to reassess the 
program's risk susceptibility during the next annual cycle, even if it 
is less than 3 years from the last assessment. In its fiscal year 2007 
PAR, the Department of the Interior (Interior) reported that it did not 
perform a risk assessment because the results of previous risk 
assessments demonstrated that Interior was at low risk for making 
improper payments. As a result, the agency reported that the next risk 
assessment would be completed in fiscal year 2009. HHS reported that it 
had last completed risk assessments in fiscal year 2006 in which HHS 
did not identify any new high-risk programs in its fiscal year 2006 
risk assessment work. HHS reported that OMB's implementing guidance 
requires risk assessments once every 3 years and as a result, HHS did 
not perform risk assessments during fiscal year 2007.[Footnote 15] 

We also identified three additional agencies[Footnote 16] that reported 
they were not required to conduct a risk assessment for specific 
programs that OMB had previously designated as risk-susceptible prior 
to IPIA implementation. These agencies determined that those programs 
had continued to demonstrate over a 2-year period a low-risk level for 
susceptibility to improper payments and thus, OMB had granted them 
relief from improper payments reporting. According to their PARs, the 
next risk assessments for the Environmental Protection Agency's (EPA) 
Clean Water and Drinking Water State Revolving Funds and Department of 
Veterans Affairs (VA) Insurance programs will be conducted in fiscal 
years 2010 and 2009, respectively. The Department of Housing and Urban 
Development (HUD) reported that it will conduct an annual risk 
assessment of its Community Development and Block Grant (CDBG) program; 
however, because it reported over 2 consecutive years[Footnote 17] 
error rates of less than $10 million for this program, OMB granted it 
relief from annual improper payment reporting and it did not report an 
estimate in its fiscal year 2007 PAR. 

OMB reported that, in aggregate, agencies have assessed risk and 
measured nearly 86 percent of all high-risk outlays and that agencies 
were focusing their resources on programs with the highest risk levels 
of improper payments. While we agree that, as a practical matter, a 
comprehensive risk assessment may not be warranted for programs with 
minimal outlays or potentially low-risk programs and activities, an 
appropriately designed risk assessment should be performed annually as 
it is required of agencies to comply with IPIA. As we previously 
reported,[Footnote 18] OMB guidance provides that agencies annually 
perform risk assessments of their programs and activities, but offers 
limited information on how to conduct an appropriately designed risk 
assessment, thus allowing agencies broad flexibility for determining a 
methodology to meet IPIA requirements. As such, the level and extent to 
which agencies conduct their risk assessments can vary. This is evident 
in our recent work on selected agencies' IPIA implementation, in which 
we raised significant concerns regarding their risk assessment 
activities, as highlighted in the following examples: 

* In September 2007, we reported[Footnote 19] that for fiscal year 
2006, the Department of Homeland Security (DHS) did not perform a risk 
assessment on approximately $13 billion of its more than $29 billion in 
disbursements subject to IPIA. Also, DHS only tested programs with 
disbursements greater than $100 million and did not perform a 
qualitative risk assessment of all program operations, such as an 
assessment of internal controls, oversight and monitoring activities, 
and results from external audits. 

* In November 2007, we reported[Footnote 20] that for fiscal years 2004 
through 2006, neither the United States Agency for International 
Development (USAID) nor the National Aeronautics and Space 
Administration (NASA) had developed a systematic process to (1) 
identify risks that exist in their payment activities or (2) evaluate 
the results of their payment stream reviews, such as weighting and 
scoring the effectiveness of existing internal control over payments 
made and results from external audits. Furthermore, both USAID and NASA 
maintained insufficient or no risk assessment documentation to support 
their conclusions that no programs or activities were susceptible to 
significant improper payments. 

* In December 2007, we reported[Footnote 21] that the Department of 
Defense's (DOD) travel payment data used to assess the program's risk 
of significant improper payments only included payments processed by 
the Defense Travel System (DTS)--approximately 10 percent of the $8.5 
billion of the department's travel obligations reported for fiscal year 
2006. Further, the travel data excluded the largest user of DTS, the 
Army, which would likely have increased DOD's travel improper payment 
estimate of $8 million by over $4 million.[Footnote 22] In its fiscal 
year 2007 PAR, DOD reported that the agency is implementing a sampling 
and review process for Army travel payments processed through its 
Integrated Automated Travel System in fiscal year 2008 to meet improper 
payment reporting requirements. 

Although we have identified significant deficiencies in the risk 
assessment methodology used to address IPIA requirements at the four 
agencies mentioned above, not all agencies have been subjected to an 
independent review. Therefore, the extent to which the results of the 
agencies' risk assessments can be relied on may not be fully known. We 
have previously recommended that OMB expand its implementing guidance 
to describe in greater detail factors that agencies should consider 
when conducting their annual risk assessments, such as program 
complexity, operational changes, findings from investigative reports, 
and financial statement and performance audit reports. OMB agreed with 
this recommendation and stated that it has taken steps to address 
implementing it. Specifically, OMB stated that it had included factors 
to be considered in agency risk assessments in its revised 
implementation guidance for IPIA. 

Improper Payment Estimates: 

Our review found that not all agencies have developed improper payment 
estimates for all of the programs and activities they identified as 
susceptible to significant improper payments. As shown in table 1, the 
fiscal year 2007 total improper payment estimate of $55 billion did not 
include any amounts for 14 programs, with fiscal year 2007 outlays 
totaling about $170 billion. 

Table 1: Risk-Susceptible Programs That Did Not Report Improper Payment 
Estimates for Fiscal Year 2007: 

1; 
Agency--program: Department of Health and Human Services--Child Care 
and Development Fund[A]; 
Fiscal year 2007 outlays (dollars in billions): $ 4.9; 
Target date for reporting improper payment estimate: 2008. 

2; 
Agency--program: Department of Health and Human Services--Medicare 
Advantage; 
Fiscal year 2007 outlays (dollars in billions): 75.1; 
Target date for reporting improper payment estimate: Did not report 
target date. 

3; 
Agency--program: Department of Health and Human Services--Medicare 
Prescription Drug Benefit; 
Fiscal year 2007 outlays (dollars in billions): 49.3; 
Target date for reporting improper payment estimate: Did not report 
target date. 

4; 
Agency--program: Department of Health and Human Services--State 
Children's Health Insurance Program[A]; 
Fiscal year 2007 outlays (dollars in billions): 6.3; 
Target date for reporting improper payment estimate: 2008. 

5; 
Agency--program: Department of Health and Human Services--Temporary 
Assistance for Needy Families[A]; 
Fiscal year 2007 outlays (dollars in billions): 17.3; 
Target date for reporting improper payment estimate: 2008. 

6; 
Agency--program: Department of Homeland Security--Federal Emergency 
Management Agency--Assistance to Firefighters Grants; 
Fiscal year 2007 outlays (dollars in billions): 0.5; 
Target date for reporting improper payment estimate: 2008. 

7; 
Agency--program: Department of Homeland Security--Federal Emergency 
Management Agency--Homeland Security Grant Program; 
Fiscal year 2007 outlays (dollars in billions): 0.8; 
Target date for reporting improper payment estimate: 2008. 

8; 
Agency--program: Department of Homeland Security--Federal Emergency 
Management Agency--Infrastructure Protection Program; 
Fiscal year 2007 outlays (dollars in billions): 0.12; 
Target date for reporting improper payment estimate: 2008. 

9; 
Agency--program: Department of Homeland Security--Federal Emergency 
Management Agency--National Flood Insurance Program; 
Fiscal year 2007 outlays (dollars in billions): 1.5; 
Target date for reporting improper payment estimate: 2008. 

10; 
Agency--program: Department of Homeland Security--Federal Emergency 
Management Agency--Public Assistance Programs; 
Fiscal year 2007 outlays (dollars in billions): 5.1; 
Target date for reporting improper payment estimate: 2008. 

11; 
Agency--program: Department of Homeland Security--Immigration and 
Customs Enforcement--Detention and Removal Operations; 
Fiscal year 2007 outlays (dollars in billions): 1.2; 
Target date for reporting improper payment estimate: 2008. 

12; 
Agency--program: Department of Homeland Security--Immigration and 
Customs Enforcement--Investigations; 
Fiscal year 2007 outlays (dollars in billions): 1.1; 
Target date for reporting improper payment estimate: 2008. 

13; 
Agency--program: Department of Homeland Security--Transportation 
Security Administration--Aviation Security--Payroll; 
Fiscal year 2007 outlays (dollars in billions): 2.9; 
Target date for reporting improper payment estimate: 2008. 

14; 
Agency--program: Department of Homeland Security--United States Coast 
Guard--Military Payroll; 
Fiscal year 2007 outlays (dollars in billions): 3.5; 
Target date for reporting improper payment estimate: 2008. 

Total; 
Fiscal year 2007 outlays (dollars in billions): $ 169.6; 
Target date for reporting improper payment estimate: [Empty]. 

Source: GAO's analysis of agencies' fiscal year 2007 PARs or annual 
reports. 

[A] OMB required program to submit improper payment information prior 
to governmentwide IPIA reporting requirements. See footnote 10 of this 
testimony for a detailed description. 

[End of table] 

A majority of these programs represent newly identified risk- 
susceptible programs reported by DHS. The identification of these 
programs as risk-susceptible is a positive step toward addressing IPIA 
requirements. We also found, however, that three Department of Health 
and Human Services (HHS) programs had not reported improper payment 
estimates for fiscal year 2007, even though OMB had required these and 
other programs to report selected improper payment information for 
several years before passage of IPIA.[Footnote 23] After the enactment 
of IPIA, OMB's implementing guidance required that these programs 
continue to report improper payment information under IPIA. 

Since IPIA implementation, HHS has reported on its various improper 
payment pilot activities to show that efforts were underway to fully 
address IPIA reporting requirements. For fiscal year 2007, HHS reported 
that pilot reviews were conducted in various states for the Temporary 
Assistance for Needy Families and Child Care and Development Fund 
programs and that estimated improper payment rates for these programs 
would be reported in fiscal year 2008. Further, HHS reported that it 
also expects to report a comprehensive improper payment estimate rate 
for the State Children's Health Insurance Program that will encompass 
its fee-for-service, managed care, and eligibility components. We 
recognize that measuring improper payments for these state- 
administered[Footnote 24] programs and designing and implementing 
actions to reduce or eliminate them are not simple tasks, particularly 
for grant programs that rely on administration efforts at the state 
level. Consequently, as we previously reported in April 2006,[Footnote 
25] communication, coordination, and cooperation among federal agencies 
and the states will be critical factors in estimating national improper 
payment rates and meeting IPIA reporting requirements for state- 
administered programs. 

Further, we found a few instances where estimates were not based on a 
12-month reporting period. For example, HHS's Medicaid program is the 
largest of the programs constituting the total improper payment 
estimate, with an estimate of about $13 billion for fiscal year 2007. 
Reporting for the first time, the Medicaid program estimate is based on 
6 months of fee-for-service claims processed by the states rather than 
a complete fiscal year. Generally, OMB guidance requires that a 12- 
month period be used to generate improper payment estimates as it more 
fully characterizes the extent of improper payments within a program 
for any given year. In its PAR, HHS reported that it is completing its 
review of the remaining 6 months and will report an annual Medicaid fee-
for-service error rate, based on a full fiscal year 2006 fee-for- 
service claims, in its fiscal year 2008 PAR.[Footnote 26] 

We also found instances where agencies' estimates encompassed only one 
component of a particular program. For example, USDA identified two 
types of errors related to its Supplemental Nutrition Program for 
Women, Infants, and Children--vendor payment errors and certification 
errors. However, as part of its IPIA reporting, USDA only reported on 
improper payments resulting from vendor payment errors. For 
certification errors, USDA reported that it plans to use results from 
the 2008 decennial income verification study to provide a nationally 
representative estimate and will report the error rate in fiscal year 
2009. 

The extent to which other agencies used a period of review less than 12 
months or estimated for only a component of their program is unknown, 
as most of the agencies reporting estimates did not provide this level 
of information in their PARs. As agencies continue to enhance their 
measurement process and report on additional program components, it is 
likely the total improper payment estimate will increase. 

Lastly, we noted that while agencies reported improper payment 
estimates for their various programs and activities, only five 
agencies--consisting of nine programs--reported to some degree the 
amount of actual improper payments they expect to recover and how they 
will go about recovering them as part of their IPIA reporting. OMB 
guidance states that for program improper payment estimates exceeding 
$10 million, agencies must address this IPIA reporting requirement in 
their PARs. We would also point out that this separate reporting 
requirement is distinct and different from the recovery auditing 
reporting requirements OMB has outlined in its guidance for agencies to 
address in their PAR reporting. We discuss the Recovery Auditing Act 
and OMB reporting requirements later in this statement. 

We found that of the 78 programs with improper payments estimates, 47 
reported improper payment estimates exceeding $10 million. Of this 
universe, only 9 agency programs reported on recovery of improper 
payments under IPIA. Of the 9, 6 programs reported on both aspects of 
the requirement--expected or actual recovery amount and how they will 
recover them. The remaining 3 programs reported a recovery amount but 
did not discuss how they recovered the amount, or their future plans 
for recovering the funds. For example, DHS reported that for its 
Individuals and Households program it had collected $18 million of 
Hurricane Katrina payments identified as improper during its payment 
sample testing, but did not report on its recovery method. In contrast, 
the Railroad Retirement Board (RRB) reported it had recovered $104.5 
million for fiscal years 2003 to 2006 in Retirement and Survivors 
Benefits program receivables. RRB reported that its collection program 
is in full compliance with the Debt Collection Improvement Act of 1996 
and recoveries are made through a variety of mechanisms. These include 
the offset of future benefits, reclamation from the financial 
institution of benefits erroneously paid after the death of a 
beneficiary, and direct payments from debtors. RRB also reported that 
fraudulent payments are referred to the OIG for prosecution through the 
Department of Justice (Justice). As agencies continue to enhance their 
IPIA reporting, full and reasonable disclosures regarding actual 
improper payments and actions to recover those payments will provide 
needed transparency of this issue and address the American public's 
increasing demands for accountability over taxpayer funds. 

Noncompliance Issues with IPIA: 

For fiscal year 2007, a limited number of agency auditors reported on 
compliance issues with IPIA as part of their financial statement audit, 
although such reporting is not specifically required by IPIA. 
Specifically, auditors for 5 of the 39 agencies[Footnote 27] included 
in our scope reported assessing the agencies' compliance with IPIA. Of 
the 5, agency auditors for all except USAID reported noncompliance 
issues related to the key requirements of the act, including risk 
assessments, sampling methodologies, implementing corrective actions, 
recovering improper payments, and inadequate documentation. Fiscal year 
2007 reflected the fourth year that auditors for HHS and DHS reported 
noncompliance issues with IPIA, including not estimating for all risk- 
susceptible programs and deficiencies related to sampling and testing 
of transactions. Agency auditors at the Department of Transportation 
(Transportation) and DOD reported noncompliance with IPIA for a second 
year. For fiscal year 2007, Transportation auditors reported that they 
had not received sufficient documentation by the time of PAR issuance 
to determine if the department's sampling plan was statistically valid. 
The auditors for DOD reported for fiscal year 2007, that the department 
was still in the process of developing procedures to identify improper 
payments and that its efforts to manage recovery audit contracts had 
been largely unsuccessful. 

As we previously testified before this Subcommittee,[Footnote 28] 
separate assessments conducted by agency auditors provided a valuable 
independent validation of agencies' efforts to implement the act. 
Independent assessments would also enhance an agency's ability to 
identify sound performance measures, monitor progress against those 
measures, and help establish performance and results expectations. 
Without this type of validation or other types of reviews performed by 
GAO and agency OIGs, it is difficult to determine the magnitude of 
deficiencies that may exist in agencies' IPIA implementation efforts. 

Statutory or Regulatory Barriers: 

As previously mentioned, for fiscal year 2007, 21 agencies reported 
improper payment estimates for 78 programs totaling $55 billion for 
fiscal year 2007. Of the 21 agencies, 16 reported improper payment 
estimates that exceeded $10 million for one or more programs, and 
therefore, under OMB guidance, were required to report on various 
elements as part of their plan to reduce improper payments, including 
any statutory or regulatory barrier that may limit the agencies' 
corrective actions in reducing improper payments. Of the 16 agencies 
required to report on any statutory or regulatory barriers,[Footnote 
29] 14 agencies reported on whether they had such barriers which may 
limit corrective actions in reducing improper payments. The remaining 2 
agencies[Footnote 30] did not address whether any statutory or 
regulatory barriers existed. We further noted that of the 14 agencies 
that addressed statutory or regulatory barriers, 9 identified such 
barriers that may limit corrective actions to reduce improper payments. 
The remaining 5 agencies[Footnote 31] reported that they either had no 
existing statutory or regulatory barriers or were unaware of any at 
this time. 

Agencies cited various barriers that restricted their ability to better 
manage their programs against improper payments. For example, the 
Office of Personnel Management's (OPM) Retirement Program (Civil 
Service Retirement System and Federal Employees Retirement System) 
reported in its fiscal year 2007 PAR that it faces regulatory barriers 
that restrict its ability to recover improper payments. For instance, 
once OPM learns of the death of an annuitant, it requests that Treasury 
reclaim all posthumously issued payments from the deceased's bank 
account. When there is insufficient money in the account, OPM would 
like to seek collection from the individual who last withdrew money 
from the account. According to OPM, based on current law[Footnote 32] 
and Treasury's regulations, financial institutions are barred from 
providing OPM with the information necessary to recover these improper 
payments. The law and regulations have specifically exempted the Social 
Security Administration (SSA), RRB, and VA from this prohibition, but 
not OPM. Further, OPM reported that this situation has a substantial 
impact on its ability to prevent and recover improper payments. OPM has 
determined that the current law will need to be amended to overcome 
this prohibition and Treasury has drafted legislative language to 
address this issue. 

The Department of Education (Education) reported that the ability to 
perform data matching between Federal Student Aid applications and tax 
return data would substantially reduce improper payments in the Pell 
Grant program, as the large majority of errors are the result of 
misreporting of income and related data fields. However, according to 
OMB, Section 6103(c) of the Internal Revenue Code, concerning 
confidentiality of tax return information, precludes data matching with 
regard to grants by Education. In its January 2007 annual 
report[Footnote 33] on improper payments, OMB reported that the 
President's Fiscal Year 2008 Budget contained a series of reforms that 
are necessary to achieve greater program integrity and payment 
accuracy, including a proposal to facilitate data matching of Pell 
grant program data. This report indicates that, through administrative 
changes, Education and the Internal Revenue Service intend to implement 
a process to verify students' (and their parents') income, tax, and 
certain household information appearing on their tax return that they 
provided as part of their application for federal student aid. 

Management Challenges: 

Agencies continue to face challenges in the implementation or design of 
internal controls to identify and prevent improper payments. Over half 
of the agencies' OIG identified management or performance challenges 
that could increase the risk of improper payments, including challenges 
related to internal controls. In addition, several OIGs identified 
instances where agencies needed to improve their oversight of grantees 
receiving federal funds. For example, in its fiscal year 2007 PAR, 
Education's OIG reported that its recent investigations continued to 
uncover problems, including inadequate attention to improper payments 
and failure to identify and take corrective action to detect and 
prevent fraudulent activities by grantees. The Small Business 
Administration's (SBA) OIG included a management challenge related to 
the agency's controls over the section 7(a) loan guaranty purchase 
process. The OIG reported that the majority of the loans made under the 
program are made with little or no review by SBA prior to loan approval 
because SBA has delegated most of the credit decisions to lenders 
originating these loans. SBA's review of lender requests for guaranty 
purchases on defaulted loans is, therefore, the agency's primary tool 
for assessing lender compliance on individual loans and protecting SBA 
from making erroneous purchase payments. However, OIG audits of early 
defaulted loans and SBA's guaranty purchase process have shown that 
reviews made by the National Guaranty Purchase Center have not 
consistently detected lender failures to administer loans in full 
compliance with SBA requirements and prudent lending practices, 
resulting in improper payments. 

Management challenges were also found in agency programs that did not 
estimate improper payments in their fiscal year 2007 PAR. The National 
Science Foundation (NSF) OIG found that NSF did not have a 
comprehensive, risk-based system to oversee and monitor contract awards 
and ensure that the requirements of each contract were being met. In 
another example, Treasury's OIG identified erroneous and improper 
payments as a major management challenge and reported that some tax 
credits, such as the Education Credit, provide opportunities for abuse 
in income tax claims. Related to this issue, Treasury's independent 
auditor reported that weaknesses in controls over the collection of tax 
revenues owed to the federal government and over the issuance of tax 
refunds resulted in lost revenue to the federal government and 
potentially billions of dollars in improper payments, which the 
auditors classified as a material weakness. 

Agencies' Efforts to Report Recovery Auditing Information Continue: 

Section 831 of the National Defense Authorization Act for Fiscal Year 
2002 provides an impetus for applicable agencies to systematically 
identify and recover contract overpayments. The act requires that 
agencies that enter into contracts with a total value in excess of $500 
million in a fiscal year carry out a cost-effective program for 
identifying and recovering amounts erroneously paid to contractors. The 
law authorizes federal agencies to retain recovered funds to cover in- 
house administrative costs as well as to pay contractors, such as 
collection agencies. Any residual recoveries, net of these program 
costs, shall be credited back to the original appropriation from which 
the improper payment was made, subject to restrictions as described in 
the legislation. 

The techniques used in recovery auditing offer the opportunity for 
identifying weaknesses in agency internal controls, which can be 
modified or upgraded to be more effective in preventing improper 
payments before they occur for subsequent contract outlays. However, we 
would like to emphasize that effective internal control calls for a 
sound, ongoing invoice review and approval process as the first line of 
defense in preventing unallowable contract costs. Given the large 
volume and complexity of federal payments and historically low recovery 
rates for certain programs, it is much more efficient and effective to 
pay bills properly in the first place. Prevention is always preferred 
to detection and collection. Aside from minimizing overpayments, 
preventing improper payments increases public confidence in the 
administration of programs and avoids the difficulties associated with 
the "pay and chase" aspects of recovering improper payments. Without 
strong preventive controls, agencies' internal control activities over 
payments to contractors will not be effective in reducing the risk of 
improper payments. 

Beginning in fiscal year 2004, OMB required that applicable agencies 
publicly report on their recovery auditing[Footnote 34] efforts as part 
of their PAR reporting of improper payment information. Agencies are 
required to discuss any contract types excluded from review and 
justification for doing so. Agencies are also required to report, in 
table format, various amounts related to contracts subject to review 
and actually reviewed, contract amounts identified for recovery and 
actually recovered and prior year amounts. In addition, agencies are to 
discuss the following: a general description and evaluation of the 
steps taken to carry out a recovery auditing program,[Footnote 35] a 
corrective action plan to address root causes of payment error, and a 
general description and evaluation of any management improvement 
program. 

For fiscal year 2007, agencies reported reviewing about $329 billion in 
contract payments to vendors under recovery audit programs. From these 
reviews, agencies reported identifying about $121 million in improper 
payments for recovery and actually recovering about $87 million, or an 
estimated overall rate of recovery of approximately 72 percent, as 
shown in table 2. 

Table 2: Agency Reported Improper Payment Amounts Identified and 
Recovered for Fiscal Years 2006 and 2007: 

1; 
Department or agency: Agency for International Development; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
$17,100,000; 
Fiscal year 2006: Agency-reported amount recovered: $17,090,000; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
$4,010,000; 
Fiscal year 2007: Agency-reported amount recovered: $4,000,000. 

2; 
Department or agency: Department of Agriculture; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
379,000; 
Fiscal year 2006: Agency-reported amount recovered: 538,000[A]; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
206,000; 
Fiscal year 2007: Agency-reported amount recovered: 146,000. 

3; 
Department or agency: Department of Commerce; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
96,000; 
Fiscal year 2006: Agency-reported amount recovered: 96,000; 
Fiscal year 2007: Agency-reported amount identified for recovery: 0[B]; 
Fiscal year 2007: Agency-reported amount recovered: 0[B]. 

4; 
Department or agency: Department of Defense; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
195,300,000; 
Fiscal year 2006: Agency-reported amount recovered: 137,900,000; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
24,600,000; 
Fiscal year 2007: Agency-reported amount recovered: 19,600,000. 

5; 
Department or agency: Department of Education; 
Fiscal year 2006: Agency-reported amount identified for recovery: did 
not report; 
Fiscal year 2006: Agency-reported amount recovered: did not report; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
1,500[C]; 
Fiscal year 2007: Agency-reported amount recovered: did not report[C]. 

6; 
Department or agency: Department of Energy; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
11,900,000; 
Fiscal year 2006: Agency-reported amount recovered: 10,300,000; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
15,000,000; 
Fiscal year 2007: Agency-reported amount recovered: 10,000,000. 

7; 
Department or agency: Environmental Protection Agency; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
1,102,000; 
Fiscal year 2006: Agency-reported amount recovered: 406,500[D]; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
241,800; 
Fiscal year 2007: Agency-reported amount recovered: 65,300. 

8; 
Department or agency: General Services Administration; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
46,721,742; 
Fiscal year 2006: Agency-reported amount recovered: 45,917,920; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
11,200,000; 
Fiscal year 2007: Agency-reported amount recovered: 9,400,000. 

9; 
Department or agency: Department of Health and Human Services; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
1,600,000[E]; 
Fiscal year 2006: Agency-reported amount recovered: 40,000[E]; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
635,728; 
Fiscal year 2007: Agency-reported amount recovered: 19,549. 

10; 
Department or agency: Department of Homeland Security; 
Fiscal year 2006: Agency-reported amount identified for recovery: did 
not report; 
Fiscal year 2006: Agency-reported amount recovered: did not report; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
1,836,000[F]; 
Fiscal year 2007: Agency-reported amount recovered: 1,213,000[F]. 

11; 
Department or agency: Department of Housing and Urban Development; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
reported not cost beneficial; 
Fiscal year 2006: Agency-reported amount recovered: reported not cost 
beneficial; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
reported not cost beneficial[G]; 
Fiscal year 2007: Agency-reported amount recovered: reported not cost 
beneficial[G]. 

12; 
Department or agency: Department of the Interior; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
4,407,345; 
Fiscal year 2006: Agency-reported amount recovered: 505,743; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
428,332; 
Fiscal year 2007: Agency-reported amount recovered: 421,337. 

13; 
Department or agency: Department of Justice; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
1,851,709; 
Fiscal year 2006: Agency-reported amount recovered: 1,734,421; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
4,241,765; 
Fiscal year 2007: Agency-reported amount recovered: 3,777,628. 

14; 
Department or agency: Department of Labor; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
reported not cost beneficial; 
Fiscal year 2006: Agency-reported amount recovered: reported not cost 
beneficial; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
reported not cost beneficial[G]; 
Fiscal year 2007: Agency-reported amount recovered: reported not cost 
beneficial[G]. 

15; 
Department or agency: National Aeronautics and Space Administration; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
256,255; 
Fiscal year 2006: Agency-reported amount recovered: 139,420; 
Fiscal year 2007: Agency-reported amount identified for recovery: did 
not report[H]; 
Fiscal year 2007: Agency-reported amount recovered: did not report[H]. 

16; 
Department or agency: Social Security Administration; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
178,000; 
Fiscal year 2006: Agency-reported amount recovered: 178,000; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
1,712,000[I]; 
Fiscal year 2007: Agency-reported amount recovered: 1,712,000[I]. 

17; 
Department or agency: Department of State; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
2,397,200; 
Fiscal year 2006: Agency-reported amount recovered: 2,276,700; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
5,353,615; 
Fiscal year 2007: Agency-reported amount recovered: 4,900,338. 

18; 
Department or agency: Tennessee Valley Authority; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
6,793,581; 
Fiscal year 2006: Agency-reported amount recovered: 1,202,651; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
6,605,111; 
Fiscal year 2007: 2,715,183. 

19; 
Department or agency: Department of Transportation; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
6,450,993; 
Fiscal year 2006: Agency-reported amount recovered: 45,109; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
6,546,901; 
Fiscal year 2007: Agency-reported amount recovered: 1,217,525. 

20; 
Department or agency: Department of the Treasury; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
2,305,424; 
Fiscal year 2006: Agency-reported amount recovered: 1,442,708; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
843,230; 
Fiscal year 2007: Agency-reported amount recovered: 821,667. 

21; 
Department or agency: Department of Veterans Affairs; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
39,155,454; 
Fiscal year 2006: Agency-reported amount recovered: 30,378,423; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
37,740,000; 
Fiscal year 2007: Agency-reported amount recovered: 27,000,000. 

Total; 
Fiscal year 2006: Agency-reported amount identified for recovery: 
$337,994,703; 
Fiscal year 2006: Agency-reported amount recovered: $250,191,595; 
Fiscal year 2007: Agency-reported amount identified for recovery: 
$121,201,982; 
Fiscal year 2007: Agency-reported amount recovered: $87,009,527. 

Source: GAO analysis and agencies' fiscal year 2006 and 2007 PARs. 

[A] According to USDA, amount recovered in fiscal year 2006 includes 
some recoveries identified in fiscal year 2005. 

[B] The Department of Commerce recovery audit was for its National 
Oceanic and Atmospheric Administration bureau only. The recovery 
auditors did not identify any overpayments during the audit. 

[C] Education reported that the contractor's review of fiscal year 2006 
contract invoices found no more than $1,500 in potential recoveries. 

[D] EPA reported recovered amounts for fiscal year 2006 in its fiscal 
year 2007 PAR. 

[E] We obtained these amounts from OMB. 

[F] DHS reported that OMB granted it relief from recovery auditing for 
one of its components, Customs and Border Protection (CBP); however, 
the request was granted after DHS performed audit recovery work during 
prior years. The total agency-reported amount includes an amount 
recovered for CBP in fiscal year 2007. 

[G] The Departments of Housing and Urban Development and Labor reported 
that recovery auditing efforts were not cost beneficial in fiscal years 
2005, 2006, and 2007. 

[H] NASA plans to report on its recovery audit results in fiscal year 
2008. 

[I] SSA amounts reported are based on SSA's review of administrative 
contractor payments. 

[End of table] 

We found that the number of agencies reporting recovery audit 
information remained the same when compared to the prior year. However, 
the fiscal year 2007 dollar amounts identified for recovery 
significantly decreased by about $217 million from fiscal year 2006. We 
noted that a significant decrease in DOD's fiscal year 2007 reporting 
of amounts identified for recovery and amounts recovered from the prior 
year contributed to the overall decrease. For example, for fiscal year 
2006 DOD reported $195.3 million for contract overpayments identified 
for recovery. This amount decreased sharply to $24.6 million for fiscal 
year 2007. Similarly, DOD reported recovering $137.9 million for fiscal 
year 2006 compared to just $19.6 million for fiscal year 2007. 
According to OMB, the significant decrease in DOD's reported amounts 
resulted from the department's exclusion of voluntary refunds of 
contract payments at the recommendation of a DOD OIG audit[Footnote 36] 
since the voluntary refunds did not originate from recovery audit 
efforts. 

In addition, we noted that agencies used different types of resources 
to carry out their recovery audit programs. Of the 21 agencies 
reporting recovery auditing information for fiscal year 2007, 9 
reported they contracted out their recovery audit services, 3 conducted 
in-house recovery audits, 5 reported using both in-house and recovery 
audit contractors, and two were silent. The remaining 2 agencies--HUD 
and Labor--did not conduct recovery audits as they reported it was not 
cost beneficial. 

HUD reported in its fiscal year 2007 PAR that current internal controls 
over its contract payment and contract close-out processes were 
adequate to reduce the risks of overpayments. HUD further reported on 
continued initiatives such as strengthening its fund control processes. 
Therefore, HUD concluded that a recovery auditing program would not be 
cost beneficial and was not warranted. Likewise, Labor reported that 
its sampling and testing of nonpayroll costs, consisting of department 
expenses including contract payments related to the operation and 
administration of programs' and headquarters' activities for the 
current and prior fiscal years found no improper payments in its 
contract payments. Based on these results, Labor decided that a 
recovery auditing program was not warranted in fiscal year 2007. 
However, Labor reported that it plans to implement a recovery auditing 
program for contract payments in fiscal year 2008, and will report its 
recovery audit actions, costs, and amounts recovered on an annual 
basis. 

From our review of the PARs, we found that agencies' reporting of the 
various recovery auditing reporting elements[Footnote 37] was limited. 
For example, agencies generally provided some information on steps to 
carry out a recovery audit program. However, less than half, or 8 
agencies reported on their corrective action plans to address root 
causes of contract payment errors. For example, the Department of 
Energy (Energy) reported that it established a policy that prescribes 
requirements for identifying overpayments to contractors and 
establishes reporting standards to track the status of recoveries. 
However, Energy did not report on corrective actions to address the 
root causes of contract overpayments. 

We also found that three agencies--Department of Commerce (Commerce), 
Justice, and SSA--reported on justifications for certain contracts that 
were excluded from their recovery audit review. For example, Commerce 
reported that travel payments, bankcards/purchase cards, all 
procurement vehicles with other federal agencies, and government bills 
of lading were excluded from its review, as the costs for recovery 
audit activities would likely exceed the benefits of a recovery audit. 
Justice reported that certain payments at foreign offices were excluded 
as they were processed by the Department of State. Lastly, SSA reported 
that it excluded cost-type contracts that either (1) had not been 
completed where payments are interim, provisional, or otherwise subject 
to further adjustment by the government in accordance with the terms 
and conditions of the contract, or (2) were completed, subjected to 
final contract audit, and prior to final payment of the contractor's 
final voucher, all prior interim payments were accounted for and 
reconciled. 

Concluding Observations: 

In closing, we recognize that measuring improper payments and designing 
and implementing actions to reduce them are not simple tasks or easily 
accomplished. Further, while internal control should be maintained as 
the front-line of defense against improper payments, recovery auditing 
holds promise as a cost-effective means of identifying contractor 
overpayments. We are pleased that agencies are identifying and 
reporting on more risk-susceptible programs and have reported that 
overall program error rates have decreased since IPIA implementation. 
Yet we also note that deficiencies continued to be identified regarding 
agencies' efforts to comply with IPIA based on independent assessments 
conducted by agency auditors or from past GAO reviews. As agencies 
continue to strengthen their program integrity efforts and recovery 
audit reviews, fulfilling the requirements of IPIA and the Recovery 
Auditing Act will require sustained attention to implementation and 
oversight to monitor whether desired results are being achieved. 

Mr. Chairman, this concludes my statement. I would be pleased to 
respond to any questions that you or other members of the Subcommittee 
may have. 

Contact and Acknowledgments: 

For more information regarding this testimony, please contact McCoy 
Williams, Managing Director, Financial Management and Assurance, at 
(202) 512-2600 or by e-mail at williamsm1@gao.gov. Contact points for 
our Offices of Congressional Relations and Public Affairs may be found 
on the last page of this testimony. Individuals making key 
contributions to this testimony included Carla Lewis, Assistant 
Director; Gabrielle Fagan; Neeraj Goswami; Mary Osorno; Christina 
Quattrociocchi; Donell Ries; and Viny Talwar. 

[End of section] 

Appendix I: Agencies and Related Programs Included in Our Review of 
Fiscal Year 2007 Performance and Accountability Reports and Annual 
Reports: 

[See PDF for image] 

Source: GAO's analysis of cited agencies' fiscal year 2007 performance 
and accountability reports and annual reports. 

[A] Agency PAR or annual report was not available as of the end of 
fieldwork. 

[End of table] 

[End of section] 

Appendix II: Improper Payment Estimates Reported in Agency Fiscal Year 
2006 and 2007 Performance and Accountability Reports or Annual Reports: 

[See PDF for image] 

Source: GAO's analysis of cited agencies' fiscal year 2006 and fiscal 
year 2007 performance and accountability reports or annual reports. 

[A] Agency did not report an annual improper payment estimate or error 
rate. 

[B] Agency reported that it had no programs or activities susceptible 
to significant improper payments. 

[C] Fiscal year 2006 estimate or error rate was updated to the revised 
estimate or error rate reported in the fiscal year 2007 PAR or annual 
report. 

[D] Agency error rate was less than one percent or error rate rounded 
to zero for purposes of this testimony. 

[E] Agency combined with the program above. 

[F] Agency did not address improper payments or IPIA in its PAR or 
annual report for fiscal year 2006, fiscal year 2007, or both. 

[G] Fiscal year 2007 was the first year this agency was included in our 
scope of review. 

[H] Agency PAR or annual report was not available as of the end of 
fieldwork. 

[I] Agency reported that it would estimate improper payments in the 
future for this program. See table 1 of this testimony. 

[J] Agency reported program no longer susceptible to significant 
improper payments. 

[K] Agency reported that the annual improper payment amount or error 
rate was zero. 

[End of table] 

[End of section] 

Footnotes: 

[1] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002). 

[2] National Defense Authorization Act for Fiscal Year 2002, Pub. L. 
No. 107-107, div. A, title VIII, § 831, 115 Stat. 1012, 1186 (Dec. 28, 
2001) (codified at 31 U.S.C. §§ 3561-3567). 

[3] GAO, Improper Payments: Federal Executive Branch Agencies' Fiscal 
Year 2007 Improper Payment Estimate Reporting, GAO-08-377R (Washington, 
D.C.: Jan. 23, 2008). 

[4] IPIA defines improper payments as any payment that should not have 
been made or that was made in an incorrect amount (including 
overpayments and underpayments) under statutory, contractual, 
administrative, or other legally applicable requirements. It includes 
any payment to an ineligible recipient, any payment for an ineligible 
service, any duplicate payment, payments for services not received, and 
any payment that does not account for credit for applicable discounts. 

[5] OMB, Circular No. A-123, Appendix C, Requirements for Effective 
Measurement and Remediation of Improper Payments (Aug. 10, 2006). 

[6] OMB's guidance defines significant improper payments as those in 
any particular program that exceed both 2.5 percent of program payments 
and $10 million annually. 

[7] Four of the agencies had not issued their annual reports as of the 
end of our fieldwork. 

[8] In their fiscal year 2007 PARs or annual reports, certain federal 
agencies updated their fiscal year 2006 improper payment estimates to 
reflect changes since issuance of their fiscal year 2006 PARs or annual 
reports. These updates decreased the governmentwide improper payment 
estimate for fiscal year 2006 from $42 billion to $41 billion. 

[9] Of the 19 programs, 5 reported an improper payment estimate of zero 
for fiscal year 2007. 

[10] Prior to the governmentwide IPIA reporting requirements beginning 
with fiscal year 2004, former section 57 of OMB Circular No. A-11 
required certain agencies to submit similar information, including 
estimated improper payment target rates, target rates for future 
reductions in these payments, the types and causes of these payments, 
and variances from the targets and goals established. In addition, 
these agencies were to provide a description and assessment of the 
current methods for measuring the rate of improper payments and the 
quality of data resulting from these methods. 

[11] Reported error rates reflect the rate of error as a percentage of 
total program outlays. The error rates are based on estimates and not 
actual findings of error. 

[12] GAO, Improper Payments: Agencies' Efforts to Address Improper 
Payment and Recovery Auditing Requirements Continue, GAO-07-635T 
(Washington, D.C.: Mar. 29, 2007). 

[13] The four agencies are the General Services Administration, 
Department of Health and Human Services, Department of the Interior, 
and National Science Foundation. 

[14] GAO, Improper Payments: Weaknesses in USAID's and NASA's 
Implementation of the Improper Payments Information Act and Recovery 
Auditing, GAO-08-77 (Washington, D.C.: Nov. 9, 2007). 

[15] OMB officials stated that HHS has identified about 93 percent of 
its total outlays as high-risk. 

[16] The three agencies are the Environmental Protection Agency, 
Department of Housing and Urban Development, and Department of Veterans 
Affairs. 

[17] In its fiscal year 2006 PAR, HUD reported an error rate for the 
first time for its CDBG program for fiscal years 2003, 2004, and 2005. 

[18] GAO, Improper Payments: Agencies' Fiscal Year 2005 Reporting under 
the Improper Payments Information Act Remains Incomplete, GAO-07-92 
(Washington, D.C.: Nov. 14, 2006) and GAO-08-77. 

[19] GAO, Department of Homeland Security: Challenges in Implementing 
the Improper Payments Information Act and Recovering Improper Payments, 
GAO-07-913 (Washington, D.C.: Sept. 19, 2007). 

[20] GAO-08-77. 

[21] GAO, DOD Travel Improper Payments: Fiscal Year 2006 Reporting Was 
Incomplete and Planned Improvement Efforts Face Challenges, GAO-08-16 
(Washington, D.C.: Dec. 14, 2007). 

[22] In its fiscal year 2007 PAR, DOD restated its fiscal year 2006 
estimate for travel pay from $8 million to $29.4 million. DOD reported 
that the restatement was made to primarily include travel payments made 
outside of DTS. 

[23] See footnote 10. 

[24] The term state-administered refers to federal programs that are 
managed on a day-to-day basis at the state level to carry out program 
objectives. 

[25] GAO, Improper Payments: Federal and State Coordination Needed to 
Report National Improper Payment Estimates on Federal Programs, GAO-06-
347 (Washington, D.C.: Apr. 14, 2006). 

[26] OMB officials added that HHS also plans to report an estimate on 
its fiscal year 2007 fee-for-service claims data. 

[27] The five agencies are USAID and the Departments of Defense, 
Homeland Security, Health and Human Services, and Transportation. 

[28] GAO-07-635T. 

[29] The regulatory barriers reported represent governmentwide 
regulations that the agency has no authority to modify. 

[30] The two agencies are the Department of Energy and the Department 
of Housing and Urban Development. 

[31] The five agencies are the Department of Defense, Federal 
Communication Commission, Department of Homeland Security, Railroad 
Retirement Board, and Department of Transportation. 

[32] Generally, the Right to Financial Privacy Act of 1978, Pub. L. No. 
95-630, title XI, 92 Stat. 3641, 3697-3710 (Nov. 10, 1978) (codified, 
as amended, at 12 U.S.C. § 3401-3422), requires financial institutions 
to obtain permission from their customers to disclose financial 
information. According to OPM, this requirement in effect bars OPM from 
obtaining posthumous payments information, preventing recovery of 
improper payments. 

[33] Office of Management and Budget, Improving the Accuracy and 
Integrity of Federal Payments, (Washington, D.C.: Jan. 31, 2007). 

[34] Recovery auditing is a method that agencies can use to recoup 
detected improper payments. Recovery auditing is a detective control to 
help determine whether contractor costs were proper. Specifically, it 
focuses on the identification of erroneous invoices, discounts offered 
but not received, improper late penalty payments, incorrect shipping 
costs, and multiple payments for single invoices. Recovery auditing can 
be conducted in-house or contracted out to recovery audit firms. 

[35] OMB defines a recovery audit program as an agency's overall plan 
for the performance of recovery audits and recovery activities. The 
head of an agency will determine the manner and combination of recovery 
audits and activities that are expected to yield the most cost- 
effective recovery audit program. The program should include a 
management improvement program. A management improvement program is an 
agencywide program to address the flaws in an agency's internal 
controls over contractor payments discovered during the course of 
implementing a recovery audit program, or other control activities over 
contractor payments. 

[36] Department of Defense, Office of Inspector General, Identification 
and Reporting of Improper Payments Through Recovery Auditing, D-2007- 
110 (Arlington, Va.: July 9, 2007). 

[37] Select reporting elements listed in OMB guidance that we reviewed 
include (1) a general description of steps to carry out a recovery 
auditing program, (2) a corrective action plan to address root causes 
of payment error, (3) a description and justification of the classes of 
contracts excluded from the auditing review by the agency head, and (4) 
a general description and evaluation of any management improvement 
program. 

GAO's Mission:  

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability.  

Obtaining Copies of GAO Reports and Testimony:  

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "Subscribe to Updates."  

Order by Mail or Phone:  

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:  

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548:  

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061:  

To Report Fraud, Waste, and Abuse in Federal Programs:  

Contact:  

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470:  

Congressional Relations:  

Gloria Jarmon, Managing Director, JarmonG@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548:  

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: