STATEMENT OF INSPECTOR GENERAL, DEPARTMENT OF VETERANS AFFAIRS BEFORE THE UNITED STATES HOUSE OF REPRESENTATIVES COMMITTEE ON VETERANS AFFAIRS SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS HEARING ON FRAUD AND MISMANAGEMENT IN VA SEPTEMBER 23, 1999Mr. Chairman and Members of the Subcommittee,
today I will present to you the Office of Inspector General’s (OIG)
views on fraud and mismanagement in selected Veterans Affairs (VA)
programs and summaries of the OIG audits and investigations in those
areas. I will focus on
veterans benefits, debt management, and procurement and contracting
activities. Veterans Benefits
One of three principal missions assigned to my
office by the Inspector General Act of 1978 is the duty to provide
leadership in efforts to prevent and detect fraud and abuse in VA
programs and operations. Recently,
the Under Secretary for Benefits asked us to evaluate vulnerabilities in
the Compensation and Pension (C&P) program that might facilitate
fraud or abuse, particularly fraud committed by VA employees. The request came about
after two successful criminal investigations of thefts from the C&P
program totaling over $1.2 million.
Two Veterans Benefits Administration (VBA) claims examination
employees, at separate VBA Regional Offices, each embezzled over
$600,000 in unconnected schemes. A brief description of each follows. In April 1998, a man was arrested in New Jersey
on drug possession charges. The
arresting officers found a fictitious identification card on his person
and records relating to a savings account in the name shown on the
identification card. Our
joint investigation led to the discovery that fraudulent VA disability
compensation benefits were paid into the savings account monthly since
August 1986. At the time the fraud was discovered, the payments were made
at the rate of $5,011 monthly, the maximum VA compensation rate. The man arrested turned
out to be a former VA employee who had worked as a disability rating
specialist at VBA’s New York Regional Office from January 1986 to May
1987. The former employee was ultimately convicted of having
fraudulently received VA compensation benefits to which he was not
entitled. The scheme was
perpetrated using another person’s Social Security Number (SSN). The
name and date of birth used were not those of the person whose SSN was
used. Therefore, even though technology offers the opportunity and
ability to verify entitlement by computer matching VA claim records with
Department of Defense (DoD) and Social Security Administration (SSA)
records, a totally fictitious identity was successfully used to
perpetrate a fraud. The fraudulent payments
continued monthly for 12 years, totaling over $620,000.
Based on what we have learned, VA controls and procedures were
not followed. As a result, the fraud was not discovered and could have
continued indefinitely were it not for the perpetrator’s arrest on
drug charges. In the second case, a supervisor at VA Regional
Office St. Petersburg stole $615,451 by creating a fraudulent disability
compensation award in the name of the employee’s fiancé, a veteran
who had served in the Persian Gulf War.
The fraud began in March 1997 and continued until the
employee’s arrest in January 1999. After the initial fraudulent payment, the
perpetrator used VBA’s computer system on 10 occasions between March
and October 1997, to retroactively increase the fraudulent payments she
was sending to their bank account.
These actions generated a series of one-time payments totaling
about $520,000, and incrementally increased the recurring benefit
payments to $5,011 monthly. At
the time of her arrest, the perpetrator was a Veterans Service Center
Section Chief, a mid-level managerial position.
We are continuing to investigate related matters. As a result of the
discovery of these thefts, the Under Secretary for Benefits requested
that my office review internal controls in the C&P program to
determine what vulnerabilities existed that may have facilitated these
frauds. This past June, I provided the Under Secretary our
vulnerability assessment, reporting on 18 observed vulnerabilities in 6
general internal control categories. We then began an initiative to
assess the scope and breadth of vulnerability in selected areas and to
try to determine if there is a systemic problem. This follow-up activity
will require a substantial amount of time to complete and our efforts to
identify, investigate, and prosecute employee fraud in the C&P
program will continue indefinitely. Vulnerabilities that Diminish Quality Control
and Facilitate the Ability to Commit Fraud Separation-of-duty controls intended to
prevent fraud had been abandoned or circumvented.
The objective of separation-of-duty is to prevent fraud by
precluding any one person from having the ability to both authorize and
release payments. With
appropriate separation-of-duty controls in place, complicity of two or
more employees is generally needed to commit a theft, thereby reducing
the opportunity and vulnerability for crime.
As a means to speed up claims processing at VARO
St. Petersburg: §
Some VBA payment authorizers routinely approved award
actions of peers and subordinates, and released payment, without
actually reviewing the evidence that supported the action or verifying
that the claim was adjudicated in accordance with law. §
Payment authorization authority, previously reserved to
senior experienced claims examination staff, had been delegated to less
experienced employees. Accordingly,
less experienced employees could trade casework among themselves, rather
than refer the casework to a few senior officials, to obtain payment
authorization. This
practice expanded the overall production capability of the work unit,
but quality assurance was reduced and vulnerability to employee fraud
increased. At some VBA regions, employees were authorized
duplicative computer command authorities, in violation of VA policy,
apparently to increase overall production capability.
This gave the employees the ability to circumvent
separation-of-duty controls and computer edits to create a benefit
account and approve payment, without the need to refer the case to
another employee for authorization.
Employees with these extraordinary authorities could also create
a fictitious benefit payment account and generate payments, or
fraudulently upgrade the benefit payments of otherwise entitled
beneficiaries, without the knowledge of other VBA employees.
We also found other significant computer access vulnerabilities
that could be exploited to perpetrate a fraud, such as by acquiring and
using the computer access authorities of others to conceal the
perpetrator’s involvement. Large one-time payments were not always
substantively reviewed before payment was released.
VBA policy required that claims payments exceeding prescribed
amounts ($15,000 for disability compensation payments) be reviewed and
approved by the payment authorizer and the manager of the Adjudication
Division (Adjudication Officer), before payment was released.
We found that such third signature reviews were not always
performed as required or, in some cases, may have been perfunctory.
Additionally, the third review was only a paper review and there
was no computer edit to prevent release of a payment absent the third
review. This was a critical
internal control vulnerability that facilitated the VARO St. Petersburg
fraud. Another issue relates to failure to control and
secure records regarding employee claims for VA benefits. VBA policy requires that employee claims be adjudicated at
another designated Regional Office, not the Office where the employee
works. Additionally, policy
requires that employee claims records be maintained at the designated
office and held in special secure areas.
We have learned that this policy has not been implemented at all
VBA regions. Vulnerabilities that Need to be Corrected to
Help Identify Potential Ongoing But As Yet Undetected Fraud Or Abuse Long running benefit payments need to be reviewed
for continuing entitlement. At
present, running awards of benefits are reviewed only if a claims
examiner or rating specialist establishes a future suspense date
control. For example, a
control might be established for a future medical examination if the
claimant's medical condition is expected to improve, or some other
future event is anticipated. In
most cases, no control exists for future review of static conditions. Lack of control for
future review creates vulnerability that can facilitate a fraud such as
in the VARO New York embezzlement.
In that case the fraud continued for many years during which time
monthly payments exceeding $5,000 continued.
No control existed that would have triggered a review for
continuing entitlement. Continued entitlement should also be verified
when mail is returned undeliverable.
The investigation of the VARO New York embezzlement found that
the crime may have been detected years earlier, preventing years of
inappropriate payments, had returned mail been property handled.
In this case, as in most VA benefit cases, payments were
deposited by electronic funds transfer directly to the perpetrator's
bank account. During the
investigation we noted that the VARO was holding returned mail related
to the fraudulent award that dated back several years.
Because the mailing address was that of an abandoned building,
the Postal Service returned the VBA computer generated informational
mail as undeliverable. Employees
at the Regional Office filed the mail without action to determine a
correct address and payments continued until 1998 when the perpetrator
was arrested on the drug charge. VBA managers have
stated that the volume of returned mail has increased substantially
since the advent of electronic funds transfer, to the point that many
regions have given up on routine attempts to obtain current mailing
addresses on returned mail. This
incident serves as a red flag highlighting the potential consequences of
not acting on returned mail. Vulnerabilities That
Need To Be Corrected To Improve the Ability to Investigate and Prosecute
Crime To improve the ability to investigate and
prosecute crime involving the C&P program, we have asked the Under
Secretary to give priority attention to the recording and documentation
issues cited in our assessment, particularly the lack of a comprehensive
audit trail for rating and authorization actions.
As I previously indicated, this documentation shortcoming has
inhibited our investigations, necessitating that we undertake highly
labor-intensive efforts to reconstruct events. While I find these employee thefts to be a matter
of great concern, there is more at risk from a poor internal control
environment than just vulnerability to employee theft. Poor controls and
mismanagement can lead to extraordinary program losses unrelated to
employee theft. In the last several years, work done by our office in
areas concerning improper payments to Federal and State prisoners,
disability off-sets from military pay, and payments to deceased
beneficiaries have identified opportunities for the Department to save
millions of dollars. Recommendations
related to these issues remain to be fully implemented. Debt Management Issues As part of our continuing oversight of the
Veterans Health Administration, the OIG issued five reports over the
last 4 years on medical care cost recovery issues.
Additionally, at the request of the Under Secretary for Health,
we conducted an audit of insurance billing practices at one VA
outpatient clinic. The
issues identified in these reports are recognized by VA top management
as being at high risk, and if not corrected could significantly reduce
future revenue streams and adversely impact the public trust. Three reports on debt
collection surfaced a recurring issue that demonstrated that VHA could
increase its medical care cost fund collections by tens of millions of
dollars each year. The
audits found that VHA management had not closely monitored or actively
managed the Medical Care Cost Fund (MCCF) billing and collection
process. Additionally, one
of these reports found that management action was needed to correct and
prevent improper billings of VA pensioners and service-connected
veterans. Two other reports focused on debt establishment,
demonstrating that VHA needed to improve procedures to prevent
unnecessary income verification, ensure compliance with Privacy Act
requirements, and increase MCCF revenues.
Management had not established performance measures and monitors
to effectively oversee and enforce compliance with established debt
management policy, procedures, and laws. AARP
Billing Practices
In 1999, at the request of the Under Secretary
for Health, the OIG conducted a review of medical insurance billing
practices at VA Outpatient Clinic (OPC), Sepulveda, CA.
The purpose of our review was to determine the validity of
allegations of improper/fraudulent billings to American Association of
Retired Persons (AARP) Health Care Options, administered by the United
Healthcare Insurance Company, and to determine whether there were
opportunities to improve billing practices. Our review substantiated AARP’s allegation of improper billing. We did not substantiate the allegation of fraudulent billings. We found that VAOPC Sepulveda had agreed to refund over $84,000 or 80 percent of AARP insurance payments made in 1997. We also found that VAOPC Sepulveda continued to improperly bill insurance carriers in 1998 for (a) medical services not documented in medical records, (b) services incorrectly coded, (c) services involving “upcoded” bills to indicate a higher level of service than actually provided, and (d) services not covered by insurance. Improper billing occurred primarily because facility staff were improperly using and inaccurately coding Patient Care Encounter Forms. Staff were completing Encounter Forms for purposes of counting workload without considering the impact their entries had on MCCF billings. We also believe that improper billing for medical services could occur at other medical facilities. In response to our briefing and proposed recommendations VHA management took immediate action and developed a detailed strategy to correct and prevent inappropriate billing by VHA facilities. Procurement
and Contracting Activities
We have devoted
significant resources to detecting and preventing fraud in VA’s
procurement and contracting activities.
As a result of our efforts, the Department has recouped over $130
million dollars since FY 1994. OIG has also recommended $250 million in
cost avoidance. Our efforts in this area have involved issues such as
defective pricing, price reduction and Trade Agreement Act violations on
VA’s Federal Supply Schedule contracts, overcharging, product
substitution, defective products, defective workmanship, non-compliance
with contract terms and conditions, the submission of false claims for
payment, and credit card fraud. Our efforts in the contract area have
also resulted in a steady increase in the number of companies who have
come forward voluntarily to disclose contract problems and make
restitution to the Government. We are currently conducting a general review of contracting practices within VA to assess the impact of procurement reform on the agency’s buying practices. The review involves issues such as local procurements, the procurement of commercial items, the use of impact cards, local prime vendor programs, standardization of items, etc. This completes my written testimony; I would be pleased to answer any questions the committee may have. Back to Witness List |
