This is the accessible text file for GAO report number GAO-03-167T 
entitled 'Financial Management: Strategies to Address Improper Payments 
at HUD, Education, and Other Federal Agencies' which was released on 
October 3, 2002.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

United States General Accounting Office: 
GAO: 

Testimony: 

Before the Subcommittee on Government Efficiency, Financial Management 
and Intergovernmental Relations, Committee on Government Reform, House
of Representatives: 

For Release on Delivery: 
Expected at 2:00 p.m.: 
Thursday, October 3, 2002: 

Financial Management: 

Strategies to Address Improper Payments at HUD, Education, and Other 
Federal Agencies: 

Statement of Linda Calbom: 
Director, Financial Management and Assurance: 

GAO-03-167T: 

Mr. Chairman and Members of the Subcommittee: 

I am pleased to be here today to discuss (1) how internal control 
weaknesses we have noted make the departments of Housing and Urban 
Development (HUD) and Education vulnerable to, and in some cases have 
resulted in, improper and questionable payments and (2) strategies 
these and other federal agencies can use to better manage their 
improper payments. We are reporting our findings on HUD for the first 
time today. We previously reported our Education findings in a number 
of reports and testimonies. [Footnote 1] In addition, we issued an 
executive guide, Strategies to Manage Improper Payments: Learning from 
Public and Private Sector Organizations, [Footnote 2] last October, 
which we will also focus on in this testimony. 

The federal government of the United States - the largest and most 
complex organization in the world - expends approximately $2 trillion a 
year. As the steward of taxpayer dollars, it is accountable for how its 
agencies and grantees spend those funds, and is responsible for 
safeguarding against improper payments by the government - payments 
that should not have been made or that were made for incorrect or 
excessive amounts. 

Improper payments are a widespread and significant problem receiving 
increased attention not only in the federal government but also among 
states, foreign governments, and private sector companies. As you know, 
the President's Management Agenda, Fiscal Year 2002, included five 
governmentwide initiatives, one of which is improved financial 
performance. This financial management initiative calls for the 
administration to establish a baseline on the extent of erroneous 
payments. [Footnote 3] Under it, agencies were to include information on
improper payment rates in their 2003 budget submissions to the Office of
Management and Budget (OMB), including actual and target rates if 
available for benefit and assistance programs over $2 billion annually. 
Legislation that you sponsored, Mr. Chairman, and which is currently 
being considered by the Senate (H.R. 4878), calls for more stringent 
requirements in the areas of improper payment review and reporting than 
the President's Management Agenda. Specifically, it requires agency 
heads to (1) review all programs and activities that they administer, 
and identify those areas that may be susceptible to improper payments, 
(2) estimate the annual amount of improper payments, and (3) where
they exceed the lesser of 1 percent of the total program budget or $1 
million annually, report actions the agency is taking to reduce 
improper payments. 

In our executive guide, we identified practices that government and 
private sector organizations in the United States. and abroad have used 
to combat improper payments. Despite a climate of increased scrutiny, 
most improper payments associated with federal programs continue to go 
unidentified as they drain taxpayer resources away from the missions 
and goals of our government. They occur for many reasons, including 
insufficient oversight or monitoring, inadequate eligibility control, 
and automated system deficiencies. However, one point is clear based on 
our study - the root causes of improper payments can typically be 
traced to a breakdown in or lack of internal control. Collectively, 
internal controls are an integral component of an organization's 
management that provides reasonable assurance that the organization 
achieves the objectives of (1) effective and efficient operations, (2) 
reliable financial reporting, and (3) compliance with laws and 
regulations. Internal controls are not one event, but a series of 
activities
that occur throughout an entity's operations and on an ongoing basis. 
People make internal controls work, and responsibility for good 
internal controls rests with all managers. 

Both HUD and Education have histories of financial management problems,
including serious internal control weaknesses, which have affected 
their ability to provide reliable financial information to decision 
makers both inside and outside the agencies and to maintain the 
financial integrity of their operations. Because of this, we have 
designated Education's student financial assistance programs and
HUD's single family and multifamily housing programs as high-risk areas 
for waste, fraud, abuse, and mismanagement. [Footnote 4] We have also 
identified weak internal controls as a major factor contributing to 
improper payments at other agencies and have issued reports and 
testimonies on this topic, including several to this subcommittee on 
the Department of Defense's purchase card and travel card programs. 
[Footnote 5] 

In order to carry out our improper payments reviews at HUD and 
Education, we identified disbursement processes at those agencies that 
would be highly susceptible to improper payments. [Footnote 6] Based on 
this analysis, we focused our reviews on (1) HUD's purchase card and 
multifamily property payment processes and (2) Education's grants and 
loans, purchase card, and third party draft payment processes. 
[Footnote 7] Our work at both of these agencies was designed to (1) 
determine if the existing controls provided reasonable assurance that 
improper payments would not occur or would be detected in the normal 
course of business and (2) determine if expenditures were properly 
supported as a valid use of government funds. Our work at Education was 
also designed to determine if computer equipment purchased with 
purchase cards and third party drafts was being included in Education's 
inventory and appropriately safeguarded. 

Our work at Education is complete, but our HUD work is ongoing. In the 
second phase of that work, we will continue to review multifamily 
disbursements and will also assess single family program payments to 
management and marketing contractors that maintain and sell single 
family houses owned by HUD. We will also follow up on physical control 
of computer equipment as we did at Education. 

To accomplish our two separate reviews of HUD and Education, we used 
data mining techniques [Footnote 8] and other computer analyses to 
identify unusual transactions and payment patterns that may be 
indicative of improper payments. Our review included the $181.4 
billion in grants and loans disbursed by Education from May 1998 
through September 2000, $214 million of payments made by HUD during 
fiscal year 2001 for goods and services to support multifamily 
properties, $22 million of purchase cards purchases made by Education 
from May 1998 through September 2000, and $10 million of purchase cards 
purchases made by HUD during fiscal year 2001. [Footnote 9] We 
conducted our work in accordance with generally accepted government 
auditing standards, as well with investigative standards established by 
the President's Council on Integrity and Efficiency. 

In my testimony today I will discuss: 

* poor controls over purchase cards and how they resulted in some 
fraudulent, improper, and questionable purchases at HUD and Education; 

* the failure of controls over Education's grants disbursement process 
to detect certain improper payments; 

* the lack of monitoring of a key HUD contractor and how it resulted in
improper payments; and; 

* strategies that HUD, Education, and other federal agencies can use to 
manage improper payments. 

Poor Controls over Purchase Cards Resulted in Some Fraudulent, 
Improper, and Questionable Purchases at HUD and Education: 

The benefits of using purchase cards versus traditional contracting and 
payment processes are lower transaction processing costs and less "red 
tape" for both the government and the vendor community. We support the 
use of a well-controlled purchase card program to streamline the 
government's acquisition processes. However, it is important that 
agencies have adequate internal controls in place to protect the 
government from fraud, waste, and abuse. We found that both HUD and 
Education lacked fundamental internal controls over their purchase card
programs that would have minimized the risk of improper purchases. For
example, both agencies had inconsistent and inadequate pre-approval and 
review processes for purchase card transactions - key preventive and 
detective controls. 

Combined with a lack of monitoring, environments were created at HUD and
Education where improper purchases could be made with little risk of 
detection. Inadequate controls over these expenditures, along with the 
inherent risk of fraud and abuse associated with purchase cards, likely 
contributed to the $4.0 million of fraudulent, improper, and 
questionable purchases we identified at HUD and Education through our 
data mining efforts. 

According to our Standards for Internal Control in the Federal 
Government, [Footnote 10] transactions and other significant events 
should be authorized and executed only by persons acting within the 
scope of their authority. Although pre-approval and review of 
transactions by persons in authority is the principal means of assuring
that transactions are valid, we found that the pre-approval and review 
process for purchase card purchases was inadequate at both HUD and 
Education. During our review of HUD and Education's purchase card 
programs, we found that department personnel did not consistently 
obtain pre-approval prior to making some or all purchases, as required 
by the departments' policies. According to HUD's October 30, 1995, 
purchase card policy, the approving official is required to establish a 
pre-approval process for each cardholder to ensure that purchases have 
the necessary technical approval or clearance before purchases are made 
and that all transactions are appropriate and for official use only. 
However, during our review we found that only the Information 
Technology Office routinely obtained authorization prior to purchasing 
items with the purchase card. Similarly, at the Department of 
Education, we found that 10 of its 14 offices did not require 
cardholders to obtain authorization prior to making some or all 
purchases, although Education's policy required that all requests to 
purchase items over $1,000 be made in writing to the applicable 
department executive officer. 

One of the most important internal controls in the purchase card 
process is the review of supporting documentation and approval of each 
purchase by the approving official. Approving officials at both HUD and 
Education are required to review each monthly statement of purchases 
along with the applicable supporting documentation and certify that 
these purchases were appropriate, in accordance with department 
regulations, and a valid use of government funds. Based on our testing 
of both HUD and Education's approving officials' review of monthly 
purchase card statements, we found that this key control was not an
effective means of detecting improper purchases. At HUD, we selected a
stratified random sample of 222 purchase card transactions made during 
fiscal year 2001, and found that $1.4 million, or about 77 percent, of 
the $1.8 million of sampled purchases lacked adequate support for the 
approving official to determine what was purchased, whether the 
purchase was previously authorized, and if there was a legitimate 
government need for the items purchased. [Footnote 11] We found similar
problems at Education. To test the effectiveness of Education's 
approving officials' review, we analyzed 5 months of cardholder 
statements and found that 37 percent of the 903 monthly cardholder 
statements we reviewed were not approved by the appropriate official. 
These 338 unapproved statements totaled about $1.8 million. 

Another control that is effective in helping to prevent improper 
purchases is the blocking of certain merchant category codes (MCC). 
This control, available as part of the agencies' purchase card 
contracts with the card issuing financial institutions, allows agencies 
to prohibit certain types of purchases that are clearly not business 
related, such as purchases from jewelry stores or entertainment 
establishments. During our reviews, we noted that, initially, neither 
HUD nor Education was effectively using the MCC's as a preventive 
control. HUD was not blocking any MCCs and Education blocked only four 
MCCs. As a result, there were almost no restrictions on the types of 
purchases employees could make during the period of our audit. Both 
agencies took action to block more of the MCCs after we began our 
reviews of their purchase card programs. 

Our Standards for Internal Control in the Federal Government state that 
internal control should generally be designed to assure that ongoing 
monitoring occurs in the course of normal operations. Internal control 
monitoring should assess the quality of performance over time and 
ensure that findings of audits and other reviews are promptly resolved. 
Program and operational managers should monitor the effectiveness of 
control activities as part of their regular duties. HUD's purchase card 
policy requires the department to perform annual program reviews and 
report the results, including findings and recommendations, to the 
purchase card program administrator. However, HUD officials could 
locate only one such report. This November 2001 report, prepared by a 
consultant, identified problems that were similar to the findings 
previously reported [Footnote 12] by the Office of Inspector General 
(OIG) in February 1999. Both reports documented problems with weak 
internal controls and insufficient supporting documentation. The
consultant's report also noted that HUD was not performing the periodic 
program reviews required by its policies and that employees were making 
improper split purchases. HUD management agreed with the findings in 
the OIG report and developed and implemented an action plan to address 
the identified weaknesses. According to HUD OIG staff, its 
recommendations were implemented and have been closed. However, based 
on our findings, corrective actions taken at that time were not fully 
effective. 

At the time of our review, Education did not have a monitoring system 
for purchase card activity to determine whether its staff was complying 
with key aspects of the purchase card program. We also found that 
approving officials at Education did not use monitoring reports that 
were available from its purchase card contractor to identify unusual or 
unauthorized purchases. However, as I will discuss later, the 
department subsequently issued new policies and procedures that, among 
other things, establish a quarterly quality review of a sample of 
purchase card transactions to ensure compliance with key aspects of the
department's policy. The types of internal control weaknesses that I 
have just described created environments where improper purchases could 
be made with little risk of detection and likely contributed to the $4 
million of fraudulent, improper, and questionable purchases we 
identified through our data mining efforts at both HUD and Education. 
We also found that property purchased with purchase cards was not 
always recorded in Education's property records, which likely 
contributed to missing or stolen property. This could also be an issue 
at HUD based on our preliminary inquiries into its property management 
system. 

I will now provide a few examples of how employees used their purchase 
cards to make fraudulent, improper, and questionable purchases. We 
considered fraudulent purchases to be those that were unauthorized and 
intended for personal use. Improper payments include errors, such as 
duplicate payments and miscalculations; payments for services not 
rendered; multiple payments to the same vendor for a single purchase to 
circumvent existing single purchase limits - known as split purchases; 
and payments resulting from fraud and abuse. We defined questionable 
transactions as those that, while authorized, were for items purchased 
at excessive costs, for questionable government need, or both, as well
as transactions for which the departments could not provide adequate 
supporting documentation to enable us to determine whether the 
purchases were valid. 

In May 2002, we provided HUD with 5,459 transactions, totaling about 
$3.8 million in which the (1) payee appeared to be an unusual vendor to 
be engaging in commerce with the agency, (2) purchase was made on 
either a holiday or weekend, or (3) purchase appeared to be a split 
purchase. As of September 2002, HUD was able to provide adequate 
support for 3,428 of these questionable transactions, totaling about 
$1.5 million. HUD could not provide adequate supporting documentation 
to enable us to assess the propriety of the remaining 2,031 
transactions totaling about $2.3 million, or 38 percent of the total
questionable transactions and 61 percent of the total dollars 
requested. For these transactions, HUD could not provide support to 
determine what was purchased, whether it was authorized, and whether 
there was a legitimate government need for the item purchased. These 
purchases included (1) 1,183 questionable vendor transactions totaling 
about $869,000, (2) 31 purchases made on holidays totaling about 
$10,000, (3) 264 weekend purchases totaling about $354,000; and (4) 541
potential improper split transactions totaling about $1 million. 

Some examples of questionable vendor transactions for which we did not 
receive adequate support included (1) over $27,000 to various 
department stores, such as Best Buy, Circuit City, Dillard's, JC Penny, 
Lord & Taylor, Macys, and Sears, (2) over $8,900 to several music and 
audio stores, including Sound Craft Systems, J&R's Music Store, Guitar 
Source, and Clean Cuts Music, and (3) over $9,700 to various 
restaurants, such as Legal Sea Foods, Levis Restaurant, The Cheesecake
Factory, and TGI Fridays. Additional examples of questionable or 
improper purchases we found included $25,400 of "no show" hotel charges 
for HUD employees who did not attend scheduled training and $21,400 of 
purchases from vendors where it appears the vendors were out of 
business prior to the purchases. 

Because HUD was unable to provide adequate documentation for these 
purchases, we consider them to be questionable uses of government funds 
and therefore potentially improper purchases. 

In order to identify potential improper payments in Education's 
purchase card program, we requested supporting documentation for (1) 
338 monthly statements totaling $1.8 million that our testing of the 
approval function identified as not properly approved, and (2) other 
transactions, identified using data mining techniques, that appeared 
unusual. Education was unable to provide adequate supporting 
documentation to enable us to determine the validity of purchases 
totaling over $218,000. 

Education could not provide any support for more than $152,000 of these
purchases nor could it specify what was purchased, why it was 
purchased, or whether these purchases were appropriate. For the 
remaining $66,000, Education was able to provide only limited 
supporting documentation. As a result, we were unable to assess the 
validity of these payments, and we consider these purchases to be 
potentially improper. These inadequately supported or unsupported
purchases included charges to various hotels for more than $3,000, 
purchases of computer equipment and software totaling more than 
$22,000, and charges for various college and other training courses 
totaling about $51,000. Numerous other purchases were made from home 
electronics and appliance stores as well as toy, book, and furniture 
stores. 

In our review of the documentation Education did provide, we identified 
some fraudulent, improper, and questionable purchases. Examples of 
these include the following: 

* In one instance, a cardholder made several fraudulent purchases from 
two Internet sites for pornographic services. As a result, Education 
management issued a termination letter, prompting the employee to 
resign. 

* Over several years, an Education employee made improper charges 
totaling $11,700 for herself and a coworker to attend college classes 
that were unrelated to Education's mission, such as biology, music, and 
theology. [Footnote 13] This same individual also had numerous 
questionable charges for other college classes totaling $24,060. 

* There were restaurant charges totaling $4,427 from a Year 2000 focus 
group meeting in San Juan, Puerto Rico, for meals for nonfederal 
employees. We referred additional charges of this same nature totaling 
approximately $45,000 to Education's OIG. [Footnote 14] 

Another type of improper purchase we identified is the "split 
purchase," which we defined as purchases made on the same day from the 
same vendor that appear to circumvent single purchase limits. Federal 
Acquisition Regulation prohibits splitting a transaction into more than 
one segment to avoid the requirement to obtain competitive bids for 
purchases over the $2,500 micro-purchase limit. At HUD, we identified 
88 improper purchases totaling about $112,000 where employees made 
multiple purchases from a single vendor on the same day in excess of 
the $2,500 micro-purchase threshold. For example, one cardholder 
purchased nine personal digital assistants and the related accessories 
from a single vendor on the same day in two separate transactions just 
5 minutes apart. Because the total purchase price of $3,788 exceeded 
the cardholder's single purchase limit of $2,500, the purchase was 
split into two transactions of $2,388 and $1,400, respectively. We 
identified 451 additional purchases totaling $893,000 where HUD 
employees made multiple purchases from a vendor on the same day in
excess of $2,500. Although we were unable to determine whether these 
purchases were improper, based on the available supporting 
documentation, these transactions share similar characteristics with 
the 88 split purchases we identified. 

We also found improper split purchases at Education. For example, one
cardholder from Education purchased two computers from the same vendor 
at essentially the same time. Because the total cost of these computers 
exceeded the cardholder's $2,500 single purchase limit, the total of 
$4,184.90 was split into two purchases of $2,092.45 each. We found 27 
additional purchases totaling almost $120,000 where Education employees 
improperly made multiple purchases from a vendor on the same day. 

In addition to poor internal controls over the purchase card program, 
we found that Education lacked appropriate physical controls and 
segregation of duties over computer equipment purchased with purchase 
cards and third party drafts. According to the Education Inspector 
General, the department had not taken a comprehensive physical 
inventory for at least 2 years before our review. Further, one office 
lacked appropriate segregation of duties where responsibility for 
receiving, bar coding, securing the equipment, and delivering computers 
to the end users was done by only two individuals. According to our 
Standards for Internal Control in the Federal Government, an agency 
must establish physical control to secure and safeguard vulnerable 
assets. Such assets should be periodically counted and compared to 
control records. Recording the items purchased in property records is 
an important step to ensuring accountability and financial control over 
these assets and, along with periodic inventory counts, to preventing 
theft or improper use of government property. At Education, we found 
that employees regularly purchased computers using their purchase 
cards, which was a violation of the department's policy prohibiting the
use of purchase cards for this purpose. From May 1998 through September 
2000, the period covered by our audit, Education made purchases 
totaling more than $2.9 million from personal computer and computer-
related equipment vendors. To determine whether this computer equipment 
was appropriately recorded in the department's inventory, we compared 
serial numbers obtained from the department's largest computer vendor 
to those in the asset management system and identified 384 pieces of 
computer equipment, including desktop computers, printers, and 
scanners, that were not in the property records. We conducted an
unannounced inventory to determine whether the equipment was actually 
missing or inadvertently omitted from the property records. Although we 
found 143 pieces of equipment during this inventory that were not 
recorded on Education's books, and an additional 62 items were later 
found by Education, department officials have been unable to locate the 
remaining 179 pieces of missing equipment costing over $200,000. They 
surmised that some of these items may have been surplused; however, 
there is no documentation to determine whether this assertion is valid. 

According to Education officials, new policies were implemented that do 
not allow individual offices to purchase computer equipment without the 
consent of the Office of the Chief Information Officer. In addition, 
the new policies were designed to maintain control over the procurement 
of computers and related equipment, including: 

* purchasing computers from preferred vendors that apply the 
department's inventory bar code label and record the serial number of 
each computer on a computer disk that is sent directly to the Education 
official in charge of the property records; 

* loading the computer disk containing the bar code, serial number, and
description of the computer into the property records; and; 

* having an employee verify that the computers received from the vendor
match the serial numbers and bar codes on the shipping documents and the
approved purchase orders. 

While these are very positive steps, a continued lack of adequate 
physical control could negate the effectiveness of these new 
procedures. For example, during a follow-up visit to Education, we 
found that the doors to the various rooms used to store computer 
equipment waiting to be installed were both unlocked and unattended. 
Without enhanced physical security, Education will continue to be at
risk for further computer equipment losses. 

We also have concerns about HUD's accountability for computer and 
related equipment purchased with purchase cards because of the large 
volume of purchases for which it did not have appropriate 
documentation. In these cases, HUD likely does not know what was 
purchased, why it was purchased, whether there was a legitimate 
government need for the item purchased, and where the item is now. For 
example, HUD employees used their purchase cards to purchase portable 
assets such as computer equipment and digital cameras, totaling over
$74,500, for which they have provided either no support or inadequate 
support. Further, in its purchase card remedial action plan, which I 
will discuss further shortly, HUD stated that not all property is 
entered in its automated property inventory system. When these 
purchases are not entered in an agency's inventory system, they become 
more vulnerable to loss or theft. In our follow-up work, we plan to 
determine whether these items are included in HUD's inventory and are
being appropriately safeguarded. 

Effectiveness of Remedial Action Plans and Other Recent Steps to Curb 
Purchase Card Abuse Is Mixed: 

In April 2002, OMB issued a memorandum requiring all agencies to develop
remedial action plans to manage the risk associated with purchase card 
usage. Agencies were required to submit their plans to the Office of 
Federal Procurement Policy no later than June 1, 2002. Both HUD and 
Education submitted their plans to OMB on time. While Education's plan 
was accepted by OMB and addressed the findings and recommendations in 
our September 2001 interim report and final Education report, HUD's 
plan was rejected because it lacked a timeline for when the corrective 
actions would be implemented. This plan also did not address key
weaknesses we identified. 

HUD submitted a new plan to OMB on August 28, 2002. While the revised
remedial action plan includes a broad timeline for when each objective 
will be completed, we found that it still does not adequately address 
key control weaknesses we identified, in part because it lacks specific 
steps necessary to fully address identified problem areas. For example, 
HUD's plan recognizes that monitoring of purchasing activities and the 
frequency of internal audits are areas that need improvement. However, 
the plan does not address developing and implementing a robust review 
and approval function for purchase card transactions, focusing on 
identifying split purchases and other inappropriate transactions. 
Further, this plan does not timely address some of the other serious
weaknesses we found. For example, the revised remedial plan does not 
require the program administration staff to begin designing a 
monitoring plan to assess HUD's compliance with key aspects of its 
purchase card policy until the second quarter of fiscal year 2003 and 
does not give an estimated completion date for when this key internal 
control will be implemented. Additionally, the revised plan does not 
specifically identify who is responsible for developing or implementing
any of the proposed improvements. We will be issuing a separate letter 
to HUD that will include recommendations to address these and other 
issues we identified during our review of its purchase card program. 

In contrast, Education's plan specifically addresses the findings and
recommendations in our September 2001 interim report and final Education
reports. These recommendations included (1) emphasizing policies on
appropriate use of the purchase card and cardholder and approving 
official responsibilities, (2) ensuring that approving officials are 
trained on how to perform their responsibilities, and (3) ensuring that 
approving officials review purchases and their supporting documentation 
before certifying the statements for payment. Education took actions to 
respond to these recommendations, such as (1) reducing monthly and 
single purchase spending limits, (2) blocking over 300 MCCs, (3) 
implementing a new approval process, and (4) issuing new policies
and procedures. 

However, during our follow-up work at Education, we found that 
weaknesses remained that continued to leave the department vulnerable 
to fraudulent and improper payments and lost assets. For example, the 
effectiveness of the department's new approval process was minimized 
because approving officials were not ensuring that adequate supporting 
documentation existed for all purchases. According to Education, it has 
since implemented a quarterly monitoring program to assess compliance 
with key aspects of the purchase card program. As discussed in our 
Executive Guide, which I will cover later, managing improper payments 
is a continuous cycle and includes, among other things, constant 
monitoring of the effectiveness of implemented controls and adjustments 
to these controls as warranted by monitoring results. 

Controls over Education's Grants Disbursement Process Failed to Detect 
Certain Improper Payments: 

Education's grant and loan disbursement process relies on computer 
systems application controls, or edit checks, to help ensure the 
propriety of payments. We focused our review on these edit checks and 
related controls because they are key to helping prevent or detect 
improper payments in an automated process. As we testified in July 
2001, [Footnote 15] controls over grant and loan disbursements at 
Education did not include a key edit check or follow-up process that 
would help identify schools that were disbursing Pell Grants to 
ineligible students. To identify improper payments that may have 
resulted from the absence of these controls, we performed a variety of 
tests, including a test to identify students 70 years of age and older 
because we did not expect large numbers of older students to be 
receiving Pell Grants. [Footnote 16] Our review also built upon earlier 
work where we identified abuses in the Pell Grant program. [Footnote 
17] Based on the initial results of our tests and because of the 
problems we identified in the past, we expanded our review of seven 
schools that had disproportionately high numbers of older students to 
include recipients 50 years of age and older. We found that three 
schools fraudulently disbursed about $2 million in Pell Grants to 
ineligible students, and another school improperly disbursed about $1.4 
million in Pell Grants to ineligible students. We also identified 31 
other schools that had similar disbursement patterns to those making 
the payments to ineligible students. These 31 schools disbursed 
approximately $1.6 million of Pell Grants to potentially ineligible 
students. We provided information on these schools to Education for 
follow-up. 

Education's staff and officials told us that they have performed ad hoc 
reviews in the past to identify schools that disbursed Pell Grants to 
ineligible students and have recovered some improper payments as a 
result. However, Education did not have a formal, systematic process in 
place specifically designed to identify schools that may be improperly 
disbursing Pell Grants. In our September 2001 interim report, we 
recommended that the Secretary of Education (1) establish appropriate 
edit checks to identify unusual grant and loan disbursement patterns 
and (2) design and implement a formal, routine process to investigate 
unusual disbursement patterns identified by the edit checks. 

Education subsequently implemented an age limit edit check of 75 years 
of age or older. If the student's date of birth indicates that he or 
she is 75 years of age or older, the system edit will reject the 
application and the school will not be authorized to give the student 
federal education funds until the student either submits a corrected 
date of birth or verifies that it is correct. However, without also 
looking for unusual patterns and following up, the edit may not be very
effective, other than to correct data entry errors or confirm older 
students applying for aid. 

Education also implemented a new system, called the Common Origination 
and Disbursement (COD) system, which became operational in April 2002. 
Education officials told us that this integrated system will replace 
the separate systems Education has used for Pell Grants, direct loans, 
and other systems containing information on student aid, and it will 
integrate with applicant data in the application processing system. The 
focus of COD is to improve program and data integrity. If properly 
implemented, a byproduct of this new system should be improved controls 
over grant and loan disbursements. According to Education officials, 
they will be able to use COD to identify schools with characteristics 
like those we identified. However, until there is a mechanism in place 
to investigate schools once unusual patterns are identified, Education 
will continue to be vulnerable to the types of improper Pell Grant 
payments we identified during our review. 

We performed several additional tests of Education's disbursements to 
identify potentially improper grant and loan payments that may not have 
been detected because of missing or ineffective edit checks. In 
addition to Pell Grant payments to students 70 years of age and older, 
we identified $28.8 million of other potentially improper grant and 
loan payments made by more than 1,800 schools to students who (1) were 
much older or younger than would be expected, (2) had social security 
numbers (SSN) that were either not in Social Security Administration 
(SSA) database or were in SSA death records, or (3) received Pell 
Grants in excess of statutory limits. Based on supporting documentation 
provided to us by Education, we determined that $20.3 million of these 
payments were proper. However, Education did not provide adequate 
supporting documentation to enable us to determine the validity of the 
remaining $8.5 million of payments made by these schools. Although 
Education officials told us that they requested supporting 
documentation from the approximately 1,800 schools that disbursed these 
funds, over 1,000 schools did not provide the documentation, and
documentation provided by some of the schools was inadequate for 
independent verification of the validity of these payments. 

According to Education officials, if a school that did not provide 
support or provided inadequate support had only a small number of 
potential improper payments, the department did not follow up because 
it did not consider doing so a wise use of its resources. We agree that 
Education should weigh the costs of resources required to follow up on 
potential improper payments with the benefits that could be obtained 
when making such decisions. However, 20 of the schools that did not 
provide support or provided inadequate support had from 20 to 138 
instances of these potential improper payments totaling $1.5 million. 

While the amount of improper and potentially improper grant and loan 
payments we identified is relatively insignificant compared to the 
billions of dollars disbursed for these programs annually, it 
represents a control risk that could easily be exploited to a greater 
extent. As I will discuss later, once such a risk has been identified, 
appropriate control activities need to be implemented to respond to it. 

In addition to the recommendations that I have already discussed, we 
previously recommended that Education (1) conduct on-site 
investigations, including interviews of school personnel and students, 
at the 28 schools with characteristics similar to those we found that 
improperly disbursed Pell Grants to determine whether the grants were 
properly disbursed, (2) follow up with the schools that had high 
concentrations of the $12 million in potential improper payments for 
which the department did not provide adequate supporting documentation, 
and (3) implement a process to verify borrowers' SSNs and dates of 
birth submitted by schools to Loan Origination System (LOS). While 
Education has implemented a process to verify borrowers' SSNs and dates 
of birth submitted by schools to LOS, the other two recommendations 
remain open. 

Lack of Monitoring of a Key HUD Contractor Resulted in Improper 
Payments: 

Internal control standards state that monitoring should assess the 
quality of performance over time and ensure that review findings are 
promptly resolved. Due to a lack of monitoring, the internal controls 
of the HUD multifamily housing program's payment processes do not 
provide reasonable assurance that improper payments would be identified 
and corrected in the normal course of business. As we testified in July 
2002, HUD has a limited ability to effectively monitor its contractors 
and as I am about to discuss, this left HUD vulnerable to abusive 
billing practices by its property management firms. [Footnote 18] 

HUD contracts with two property management firms, which are given a 
great deal of autonomy, to manage the operation of its multifamily 
properties, [Footnote 19] including apartment projects, nursing homes, 
and hospitals. These management firms are charged with initiating 
property renovations, hiring on-site staff, selecting vendors and 
certifying the acceptable delivery and performance of these activities. 
The vendors that provide the goods and services at the HUD properties 
submit their invoices to the property management firm for payment by 
HUD. The management firm forwards the invoices and required supporting 
documentation to another HUD contractor that maintains the department's 
property management system, provides a limited cursory review of the 
supporting documentation, and pays the vendors. HUD pre-approval for 
payment of these goods and services is not required when (1) the 
vendor's estimate will cost less than agreed upon dollar thresholds, 
which, depending upon the property management company, are as high as 
$50,000, or (2) an emergency situation exists that affects or endangers 
the health and/or safety of residents or property. The property manager 
is also not required to obtain competitive bids when the work is done 
to correct an emergency situation. Generally, the contractor that pays 
the vendors obtains a daily E-mail authorization from HUD prior to 
disbursing the funds. However, unless the amount exceeds the 
predetermined thresholds, HUD does not routinely review documentation 
supporting the payments and does not verify that the work was actually 
performed. 

Given the fairly broad delegation of authority to these contractors, it 
is important that HUD have effective processes for monitoring 
performance and the propriety of payment. We found that HUD did not 
comply with its monitoring policy to perform quarterly, on-site 
inspections and management reviews of its multifamily housing projects 
and had incomplete guidance on how to do so. Inspections and reviews 
were not conducted at the majority of multifamily properties and HUD
could not provide documentation for some of the limited reviews and 
inspections that HUD officials said were performed. We found no on-site 
inspection guidance in the multifamily handbook, which establishes the 
policies and procedures to be followed by the multifamily staff. 

In two instances where HUD did conduct and document reviews of one of 
the property management firms, it did not follow up on or promptly 
resolve its findings. Based on these two reviews of the purchasing 
practices of the property management firm, HUD documented concerns 
about the (1) amount of money being disbursed to a limited number of 
construction companies with little control in place to ensure fair and 
reasonable prices and (2) unusually high number of emergency 
renovations made by this management firm. Yet HUD continued to 
authorize payments of over $8 million to these construction companies 
after it was known that the property management firm was not selecting 
these companies in accordance with provisions of its contract that 
required obtaining competitive quotes from several vendors, even for 
purchases below the $50,000 pre-approval threshold. Obtaining 
competitive quotes helps ensure that the government pays a reasonable 
price for goods and services. 

The property management firm told HUD that the vendors it used were the 
only ones that would work in the neighborhoods where the properties 
were located, and that other vendors did not feel comfortable with 
HUD's vendor payment process. HUD's staff accepted this explanation 
without independent verification. Had HUD followed up on their 
findings, it may have discovered what we found - funds being disbursed 
for alleged emergency goods and services that were not received or 
performed. 

Using computerized data mining techniques, we analyzed the $214 million 
of multifamily property payments made during fiscal year 2001 to 
identify potentially improper payments that could have resulted from 
HUD's lack of contractor oversight. The majority of the questionable 
disbursements identified by our analyses were for transactions 
initiated by one of the two management firms. Hence, we concentrated 
our efforts on HUD disbursements for this firm's transactions. Based on 
our data mining and reviews of the supporting documentation, we 
determined that a vice president and maintenance director of this 
property management firm, on numerous occasions circumvented HUD 
controls by (1) alleging that construction renovations were 
emergencies, thus not requiring multiple bids or HUD pre-approval, and 
(2) splitting renovations into multiple projects to stay below the 
$50,000 threshold of HUD-required approval. Over 18 months HUD 
authorized and paid for approximately $10 million of renovations, of 
which each invoice was for less than $50,000, at two properties where 
the above-mentioned maintenance director was employed. HUD did not 
verify that any of the construction renovations were actually performed 
or determine whether the emergency expenditures constituted such a 
classification. 

The following examples of improprieties, which are now being 
investigated by the HUD OIG and our Office of Special Investigations, 
could have been prevented or detected had HUD performed its contractor 
monitoring responsibilities. During June 2001, the maintenance director 
of the property management company falsified documents that indicated 
that 15,000 square feet of concrete sidewalk, at a cost of $227,500, 
was replaced and classified these repairs as an emergency. To remain 
below the HUD threshold of $50,000, the property management maintenance 
director had the vendor submit five separate invoices, each for 
$45,500, for the replacement of 3,000 square feet of concrete sidewalk 
in front of five buildings. HUD's contractor paid all five invoices. 
Based on our site visits and conversation with the maintenance 
director, we determined the square footage billed for sidewalk 
replacement had not actually been replaced. Figure 1 illustrates how 
only portions (the lighter shaded sections) of the sidewalk were 
replaced and not the entire sidewalk as was listed on the paid 
invoices. 

Figure 1: HUD Improper Payments: 

[See PDF for image] 

This figure is a photograph of the sidewalk referenced in the above 
paragraph. 

[End of figure] 

With the assistance of an independent construction firm, we hired, we 
determined that only about one-third of the work HUD paid for was 
actually performed. As a result, more than $164,000 of the $227,500 
billed and paid for "emergency" installation of concrete sidewalk 
appears to be fraudulent. 

At this same property, we found instances where HUD paid construction
companies for certain apartment renovations, deemed "emergency 
repairs," that were not made. Three of the 10 tenants we interviewed 
told us that some work listed on the invoice that the property 
management firm submitted was not performed at their homes. For 
instance, while an invoice indicated that the apartment floor and 
closet doors had been replaced at a cost of $10,400, the tenant stated 
that the floors and doors were never replaced. 

On several other occasions, HUD paid the same amount to perform 
"emergency renovations" of apartments of varying sizes and, more than 
likely, in differing degrees of disrepair. For example, HUD paid three 
identical $32,100 invoices for the emergency renovation of a one 
bedroom (600square feet), a two bedroom (800 square feet) and a three 
bedroom (1000 square feet) apartment. All three invoices listed the 
exact work performed. For example, each invoice listed a $4,500 cabinet 
fee, yet the one bedroom unit had five fewer cabinets than the three
bedroom dwelling. We and the independent construction firm we hired
questioned the validity of the same charge for units of varying sizes 
and the likelihood of numerous apartments being in identical condition 
and in need of the same extensive renovations. 

When confronted with these disparities, the property management 
company's maintenance director told us that although he did not have 
any documentation to support it, he kept mental notes of work that was 
billed and not performed and had the construction company perform 
additional unbilled renovations, rather than revising original 
emergency invoices. Our review of the maintenance director's files 
found multiple "boilerplate" copies of signed receiving reports, 
indicating that acceptable emergency work had been done, that had yet 
to be awarded to vendors, further evidence of ongoing improprieties. 

We will be providing formal recommendations to HUD to address these 
issues, as well as other acquisition management challenges, in a 
separate report to be issued in November 2002. 

Strategies to Manage Improper Payments: 

Now I would like to talk about some of the things that HUD, Education, 
and other federal agencies can do to address their improper payments 
comprehensively. As we recently reported, [Footnote 20] our review of 
improper payments reported in agency financial statements over the past 
3 years shows some change in individual agencies and programs, but 
little change in the total amount over the period. While the total 
reported amount has decreased from about $20.7 billion in fiscal year 
1999 to $19.1 billion in fiscal year 2001, these figures do not give a 
true picture of the level of improper payments in federal programs and 
activities. As significant as the $19 billion in improper payments is, 
the actual extent of improper payments government wide is unknown, 
likely to be billions of dollars more, and will likely grow without 
concerted, coordinated efforts by agencies, the administration, and the 
Congress. 

As we have seen, weak or nonexistent internal controls can result in a 
variety of improper payments that can affect an agency's ability to 
achieve its goals. Attacking the problem of improper payments requires 
strategies tailored to the organization involved and its particular 
risks. To identify effective practices and provide case illustrations 
and other information for federal agencies to consider when addressing 
improper payments, we contacted public and private sector organizations 
and talked with them about actions they had taken and considered 
effective in reducing improper payments. Participants were the 
Department of Health and Human Services' Health Care Financing 
Administration; [Footnote 21] the Social Security Administration; the 
Department of Veterans Affairs; the states of Illinois, Texas, and 
Kentucky; the governments of Australia, New Zealand, and the United
Kingdom; and three private sector corporations. Our executive guide, 
Strategies to Manage Improper Payments: Learning from Public and 
Private Sector Organizations, issued last year, highlights the actions 
taken by these organizations. We categorized the actions into the five 
components of internal control outlined in the Comptroller General's 
Standards for Internal control in the Federal Government. We defined 
these components as follows: 

* Control environment - creating a culture of accountability by 
establishing a positive and supportive attitude toward improvement and 
achievement of established program outcomes. 

* Risk assessment - performing comprehensive reviews and analyses of
program operations to determine if risks exist and if so, their nature 
and extent. 

* Control activities - taking actions to address identified risk areas 
and help ensure that management's decisions and plans are carried out 
and program objectives are met. 

* Information and communications - using and sharing relevant, reliable 
and timely financial and nonfinancial information in managing 
activities related to improper payments. 

* Monitoring - tracking improvement initiatives over time, and 
identifying additional actions needed to further improve program 
efficiency and effectiveness. 

I will address each of these control activities briefly in turn, giving 
examples that illustrate their use in combating improper payments. 
While I will discuss these activities separately, it is important to 
remember that managing improper payments typically requires continuous 
interaction among these areas. 

Control Environment: Instilling a Culture of Accountability: 

Perhaps the most significant of the elements critical to identifying, 
developing and implementing activities to reduce improper payments is 
the control environment. Top officials, whether in government or the 
private sector, and oversight bodies such as legislatures, set the 
stage for change with clearly established expectations and demands for 
improvement. Many of the officials we met with in the course of our 
work told us that without the clearly established demands and 
expectations for improvement by top management and legislators, little 
would have happened to effectively reduce fraud and errors in their 
programs. In addition, while top management sets the tone for cultural 
change, all personnel must buy into this change and work to achieve its 
overall goals. 

The cultural change fostered by an effective control environment 
stresses the importance of improvement and efficient and effective 
program operations while maintaining a balance with concerns about 
privacy and information security in a world where computers and 
electronic data are indispensable to making payments. In the oversight 
and legislative arena, it involves initiatives such as those in the
President's Management Agenda, as I discussed earlier and legislation 
such as that introduced by you, Mr. Chairman, which requires 
comprehensive improper payment reviews and reporting. 

Interest in the amount of improper payments at the organizations that 
participated in our study often resulted from program, audit or media 
reports of misspent funds or fraudulent activities. As the magnitude of 
improper payments became known, government officials and legislative 
bodies faced increased pressure to reduce them. 

In Texas, for instance, the legislature was instrumental in changing in 
the state's benefit programs after reports of improper payments in the 
Medicaid program that ranged from $365 million to $730 million as well 
as in the Temporary Assistance to Needy Families and Food Stamps 
programs, estimated at a total of $222.4 million. Lawmakers sought to 
reduce these improper payments by mandating specific actions that 
included use of computer technology to deter fraud and abuse. 

The government has led the way in setting the stage for changes in the 
United Kingdom. Following Comptroller and Auditor General reports 
stating that the government did not know enough about the level of 
fraud in its benefits programs, Parliament required the Department of 
Work and Pensions (DWP) to improve measurement of fraud in its 
programs. DWP conducted a benefit review from which the government 
estimated that $3 billion per year were lost to known fraud. The 
government further noted that if all suspicions of fraud were well 
founded, the figure could be as high as $10 billion per year. DWP 
proposed a strategy to reform the welfare system and reduce improper 
payments. 

Through the process, Parliament has stayed actively involved, enacting 
legislation to allow data sharing between government agencies and 
departments. In addition, the Treasury requires departments to disclose 
irregular expenditures arising from erroneous benefit awards and fraud 
by claimants. Further, the Comptroller and Auditor General qualified 
his opinion on DWP's fiscal years 1995 through 2000 financial 
statements because of the level of fraud and error identified in the
benefit programs. This served to reinforce the message that high levels 
of improper payments are unacceptable. 

At the day-to-day level, improper payments resulting from 
miscalculation and other errors often receive inadequate attention. 
Centrelink, a "one-stop shop" that pays a variety of Australian 
government benefits, found through audit reports that up to 30 percent 
of its work was rework. The organization's management
responded by implementing a "Getting it Right" strategy in 2000, 
setting out the roles and responsibilities of managers and team leaders 
as well as minimum standards for the staff to apply when making payment 
decisions. Centrelink distributed posters and mouse pads to reinforce 
the "Getting it Right" message. Centrelink's Chief Executive Officer 
has stated that she expects the implementation of the strategy to 
result in a reduction of improper payments as well as continued 
timeliness in payments to beneficiaries. 

Study participants successfully used the following strategies to create 
a control environment that instilled a culture of accountability over 
improper payments, and could also be used at federal agencies: 

* Provide leadership in setting and maintaining the agency's ethical 
code of conduct and in ensuring proper behavior under the code. 

* Provide a cultural framework for managing risk by engaging everyone 
in the organization in the risk management process. 

* Increase accountability by establishing goals for reducing improper 
payments for major programs. 

* Foster an atmosphere that regards improper payments as unacceptable. 

Among the organizations we studied, pressures from oversight entities 
and top management were instrumental in creating change. The 
President's Management Agenda and the previously mentioned legislation 
help define and communicate the need for improvement. By being 
transparent in redefining the culture, oversight entities and top 
management can set expectations and obtain agreement on the need for 
change from individuals managing day-to-day program activities. This 
culture of accountability is necessary to begin the critical next step 
in managing improper payments, the risk assessment process. 

Risk Assessment: Determining the Nature and Extent of the Problem: 

Strong systems of internal control provide reasonable assurance that 
programs are operating as intended and are achieving expected outcomes. 
A key step in gaining this assurance is conducting a risk assessment. 
This involves comprehensively reviewing and analyzing program 
operations to determine where risks lie and what they are, and then 
measuring the potential or actual effect of those risks on program 
operations. 

The information developed during a risk assessment forms the foundation 
from which management can determine the corrective actions needed and 
provides baseline information for measuring progress. Specific 
methodologies for managing risk vary by organization depending on 
mission and the difficulty in quantifying and defining risk levels. In 
addition, because economic, governmental, industrial, regulatory, and 
operating conditions continually change, risk assessments should be 
updated to identify and address any new risks. The organizations that 
participated in our study found that conducting risk assessments to 
determine the nature of their improper payments was essential to 
helping them focus on the most significant problem and determine what 
needed to be done to address it. 

While many federal agencies do not perform risk assessments, some do. 
The Department of Health and Human Services, for example, began 
reporting an annual estimate of improper payments in the Medicare fee-
for-service program in 1996. In fiscal year 2001, it reported estimated 
improper Medicare fee-for-service payments of $12.1 billion, or about 
6.3 percent of such benefits. This analysis and reporting has led to 
the implementation of several initiatives to identify and reduce 
improper payments, including working with medical providers to ensure
that medical records support billed services. 

HUD also measures improper payments in its housing assistance programs,
reporting $1.87 billion in fiscal year 2000 and $2 billion in fiscal 
year 2001. HUD has taken actions to identify the risks associated with 
these programs and is working to refine the procedures currently used 
to obtain more useful information. HUD has not, however, done risk 
assessments in other disbursement areas. 

A thorough risk assessment allows organizations to target high-risk 
areas, focusing limited resources where the greatest exposure exists. 
The Illinois Department of Public Aid (IDPA), for instance, found that 
it had a payment accuracy rate of 95 percent. Its payment accuracy 
review identified errors and their causes that allowed IDPA to focus 
its attention on the 5 percent of inaccurate payments. In doing so, it 
discovered that of the $37.2 million spent for nonemergency 
transportation services, $11.55 million, or 31 percent, was estimated 
to be in error. This discovery led to a series of actions to address 
this problem. 

Government agencies in other countries have also used payment accuracy 
reviews to identify high-risk areas. For instance, the United Kingdom's 
DPW uses the results of rolling program reviews to determine levels of 
fraud and error in its Income Support and Jobseeker's Allowance benefit 
programs. These reviews quantify the amount of fraud and error 
affecting benefit claims and are used to target areas for prevention 
and detection. 

Participants in our study used the following strategies successfully to 
assess risk and determine the nature and extent of improper payments. 
We believe that federal agencies should also consider these strategies 
to address improper payments. 

* Institute a systematic process to estimate the level of improper 
payments being made by the organization. 

* Based on this process, determine where risks exist, what those risks 
are, and the potential or actual effect of those risks on program 
operations. 

* Use the results of the risk assessment to target high-risk areas and 
focus resources where the greatest exposure exists. 

* Reassess risks on a recurring basis to evaluate the effect of changing
conditions, both external and internal, on program operations. 

Assessing risk allows an organization to set goals and target its 
efforts to reduce improper payments. Having developed such a framework, 
an organization can then proceed to determine which control activities 
to implement to reduce risks and, ultimately, fraud and errors. 

Control Activities: Taking Action to Address Identified Risk Areas: 

Control activities are the policies, procedures, techniques, and 
mechanisms that are designed to help ensure that management's decisions 
and plans are carried out. Once an organization has identified and 
quantified the risks in its operations, and management has set a goal 
for reducing the risks, the organization must take action to achieve 
that goal. Control activities used by organizations to address improper 
payments vary depending on risks faced; objectives; managerial 
judgment; size and complexity of the organization; the operational 
environment; sensitivity of data; and requirements for system 
reliability, availability, and performance. Control activities can 
include both prepayment and post payment mechanisms. 

Given the large volume of federal payments, it is generally more 
efficient to prevent improper payments rather than attempt to recover 
overpayments that have already been made. Recognizing, however, that 
some overpayments are inevitable, agencies should adopt effective 
detection techniques to identify and recover them. These techniques can 
range from sophisticated computer analyses of program data to post 
award contract audits and are dictated by the type of payment activity 
that presents the most risk in a particular organization. They include 
the following: 

* data sharing, which allows organizations to compare information from
different sources to help ensure that payments are appropriate; 

* data mining, which analyzes data for relationships that were 
previously unknown; 

* neural networking, which analyzes associations and patterns among data
elements; 

* recovery auditing, which is the practice of identifying and recovering
overpayments using payment file information; 

* contract audits, which verify that payments are being made in 
accordance with contract terms and applicable regulations, and; 

* prepayment investigations, in which contradictory information is 
investigated before payment is made. 

Data sharing, data mining, and neural networking techniques are 
powerful internal control tools that provide useful, timely access to 
information. Using these techniques can provide potentially significant 
savings by identifying reporting errors and misinformation before 
payments are made or by detecting improper payments already made. 
However, more extensive use of personal information in an evolving 
technological environment raises new questions about privacy and how it 
should be protected. In the federal arena, these techniques must be
implemented consistent with the protections of the Privacy Act of 1974, 
as amended by the Computer Matching and Privacy Protection Act of 1988, 
and other privacy statutes. 

These techniques are an example of the types of activities that our 
study participants found useful. For example, in 1995, the United 
Kingdom formalized data matching between government organizations. It 
reported that through March of 2000, it had saved about $450 million 
dollars. Further, from April 1999 through March 2000, data matches 
identified 217,000 inconsistencies for investigation, resulting in 
another $53 million in benefit savings. In the United States, SSA 
shares information with federal agencies through more than 15 data 
matches to prevent and detect fraud. SSA estimates that it saves 
approximately $1.5 billion each year for other agencies through data 
these data matches. In its own programs, SSA estimates that it saves 
$350 million annually for Old Age and Survivors Insurance and 
Disability Insurance and $325 million annually for Supplemental 
Security Income through the use of data matching. 

While data matching or sharing gives an organization the means to 
compare data from different sources, data mining offers a tool to 
review and analyze diverse data. The IDPA, for instance, had identified 
one of its risk areas as health care providers who were billing in 
excess of 24 hours in a single day. Using its data mining capability, 
the Illinois OIG identified 18 providers who had billed in excess of 24 
hours for at least 1 day during a 6-month period. A number of these 
providers were already under investigation for other program 
violations. As a result of this analysis, the OIG planned to refer 
serious cases to law enforcement agencies and take administrative 
action against less serious violators. Neural networking analyzes 
associations and patterns among data elements, allowing an organization 
to find relationships that can result in new queries. In Texas, models 
used with neural networking technology identified fraudulent patterns 
from large volumes of medical claims and patient and provider history
data. Such models can help identify perpetrators of both known and 
unknown fraud schemes by analyzing utilization trends, patterns, and 
complex interrelationships in the data. The state currently has models 
for physicians and dentists and plans to initiate a model for 
pharmacies. 

Recovery auditing, which came into use about 30 years ago, has a long-
standing record in the private sector, and more recently, in the 
federal government. [Footnote 22] More extensive use of recovery 
auditing could offer federal agencies an opportunity to prevent and 
detect improper payments. One private sector company that participated 
in our study contracted with a recovery audit firm to review its 
accounts payable files. The company's own systems had found no errors 
in these files, yet the review resulted in the recovery of $8 million 
in improper payments. Subsequently, the company began to use recovery 
auditing techniques on accounts payable information to prevent improper 
payments, through such things as identifying potential duplicate 
payments. During our visit, this system identified and avoided a 
duplicate payment of $136,000 from the reports generated by the 
recovery audit software. In addition, as a result of using recovery 
auditing before payments are made, the company identified and stopped
the processing of $41 million in duplicative wire payments. The 
particular software this company uses also identifies the employees 
making the errors so that they can be trained appropriately. 

The organizations that participated in our study used the following 
strategies successfully to identify and address risks. We believe these 
same strategies could be used successfully by federal agencies. 

* Based on an analysis of the specific risks facing the organization, 
and taking into consideration the nature of the organization and the 
environment in which it operates, determine which types of control 
activities would be most effective in addressing the identified risks. 

* Where in-house expertise is not available, investigate the 
possibility of contracting activities out to firms that specialize in 
specific areas, such as recovery auditing and neural networking. 

* Perform cost-benefit analyses of potential control activities before
implementation to help ensure that the cost is not greater than the 
potential benefit. 

* Ensure that personnel involved in developing, maintaining, and
implementing control activities have the requisite skills and knowledge,
recognizing that staff expertise needs to be frequently updated in 
evolving areas such as information technology and fraud investigation. 

* Recognize and consider the importance of privacy and information 
security issues when developing and implementing control activities. 

An agency's internal control activities should be flexible, weigh costs 
and benefits, and be tailored to an agency's needs. Once control 
activities are in place, the internal control cycle continues with the 
prompt communication of information that managers need to help them 
carry out these activities and run their operations efficiently and 
effectively. 

Information and Communications: Using and Sharing Knowledge to Manage 
Improper Payments: 

Those responsible for managing and controlling program operations need
relevant, reliable, and timely financial and nonfinancial information 
to make operating decisions, monitor performance, and allocate 
resources. This information can be obtained through a variety of 
sources using a wide range of data collection methodologies. The 
organizations that participated in our study used internal and external 
sources to obtain the information they needed. Further, these sources 
varied widely, from multiple computer databases to periodic meetings. 

The need for information and communication also extends beyond 
organizational boundaries. Many of the governmental programs with 
improper payments are benefit programs that involve recipients and 
providers of services. Organizations in our study developed educational 
programs to assist these participants in understanding eligibility and 
other requirements, and for service providers, information on issues 
including common claim filing errors. 

For instance, in 1997 Texas implemented several initiatives to educate 
new medical providers before they enroll in the Texas Medicaid program. 
Each new provider receives a hand-delivered package with information on 
claim filing, helpful tips, and instructions on how to use the 
automated phone system for inquiries. Three months after the provider 
is enrolled, a field representative from Medicaid evaluates a sample of 
the provider's claims and revisits the provider to answer questions and 
discuss any problems noted in the claims sample. 

In another example, Australia's Health Insurance Commission (HIC)
implemented a feedback program to provide medical practitioners with 
regular information about their own benefit authorization, patient 
demographics, and comparative statistical information showing services 
rendered and the dollar value of benefits paid. All 32,000 
practitioners receive correspondence once a year from HIC. While at 
first most practitioners did not realize that HIC was able to 
accumulate and analyze this information, the program has now become an
effective deterrent to wrongdoing as well as a desired source of 
information to medical providers. Some practitioners have asked for 
additional information or statistics prior to the annual feedback 
report. HIC has since established an on-line feedback and statistics 
site for general practitioners, 2,100 of whom accessed their reports 
online in 1999. 

Coordination and cooperation with local law enforcement and other 
sources outside an agency can also establish an infrastructure 
conducive to preventing and detecting fraud. The IDPA OIG established a 
Fraud and Abuse Executive (FAE) whose objective is to be a conduit 
among internal and external parties for all fraud issues. As a result 
of cooperation between the Illinois State Police, one bank, and the 
FAE, thousands of dollars in fraudulent payments were stopped and a 
number of perpetrators were arrested. 

Organizations that participated in our study used the following 
strategies to help them effectively use and share knowledge to manage 
improper payments. These strategies could also be used by federal 
agencies. 

* Determine what information is needed by managers to meet and support
initiatives aimed at reducing improper payments. 

* Ensure that necessary information provided to managers is accurate and
timely. 

* Provide managers with timely feedback on applicable performance 
measures so they can use the information to manage their programs 
effectively. 

* Develop educational programs to assist program participants in
understanding program requirements. 

* Ensure that there are adequate means of communicating with, and 
obtaining information from, external stakeholders that may have a 
significant effect on improper payment initiatives. 

* Develop working relationships with other organization to share 
information and pursue potential instances of fraud or other 
wrongdoing. 

Communications are effective when information flows up, down, and 
across an organization. In addition to internal communications, 
management should ensure that there are adequate means to give and 
obtain information from external parties who could have an effect on 
the agency's goals. Moreover, effective information technology 
management is critical. Managers need operational and financial data
to monitor whether they are meeting their agency's goals with 
appropriate resources. 

Monitoring: Tracking the Success of Improvement Initiatives: 

Monitoring focuses on assessing the quality of an organization's 
performance over time and on promptly resolving problems identified 
either through separate program evaluations or audits. Evaluation of an 
organization's programs and its successes in meeting its established 
goals and in identifying additional actions is an integral element of 
performance measurement and continued improvement in operations. Once 
an organization has identified its risks related to improper payments 
and undertaken activities to reduce these risks through internal 
controls, monitoring performance allows the organization to gauge how 
well its efforts are working. 

When Illinois had assessed the risk of improper payments in its Medicaid
program, based on the results, it implemented initiatives to improve 
payment accuracy. To monitor the effect of the new initiatives, the 
state uses random claims sampling to test the accuracy of payments. The 
goal of the project, which reviews 1,800 claims per year, is to ensure 
that every paid claim faces an equal chance of random review. This 
approach not only provides periodic estimates of payment accuracy rates 
but helps deter future erroneous and fraudulent billings. 

Performance measures are key to monitoring progress in addressing 
improper payments. The government of New Zealand, for instance, 
requires audited statements of objectives and service performance to be 
included along with financial statements. These statements include 
performance measures related to improper payments. Work and Income New 
Zealand (WINZ), a government agency that provides income support and 
employment assistance to eligible people, has established performance 
measures for entitlement accuracy, services to reduce benefit crime, 
and debt management. WINZ's financial statements are the main 
accountability reports used by Parliament to monitor the agency's
performance. In addition, Parliament uses the audited information to 
make informed decisions on resource allocation, and through a 
monitoring body, to hold the entity's chief executive officer 
responsible if performance standards are not met. 

Participants in our study used the following strategies successfully to 
track the success of improvement initiatives. We believe the strategies 
would be effective for federal agencies as well. 

* Establish agency-specific goals and measures for reducing improper
payments. 

* Using baseline information for comparison, periodically monitor the 
progress in achieving the established performance measures. 

* Make the results of performance reviews widely available to permit
independent evaluations of the success of efforts to reduce improper
payments. 

* Ensure timely resolution of problems identified by audits and other 
reviews. 

* Adjust control activities, as necessary, based on the results of 
monitoring activities. 

Organizations should monitor the control activities they use to address 
improper payments continuously, ingraining them in their operations. 
This kind of ongoing monitoring enables organizations to measure how 
well they are doing, track performance measures, and adjust control 
activities based on the results. Monitoring should also include 
policies and procedures for communicating review results to appropriate 
individuals in the organization so any problems can be resolved. 

Conclusions: 

In closing, Mr. Chairman, I want to emphasize that high levels of 
improper payments need not and should not be an accepted cost of 
running federal programs. The organizations that participated in our 
study found that they could effectively and efficiently manage improper 
payments by (1) changing their organization's control environments or 
cultures, (2) performing risk assessments, (3) implementing activities 
to reduce fraud and errors, (4) providing relevant, reliable and timely 
information and communication to management on results and (5) 
monitoring performance over time. While HUD, Education, and other 
agencies have taken some steps in these areas, effectively addressing 
improper payments requires a comprehensive strategy that permeates the 
entire organization. 

Implementing such a comprehensive strategy at federal agencies will not 
be easy or quick. It will require continued strong support from the 
President, the Congress, top-level administration appointees, and 
agency officials. The effort must include a willingness to dedicate 
personnel and money to implement the changes. This could involve 
performing needs assessments and hiring individuals with the necessary 
skills and knowledge to turn planned actions into reality. In addition, 
many actions that proved successful for organizations in our study
involved computer assisted analyses of data. Implementing some of these
practices could involve funding for computer software or hardware, and 
additional staff or training. 

In addition, it is important that the results of actions taken to 
address improper payments be openly communicated not only to the 
Congress and agency management, but to the public. This transparency 
demonstrates the importance that government places on the need for 
change at the same time it openly communicates performance results. It 
also acts as an incentive for agencies to be ever vigilant in their 
efforts to address wasteful spending that results from weak controls 
that lead to improper payments. 

Mr. Chairman, this concludes my statement. I would be happy to answer 
any questions you or other Members of the Subcommittee may have. 

Contact and Acknowledgments: 

For information about this statement, please contact Linda Calbom, 
Director, Financial Management and Assurance, at (202) 512-9508 or at 
calboml@gao.gov. Individuals making key contributions to this statement 
include Dan Blair, Don Campbell, Lisa Crye, Anh Dang, Bonnie Derby, 
Kelly Lehr, Carla Lewis, Sharon Loftin, Irving McMasters, Diane Morris, 
Andy O'Connell, Russell Rowe, Ruth Walk, Brooke Whittaker, and Doris 
Yanger. 

[End of section] 

Footnotes: 

[1] U.S. General Accounting Office, Financial Management: Internal 
Control Weaknesses Leave Department of Education Vulnerable to Improper 
Payments, GAO-01-585T (Washington, D.C.: Apr 3, 2001); Financial 
Management: Poor Internal Control Exposes Department of Education to 
Improper Payments, GAO-01-997T (Washington, D.C.: July 24, 2001); and 
Education Financial Management: Weak Internal Controls Led to Instances 
of Fraud and Other Improper Payments, GAO-02-406, (Washington, D.C.: 
Mar 28, 2002). 

[2] U.S. General Accounting Office, Strategies to Manage Improper 
Payments: Learning from Public and Private Sector Organizations, GAO-02-
69G (Washington, D.C.: October 2001). 

[3] Because of the similarity of the Office of Management and Budgetís 
definition of erroneous payments to our definition of improper 
payments, we consider the terms synonymous. 

[4] U.S. General Accounting Office, Major Management Challenges and 
Program Risks, Department of Housing and Urban Development, GAO-01-248 
(Washington, D.C.: January 2001); Major Management Challenges and 
Program Risks, Department of Education GAO-01-245 (Washington, D.C.: 
January 2001); and High-Risk Series: An Update, GAO-01-263, 
(Washington, D.C.: January 2001). 

[5] U.S. General Accounting Office, Purchase Cards: Control Weaknesses 
Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-01-995T 
(Washington, D.C.: July 30, 2001); Purchase Cards: Control Weaknesses 
Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-02-32 
(Washington, D.C.: Nov 30, 2001); Purchase Cards: Continued Control 
Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse, GAO-02-
506T (Washington, D.C.: Mar 13, 2002); and Government Purchase Cards: 
Control Weaknesses Expose Agencies to Fraud and Abuse, GAO-02-676T 
(Washington, D.C.: May 1, 2002). 

[6] We did not focus on HUDís rental housing assistance program because 
HUD is estimating improper payments for the program, and the HUD OIG 
and GAO have performed extensive work in that area. 

[7] Our testimony today generally will not address third party drafts, 
since Education eliminated that payment process in fiscal year 2001. 
However, we will discus the results of our inventory of computers and 
computer equipment purchased with third party drafts. 

[8] Data mining for improper payments involves using computer-aided 
auditing techniques to identify hidden patterns and relationships in 
data that are indicators of unusual transactions, which may be
improper payments. 

[9] Due to separate congressional requests, the period of our review at 
Education differed from that for HUD. 

[10] Standards for Internal Control in the Federal Government (GAO/AIMD-
00-21.3.1), which was prepared to fulfill our statutory requirement the 
Federal Managersí Financial Integrity Act, provides an overall 
framework for establishing and maintaining internal control and for 
identifying and addressing major management challenges and areas at 
greatest risk of fraud, waste, abuse, and mismanagement. 

[11] Based on our testing, we estimate that $4,678,689 (plus or minus 
$678,806) of the total $10 million in purchase card transactions made 
during fiscal year 2001 lacked adequate supporting documentation. Our 
estimate is based on a 95 percent confidence level and a tolerable 
error rate of $1,059,046 (10 percent of the population total of 
$10,590,461). 

[12] Department of Housing and Urban Development Office of Inspector 
General, Commercial Credit Card Program, 99-DP-166-0001 (Washington, 
D.C.: Feb 1, 1999). 

[13] The Government Employees Training Act, 5 U.S.C. 4103 and 4107, 
requires that training be related to an employee's job and prohibits 
expenditures to obtain a college degree unless necessitated by 
retention or recruitment needs, which was not the case here. 

[14] These additional estimated charges were identified by an Education 
official. Under 31 U.S.C. 1345, appropriated funds may not be used to 
pay the costs of non-federal individuals to attend meetings unless 
otherwise specifically authorized by law. 5 U.S.C. 5703 allows the 
federal government to pay the costs of non-federal individuals to 
attend meetings if the attendees are providing direct services to the
government. Education could not provide us with evidence that this was 
the case. 

[15] U.S. General Accounting Office, Financial Management: Poor 
Internal Control Exposes Department of Education to Improper Payments, 
GAO-01-997T (Washington, D. C.: July 24, 2001). 

[16] A Pell Grant is a form of financial aid that is awarded to 
undergraduate students who have not earned bachelor's or professional 
degrees, and who are enrolled in degree or certificate programs. 

[17] U.S. General Accounting Office, Student Financial Aid Programs: 
Pell Grant Program Abuse, GAO/T-OSI-94-8 (Washington, D.C.: Oct 27, 
1993). 

[18] U.S. General Accounting Office, HUD Management: HUDís High-Risk 
Program Areas and Management Challenges, GAO-02-869T (Washington, D.C.: 
July 24, 2002). 

[19] In addition, HUD and the Massachusetts Housing Finance Agency have 
an agreement for the disposition and interim management of select HUD-
owned multifamily properties in Boston. This pilot project was not 
implemented for other state housing agencies. 

[20] U.S. General Accounting Office, Financial Management: Coordinated 
Approach Needed to Address the Governmentís Improper Payments Problems, 
GAO-02-749 (Washington, D.C.: Aug 9, 2002). 

[21] The Health Care Financing Administration was renamed the Centers 
for Medicare and Medicaid Services in July 2002. 

[22] Section 831 of Pub.L. 107-107 requires executive agencies that 
enter into contracts totaling greater than $500 million in a fiscal 
year to have a program for recovering any amounts erroneously paid to
contractors, including the use of recovery audits. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, JarmonG@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Jeff Nelligan, Managing Director, AndersonP1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: