This is the accessible text file for GAO report number GAO-08-819R 
entitled 'Improper Payments: Responses to Posthearing Questions Related 
to Status of Agencies' Efforts to Address Improper Payment and Recovery 
Auditing Requirements' which was released on June 20, 2008.

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

GAO-08-819R: 

United States Government Accountability Office: 
Washington, DC 20548: 

June 20, 2008: 

The Honorable Tom Carper:
Chairman:
Subcommittee on Federal Financial Management, Government Information, 
Federal Services, and International Security: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

Subject: Improper Payments: Responses to Posthearing Questions Related 
to Status of Agencies' Efforts to Address Improper Payment and Recovery 
Auditing Requirements: 

Dear Mr. Chairman: 

On January 31, 2008, we testified[Footnote 1] before your subcommittee 
at a hearing entitled, "Eliminating Agency Payment Errors." At the 
hearing, we discussed federal agencies' progress in addressing key 
requirements of the Improper Payments Information Act of 2002 (IPIA) 
[Footnote 2] and Section 831 of the National Defense Authorization Act 
for Fiscal Year 2002, commonly known as the Recovery Auditing Act. 
[Footnote 3] Our review and testimony focused on (1) progress made in 
agencies' implementation and reporting under IPIA for fiscal year 2007, 
(2) remaining challenges with IPIA implementation, and (3) agencies' 
efforts to report recovery auditing information. 

This report responds to your March 13, 2008, request to provide answers 
to follow-up questions relating to our January 31, 2008, testimony. The 
responses are based on work associated with our previously issued 
products (see the Related GAO Products list at the end of this report) 
and data reported in agencies' performance and accountability reports 
(PAR). Your questions, along with our responses, follow: 

1. I understand that it is often very difficult to address improper 
payments problems in programs such as TANF that involve grants to 
states and localities. The Single Audit Act, as you know, is the tool 
that the federal government uses to ensure program integrity in these 
types of programs. What kinds of changes should be made to the Single 
Audit Act, which already requires recipients to have proper systems of 
internal control to ensure front-end compliance with Federal 
requirements that would assist in identification and reduction of 
improper payments? 

To date, we have not performed an analysis to determine whether any 
changes should be made to the Single Audit Act[Footnote 4] to 
specifically assist in the identification and reduction of improper 
payments for state-administered federal programs. However, preventing, 
identifying, and reporting improper payments are primarily management's 
responsibility. Awardees, such as states, also have a fundamental 
responsibility to ensure the proper administration of federal awards by 
using sound management practices and maintaining internal controls. 
That said, we support efforts to assess how the single audits can be 
leveraged to help achieve successful implementation of IPIA. We have 
testified before your subcommittee and reported on issues related to 
improving single audit quality; initiatives that several states have 
used to estimate improper payments for state-administered programs, 
including the Temporary Assistance For Needy Families (TANF) program; 
and the Office of Management and Budget's (OMB) guidance for state- 
administered programs to conduct risk assessments.[Footnote 5] 

In December 2007,[Footnote 6] we reported that the current design of 
the single audit is not intended to provide sufficient information for 
assessing and reporting on improper payments. There is currently no 
direct link between the assessment of programs' susceptibility to 
improper payments under IPIA and the level and scope of work performed 
in a single audit. For instance, the approach for determining which 
major federal programs to audit for compliance under a grantee's single 
audit focuses heavily on programs with the largest dollar amounts in a 
grantee's portfolio without concurrently considering the extent to 
which programs are susceptible to improper payments. Consequently, the 
current design of the single audit process and the related audit 
results are generally not effective tools for identifying susceptible 
programs' improper payments and systematically estimating the extent of 
improper payments for those programs. They can, however, provide 
managers added perspective on the nature and extent of risk for 
improper payments. 

Similarly, OMB testified[Footnote 7] before your subcommittee that it 
is exploring longer-term reforms to the single audit process that will 
help achieve successful results in the implementation of IPIA. OMB 
plans to evaluate how single audits can be expanded beyond federal 
program compliance to assess the risk of improper payments and extent 
to which improper payments are systemic throughout a program. OMB 
further reported that if the single audit can be leveraged in this 
manner, federal agencies will have an important tool for obtaining cost-
effective IPIA error measurements. In addition, because single audits 
test internal controls, OMB believes that this change would provide 
greater insight on corrective action that will have a broader impact on 
program integrity and thus have a higher return on investment. Finally, 
the Association of Government Accountants (AGA) has established a 
partnership project for leveraging single audits to help meet the goals 
of IPIA while improving the usefulness of both acts to improve program 
integrity and reduce improper payments. This work group includes 
subject matter experts from GAO, OMB, and others, who will identify and 
prioritize issues and potential solutions to enhance IPIA and Single 
Audit Act implementation. 

2. The FY 2007 Audit Report on the Consolidated Financial Statement 
indicates that the Federal government's inability to determine the 
extent to which improper payments occur is one of the major government- 
wide material weaknesses that led to GAO's adverse opinion on internal 
control. Did this compliance issue translate to reportable conditions 
or limitations in opinions on financial statements at the individual 
departments? It seems that the magnitude of the improper payments 
numbers we are seeing in programs could be exceeding materiality to 
these accounts. Are CFO Act financial statement internal control and 
substantive audit tests of disbursements as stringent as they need to 
be? 

The federal government's inability to determine the extent to which 
improper payments occur has not directly contributed to the audit 
opinion on an individual agency's financial statements. The primary 
purpose of a financial statement audit is to provide reasonable 
assurance through an opinion (or disclaim an opinion) about whether an 
entity's financial statements are presented fairly in all material 
respects in conformity with generally accepted accounting principles 
(GAAP). The existence of improper payments does not directly affect the 
auditor's opinion on financial statements. 

However, several auditors' reports on internal controls for specific 
agencies identified either material weaknesses, significant 
deficiencies, or both,[Footnote 8] which increase the risk of making 
improper payments. For example, in the Department of Health and Human 
Services's (HHS) fiscal year 2007 report on internal control, the 
agency auditor identified several material weaknesses--including one 
related to HHS's Medicare claims processing controls--that could 
increase HHS's vulnerability to improper payments. The auditor reported 
(1) that a significant number of contractor employees had the ability 
to directly change claims without a comprehensive review, (2) 
weaknesses in controls over edit settings in application systems, (3) a 
lack of controls with respect to software supplementing HHS application 
systems used to process Medicare claims, and (4) a lack of oversight of 
contractor compliance with internal control requirements. 

On a governmentwide level, since 2000, our audit report of the U.S. 
government's consolidated financial statements has stated that the 
material weakness related to the government's inability to determine 
the full extent to which improper payments occur has contributed to our 
adverse opinion on internal control. For fiscal year 2007, we 
reported[Footnote 9] that major challenges remain in meeting the goals 
of IPIA, including: 

* several agencies' noncompliance with IPIA as reported by agencies' 
auditors; 

* risk assessments not performed for all programs and activities or not 
performed annually; 

* not reporting improper payment estimates for risk-susceptible 
programs, and: 

* major management challenges and internal control weaknesses that 
continue to plague agency operations and programs susceptible to 
significant improper payments. 

Regarding whether financial statement internal control and substantive 
audit tests of disbursements are sufficiently stringent, as you are 
aware, we have disclaimed an opinion on the U.S. government's 
consolidated financial statements for the past 11 years. Because we 
issued a disclaimer of opinion on the federal government's fiscal year 
2007 financial audit, our audit approach focused primarily on 
determining the current status of the material weaknesses that 
contributed to our disclaimer of opinion. Accordingly, we are not in a 
position to determine whether or not these audit tests could be more 
stringent. However, the Department of Defense (DOD) and certain other 
federal agencies reported continued weaknesses in reconciling 
disbursement activity, which contributed to our disclaimer of opinion. 
When the time comes that we may be able to render an opinion on the 
consolidated governmentwide financial statements, we expect to perform 
more extensive reviews of the agency auditors' work. 

3. The expansion of government-wide systems for third party data 
matches across government programs sounds like an important program 
integrity improvement and potential cost savings initiative. How can we 
ensure that all agencies across government are pursuing automated data 
checks across agencies and programs whose data they are reliant upon 
wherever this makes sense? How can we provide access to necessary data 
across government to improve program integrity over payments without 
requiring new authority on a case by case basis? 

When effectively implemented, data sharing[Footnote 10] can be 
particularly useful in confirming initial or continuing eligibility of 
participants in benefit programs and in identifying improper payments 
that have already been made. For example, for the Department of Labor's 
Unemployment Insurance Program, states are coordinating with HHS to use 
the National Directory of New Hires database.[Footnote 11] The Office 
of Personnel Management also has data matching programs with the 
Departments of Defense, Labor, and Veterans Affairs, and with the 
Social Security Administration to verify recipient eligibility for its 
retirement program. 

Prior to identifying any steps needed to improve data sharing 
capabilities across government, it would be important to determine the 
extent to which agencies are participating in data sharing activities, 
and additional data sharing efforts that agencies are currently 
pursuing--or would like to pursue--to reduce improper payments. Equally 
important is the identification of barriers agencies face that limit 
the type of information that can be shared among agencies to verify 
data provided by applicants for government programs or benefits or to 
make eligibility decisions. 

As you know, these barriers can take different forms such as 
legislative prohibitions, institutional issues, and resource 
constraints. As required by the Privacy Act of 1974, as amended by the 
Computer Matching and Privacy Protection Act of 1988,[Footnote 12] 
agencies' data integrity boards are to report data matching activity to 
the agency head and OMB annually. Appendix I of OMB Circular No. A-130, 
Federal Agency Responsibilities for Maintaining Records About 
Individuals, lays out what the agency is to include in its report. 
Among the information required to be reported is a list of every 
matching program, by title and purpose, in which the agency 
participated during the reporting year. This list is to show names of 
participant agencies, give a brief description of the program, and give 
a page citation and the date of the Federal Register notice describing 
the data matching programs. 

In some cases, administrative changes may be a viable solution for 
addressing existing limitations on how and for what purpose data may be 
shared and used. For example, the Department of Education (Education) 
reported that the ability to perform data matching between Federal 
Student Aid applications and tax return data would substantially reduce 
improper payments in the Pell Grant program, as the large majority of 
errors are the result of misreporting of income and related data 
fields. However, according to OMB, Section 6103(c) of the Internal 
Revenue Code, concerning confidentiality of tax return information, 
precludes data matching with regard to grants by Education. Through 
administrative changes related to data sharing agreements, Education 
and the Internal Revenue Service intend to implement a process to 
verify students' (and their parents') income, tax, and certain 
household information appearing on their tax return as part of the 
application for federal student aid, in the absence of legislative 
authority. 

However, it is also important that any agency administrative actions in 
this area provide appropriate consideration to the importance of 
privacy and information security issues. Data sharing activities in 
federal agencies must be implemented consistent with all protections of 
the Privacy Act of 1974, as amended. Additionally, agencies must have 
adequate internal controls in place to ensure that employees do not 
misuse the data to which they have access. 

4. The role of the certifying officers at disbursing agencies provides 
the last line of defense in preventing many improper payments. Under 
Treasury regulation, certifying officers at disbursing agencies must 
certify that payments are legal, proper, and correct at disbursement. 
Are these personnel provided the necessary tools to perform their jobs 
including proper training and authority? Are they ever pressured to 
release questionable payments to maintain productivity levels and thus 
sacrificing quality for quantity due to competing agency demands? What 
can Congress and OMB do to strengthen their role across government? 

As you pointed out in this question, certifying officers play a 
significant role in the accountability for public funds. A certifying 
officer is a government officer or employee whose job is or includes 
certifying vouchers, including voucher: 

schedules or invoices used as vouchers, for payment by disbursing 
officers.[Footnote 13] By federal law, certifying officers are 
responsible for (1) the correctness of the facts in the certificate, 
voucher, and supporting documentation; (2) the correctness of 
computations on the voucher; and (3) the legality of a proposed payment 
under the appropriation or fund involved.[Footnote 14] The law also 
provides that a certifying officer is personally, financially 
accountable for the amount of any "illegal, improper, or incorrect" 
payment resulting from his or her inaccurate or misleading 
certification, as well as for any payment prohibited by law or which 
does not represent a legal obligation of the appropriation or fund 
involved. 

The function of certification, as evidenced by the potential for 
personal pecuniary (financial) liability, is not perfunctory, but 
involves a high degree of responsibility. For that reason, a certifying 
officer who may have questions about a voucher is provided an 
opportunity to request a legal decision from GAO in advance of 
certifying the voucher.[Footnote 15] A critical tool that certifying 
officers have to carry out this responsibility is the power to 
question, and refuse certification of, payments that may be 
improper.[Footnote 16] A certifying officer found to have certified a 
voucher improperly may ask GAO for relief of liability, and GAO may 
grant that request when applicable criteria are met.[Footnote 17] 
Executive branch agencies are responsible for enforcing the liabilities 
of their certifying officers. 

We are not aware of any reported instances of certifying officers being 
pressured to release questionable payments to maintain productivity 
levels or sacrificing quality for quantity due to competing agency 
demands; however, we have not performed work designed to identify any 
such instances. Any certifying officer who may feel pressured to 
certify a questionable payment may wish to take advantage of the right 
to request a decision from GAO. 

Certifying officers have at their disposal general guidance and 
training to aid them in carrying out their duties, including title 7 of 
GAO's Policies and Procedures Manual for Guidance of Federal Agencies 
[Footnote 18] and GAO's Principles of Federal Appropriations Law, 
[Footnote 19] as well as the body of appropriations law decisions and 
opinions issued by GAO. In addition, Treasury publishes a desk 
reference[Footnote 20] for certifying officers as a supplement to 
chapter 4-1000 of its Treasury Financial Manual as well as manuals for 
certifying officers to use when certifying payments in Treasury's 
automated systems. GAO, Treasury, and others also offer training 
courses related to the responsibilities of certifying officers. 

In the past, certifying officers reviewed all payments they certified. 
Today, however, because of the volume of transactions, the geographic 
dispersion of activities, and the emphasis on prompt payment, 
certifying officers must rely on the systems, internal controls, and 
personnel that process the transactions. As a result, payment process 
oversight has generally shifted from individual transaction reviews to 
reviews of internal control over automated systems that process the 
transactions. 

The present-day use of automated payment systems does not alter the 
basic concepts of accountability for certifying officers, and the 
reasonableness of a certifying officer's reliance on an automated 
payment system to produce legal and accurate payments is a factor that 
GAO considers when addressing the officer's liability for illegal or 
improper payments. Certifying officers should be provided with 
information showing that the system on which they rely is functioning 
properly, and reviews should be made at least annually to determine 
that the automated system is operating effectively and can be relied 
upon to make accurate and legal payments.[Footnote 21] DOD recently 
obtained statutory authority to extend personal financial liability to 
additional departmental officers or employees who provide "information, 
data, or services that are directly relied upon by the certifying 
official in the certification of vouchers for payment."[Footnote 22] 

Currently, there are no reporting requirements for agencies to 
periodically provide information on the performance of certifying 
officers. The OMB guidance on annual reporting of estimated improper 
payments requires that agencies report in their performance and 
accountability reports on steps taken to hold managers accountable for 
reducing and recovering improper payments. In November 2006,[Footnote 
23] we reported that the extent and level of detail in these reports 
varied. We also recommended that OMB expand its implementing guidance 
to describe in greater detail the factors agencies should use when 
reporting improper payments in the PAR, including baseline information 
on, among other things, manager accountability. OMB agreed with our 
recommendation and stated that it lists the requirements for agency PAR 
IPIA reporting in OMB Circular No. A-136, Financial Reporting 
Requirements. However, we found that the current OMB Circular No. A-136 
(as of June 2008) remained unchanged and did not address our 
recommendation. 

We have not performed recent work[Footnote 24] that would permit us to 
make recommendations on strengthening the role of certifying officers 
across government or to opine on whether certifying officers are 
provided the necessary tools, such as training, authority, or 
information on the reliability of agencies' payment systems, to perform 
their jobs. 

5. In your analysis, is agency management doing enough to hold people 
accountable for program integrity? Is success in setting improper 
payments reduction targets and meeting those targets a factor in 
managers' performance evaluations or pay and bonus determinations? 
Should we have government-wide performance standards for proper payment 
goals and expectations? Are agencies being aggressive enough with their 
reduction targets? 

Our review of agencies' fiscal year 2007 IPIA reporting did not include 
an in-depth analysis of the steps an agency has taken or plans to take 
to ensure manager accountability for reducing improper payments, set 
governmentwide performance standards for proper payment goals and 
expectations, or establish agency-reported error rate targets for 
reducing improper payments. However, we can offer some general 
observations based on our PAR reviews and previously reported work. 

As part of agencies' fiscal year 2007 IPIA reporting, eight agencies 
reported that the responsibility for improper payments was included in 
management's performance appraisals, they had established performance 
measures to address this issue, accountability existed through 
legislation governing certifying and disbursing officers, or a 
combination of these actions. However, the agencies did not provide 
specific details on how these responsibilities were addressed in the 
performance appraisals or other measures. Thus, we are unable to 
determine whether success in setting improper payment reduction targets 
and meeting those targets are factors in managers' performance 
evaluations or pay and bonus determinations. Nevertheless, we believe 
that these types of initiatives help to foster a strong control 
environment and are fundamental to creating a culture of accountability 
by establishing a positive and supportive attitude toward improvement 
and the achievement of established program outcomes, including 
protecting taxpayer interests via program integrity. 

We also found that other agencies' reporting on manager accountability 
could be improved. For example, the Departments of Energy and of 
Housing and Urban Development did not report on manager accountability 
as part of their IPIA: 

reporting.[Footnote 25] While another six agencies did include a 
section on manager accountability, their IPIA reporting did not 
specifically describe how agency managers and accountable officers, 
such as agency certifying officers, are held accountable for reducing 
and recovering improper payments.[Footnote 26] Generally, these agency 
descriptions cited one or more of the following initiatives as part of 
their reporting on manager accountability: 

* implementation of OMB Circular No. A-123, including the annual 
assurance statement on internal controls; 

* the President's Management Agenda (PMA) program-specific initiative 
"Eliminating Improper Payments;" 

* financial management certifications; 

* workshops and status meetings held; or: 

* the designation of an official tasked with establishing policies and 
procedures to address the assessment of improper payments risk, actions 
to reduce those payments, and reporting on the results of those 
actions. 

Several existing governmentwide standards, such as legislative 
requirements for proper payments,[Footnote 27] and federal 
standards[Footnote 28] related to internal control, financial 
management systems, and financial and appropriations accounting, assist 
agencies in their efforts to make proper payments and protect federal 
resources. Similarly, our executive guide on strategies to manage 
improper payments[Footnote 29] provides that establishing goals--such 
as proper payment goals--for reducing improper payments is an effective 
strategy for instilling a culture of accountability and ensuring 
effective use of resources. Having additional governmentwide guidance 
to establish and monitor performance against proper payment goals may 
provide congressional and other decision makers supplementary 
information on the effectiveness of agencies' efforts to improve the 
accuracy and integrity of federal payments while carrying out program 
objectives. However, when establishing such goals, agencies should 
apply a cost benefit and risk-based approach to achieve a balance 
between value, risk, and cost. 

Greater use of governmentwide performance standards coupled with 
effective implementation of OMB's Eliminating Improper Payments 
initiative under the President's Management Agenda (PMA)[Footnote 30] 
could further enhance the transparency of the status of actions to 
address the improper payment problem. The objective of the PMA 
initiative for improper payments was to ensure that agency managers are 
held accountable for meeting the goals of IPIA and are therefore 
dedicating the necessary attention and resources to meeting IPIA 
requirements. With this PMA initiative, 15 agencies[Footnote 31] are to 
measure their improper payments annually, develop improvement targets 
and corrective actions, and track the results annually to ensure the 
corrective actions are effective. The scope of the PMA initiative does 
not include 24 agencies included in the scope of our fiscal year 2007 
improper payment review. While we recognize that some of the 24 
agencies did not report improper payment estimates for fiscal year 
2007, 6 of these agencies that are not covered by the Eliminating 
Improper Payments PMA initiative did report improper payment estimates 
totaling about $1.2 billion. The Federal Communications Commission 
makes up the bulk of this total with reported estimates of about $906 
million for fiscal year 2007. As more agencies identify and make 
estimates for their risk-susceptible programs, additional mechanisms, 
such as establishing and measuring performance against governmentwide 
proper payment goals, may provide additional accountability, 
particularly with respect to agencies not covered by the Eliminating 
Improper Payments PMA initiative. 

We are unable to address your question regarding whether agencies are 
being aggressive enough with their improper payment error rate 
reduction targets, because agencies are not required to report on the 
basis or rationale used to establish target rates as part of their IPIA 
reporting. However, we noted that for the 3-year period--fiscal years 
2005 through 2007--agency programs[Footnote 32] generally adjusted 
their expected target rates from year to year to better align with 
actual rates reported from the prior year. Yet, we found one instance, 
at the Social Security Administration, where the agency continued to 
decrease its target error rate for its Supplemental Security Income 
program, even though the actual error rate continued to increase from 
year to year. We also found a few instances of reported target error 
rates that remained unchanged for the entire 3-year period, such as for 
the Department of Defense's Military Health Benefit program and the 
Department of Energy's payment program, or instances where the error 
rates were unchanged for 2 consecutive years, such as for the 
Department of the Treasury's Earned Income Tax Credit program and 
Department of Veterans Affairs' Education programs. 

6. As you know, there has been some debate in this subcommittee about 
whether the reporting threshold in the Improper Payments Information 
Act should be lower. I've actually introduced legislation that would do 
that, among other things. Can you explain for us what you do to ensure 
that programs that are not reporting improper payments are still doing 
all they can to improve program integrity? 

In a March 12, 2008, letter, we provided your subcommittee general 
observations as well as some suggestions on the provisions introduced 
to amend IPIA and recovery auditing requirements under Section 831 of 
the National Defense Authorization Act for Fiscal Year 2002. Our letter 
addressed several key issues, including (1) identification of 
susceptible programs and activities and risk assessments, (2) improper 
payment reporting, (3) recovery auditing, and (4) internal control 
requirements. We pointed out that programs and activities determined 
not to be susceptible to significant improper payments are still 
subject to several complementary statutory requirements, including 
those for grantees to undergo audits, for executive branch agencies to 
issue audited financial reports, and for agency payment certifying 
officers to examine payments and have their accounts administratively 
audited. 

Regarding the reporting threshold used to trigger IPIA reporting, we 
suggested that the term "significant" be defined in a way that reflects 
both the risk to the government and the size variability among programs 
and activities and provided your subcommittee some examples to 
illustrate this point. In addition, we recommended in March 2005, 
[Footnote 33] and reiterated in November 2006,[Footnote 34] that OMB 
require those agencies that did not address the IPIA requirements or 
did not perform risk assessments of all of their programs and 
activities to establish time frames and identify resources needed to 
perform risk assessments and satisfy reporting requirements. 

In addition, since fiscal year 2000, we have issued several reports and 
testimonies aimed at raising the level of attention given to improper 
payments across government. The provisions of IPIA coincide with our 
recommendations that agencies take actions to estimate, reduce, and 
publicly report improper payments, including reporting to Congress, 
OMB, and the agency head on the progress made in achieving improper 
payment reduction targets and future action plans for controlling 
improper payments. Our products have shed light on agencies that were 
not timely in their development and implementation of risk assessments 
and quantification efforts to allow more targeted legislative and 
executive branch oversight. This work complements our periodic audits 
of eligibility and benefit determinations for individual programs. 

From a broader perspective, GAO performs a range of oversight-, 
insight- and foresight-related engagements, a vast majority of which 
are conducted in response to congressional mandates or requests. These 
engagements include evaluations of federal programs and performance, 
financial and management audits, policy analyses, legal opinions, bid 
protest adjudications, and investigations. Collectively, this body of 
work is intended to identify opportunities to enhance agencies' efforts 
to improve program integrity, which would include reducing improper 
payments. 

We are sending a copy of this report to the Director of the Office of 
Management and Budget, and other interested parties. This report is 
also available on GAO's home page at [hyperlink, http://www.gao.gov]. 
Should you have any questions on matters discussed in this report or 
need additional information, please contact me at (202) 512-2600 or by 
e- mail at williamsm1@gao.gov. Contact points for our Offices of 
Congressional Relations and Public Affairs may be found on the last 
page of this report. Major contributors to this report included Kay 
Daly, Acting Director; Carla Lewis, Assistant Director; Abe Dymond, 
Assistant General Counsel; Jason Kirwan; Christina Quattrociocchi; and 
Donell Ries. 

Sincerely yours, 

Signed by: 

McCoy Williams:
Managing Director:
Financial Management and Assurance: 

[End of correspondence] 

Related GAO Products: 

Improper Payments: Status of Agencies' Efforts to Address Improper 
Payment and Recovery Auditing Requirements. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-08-438T]. Washington, D.C.: 
January 31, 2008. 

Improper Payments: Federal Executive Branch Agencies' Fiscal Year 2007 
Improper Payment Estimate Reporting. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-08-377R]. Washington, D.C.: January 23, 2008. 

Responses to Posthearing Questions Related to Improving Single Audit 
Quality. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-318R]. 
Washington, D.C.: Dec. 7, 2007. 

Single Audit Quality: Actions Needed to Address Persistent Audit 
Quality Problems. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-
213T]. Washington, D.C.: Oct. 25, 2007. 

Improper Payments: Agencies' Efforts to Address Improper Payment and 
Recovery Auditing Requirements Continue. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-635T]. Washington, D.C.: March 
29, 2007. 

Improper Payments: Posthearing Responses on a December 5, 2006, Hearing 
to Assess the Improper Payments Information Act of 2002. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-533R]. Washington, D.C.: 
February 27, 2007. 

Improper Payments: Incomplete Reporting under the Improper Payments 
Information Act Masks the Extent of the Problem. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-254T]. Washington, D.C.: 
December 5, 2006. 

Improper Payments: Agencies' Fiscal Year 2005 Reporting under the 
Improper Payments Information Act Remains Incomplete. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-92]. Washington, D.C.: 
November 14, 2006. 

Improper Payments: Posthearing Questions Related to Agencies Meeting 
the Requirements of the Improper Payments Information Act of 2002. 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-1067R]. 
Washington, D.C.: September 6, 2006. 

Improper Payments: Federal and State Coordination Needed to Report 
National Improper Payment Estimates on Federal Programs. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-06-347]. Washington, D.C.: April 
14, 2006. 

Financial Management: Challenges Continue in Meeting Requirements of 
the Improper Payments Information Act. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-06-581T]. Washington, D.C.: April 
5, 2006. 

Financial Management: Challenges Remain in Meeting Requirements of the 
Improper Payments Information Act. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-06-482T]. Washington, D.C.: March 9, 2006. 

Financial Management: Challenges in Meeting Governmentwide Improper 
Payment Requirements. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-
05-907T]. Washington, D.C.: July 20, 2005. 

Financial Management: Challenges in Meeting Requirements of the 
Improper Payments Information Act. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-05-605T]. Washington, D.C.: July 12, 2005. 

Financial Management: Challenges in Meeting Requirements of the 
Improper Payments Information Act. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-05-417]. Washington, D.C.: March 31, 2005. 

Financial Management: Fiscal Year 2003 Performance and Accountability 
Reports Provide Limited Information on Governmentwide Improper 
Payments. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-04-631T]. 
Washington, D.C.: April 15, 2004. 

Financial Management: Status of the Governmentwide Efforts to Address 
Improper Payment Problems. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-04-99]. Washington, D.C.: October 17, 2003. 

[End of section] 

Footnotes: 

[1] GAO, Improper Payments: Status of Agencies' Efforts to Address 
Improper Payment and Recovery Auditing Requirements, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-08-438T] (Washington, D.C.: Jan. 
31, 2008). 

[2] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002). 

[3] National Defense Authorization Act for Fiscal Year 2002, Pub. L. 
No. 107-107, div. A, title VIII,  831, 115 Stat. 1012, 1186 (Dec. 28, 
2001) codified at 31 U.S.C.  3561-3567. 

[4] 31 U.S.C.  7501-7507. Under the Single Audit Act, as amended, and 
implementing guidance, independent auditors audit state and local 
governments and nonprofit organizations that expend federal awards to 
assess, among other things, compliance with laws, regulations, and the 
provisions of contracts or grant agreements material to the entities' 
major federal programs. Organizations are required to have single 
audits if they annually expend $500,000 or more in federal awards. 

[5] GAO, Responses to Posthearing Questions Related to Improving Single 
Audit Quality, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-
318R] (Washington, D.C.: Dec. 7, 2007); GAO, Single Audit Quality: 
Actions Needed to Address Persistent Audit Quality Problems, 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-213T] (Washington, 
D.C.: Oct. 25, 2007); GAO, Improper Payments: Agencies' Efforts to 
Address Improper Payment and Recovery Auditing Requirements Continue, 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-635T] (Washington, 
D.C.: Mar. 29, 2007); and GAO, Improper Payments: Federal and State 
Coordination Needed to Report National Improper Payment Estimates on 
Federal Programs, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-
347] (Washington, D.C.: Apr. 14, 2006). 

[6] [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-318R]. 

[7] OMB, Statement of the Honorable Daniel I. Werfel, Acting 
Controller, Office of Federal Financial Management, Office of 
Management and Budget, before the Senate Subcommittee on Federal 
Financial Management, Government Information, Federal Services, and 
International Security (Oct. 25, 2007). 

[8] A material weakness is a significant deficiency, or combination of 
significant deficiencies, that results in more than a remote likelihood 
that a material misstatement of the financial statements will not be 
prevented or detected. A significant deficiency is a control 
deficiency, or combination of control deficiencies, that adversely 
affects the entity's ability to initiate, authorize, record, process, 
or report financial data reliably in accordance with generally accepted 
accounting principles such that there is more than a remote likelihood 
that a misstatement of the entity's financial statements that is more 
than inconsequential will not be prevented or detected. A control 
deficiency exists when the design or operation of a control does not 
allow management or employees, in the normal course of performing their 
assigned functions, to prevent or detect misstatements on a timely 
basis. 

[9] See our audit report on the audit of the federal government's 
fiscal year 2007 financial statements that was incorporated in the 2007 
Financial Report of the U.S. Government published by the Department of 
the Treasury. 

[10] Data sharing allows entities that make payments--to contractors, 
vendors, participants in benefit programs, and others--to compare 
information from different sources to help ensure that payments are 
appropriate. 

[11] The National Directory of New Hires database, maintained by HHS, 
contains information on all newly hired employees, quarterly wage 
reports for all employees, and unemployment insurance claims 
nationwide. 

[12] 5 U.S.C.  552a(u)(3)(D). 

[13] B-280764, May 4, 2000. Disbursing officers, who generally are 
appointed by the Department of the Treasury for civilian agencies' 
payments and the Department of Defense for its payments, actually make 
the payments and are responsible for examining vouchers to verify their 
propriety and to make payments only on certified vouchers. 31 U.S.C.  
3322, 3325(a). 

[14] 31 U.S.C.  3528. 

[15] 31 U.S.C.  3529. 

[16] In a recent Comptroller General decision, we noted that a 
"critical tool" that certifying officers have to carry out their 
statutory responsibilities is the power to question and refuse 
certification of payments that may be improper (B-307693, Apr. 12, 
2007). Language in agency regulations and the government's purchase 
card contract appeared to eliminate the opportunity for the certifying 
officer to dispute questionable transactions. We said that to interpret 
the regulations and contract to eliminate the certifying officer's 
opportunity to question, and refuse to certify, improper payments would 
be contrary to the certifying officer's statutory responsibilities. We 
emphasized that to execute his or her statutory responsibility fully 
and faithfully, a certifying officer must have the opportunity to 
question information appearing on the billing statements. 

[17] Available at [hyperlink, http://www.gao.gov/legal/resources.html]. 

[18] Available at [hyperlink, http://www.gao.gov/legal/redbook.html]. 

[19] Department of the Treasury, Now that You're a Certifying Officer, 
supplement to the Treasury Financial Manual (November 2007), available 
at [hyperlink, http://www.fms.treas.gov/tfm/related.html] (last visited 
Apr. 22, 2008).
 
[20] 69 Comp. Gen. 85 (1989). See GAO, Streamlining the Payment Process 
While Maintaining Effective Internal Control, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-21.3.2] (Washington, D.C.: 
May 2000), at 10-11, for further guidance. 

[21] Bob Stump National Defense Authorization Act for Fiscal Year 2003, 
Pub. L. No. 107-314, div. A, title X,  1005(a), 116 Stat. 2458, 2631 
(Dec. 2, 2002), codified at 10 U.S.C.  2773a. In its proposal to 
Congress, the Department of Defense observed in April 2002 that, "the 
centralization of disbursing processes and the increased use of 
automated systems, coupled with the volume and complexity of business 
processes, reduces the ability of the department's officials to 
exercise direct personal control over all aspects of each business 
transaction." 

[22] GAO, Improper Payments: Agencies' Fiscal Year 2005 Reporting under 
the Improper Payments Information Act Remains Incomplete, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-92] (Washington, D.C.: Nov. 
14, 2006). 

[23] Past GAO work involving certifying officers includes [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-21.3.2]; New Methods Needed 
for Checking Payments Made by Computers, FGMSD-76-82 (Washington, D.C.: 
Nov. 7, 1977); and Comptroller General decisions. The Joint Financial 
Management Improvement Program issued a report in 1980, entitled 
Assuring Accurate and Legal Payments--The Roles of Certifying Officers 
in Federal Government (Washington, D.C.: June 1980). 

[24] For agency programs with estimated improper payments exceeding $10 
million, IPIA requires that agencies report on actions they are taking 
to reduce improper payments, including a description of the steps the 
agency has taken to ensure that agency managers (including the agency 
head) are held accountable for reducing improper payments. Both the 
Department of Energy and the Department of Housing and Urban 
Development had programs or activities exceeding $10 million in 
estimated improper payments for fiscal year 2007 and, thus, were 
required to address manager accountability as part of their IPIA 
reporting. 

[25] As noted in response to question 4, certifying officers frequently 
rely on payment systems and processes and supporting information that 
is not under their control, so they must rely on assessments and 
assurances of the adequacy of internal controls by systems 
administrators, program managers, and other managers or executives. In 
our reviews of agency IPIA reporting, we found no reporting on whether 
or how managers communicated the results of internal control 
assessments related to payment processes or how any assessments may 
have been used by certifying officers. See GAO's Policies and 
Procedures Manual for Guidance of Federal Agencies, Title 7, pg. 7.7- 
12. 

[26] As stated in response to question 4, the fiscal laws, certifying 
and disbursing officer statutes, and the decisions of the Comptroller 
General comprise these standards. 

[27] GAO, Standards for Internal Control in the Federal Government, 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21.3.1] 
(Washington, D.C.: November 1999); OMB Circular No. A-127, Financial 
Management Systems (revised Dec. 1, 2004); Federal Accounting Standards 
Advisory Board, Statements of Federal Financial Accounting Concepts and 
Standards (as of June 30, 2007); and OMB Circular No. A-11, 
Preparation, Submission, and Execution of the Budget (revised July 2, 
2007). 

[28] GAO, Executive Guide, Strategies to Manage Improper Payments: 
Learning from Public and Private Sector Organizations, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-02-69G] (Washington, D.C.: 
October 2001). 

[29] In August 2004, OMB established Eliminating Improper Payments as a 
new program-specific initiative. This separate PMA program initiative 
began in the first quarter of fiscal year 2005. Previously, agency 
efforts related to improper payments were tracked along with other 
financial management activities as part of the Improving Financial 
Performance initiative of the PMA. 

[30] The 15 agencies include 14 that were previously required to report 
improper payment information under OMB Circular No. A-11, plus the 
Department of Homeland Security. According to OMB, these 15 agencies 
have programs and activities with the highest risk of improper 
payments. With this PMA initiative, OMB has stated that it can better 
ensure that those taxpayer dollars most susceptible to risk for 
improper payments receive the greatest amount of focus and review. 

[31] U.S.C.  3528. The Department of Justice has opined that section 
3528 is unconstitutional insofar as it authorizes the Comptroller 
General, an officer of the legislative branch, to relieve executive 
branch certifying officials from liability. See, e.g., Comptroller 
General's Authority to Relieve Disbursing and Certifying Officials from 
Liability, 15 Op. Off. Legal Counsel 80 (1991). We are aware of no 
judicial opinion addressing the constitutionality of this section, and 
there is no other statute granting federal administrative officers the 
authority to relieve certifying officers, except for 31 U.S.C.  3527 
for certain Department of Defense officials. 

[32] Our analysis included only the 39 agency programs that reported 
improper payment estimated error rates for each of the 4 fiscal years-
-2004 through 2007. 

[33] GAO, Financial Management: Challenges in Meeting Requirements of 
the Improper Payments Information Act, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-05-417] (Washington, D.C.: Mar. 
31, 2005). 

[34] GAO, Improper Payments: Agencies' Fiscal Year 2005 Reporting under 
the Improper Payments Information Act Remains Incomplete, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-92] (Washington, D.C.: Nov. 
14, 2006). 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: