Improper Payments:

DOE's Risk Assessments Should Be Strengthened

GAO-15-36: Published: Dec 23, 2014. Publicly Released: Dec 23, 2014.

Additional Materials:

Contact:

David C. Trimble
(202) 512-3841
trimbled@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Department of Energy (DOE) developed a process to assess its programs for risks of improper payments, but its assessments do not fully evaluate risk. To comply with the Improper Payments Elimination and Recovery Act of 2010 (IPERA), in fiscal year 2011, DOE directed its programs to develop risk assessments using eight qualitative risk factors, such as recent major changes in program funding, and report quantitative information on improper payments. GAO found that 26 of 55 programs did not prepare risk assessments in 2011 and that the quantitative information reported, including the estimated amount of improper payments, was not reliable because, for example, it did not include information for all programs. In reviewing DOE's 2011 risk assessments, GAO also found the following:

DOE did not always include a clear basis for risk determinations . At least 6 of the 29 programs that prepared risk assessments did not take into account the eight qualitative risk factors, making the basis of their risk determinations unclear. At most, the assessments for 23 programs took into account the risk factors. However, support for their determinations varied widely, and some did not contain enough information to identify how the program arrived at its risk determination, which is inconsistent with federal standards for internal control. DOE's guidance directs personnel to prepare a risk assessment that considers these eight factors but does not provide further direction on what to include. Absent such direction, DOE personnel may not have a consistent understanding of how to complete their risk assessments.

DOE did not fully evaluate other relevant risk factors . DOE's risk assessments did not fully evaluate other relevant risk factors, such as weaknesses in key controls for preventing and detecting improper payments—including inadequate subcontractor oversight. GAO found that some risk assessments included information from internal control evaluations, but many did not. DOE guidance does not instruct personnel to consider weaknesses in key controls for preventing and detecting improper payments. Without providing specific examples of other relevant risk factors in guidance and directing personnel to consider them when performing risk assessments, DOE will not have reasonable assurance that each of its programs fully evaluates risks.

Based on its 2011 assessments, DOE was not required under IPERA to prepare risk assessments or report on the amount of improper payments in 2012 and 2013. However, not fully considering program risks in its 2011 assessments and including unreliable data raises questions about whether the 2011 assessments were reliable.

Why GAO Did This Study

Improper payments are a significant problem in the federal government. To address this problem, IPERA requires that federal agencies review their programs and identify those that are susceptible to significant improper payments—a process known as a risk assessment. DOE's history of inadequate management and oversight of its contractors led GAO to designate DOE's contract management as a high-risk area vulnerable to fraud, waste, abuse, and mismanagement. However, DOE reported that it does not have any programs susceptible to significant improper payments.

GAO was asked to review DOE's internal control environment, as it relates to IPERA, to determine whether the department was at low risk for significant improper payments. This report examines the extent to which DOE assessed its programs' risks for improper payments in fiscal years 2011 through 2013.

GAO reviewed IPERA, analyzed all risk assessments and related information for this period, and interviewed DOE officials and six contractors selected to represent the types of contractor payments made.

What GAO Recommends

GAO recommends that DOE take steps to improve its risk assessments including revising guidance on how programs are to address risk factors and providing examples of other risk factors likely to contribute to improper payments and directing programs to consider those factors. DOE concurred with GAO's recommendations.

For more information, contact David C. Trimble at (202) 512-3841 or trimbled@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help improve its ability to assess the risk of improper payments and make more effective use of DOE and contractor resources, the Secretary of Energy should direct the department's Chief Financial Officer to revise the department's IPERA guidance and direct field office sites with responsibility for non-M&O contractor risk assessments to address risk factors as they relate to those sites and take steps to ensure sites implement it.

    Agency Affected: Department of Energy

  2. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help improve its ability to assess the risk of improper payments and make more effective use of DOE and contractor resources, the Secretary of Energy should direct the department's Chief Financial Officer to revise the department's IPERA guidance and clarify how payment sites are to address risk factors and document the basis for their risk rating determinations and take steps to ensure sites implement it.

    Agency Affected: Department of Energy

  3. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help improve its ability to assess the risk of improper payments and make more effective use of DOE and contractor resources, the Secretary of Energy should direct the department's Chief Financial Officer to revise the department's IPERA guidance and clarify who is responsible at DOE for reviewing and approving risk assessments for consistency across sites and take steps to ensure those entities implement it.

    Agency Affected: Department of Energy

  4. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help improve its ability to assess the risk of improper payments and make more effective use of DOE and contractor resources, the Secretary of Energy should direct the department's Chief Financial Officer to revise the department's IPERA guidance and provide specific examples of other risk factors that present inherent risks likely to contribute to significant improper payments, in addition to the eight risk factors, direct payment sites to consider those when performing their improper payment risk assessments, and take steps to ensure sites implement it.

    Agency Affected: Department of Energy

  5. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To provide better transparency regarding its total known improper payments reported under IPERA, the Secretary of Energy should direct the department's Chief Financial Officer to improve public reporting on the amount of total known improper payments by disclosing additional information regarding this amount and the extent to which improper payments could be occurring.

    Agency Affected: Department of Energy

 

Explore the full database of GAO's Open Recommendations »

Aug 19, 2016

Aug 15, 2016

Aug 12, 2016

Jul 29, 2016

Jul 28, 2016

Jul 13, 2016

Jul 11, 2016

Jun 13, 2016

Jun 6, 2016

Looking for more? Browse all our products here