Recommendation: The Secretary of Health and Human Services should revise HHS's process for conducting improper payment risk assessments for Head Start to help ensure that it results in a reliable assessment of whether the program is susceptible to significant improper payments. This should include preparing sufficient documentation to support its risk assessments. (Recommendation 1)
Agency: Department of Health and Human Services
Status: Open
Priority recommendation
Comments: The Department of Health and Human Services (HHS) concurred with this recommendation. In fiscal year 2019, HHS reported that it utilized Microsoft SharePoint to facilitate and begin to automate the Improper Payment Risk Assessment process. According to HHS, the SharePoint risk assessment form included the added ability to track the status of submissions and collect any applicable supporting documentation. Also, HHS stated that the Assistant Secretary for Financial Resources staff discussed the importance of maintaining supporting documentation during the fiscal year 2019 Improper Payment Risk Assessment Kick-Off meeting with HHS's operating divisions, and also built this feature into the SharePoint form. In fiscal year 2020, HHS reported that the implementation of the long-term solution to conducting improper payment risk assessments, the Risk Assessment Portal (previously called the Automated Improper Payment Framework), is underway and went into production in March 2020. Additionally, HHS indicated that it has revised its improper payment questionnaire and scoring process to ensure HHS performs a reliable assessment of susceptibility to significant improper payments. Also, HHS stated that it will leverage the Risk Assessment Portal, new questionnaire, and revised scoring process in the fiscal year 2020 risk assessment reporting period. Further, HHS stated that it is reviewing GAO reports and resources, capturing best practices from other agencies, and soliciting feedback from HHS's operating divisions to further improve its processes. Last, HHS stated that it will continue to develop policies, procedures, and supporting tools throughout calendar year 2020. We will continue to monitor the agency's actions to address this recommendation.
Recommendation: The Secretary of Health and Human Services should revise HHS's procedures for conducting improper payment risk assessments to help ensure that all programs and activities are assessed for susceptibility to significant improper payments at least once every 3 years, as required by IPIA. (Recommendation 2)
Agency: Department of Health and Human Services
Status: Open
Priority recommendation
Comments: The Department of Health and Human Services (HHS) concurred with this recommendation. In fiscal year 2019, HHS reported that it utilized DATA Act information to create an inventory of programs and activities that could potentially be subject to improper payment risk assessment requirements. According to HHS, it developed a risk-based methodology for selecting programs and activities for review using the DATA Act files. Data fields within the DATA Act files allow HHS to further analyze the program and activity inventory. For example, the object class data enabled HHS to categorize the program's spending to provide insight into each program's unique risks. HHS stated that this methodology was used and documented in fiscal year 2019 but HHS plans to further refine and finalize this approach. In fiscal year 2020, HHS reported that its Office of the Inspector General (OIG) is currently reviewing the methodology as part of the Annual Inspector General review of HHS's improper payment reporting under the Improper Payments Elimination and Recovery Act of 2020. HHS stated that it will implement any feedback from the OIG, as well as lessons learned from the fiscal year 2019 and fiscal year 2020 risk assessment reporting period, in fiscal year 2021. We will continue to monitor the agency's actions to address this recommendation.
Recommendation: The Attorney General should revise DOJ's process for conducting improper payment risk assessments for Law Enforcement to help ensure that it results in a reliable assessment of whether the program is susceptible to significant improper payments. This should include preparing sufficient documentation to support DOJ's risk assessments. (Recommendation 4)
Agency: Department of Justice
Status: Open
Priority recommendation
Comments: The Department of Justice (DOJ) did not concur with this recommendation. In January 2020, DOJ reiterated that it continues to not concur with the recommendation. DOJ stated that its risk assessment methodology provides DOJ management with a reasonable basis for determining whether the law enforcement program, as well as DOJ's other four mission-aligned programs, are susceptible to significant improper payments. In addition, DOJ reiterated that it continues to not concur with GAO's conclusion that DOJ's risk assessment documentation is not adequate. DOJ stated that its documentation meets all of the requirements in the Improper Payments Information Act of 2002 (IPIA), as amended, and the Office of Management and Budget's (OMB) implementing guidance. Therefore, DOJ stated that it does not believe it would be a prudent use of limited resources to expand on the documentation that already exists. DOJ stated that notwithstanding its differences from GAO on the recommendation, it will continue to examine its risk assessment methodology. Finally, DOJ stated that its goal has been, and continues to be, meeting the requirements of IPIA, as amended, and OMB's implementing guidance in a cost effective manner. We continue to believe this recommendation is appropriate because DOJ's risk assessment documentation did not adequately demonstrate how DOJ determined the weighting of the risk factors or the numerical risk level ranges or whether a program is or is not susceptible to significant improper payments. We will continue to monitor the agency's actions to address the recommendation.
