Department of Justice Process for Identifying, Preventing, and Recovering Improper and Erroneous Payments
Audit Report 05-19
Office of the Inspector General
A key component to the Presidentís Management Agenda, which was initiated in August 2001, is the reduction of improper and erroneous payments.1 Improper and erroneous payments are payments that should not have been made or were made for incorrect amounts because of errors, poor business practices, or intentional fraud or abuse. According to the Office of Management and Budget (OMB), payment mistakes typically occur when agencies distribute benefits to ineligible applicants, overpay or underpay beneficiaries, or make duplicate payments. Improper and erroneous payments are a significant problem in the federal government, and a recent report estimates that these payments exceed $45 billion annually.2
In recent years, legislation has been enacted to address this problem, followed by implementation guidance from OMB. This legislation requires governmental agencies to conduct program inventories and assess the improper payment risk in each identified program. In addition, agencies must annually report on progress made in identifying and recovering improper payments.
This audit assessed the Department of Justiceís (Department) compliance with this legislation and evaluated its efforts to identify, prevent, and recover improper and erroneous payments.
Two laws address the identification, prevention, and recovery of improper payments. The first law, Public Law No. 107-300, the Improper Payments Information Act of 2002 (IPIA), was enacted in November 2002. The IPIA requires the heads of federal agencies to annually: 1) identify programs and activities susceptible to improper payments, 2) estimate the amount of improper payments, and 3) report that estimate to Congress. In addition, for improper payments estimated to exceed $10 million, the agency must report the actions it is taking to reduce its improper payments, including a discussion of the causes.
In May 2003, OMB issued memorandum M-03-13 as guidance for agencies to comply with the IPIA. This memorandum requires all federal agencies to annually review and identify programs susceptible to significant improper payments, which OMB defined as programs with annual improper payments exceeding both 2.5 percent of program payments and $10 million. Information on programs susceptible to significant improper payments must be reported in each agencyís annual Performance and Accountability Report (PAR). The PAR is an annual report that provides information on an agencyís actual performance and progress in achieving the goals in its strategic plan and performance budget.
The second piece of legislation is Public Law No. 107-107, the National Defense Authorization Act for FY 2002 (NDAA), Subchapter VI Recovery Audits, enacted in December 2001. This law requires all agencies that enter into contracts totaling more than $500 million in a fiscal year to carry out a cost effective program to identify errors in payments and recover amounts erroneously paid. These actions are also known as ďrecovery audits.Ē
In January 2003, OMB issued memorandum M-03-07 as guidance for agencies implementing recovery audit activities. This memorandum essentially mirrors the NDAA, requiring agencies with total contracts in excess of $500 million in a fiscal year to carry out a cost-effective program for identifying and recovering improper payments. This memorandum also provides guidance on the disposition of recovered amounts and directs affected agencies to submit annual reports detailing recovery audit activities. This guidance states that ďagency Inspectors General and other external agency auditors are encouraged to assess the effectiveness of agenciesí recovery audit programs.Ē
In July 2004, OMB issued further IPIA and recovery audit reporting guidance in memorandum M-04-20. In addition to requiring information relating to agency IPIA activities, this guidance requires recovery audit activities to be included in the PAR for FY 2004 and annually thereafter. The Justice Management Division (JMD) is responsible for ensuring the Departmentís compliance with the laws, regulations, and guidance relating to improper payments. JMD provides assistance to senior Department officials relating to basic Department policy; provides direct administrative support services; and develops and reviews the implementation of Departmentwide policies, standards, and procedures. JMD provided IPIA and recovery audit reporting instructions to Department components in a memorandum dated August 2004.
During August and September 2004, Department components responded to JMDís instructions by providing IPIA reports containing information on improper and erroneous payments and the status of recovery audit efforts. JMD compiled and combined all component responses, prepared one consolidated response, and reported the results in the Departmentís PAR for FY 2004.
As detailed in the following section, the components we reviewed were in various stages of implementing a recovery audit effort.
Current Recovery Audit Efforts
The BOP initiated a recovery audit program in September 2003, using a private contractor, to identify its potential improper payments.3 Initially, the contractor is reviewing BOP payments made from 1999 through 2004. The contractor had not completed its review at the time our fieldwork ended in November 2004. As of September 2004, a total of $216,656 in improper payments had been identified and confirmed. The BOP had recovered $211,251 of this amount, or nearly 98 percent.
In October 2004, OJP signed an agreement with a private contractor to initiate a recovery audit effort. In addition to the audits and reviews conducted by its External Oversight Division, OJP officials plan to utilize this recovery audit program to identify its improper payments. The contractor will initially review payments from FY 2003 and FY 2004, but may expand into earlier years, depending on the results of the initial review. Because OJP is in the initial phases of this program, no improper payments had been identified at the time of our fieldwork. However, OJP estimates that approximately $1.3 million in improper payments will be identified and recovered utilizing this program.
The FBI does not yet have a formalized recovery audit program in place. It does have an informal system to identify improper payments from many sources, including voucher examiners, refund checks received, and inquiries from vendors. In addition, it utilizes the results of internal reviews at each field office and reviews conducted by its Inspections Division to track improper payments. In FY 2004, the FBI identified $292,137 in improper payments made in 2004, and had recovered $237,160, or 81 percent of those payments, at the time of our fieldwork.
We determined that the USMS does not have a mechanism in place to identify improper payments, and did not have a recovery audit program in place to quantify and collect improper payments. USMS officials asserted that the USMS had a low risk of making improper payments because of sufficient internal controls. As a result of the absence of a USMS recovery audit program, no improper payments had been identified or recovered at the time of our fieldwork.
This audit was requested by JMD. The objectives of our audit were to determine whether the Department has: 1) established policies and procedures for identifying and preventing improper and erroneous payments, 2) determined the extent of improper and erroneous payments, and 3) established methods to recover improper and erroneous payments.
To achieve these objectives, we reviewed documentation and interviewed officials at JMD and conducted interviews and reviewed policies and procedures at four Department components.4 The components included in this audit were selected based on several factors, including the number and amount of vendor payments made in FY 2003 and FY 2004, the completeness of associated IPIA reporting, whether a contractor was being used for recovery audit activities, and the results of each componentís financial statement audit for FY 2004. Appendix I contains the details of our component selection factors.
At JMD, we assessed current Departmentwide efforts to comply with provisions of the IPIA and the NDAA. At each of the four components, we reviewed the reports submitted in accordance with the IPIA and assessed each componentís current efforts for preventing, identifying, and quantifying erroneous and improper payments. Further, we reviewed current recovery audit efforts at each of the selected components.
The results of the various aspects of our auditing work are described in the following section.
Summary of Findings and Recommendations
Identifying and Preventing Improper and Erroneous Payments
In assessing the Departmentís progress toward identifying and preventing improper and erroneous payments, we reviewed laws and regulations applicable to the IPIA. We also analyzed the reports each component submitted in accordance with the IPIA, which included each componentís risk assessment. We compared these reports to the IPIA reporting requirements, and assessed each componentís compliance with relevant requirements. In addition, we interviewed component officials and reviewed policies and procedures used by the BOP, OJP, FBI, and USMS to identify and prevent improper payments.
We determined that the risk assessments conducted by the USMS and OJP were not adequate to completely measure the risk of improper payments in all programs the components administer. Further, we noted that the IPIA reports prepared by the BOP, OJP, and USMS did not contain a complete description of the risk assessments performed. We also found weaknesses in certain policies and procedures used to prevent improper payments at the FBI and USMS.
We noted that none of the risk assessments included an analysis or consideration of any material weaknesses, reportable conditions, or noncompliance matters resulting from the componentís annual financial statement audit. Based on the results of the Departmentís consolidated financial statement audit for FY 2004, we believe that a thorough risk assessment should include a review of any reportable conditions, material weaknesses, or matters of noncompliance noted by the independent auditors, and an analysis of whether those weaknesses or conditions could potentially impact the risk of making improper payments.
To address these issues, we recommended changes in each componentís risk assessment processes, improvements in the reporting of those risk assessments, and enhancements to the FBIís and USMSís policies and procedures used to prevent improper payments.
Determining the Extent of Erroneous and Improper Payments, and Methods to Recover Them
To assess whether the Department had adequately determined the extent of its improper payments and had established methods to recover them, we: 1) reviewed laws and regulations applicable to recovery audits, 2) interviewed component officials responsible for recovery audit activities, and 3) reviewed policies and procedures used by the components to determine the extent of their improper payments and to recover them. In addition, we reviewed policy guidance from JMD relating to recovery audits.
We determined that the FBI, OJP, and USMS did not have processes in place to determine the full extent of improper payments. As previously noted, each component reviewed was at different stages in their efforts to implement recovery audits. These audits are used to determine the amounts of improper payments made and then recover them.
Further, none of the four components audited had established a fully-documented program to recover improper payments. While the BOP and OJP had initiated a recovery audit program, they had not implemented written policies and procedures for those programs. Further, the FBI and USMS had not yet initiated any type of formalized recovery audit program.
We also determined that Departmentwide recovery audit guidance provided by JMD could be improved because there was a lack of consistency among the components as it related to each componentís progress in implementing and maintaining a recovery audit program. JMD did not have an official reporting mechanism in place that would allow it to monitor each componentís recovery audit activities on a regular, ongoing basis.
To address these issues, we recommended that JMD implement Departmentwide policies for recovery audits and for quarterly reporting of recovery audit activities by each component. Further, we recommended that each component develop and implement a comprehensive recovery audit program, including written policies and procedures for each program. Finally, we recommended that each component report its recovery audit activities quarterly to JMD.
Our audit results are discussed in greater detail in the Findings and Recommendations section of this report. Our audit objectives, scope, and methodology, appear in Appendix I. The audit criteria applied during our work is described in Appendix II.