Improper Payments:

Significant Improvements Needed in DOD's Efforts to Address Improper Payment and Recovery Auditing Requirements

GAO-09-442: Published: Jul 29, 2009. Publicly Released: Jul 29, 2009.

Additional Materials:

Contact:

Asif A. Khan
(202) 512-9312
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Department of Defense (DOD) is required, as are other federal executive agencies, to report improper payment information under the Improper Payments Information Act of 2002 (IPIA) and recovery auditing information under section 831 of the National Defense Authorization Act for Fiscal Year 2002, commonly known as the Recovery Auditing Act. The DOD Office of Inspector General has previously reported deficiencies at DOD related to these acts and GAO's prior work on DOD's reporting of its fiscal year 2006 travel improper payments estimate also identified shortcomings. Because of these and other long-standing weaknesses, the subcommittee asked GAO to examine DOD's fiscal year 2007 improper payment and recovery audit reporting to determine whether adequate processes existed to address both statutory requirements. To complete this work, GAO reviewed DOD's annual reports, conducted site visits, and met with cognizant DOD officials.

DOD's process for addressing IPIA requirements had significant weaknesses. For example, as shown in the figure below, DOD did not conduct risk assessments for all of its payment activities as $322 billion in agency outlays were excluded from the amounts assessed. For those payment activities reviewed, DOD assessed the risk of improper payments occurring as low despite the department's long-standing financial management weaknesses and could not provide documentation supporting the methodologies used and the final risk level. GAO also found that DOD did not estimate improper payments for commercial pay under IPIA requirements, its largest payment activity. Further, the Office of the Comptroller's oversight and monitoring activities were inadequate because they did not include verifying the accuracy and completeness of the information in the agency's financial report (AFR). In addition to not estimating improper payments for commercial pay, DOD's processes for identifying and recovering commercial overpayments were inadequate, because they were not designed for this purpose as required by the Recovery Auditing Act. For example, GAO found that contract closeout processes were designed to ensure that applicable administrative actions had been completed (e.g., all classified documents were disposed of) and not to specifically identify contract overpayments. DOD also lacked detailed guidance on how to conduct a recovery audit program and did not fully address the recovery auditing reporting requirements in its AFR, such as disclosing the total cost associated with its recovery auditing activities. The Office of the Comptroller also did not verify the accuracy and completeness of the recovery audit information in the AFR, which resulted in $20.5 billion being excluded from its universe of commercial payments. DOD stated that its processes were sufficient to address the requirements of both acts, but since then has taken some actions, such as updating relevant guidance. Until these critical deficiencies are addressed, DOD will be unable to determine the extent to which improper payments exist and are subsequently recovered.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for IPIA, the Secretary of Defense should direct the DOD Comptroller to establish and implement a systematic approach, as a part of the risk assessment process, to ensure all programs and activities are reviewed to determine susceptibility to improper payments.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. The Improper Payments Elimination and Recovery Act (IPERA) modified the risk assessment requirements that were in effect under the Improper Payments Information Act (IPIA). Like IPIA, IPERA requires agencies to periodically review all programs and activities to determine which ones are susceptible to significant improper payments. IPERA amended IPIA to require agency heads to review agency programs and activities during the year following IPERA's enactment and at least once every 3 fiscal years thereafter to identify those that may be susceptible to significant improper payments. IPERA also included risk factors contributing to susceptibility to significant improper payments that agencies should consider in performing their risk assessments. Despite these legal requirements, DOD has not performed a risk assessment since we issued this report. Instead, DOD relies on OMB direction, provided after OMB's review of DOD's fiscal year 2006 improper payment reporting, that DOD should consider all of its payments as risk-susceptible. Given this OMB direction, DOD's view is that there is no added value in performing annual risk assessments. The department instead reports on six payment categories (programs). As DOD has not established and implemented a systemic approach to ensure that all programs and activities are reviewed to determine susceptibility to improper payments, this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for IPIA, the Secretary of Defense should direct the DOD Comptroller to develop and implement detailed guidance for conducting risk assessments, including the steps to determine if risk exists, what those risks are, and the potential or actual impact of those risks on program operations.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. The Improper Payments Elimination and Recovery Act (IPERA) modified the risk assessment requirements that were in effect under the Improper Payments Information Act (IPIA). Like IPIA, IPERA requires agencies to periodically review all programs and activities to determine which ones are susceptible to significant improper payments. IPERA amended IPIA to require agency heads to review agency programs and activities during the year following IPERA's enactment and at least once every 3 fiscal years thereafter to identify those that may be susceptible to significant improper payments. IPERA also included risk factors contributing to susceptibility to significant improper payments that agencies should consider in performing their risk assessments. DOD revised its Financial Management Regulation (FMR) chapter on improper payments in fiscal year 2012. However, the FMR, as revised, only requires risk assessments for payment activities for which the risk level is unknown or not currently measured and reported. As DOD already reports improper payment amounts for its six major programs, the department did not perform risk assessments as required for fiscal year 2011. The revised FMR included a list of risk assessment criteria based on the risk factors included in IPERA. However, the FMR does not detail how DOD components are to use these criteria to design and conduct risk assessments. Overall, the FMR does not contain detailed guidance for DOD components to follow for conducting risk assessments, including determining if risk exists, what those risks are, and the potential or actual impact of those risks on program operations. Therefore, this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for IPIA, the Secretary of Defense should direct the DOD Comptroller to require DOD agencies and the military services to document the risk assessment methodology used, including the risk factors considered, and the rationale for assessing the risk level for the payment activity.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. The Improper Payments Elimination and Recovery Act (IPERA) modified the risk assessment requirements that were in effect under the Improper Payments Information Act (IPIA). Like IPIA, IPERA requires agencies to periodically review all programs and activities to determine which ones are susceptible to significant improper payments. IPERA amended IPIA to require agency heads to review agency programs and activities during the year following IPERA's enactment and at least once every 3 fiscal years thereafter to identify those that may be susceptible to significant improper payments. IPERA also included risk factors contributing to susceptibility to significant improper payments that agencies should consider in performing their risk assessments. Despite these legal requirements, DOD has not performed a risk assessment since we issued this report. Instead, DOD relies on OMB direction, provided after OMB's review of DOD's fiscal year 2006 improper payment reporting, that DOD should consider all of its payments as risk-susceptible. Given this OMB direction, DOD's view is that there is no added value in performing annual risk assessments. The department instead reports on six payment categories (programs). Since DOD has not established and implemented a systematic approach to ensure that all programs and activities are reviewed to determine susceptibility to improper payments, DOD has not developed a risk assessment methodology to document. As a result, this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for IPIA, the Secretary of Defense should direct the DOD Comptroller to develop and implement a statistically valid methodology to estimate and report commercial improper payments (contract and vendor over- and underpayments). This methodology should include all payment errors regardless of the source of the error--DOD, contractors, or vendors--as required by IPIA.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. During fiscal year 2012, DOD implemented a methodology to produce a statistically-derived improper payment estimate for Defense Finance and Accounting Service (DFAS) commercial pay. However, we concluded that this methodology would not produce either reliable or statistically valid improper payment estimates. First, DOD did not have a complete and accurate population of DFAS commercial pay transactions from which to sample, and acknowledged in its agency financial report that it was not possible for the department to ensure that all required outlays for reporting purposes were included in the sample populations. Second, DOD's DFAS commercial pay methodology was based on the use of simple random samples and an inappropriate sampling unit (an invoice). With a simple random sample, each transaction has an equal chance of selection for testing, without regard to the complexity of the transaction or its risk of being an improper payment. Use of a simple random sample allows DOD to generate improper payment rate estimates and related confidence intervals, but not statistically valid dollar value estimates and related confidence intervals. DOD should have instead relied on a more complex sampling methodology that relied on an appropriate sampling unit, such as stratified random sample by dollars or probability proportionate to size. As a result of these deficiencies in its sampling methodology, we conclude that DOD did not develop and implement a statistically valid methodology to estimate and report commercial improper payments. Accordingly, this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for IPIA, the Secretary of Defense should direct the DOD Comptroller to identify and fully disclose the root causes of improper payments annually in the AFR.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. DOD did not identify and fully disclose the root causes of improper payments in its fiscal years 2011 and 2012 agency financial reports (AFR). DOD described "primary reasons" for improper payments for each of its payment activities. However, these primary reasons identified the specific reason that particular improper payments occurred, but did not consider the fundamental weaknesses that permit the specific reason for the improper payment to occur. For improper payments identified through DFAS post-payment reviews (includes military pay, civilian pay, military retirement, travel pay, and DFAS commercial pay), DFAS provides the military services, which initiated and approved the improper payment, with an analysis of the specific reason for a particular improper payment. However, DFAS post payment reviewers did not have the access or the resources to determine the underlying root cause at the military service that allowed the specific reason to occur. For example, DOD reported that one of the primary reasons of improper payments for military pay in fiscal year 2011 was incorrect reporting of the basic allowance for housing. However, this reason did not consider possible systemic causes of the errors, such as whether manual and automated controls, related to timely and accurate recording of entitlements, were both sufficient and operating as intended. Therefore, DOD did not identify and fully disclose the root causes of its improper payments in its fiscal years 2011 and 2012 AFRs, and this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for IPIA, the Secretary of Defense should direct the DOD Comptroller to identify and fully disclose the corrective actions, and monitor the corrective actions to ensure that they address applicable root causes.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. DOD officials stated that the department's corrective action plans for fiscal years 2011 and 2012 were included in the respective agency financial reports (AFR). However, the corrective actions reported were not sufficiently detailed to assess whether they would address the errors that were identified for DOD's reported programs. For example, DOD reported that the corrective actions for military pay consisted of working with the military services to advise them of the results of payment reviews and the associated reasons for errors, including the provision of monthly reports on the reasons for individual improper payments and improper payment trends. While these corrective actions provide information on the reasons for improper payments, they do not indicate what, if any, actions the military services would take to address the causes of improper payments. Also, not all corrective actions that were taken were identified and disclosed in the AFR. For example, during an exit conference, DOD officials discussed corrective actions that were not identified or disclosed in the fiscal year 2011 or fiscal year 2012 AFRs. In addition, DOD's policy in its improper payments chapter of its Financial Management Regulation does not provide detailed procedures for DOD to follow in monitoring the implementation of corrective actions. Therefore, this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for IPIA, the Secretary of Defense should direct the DOD Comptroller to perform oversight and monitoring activities to ensure the accuracy and completeness of the improper payment data submitted by the DOD agencies and the military services for inclusion in the AFR.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. The DOD Comptroller did not adequately monitor or oversee the submission of improper payment data by DOD components for inclusion in the agency financial report (AFR) to ensure its accuracy and completeness. During our review of DOD's fiscal year 2011 improper payment information included in its AFR, we noted that DOD did not disclose: 1) corrective actions that would address the root causes of military health benefits improper payments; 2) the actual or planned completion dates for corrective actions; 3) the portion of the improper payment estimates attributable to insufficient supporting documentation or administrative errors; and 4) whether the agency had the human capital, internal controls, and accountability mechanisms necessary to reduce improper payments. In addition, we identified an error in the calculation of the military health benefits improper payment estimate that should have been identified during managerial review. Therefore, we conclude that this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for the Recovery Auditing Act, the Secretary of Defense should direct the DOD Comptroller to establish and implement processes specifically designed to identify and recover commercial overpayments.

    Agency Affected: Department of Defense

    Status: Closed - Implemented

    Comments: DOD Comptroller has developed various processes to identify and recover commercial overpayments. One tool to identify commercial overpayments is the Business Activity Monitoring (BAM) tool. While designed primarily as a pre-payment process, some transactions that BAM flags as potential overpayments are disbursed before the payments are reviewed for propriety. When this occurs, any overpayments are then recovered. DOD has developed a process to investigate potential overpayments that are discovered when vendors send unsolicited check or refunds. DOD also developed a process for performing contract reconciliations, and overpayments are also identified through the Commercial Pay Post Pay Review process. DOD recovers improper payments through the Contract Debt System (CDS) and the Improper Payment Online Database (IPOD). These procedures for these processes are described in SOPs and manuals, such as the Accounts Payable-Accounts Receivable Handoff (The Recognition and Collection of Erroneous Payments) SOP and the Centralized Offset Program SOP. Combined, these activities are sufficient to fulfill the intent of this recommendation. As such, we conclude that this recommendation has been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for the Recovery Auditing Act, the Secretary of Defense should direct the DOD Comptroller to develop and implement detailed guidance to assist DOD agencies and the military services in effectively carrying out recovery audits and activities, including the payment and accounting systems to be reviewed, the frequency of these reviews, applicable roles and responsibilities, and reporting requirements.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. The DOD revised its Financial Management Regulation (FMR) chapter on recovery audits in October 2012. The revised chapter was intended to establish DOD's program to implement the requirements of IPERA and associated OMB guidance with respect to recovery audits. However, we determined that the FMR, as revised, did not provide sufficient, detailed guidance to military components to effectively carry out recovery audits. For example, while the FMR does indicate that recovery audits should be performed annually and details information that should be reported to the Office of the Under Secretary of Defense (Comptroller), the FMR does not specify the payment and accounting systems to be reviewed or assign accountability for performing and reporting on recovery audits beyond "Components." In addition, we determined that the revised FMR guidance lacks key elements that would enable DOD components to fully implement IPERA and related OMB guidance. For example, the revised FMR does not require DOD components to report the amount of commercial pay recoveries that were used to offset future payments and the amount of improper overpayments identified through contract closeouts. Therefore, we conclude that this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for the Recovery Auditing Act, the Secretary of Defense should direct the DOD Comptroller to establish and implement a process to identify costs related to the department's recovery auditing program, including costs for employees' salaries.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD concurred with this recommendation. However, with the exception of the U.S. Army Corps of Engineers, DOD did not have procedures to identify and collect information on costs related to the department's recovery auditing program. DOD officials noted that the department identified and reported this information in the fiscal year 2010 agency finanical report (AFR). However, after that year, DOD officials stated that OMB no longer required agencies to provide this information. Therefore, the department stopped collecting and reporting this information. We confirmed that costs incurred within the department related to recovery audits were included in the fiscal year 2010 AFR. However, the department did not discuss the composition of these costs or indicate if the costs captured included employees' salaries. Since DOD has not consistently identified and reported costs related to the department's recovery auditing program, this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for the Recovery Auditing Act, the Secretary of Defense should direct the DOD Comptroller to establish and implement a process to identify and report vendor overpayments and the associated recovered amounts.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. DOD Comptroller has developed various processes to identify and recover vendor overpayments, but has not developed a documented process to report the amounts identified and recovered. To identify vendor overpayments, DOD has developed tools such as the Business Activity Monitoring (BAM) tool. While designed primarily as a pre-payment process, some transactions that BAM flags as potential overpayments are disbursed before the payments are reviewed for propriety. When this occurs, any vendor overpayments are processed for recovery. To account for overpayments when vendors send unsolicited check or refunds, DOD developed "Vendor Pay Unsolicited Checks/Unidentified Checks/Returned Funds Procedures." Desk Procedure (DP) 607 details the procedures to perform contract reconciliations, and the Commercial Pay Post Pay Review Procedure outlines the overall process for sampling and reviewing commercial payments. DOD recovers improper payments through the Contract Debt System (CDS) and the Improper Payment Online Database (IPOD). These procedures for these processes are described in Standard Operating Procedures (SOP) and manuals, such as the Accounts Payable-Accounts Receivable Handoff (The Recognition and Collection of Erroneous Payments) SOP and the Centralized Offset Program SOP. The DOD Comptroller does not have a documented process or procedure to compile and report commercial and vendor overpayments. In addition, as reported in GAO-13-227, DOD's Financial Management Regulation chapter on payment recapture audits does not require DOD components to submit information to the Office of the Secretary of Defense (Comptroller) that OMB directs agencies to report, such as the amount of commercial pay recoveries that were used to offset future payments and the amount of improper overpayments identified through contract closeouts. Therefore, we conclude that this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for the Recovery Auditing Act, the Secretary of Defense should direct the DOD Comptroller to maintain documentation to support the amounts reported in the AFR to allow for independent evaluation of this information.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. The DOD Comptroller did not maintain documentation to support the amounts reported in the agency financial report to allow for independent evaluation of this information. For fiscal years 2011 and 2012, the DOD Comptroller received and retained improper payment recovery reports from select reporting components (such as the Defense Finance and Accounting Service (DFAS), TRICARE Management Activity (TMA), and the United States Army Corps of Engineers (USACE), among others). The reporting components sent summary narratives and tabular information. The DOD Comptroller did not perform any procedures to determine if this documentation would be sufficient to enable a third party to independently evaluate these reported figures. The DOD Comptroller indicated that, going forward, they would issue instructions to ensure that proper supporting documentation is maintained by the reporting components. As the DOD Comptroller has not to date collected and maintained sufficient supporting documentation to allow for independent evaluation of reported improper payment recoveries, nor has it yet issued directives to reporting components to maintain such documentation, this recommendation has not been implemented.

    Recommendation: To improve DOD's efforts to address improper payment and recovery auditing requirements for the Recovery Auditing Act, the Secretary of Defense should direct the DOD Comptroller to perform oversight and monitoring activities to ensure the accuracy and completeness of the recovery auditing data submitted by the DOD agencies and the military services for inclusion in the AFR. Also, document the roles and responsibilities of the Recovery Auditing Project Officer.

    Agency Affected: Department of Defense

    Status: Open

    Comments: DOD did not concur with this recommendation. The DOD Comptroller did not adequately monitor or oversee the submission of improper payment data by DOD components for inclusion in the agency financial report (AFR) to ensure its accuracy and completeness. During our review of DOD's fiscal year 2011 recovery auditing information included in its AFR, we noted that DOD did not disclose: 1) the amount of contract payments that were voluntarily returned to DOD; 2) the amount of improper contract payments identified by contract closeouts; 3) the amount of commercial pay recoveries used to offset future payments rather than returned to DOD; 4) improper payments identified as a result of DOD IG investigations, GAO audits, or reviews by DOD internal review offices, such as TRICARE Management Activity's Program Integrity Office, in its table of overpayments recaptured outside of payment recapture audits; and 5) the total amount of and justification for identified improper overpayments that were determined to be uncollectible in fiscal year 2011. In addition, we noted that oversight and monitoring did not detect the overstatement of the amount of military retirement improper overpayments that were identified and recovered, nor did it detect the omission of overpayments identified and recovered through TRICARE Management Activity's Program Integrity Office. While DOD did document the roles and responsibilities of the Recovery Auditing Project Officer in its revised Financial Management Regulation chapter on recovery audits, the deficiencies in oversight and monitoring lead us to conclude that this recommendation has not been implemented.

    Jul 30, 2014

    Jul 9, 2014

    Jun 19, 2014

    May 30, 2014

    May 15, 2014

    May 13, 2014

    May 12, 2014

    May 2, 2014

    Mar 27, 2014

    Looking for more? Browse all our products here