This is the accessible text file for GAO report number GAO-02-406 
entitled 'Education Financial Management: Weak Internal Controls Led 
to Instances of Fraud and Other Improper Payments' which was released 
on March 28, 2002. 

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the 
printed version. The portable document format (PDF) file is an exact 
electronic replica of the printed version. We welcome your feedback. 
Please E-mail your comments regarding the contents or accessibility 
features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States General Accounting Office: 
GAO: 

Report to Congressional Requesters: 

Education Financial Management: 

Weak Internal Controls Led to Instances of Fraud and Other Improper 
Payments: 

GAO-02-406: 

Contents: 

Letter: 

Results in Brief: 

Background: 

Objectives, Scope, and Methodology: 

Controls over Grants Disbursement Process Failed to Detect Certain 
Improper Payments: 

Controls Over Third Party Draft Process Were Ineffective: 

Poor Controls over Government Purchase Cards Resulted in Some 
Fraudulent, Improper, and Questionable Purchases: 

Poor Controls Contributed to Loss of Computer Equipment: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendixes: 

Appendix I: Description of Grant and Loan Programs Reviewed: 

Appendix II: Objectives, Scope, and Methodology: 

Appendix III: Comments from the Department of Education: 

Appendix IV: GAO Contact and Staff Acknowledgments: 

Tables: 

Table 1: Fiscal Year 2000 Disbursements by the Department of Education: 

Table 2: Amounts of Potentially Improper Payments Initially Identified 
and Disposition of Those Amounts after Review of Supporting 
Documentation: 

Table 3: Description of Programs and Amounts Disbursed: 

Abbreviations: 

COD: Common Origination and Disbursement: 

CPS: Central Processing System: 

ESL: English as a second language: 

FMSS: Financial Management System Software: 

FRB: Federal Reserve Bank: 

GAPS: Grant Administration and Payment System: 

GSA: General Services Administration: 

LOS: Loan Origination System: 

MCC: Merchant Category Code: 

OCFO: Office of the Chief Financial Officer: 

OCIO: Office of the Chief Information Officer: 

OIG: Office of Inspector General: 

RFMS: Recipient Financial Management System: 

SSA: Social Security Administration: 

SSN: social security number: 

Y2K: Year 2000: 

[End of section] 

United States General Accounting Office: 
Washington, D.C. 20548: 

March 28, 2002: 

The Honorable Pete Hoekstra: 
Chairman: 
Subcommittee on Select Education: 
Committee on Education and the Workforce: 
House of Representatives: 

The Honorable Charlie Norwood: 
House of Representatives: 

The Department of Education has a history of financial management 
problems, including serious internal control weaknesses, which have 
affected Education's ability to provide reliable financial information 
to decisionmakers both inside and outside the agency and to maintain 
the financial integrity of its operations. Because of this, we have 
designated Education's student financial assistance programs as a high-
risk area for waste, fraud, abuse, and mismanagement.[Footnote 1] 
Given the billions of dollars in payments made by Education each year 
to recipients nationwide and abroad, these known deficiencies raise 
the risk that fraudulent or erroneous payments could make their way 
undetected through Education's processes. In January 2002, three 
employees pleaded guilty to a scheme in which they defrauded the 
department of more than $1 million during the 1990s, and, in 2000, the 
department reported that $1.9 million meant for two school districts 
in South Dakota was fraudulently wired to improper bank accounts. 

Given this risk, you requested that we audit selected disbursement 
processes at Education that are particularly susceptible to waste, 
fraud, and abuse. Specifically, you asked us to assess the adequacy of 
internal controls over (1) grant and loan disbursements, (2) third 
party drafts,[Footnote 2] and (3) government purchase cards, and to 
determine if any fraudulent or otherwise improper payments were made 
in these areas. You requested that we cover the period May 1998 
through September 2000 during which time Education disbursed $181.5 
billion through these processes—-$181.4 billion in grants and loans, 
$55 million in third party drafts, and $22 million in purchase card 
transactions. You also asked that we look at physical controls over 
computer equipment purchased with third party drafts and purchase 
cards. Our work built upon earlier work done by Education's Office of 
Inspector General (OIG) in which the OIG identified weaknesses in the 
department's third party draft and purchase card processes. Last year 
we testified twice[Footnote 3] and made several recommendations to 
address the key findings discussed in our testimonies. We also 
provided two interim briefings on the status of our ongoing work. This 
report provides the final results of our work. 

Results in Brief: 

Significant internal control weaknesses in Education's payment 
processes and poor physical control over its computer assets made the 
department vulnerable to and in some cases resulted in fraud, improper 
payments, and lost assets. We identified several instances of fraud in 
the grant and loan areas and pervasive control breakdowns and improper 
payments in other areas, particularly involving purchase cards. 
Further, because of the risks we identified in the third party draft 
process, Education eliminated their use. 

Controls over grant and loan disbursements did not include a key edit 
check or follow-up process that would help identify schools that were 
disbursing Pell Grants to ineligible students. Our tests and follow-up 
investigation identified 3 schools that fraudulently disbursed about 
$2 million of Pell Grants to ineligible students. Previously, we had 
investigated 2 of these schools for similar activity. We also 
identified 1 school that improperly disbursed $1.4 million of Pell 
Grants to ineligible students. We have formally referred the results 
of our investigation of these 4 schools to Education's Inspector 
General. In addition, we identified 31 other schools with 
disbursements totaling $1.6 million with similar characteristics that 
we referred to Education for follow-up. Further, we found other grant 
and loan payments totaling $12 million that were potentially 
fraudulent or otherwise improper. However, because Education did not 
provide adequate supporting documentation, we were unable to determine 
the validity of these transactions or conclude on the effectiveness of 
the related edit checks. While the amount of improper and potentially 
improper grant and loan payments we identified is relatively 
insignificant compared to the billions of dollars disbursed for these 
programs annually, it represents a control risk that could easily be 
exploited to a greater extent. 

Significant internal control weaknesses over Education's process for 
third party drafts markedly increased the department's vulnerability 
to improper payments. Although segregation of duties is one of the 
most fundamental internal control concepts, we found that some 
individuals at Education could control the entire payment process for 
third party drafts. We also found that Education employees 
circumvented a key computer system application control designed to 
prevent duplicate payments. We tested third party draft transactions 
and identified $8.9 million of potential improper payments, $1.7 
million of which remain unresolved because Education was unable to 
provide us with adequate supporting documentation. Because of the 
risks we identified in the third party draft payment process, and in 
response to a letter from the Chairman and Vice-Chairman of the 
Subcommittee on Select Education, House Committee on Education and the 
Workforce, Education took action in May 2001 to eliminate the use of 
third party drafts. 

We found that Education's inconsistent and inadequate authorization 
and review processes for purchase cards, combined with a lack of 
monitoring, created an environment in which improper purchases could 
be made with little risk of detection. Inadequate control over these 
expenditures, combined with the inherent risk of fraud and abuse 
associated with purchase cards, resulted in fraudulent, improper, and 
questionable purchases totaling about $686,000 by some Education 
employees. For example, one employee made improper charges totaling 
$11,700 for herself and a coworker to attend college classes that were 
unrelated to their jobs at the department. In another example, we 
identified almost $287,000 in questionable purchases for new office 
furniture and renovation costs related to interim space that was to be 
vacated. Further, Education could not provide any support for $152,000 
of additional purchases and does not know what was acquired with these 
funds. 

Education also lacked adequate internal controls over computers 
acquired with purchase cards and third party drafts, which contributed 
to 241 missing personal computers and computer equipment with an 
acquisition cost of about $261,500. After we completed our work in 
this area, we again visited the office where most of the computer 
equipment was missing because Education officials told us they had 
located some of the missing inventory. Although Education officials 
stated they found 73 pieces of equipment, we were able to locate only 
62 pieces of the equipment with an acquisition value of about $49,800. 
Education officials have been unable to locate the remaining 179 
pieces of missing computer equipment with an acquisition value of 
about $211,700. Segregation of duties, one of the most fundamental 
internal controls, was lacking in the office where most of the missing 
equipment was purchased. In addition, according to Education's 
Inspector General, the department had not taken a comprehensive 
physical inventory of all property, including computers, for at least 
2 years. Further, Education did not record almost $400,000 of computer 
purchases in its property records. These weaknesses created an 
environment in which computer equipment could be easily lost or stolen 
without detection. Education's Inspector General is investigating the 
disappearance of these vulnerable assets. 

During our review, Education made several changes to policies and 
procedures over disbursements to improve internal controls and program 
integrity. While these changes are positive steps, in many cases they 
have not been effectively implemented. Therefore, many of the risks we 
identified continue to exist. For example, Education developed a new 
approval process for its purchase card program; however, our testing 
of 3 months of purchase card statements under the new process found 
that over 20 percent lacked proper support for the items purchased. 

Management commitment to improving internal controls is necessary to 
minimize Education's vulnerability to future improper payments and 
lost assets and to improve financial management in general. This 
report makes recommendations that, if fully implemented, will help the 
department improve its controls so that fraudulent and otherwise 
improper payments can be prevented or detected in the future and 
vulnerable assets can be better protected. 

In commenting on a draft of this report, the Deputy Secretary 
generally agreed with our findings and recommendations and said that 
Education is developing a formal corrective action plan to address 
each of our recommendations. 

Background: 

The Department of Education's mission is to ensure equal access to 
education and to promote educational excellence throughout the nation. 
Education does this, in part, by disbursing billions of dollars each 
year in grants and loans to school districts, state education 
agencies, organizations, and individuals. Appendix I describes the 
various grant and loan programs and the amounts disbursed for these 
programs during the period we reviewed. In supporting its mission, 
Education also paid close to a billion dollars in fiscal year 2000 to 
various contractors and vendors for goods and services, including 
computers and supplies. Education used various payment methods for 
these expenses, including third party drafts and government purchase 
cards. The following table shows the amounts disbursed in fiscal year 
2000 for the various grant and loan programs and the amount of 
expenses paid by third party drafts and government purchase cards. 

Table 1: Fiscal Year 2000 Disbursements by the Department of Education: 

Disbursement type: Grants and loans; 
Amount disbursed in fiscal year 2000: $45.5 billion. 

Disbursement type: Third party drafts; 
Amount disbursed in fiscal year 2000: $23 million. 

Disbursement type: Purchase cards; 
Amount disbursed in fiscal year 2000: $8 million. 

[End of table] 

Payments for Grants and Loans: 

Education funds for various grants go directly to the recipients—state 
education agencies, schools, individuals, and school districts—and are 
to be used by the recipients for the stated purposes. Education 
disburses funds for Pell Grants and direct loans, which help finance 
the higher education of millions of students, directly to schools. 
[Footnote 4] The schools are responsible for determining student 
eligibility for these funds and for disbursing the grants and loans to 
students. The disbursement process for these grants and loans relies 
extensively on various computer information systems within Education 
and their related computer application controls.[Footnote 5] 

Each student applying for federal financial aid must complete an 
application form, either electronically or on a paper copy. This 
application includes information that is used to determine 
eligibility. The application information goes directly into 
Education's Central Processing System (CPS) if submitted 
electronically, or to a contractor for data entry into CPS if a paper 
copy is submitted. CPS matches the student data against several 
databases at other agencies, such as the Social Security 
Administration (SSA), the Immigration and Naturalization Service, the 
Selective Service System, and the Department of Veterans Affairs 
Errors can occur if the student submits wrong information or the 
information on the application was not entered correctly in CPS. If 
discrepancies are found, the application is rejected or identified for 
follow-up. Generally, the school to which the student applied must 
have correct data before it can disburse federal Education funds to 
the student. However, the school can disburse funds to the student 
without waiting for submitted corrections to be processed in the 
system. 

Third Party Drafts: 

Third party drafts are check-like instruments drawn on and paid by a 
financial institution or outside contractor. Agencies receive the 
drafts from the institution or contractor that maintains the agency 
account and may use them as an alternative to imprest funds. Education 
originally used third party drafts to pay field readers—non-Education 
employees who review grant applications. By May 1999, Education's 
policy allowed the use of third party drafts to pay for a wide variety 
of other expenses including employee local travel reimbursements, fuel 
and maintenance for government vehicles, and other "small purchases." 
The Executive Officer in each of Education's principal offices 
determined who had signature authority. Third party drafts could be 
issued for up to $10,000—a limitation that is printed on the face of 
each draft. Following our April 2001 testimony before the Subcommittee 
on Select Education, and in response to a letter from the Chairman and 
Vice-Chairman of the subcommittee, Education took action in May 2001 
to eliminate the use of third party drafts. 

Purchase Cards: 

Government purchase cards, a type of credit card, are available to 
federal agencies under a General Services Administration (GSA) 
contract and are to be used to make small purchases with minimal 
paperwork. The Department of the Treasury requires agencies to 
establish approved uses and limitations on the types of purchases and 
dollar amounts. During the period of our review—May 1998 through 
September 2000—Education's purchase card program was operating under a 
policy dated March 1990. This policy stated that purchase cards could 
be used to buy various small items such as supplies not available from 
the GSA Customer Supply Center. The policy prohibited purchases for 
nonexpendable property, such as desks, chairs, tables, and personal 
computers. 

Education's purchase card policy stated that an approving official was 
to ensure that all credit card transactions were for authorized 
Education purchases and in accordance with departmental and other 
federal regulations. The approving official signified that a 
cardholder's purchases were appropriate by reviewing and signing 
monthly statements. Education's 1990 written policy did not establish 
specific dollar limits for either the cumulative purchases in a given 
month or the total for a single purchase, known as the monthly 
purchase limit and single purchase limit, respectively. As of January 
2001, single purchase limits for individual cardholders, which were 
established by each principal office, ranged from $500 to $80,000, and 
their monthly limits ranged from $1,500 to $300,000.[Footnote 6] 
Currently, both single and monthly limits range from $500 to $30,000. 
Bank of America currently services the purchase card program at 
Education. 

Computer Purchases: 

During the time frame of our review, each individual principal office 
made its own purchases of computers and related equipment on a 
decentralized basis. There were no established policies that required 
approvals from the Office of the Chief Information Officer (OCIO). In 
July 2000, Education issued new written procedures for computer asset 
management. The procedures state that a new position, asset manager, 
will be established in OCIO. The procedures further state that 
principal offices are required to use only vendors approved by the 
department. Education is to request that these vendors bar code 
equipment before delivering it to the department with bar codes 
provided by the new asset manager. Vendors are to electronically 
submit a list of equipment with serial numbers and bar codes, which 
will be entered into the new Asset Management System before the 
equipment is delivered. The new procedures also modify procedures for 
controlling computer equipment that leaves any Education building. 
Security guards are to verify that anyone taking computer equipment 
from the building has been authorized to do so and has an appropriate 
property pass. 

Internal Control: 

Internal control is a major part of managing an organization. As 
mandated by the Federal Managers' Financial Integrity Act of 1982, the 
Comptroller General issues standards for internal control in the 
federal government.[Footnote 7] These standards provide the overall 
framework for establishing and maintaining internal control and for 
identifying and addressing major performance and management challenges 
and areas at greatest risk of fraud, waste, abuse, and mismanagement. 
According to these standards, internal control comprises the plans, 
methods, and procedures used to meet missions, goals, and objectives. 
Internal control is the first line of defense in safeguarding assets 
and preventing and detecting fraud and errors. Internal control, which 
is synonymous with management control, helps government program 
managers achieve desired results through effective stewardship of 
public resources. 

Control activities are the policies, procedures, techniques, and 
mechanisms that enforce management's directives and help ensure that 
actions are taken to address risks. Control activities are an integral 
part of an entity's planning, implementing, reviewing, and 
accountability for stewardship of government resources and achieving 
effective results. They include a wide range of diverse activities. 
Some examples of control activities include controls over information 
processing, physical control over vulnerable assets, segregation of 
duties, proper execution of transactions and events, and access 
restrictions to and accountability for resources and records. 

Management should design and implement internal control based on the 
related costs and benefits. No matter how well designed and operated, 
internal control cannot provide absolute assurance that all agency 
objectives will be met, and thus, once in place, internal control 
provides reasonable, not absolute, assurance of meeting agency 
objectives. 

Objectives, Scope, and Methodology: 

The objectives of our review were to assess internal controls in place 
from May 1998 through September 2000 and to identify any fraudulent or 
otherwise improper payments that may have resulted from control 
weaknesses in Education's processes for (1) disbursing grants and 
loans, (2) paying for purchases with third party drafts, and (3) use 
of government purchase cards. In addition, our objective was to assess 
Education's physical controls over its computer equipment from May 
1998 through September 2000 and identify any effects of weak controls. 
Further, at your request, we assessed the effectiveness of recent 
changes to Education's process for purchase card purchases, which took 
effect in July 2001 following our testimony before the subcommittee. 

To identify and assess internal controls over Education's (1) 
disbursement process for grants and loans and (2) processes for paying 
for purchases with third party drafts and government purchase cards, 
we obtained an understanding of the processes, interviewed staff and 
officials in the Office of Chief Financial Officer (OCFO) and program 
offices, and performed walk-throughs of the processes. We also 
reviewed Education's policies and procedures and reviewed our own 
reports and those by Education's OIG and independent auditors. To 
identify potential improper payments, we requested and obtained 
payment data and other supporting data from Education[Footnote 8] and 
sources external to the department, including SSA, Rocky Mountain 
Bank, and Bank of America; contracted with forensic and information 
risk management experts; and used an automated approach, including 
database searches, file comparisons, and other detailed analyses, to 
identify unusual transactions and payment patterns that may be 
improper. For those payments that we identified as potentially 
improper, we requested and analyzed supporting documentation to assess 
their propriety. To assess Education's controls over computer 
equipment, we conducted an unannounced search for computers and their 
related components that were purchased with government purchase cards 
and third party drafts and were not included in Education's asset 
management system inventory To assess the effectiveness of recent 
changes in Education's process for approving purchase card purchases, 
we reviewed a statistical sample of cardholders' monthly statements 
for July, August, and September 2001. While we identified some 
fraudulent and improper payments, our work was not designed to 
identify all fraudulent or otherwise improper payments throughout the 
department. 

Appendix II provides further details on our scope and methodology. We 
conducted our work from August 2000 through February 2002, in 
accordance with generally accepted government auditing standards, as 
well as with investigative standards established by the President's 
Council on Integrity and Efficiency. We requested comments on a draft 
of this report from the Secretary of Education or his designee. 
Written comments were received from the Deputy Secretary and are 
reprinted in appendix III. 

Controls over Grants Disbursement Process Failed to Detect Certain 
Improper Payments: 

Education's grant and loan disbursement process relies on computer 
systems application controls, or edit checks, to help ensure the 
propriety of payments. We focused our review on these edit checks and 
related controls because they are key to helping prevent or detect 
improper payments in an automated process. In our testing of the 
effectiveness of Education's controls, we found that the department 
lacked a key edit check and follow-up process that would help identify 
schools that were disbursing Pell Grants to ineligible students. As a 
result of our tests and follow-up investigation, we identified 3 
schools that fraudulently disbursed about $2 million of Pell Grants. 
These schools produced fraudulent documentation to support the grants. 
We also identified another school that improperly disbursed about $1.4 
million of Pell Grants to ineligible students. In addition, we 
identified 31 other schools with similar characteristics that we 
referred to Education for follow-up.9 In testing whether existing edit 
checks were working effectively or whether additional edit checks were 
needed, we found other grant and loan payments that were potentially 
improper. However, because Education did not provide adequate 
supporting documentation, we were unable to determine the validity of 
these transactions or conclude on the effectiveness of the related 
edit checks. We also found that a system used in the loan origination 
process contained erroneous data on some students that could affect 
the ability of the department to collect those student loans. In April 
2002, Education plans to implement a new grant and loan disbursement 
system designed to improve controls and reduce the risk of future 
improper grant payments. 

Education Lacked a Key Edit Check and Follow-up Procedures: 

Education's CPS for student aid applications lacked an edit that would 
identify students who were older than would typically be expected. In 
addition, the department lacked a formal, systematic process to follow 
up on unusual disbursement patterns identified by such an edit. To 
identify improper payments that may have resulted from the absence of 
these controls, we identified schools that disbursed Pell Grants over 
multiple years to students 70 years of age or older. We chose to test 
for students of this age because we did not expect large numbers of 
older students to be receiving Pell Grants.[Footnote 10] We identified 
707 schools that had disbursed more than 4,500 Pell Grants totaling 
about $7 million to students 70 years of age and older during the 
period covered by our review. 

Based on the initial results of our test and because of the problems 
we had identified in the past,[Footnote 11] we decided to expand our 
review of 7 of the 707 schools that had disproportionately high 
numbers of older students to include recipients 50 years of age or 
older.[Footnote 12] Our Office of Special Investigations investigated 
4 of these 7 schools and found that they disbursed approximately $3.4 
million in Pell Grants to ineligible students during this period. 
[Footnote 13] These students were ineligible because their primary 
course of study was English as a second language (ESL), and they were 
not seeking degrees or certificates.[Footnote 14] Further, most of the 
students interviewed during the investigation said that they were not 
working and were studying English in order to improve their speaking 
abilities, not to obtain a degree or certificate. The investigation 
disclosed that 3 schools generated fraudulent student admissions 
documents to create the appearance that students who were not in fact 
seeking degrees were participating in degree programs. We investigated 
2 of these 4 schools in 1993 and found similar activities, including 
the falsification of student records. 

The remaining 3 schools disbursed approximately $450,000 in Pell 
Grants and warranted additional review because they also had unusually 
high concentrations of older students who were potentially ineligible. 
We have formally referred the information on these 3 schools, as well 
as the results of our investigations of the 4 schools discussed above, 
to Education's OIG for appropriate follow-up. 

To determine whether the other 700 schools made improper Pell Grant 
payments to students 70 years of age and older, we asked Education to 
provide us with documentation supporting the students' eligibility. 
Education requested documentation from these schools. The department 
provided us with student transcripts and other data from less than 
half of the 700 schools. Based on our review of the documentation we 
received, we identified 19 additional schools that disbursed Pell 
Grants to large numbers of students who were 70 years of age or older 
and whose course of study was mainly ESL. These 19 schools made 
disbursements totaling about $573,000 to these students during the 
period of our review. We also identified 9 other schools, based solely 
on data from the Pell Grant system, that had similar disbursement 
patterns to those making the payments to ineligible students. These 9 
schools did not provide supporting documentation for approximately 
$547,000 in Pell Grant disbursements. We provided information on these 
28 schools to Education for follow-up. 

Education staff and officials told us that they have performed ad hoc 
reviews in the past to identify schools that disbursed Pell Grants to 
ineligible students and have recovered some improper payments as a 
result. However, Education did not have a formal, systematic process 
in place specifically designed to identify schools that may be 
improperly disbursing Pell Grants. In September 2001, we issued an 
interim report[Footnote 15] in which we recommended that the Secretary 
of Education (1) establish appropriate edit checks to identify unusual 
grant and loan disbursement patterns and (2) design and implement a 
formal, routine process to investigate unusual disbursement patterns 
identified by the edit checks. This type of process would serve not 
only to detect fraudulent and otherwise improper payments, but would 
also act as a deterrent to others who may be inclined toward these 
types of activities. 

In response to our work, Education told us an edit was implemented in 
January 2002 in CPS, the application processing system, that will 
identify applications that indicate a student is 75 years of age or 
older. If the student's date of birth indicates that he or she is 75 
years of age or older, the system edit will reject the application and 
the school will not be authorized to give the student federal 
education funds until the student either submits a corrected date of 
birth or verifies that it is correct. However, without also looking 
for unusual patterns and following up, the edit may not be very 
effective, other than to correct data entry errors or confirm older 
students applying for aid. 

Education is also in the process of implementing a new system called 
Common Origination and Disbursement (COD) that is to be effective 
beginning in April 2002. Education officials told us that this 
integrated system will replace the separate systems Education has used 
for Pell Grants and direct loans and other systems containing 
information on student aid, and it will integrate with applicant data 
in CPS. The focus of COD is to improve program and data integrity. 
According to Education officials, they will be able to use COD to 
identify schools with characteristics like those we identified. 
However, until there is a mechanism in place to investigate schools 
once unusual patterns are identified, Education will continue to be 
vulnerable to the types of improper Pell Grant payments we identified 
during our review. 

Lack of Adequate Support to Determine Validity of Other Payments and 
Effectiveness of Edit Checks: 

We performed several additional tests of Education's disbursements to 
identify potentially improper grant and loan payments that may not 
have been detected because of missing or ineffective edit checks. In 
addition to Pell Grant payments to students 70 years of age and older, 
we identified $28.8 million of other potentially improper grant and 
loan payments made by more than 1,800 schools to students who (1) were 
much older or younger than would be expected, (2) had social security 
numbers (SSN) that were either not in SSA's database or were in SSA's 
death records, or (3) received Pell Grants in excess of statutory 
limits. Based on supporting documentation provided to us by Education, 
we determined that $20.3 million of these payments were proper. 
Education did not, however, provide adequate supporting documentation 
to enable us to determine the validity of $8.5 million of these 
payments made by these schools. In addition, Education did not provide 
adequate supporting documentation for us to determine the validity of 
$3.5 million of Pell Grants disbursed to students 70 years of age and 
older,[Footnote 16] for a total of $12 million of grant and loan 
payments for which we could not determine the validity. Table 2 shows 
the amounts of potentially improper grant and loan payments we 
initially identified and the disposition of those amounts after we 
reviewed supporting documentation. Although Education officials told 
us they requested supporting documentation from the approximately 
1,800 schools that disbursed these funds, over 1,000 schools did not 
provide the documentation, and documentation provided by some of the 
schools was inadequate for independent verification of the validity of 
these payments. 

Table 2: Amounts of Potentially Improper Payments Initially Identified 
and Disposition of Those Amounts after Review of Supporting 
Documentation: 

Description: Pell Grants to students older than expected; 
Potential improper payments initially identified: $7.8 million; 
Payments determined to be proper: $0.9 million; 
Inadequately supported payments: $3.5 million; 
Improper payments: $3.4 million. 

Description: Grant and loan payments identified in additional tests; 
Potential improper payments initially identified: $28.8 million; 
Payments determined to be proper: $20.3 million; 
Inadequately supported payments: $8.5 million; 
Improper payments: 0. 

Description: Totals; 
Potential improper payments initially identified: $36.6 million; 
Payments determined to be proper: $21.2 million; 
Inadequately supported payments: $12.0 million; 
Improper payments: $3.4 million. 

[End of table] 

According to Education officials, if a school that did not provide 
support or provided inadequate support had only a small number of 
potential improper payments, the department did not follow up because 
it did not consider doing so a wise use of its resources. We agree 
that Education should weigh the costs of resources required to follow 
up on potential improper payments with the benefits that could be 
obtained when making such decisions. However, 20 of the schools that 
did not provide support or provided inadequate support had from 20 to 
138 instances of these potential improper payments totaling $1.5 
million.[Footnote 17] Without following up with the schools that 
exhibit such patterns, Education is missing an opportunity to identify 
problem schools, including those that may be improperly disbursing 
Pell Grant funds. Because of this, we reaffirm our previous 
recommendation that Education design and implement a formal, routine 
process to investigate unusual disbursement patterns identified by the 
edit checks. 

During our investigation of potentially improper transactions, we did 
find that direct loans and Pell Grants provided to two students were 
obtained fraudulently. The students, two brothers, submitted 
counterfeit Social Security cards and fraudulent birth certificates 
along with their applications for federal education aid. They received 
almost $55,000 in direct loans and Pell Grants. We have referred them 
to Education's OIG and SSA's OIG. The U.S. Attorney's Office is 
considering prosecuting these individuals. 

Erroneous Data Could Affect Loan Collections: 

During our tests to determine the effectiveness of Education's edit 
checks, we also found data errors, such as incorrect SSNs of 
borrowers, in the Loan Origination System (LOS). Such errors could 
negatively affect the collection of student loans because without 
correct identifying information, Education may not be able to locate 
and collect from borrowers when their loans become due. LOS processes 
all loan origination data received from schools and contains 
information on each loan and borrower. We reviewed data for more than 
1,600 loans and determined that for almost 500 of these loans, the 
borrowers' SSNs or dates of birth were incorrect in LOS. It is likely 
that many of these errors occurred during the loan origination process. 

As described earlier, when students apply for federal Education grants 
and loans, the information from their applications goes into the 
application processing system, CPS, which matches the student data 
against several databases at other agencies, including SSA. If the SSA 
match results indicate that the student's SSN or date of birth is 
incorrect, the student is notified and asked to provide corrected 
data, which is input in CPS. However, these corrections are not made 
to data in LOS. Because Education's loan collection system relies on 
data from LOS, Education's ability to locate borrowers who have 
defaulted on their loans is negatively affected. The new COD system 
discussed earlier may alleviate this situation because it will replace 
separate systems, including LOS, and will interface with CPS. If this 
system works as intended, then student data will be consistent among 
all of the department's systems because it will automatically share 
corrected data. However, until the new system is fully implemented, 
errors in LOS could impede loan collection efforts. 

Controls Over Third Party Draft Process Were Ineffective: 

Significant internal control weaknesses over Education's process for 
third party drafts, which were used to pay expenses totaling $55 
million from May 1998 through September 2000, increased the 
department's vulnerability to improper payments. In testing the third 
party draft process, we found that (1) Education employees 
circumvented a key computer system application control and (2) some 
individuals could control the entire payment process because 
accounting duties were not properly segregated. Because of these 
weaknesses, we tested third party draft transactions and identified 
potential improper payments, many of which remain unresolved because 
Education was unable to provide us with adequate supporting 
documentation. Education has since canceled its third party draft 
program. 

The circumvented computer system application control, which was 
designed to avoid duplicate payments, was an edit in Education's 
system indicating that an invoice number had already been entered into 
the system. Internal control standards require agencies to have 
adequate application controls such as automated edits that help ensure 
that transactions completed through computerized applications are 
valid, properly authorized, and completely and accurately processed 
and reported. Our review of one of Education's procedures manuals 
disclosed that the department had created a procedure that allowed 
employees to circumvent this control. The manual instructed Education 
employees to add a suffix to the invoice or voucher number when the 
system indicated that a number had already been used. For example, if 
invoice number 123 had already been entered into the system, an 
employee could add the letter "a" to this invoice number and issue 
another third party draft or other payment mechanism related to the 
invoice. Education officials told us this procedure was implemented as 
a way to allow users to issue replacement drafts in the event the 
draft had to be reissued. However, it also significantly increased 
Education's exposure to duplicate payments. 

We also found that it was common practice for Education employees to 
use multiple third party drafts to pay for purchases in excess of the 
$10,000 limit imprinted on the blank drafts. Education officials told 
us that they used multiple third party drafts to pay invoices greater 
than $10,000 primarily as a matter of convenience. For example, when 
it was necessary to research a transaction, Education officials told 
us that it was more convenient to have their own check numbers and 
copies of the checks on hand rather than having to review records of 
payments from Treasury. This process of using multiple third party 
drafts negated the control of limiting third party drafts to $10,000 
and further exacerbated Education's vulnerability to making improper 
payments. 

Another weakness in the third party draft process was inadequate 
segregation of duties; that is, some individuals could control the 
entire payment process. Segregation of duties is one of the most 
fundamental internal control concepts. To reduce the risk of fraud and 
other improper payments, key duties and responsibilities associated 
with the payment process need to be divided or segregated among 
different people. This should include separating the responsibilities 
for authorizing transactions, processing and recording them, reviewing 
the transactions, and handling the related funds. We found that some 
individuals at Education could control the entire payment process for 
third party drafts. Forty-nine Education employees could request blank 
checks. Further, 21 of these 49 individuals could also access the 
system, generate a payment without prior obligation, print and sign 
the check, and submit it to the payee. Education officials told us 
this control was lacking because, as the department moved toward 
decentralization and flexibility, the responsibility for monitoring 
and enforcing the use of the third party drafts became inconsistent 
from one organization to another. Because these individuals had the 
capacity to control the entire payment process, the department was 
vulnerable to the possibility that third party drafts could be used to 
pay for personal expenses or other improper purchases. 

One of the primary risks Education was exposed to because of these 
internal control weaknesses was the risk of overpaying invoices. Based 
on our tests of third party draft transactions, we identified 268 
instances, totaling approximately $8.9 million, in which multiple 
third party drafts were issued to the same payee with the same invoice 
number or on the same day. We reviewed the available supporting 
documents provided by Education for $7.2 million of these transactions 
and found no instances of overpayments. However, Education officials 
could not provide us with adequate supporting documentation to enable 
us to assess the validity of the remaining $1.7 million of these third 
party drafts. As a result, these remain potential improper payments. 

Because of the risks we identified in the third party draft payment 
process, and in response to a letter from the Chairman and Vice-
Chairman of the Subcommittee on Select Education, Education took 
action in May 2001 to eliminate the use of third party drafts. 

Poor Controls over Government Purchase Cards Resulted in Some 
Fraudulent, Improper, and Questionable Purchases: 

Education lacked fundamental internal controls over its purchase card 
program that would have minimized the risk of improper purchases. We 
found that Education's inconsistent and inadequate authorization and 
review processes, combined with a lack of monitoring, created an 
environment in which improper purchases could be made with little risk 
of detection. Inadequate control over these expenditures, combined 
with the inherent risk of fraud and abuse associated with purchase 
cards, resulted in fraudulent, improper, and questionable purchases by 
some Education employees. Recently, the department has made changes to 
the way it administers its purchase card program to help reduce its 
vulnerability in this area. However, because the department has not 
effectively implemented its new policies, vulnerabilities remain. 

Outdated Policies and Inconsistent Authorization and Review Created an 
Environment Susceptible to Improper Purchases: 

Treasury guidance for purchase cards states that agencies are 
responsible for developing their own procedures for using purchase 
cards, including approved uses of the cards and limitations on the 
types of purchases and dollar amounts. During the time covered by our 
review, Education's purchase card program was operating under policies 
and procedures that were implemented in March 1990.[Footnote 18] 
Education officials told us that since this policy was drafted, the 
number of cards and frequency of their use expanded significantly. 
Education's policy provided very limited guidance on what types of 
purchases were appropriate. Although Education's policy required each 
cardholder and approving official to receive training on their 
respective responsibilities, we found several cardholders and at least 
one approving official who were not trained. This lack of detailed and 
timely policies and procedures, as well as the lack of training for 
all cardholders and approving officials, resulted in a lax control 
environment for this inherently risky program. 

Internal control standards state that transactions should be 
authorized and executed only by persons acting within the scope of 
their authority to ensure that only valid transactions are entered 
into. For purchase cards, specific procedures should include (1) 
authorizing purchases, (2) monitoring monthly reports of card usage, 
(3) blocking certain Merchant Category Codes (MCC) for vendors whose 
business is unrelated to Education's mission, and (4) reviewing and 
approving monthly purchase card statements. We found serious 
deficiencies in each of these four areas that made the department 
vulnerable to improper purchases. 

Only 4 out of 14 offices within Education required cardholders to 
obtain authorization prior to making some or all purchases, although 
Education's policy required that all requests to purchase items over 
$1,000 be made in writing to the applicable department Executive 
Officer. We also found that approving officials did not use monitoring 
reports that were available from Bank of America to identify unusual 
or unauthorized purchases. For instance, if a cardholder used a 
government purchase card to obtain a cash advance, which is prohibited 
by Education's policies, the MCC for this type of vendor (a financial 
institution) would appear on the report next to the cardholder's name. 
Additionally, Bank of America can block specific MCCs to prohibit 
certain types of transactions that are clearly not business related, 
such as purchases from snowmobile or boat dealers. However, prior to 
November 2001, Education only blocked four MCCs related to gambling 
and obtaining cash advances. As discussed later in this section, the 
department recently took action to block certain other MCCs. Education 
officials told us that they had not used this control extensively 
because the department relied on the approving official's review of 
the cardholder's monthly purchase card statements to ensure that all 
purchases made by employees were proper. 

In order to test the effectiveness of the approving officials' review 
of purchase card statements, we selected 5 months of cardholder 
statements to review for certain attributes, including the approving 
official's signature. We reviewed all 903 monthly statements that were 
issued during these months, totaling about $4 million, and found that 
338, or 37 percent, which totaled about $1.8 million, were not 
approved by the appropriate authorizing official. The approval process 
was also less effective because some approving officials were not in a 
good position to know which purchases were appropriate. For example, 
we identified an employee who, in addition to regular job duties, had 
responsibility for reviewing the monthly purchases of 96 cardholders 
located throughout the country. In these situations, the approving 
official may not have had sufficient contact with cardholders to 
understand their duties and the types of purchases they would 
routinely make. Combined, the inconsistent review of purchases and the 
ineffective review process created an environment where improper 
purchases could be made with little risk of detection. 

Some Education Employees Made Fraudulent, Improper, and Questionable 
Purchases: 

Because of the extensive internal control weaknesses related to the 
department's purchase card program, we requested supporting 
documentation for the 338 monthly statements totaling $1.8 million we 
reviewed that were not properly approved, as well as for other 
transactions that appeared unusual. However, Education was unable to 
provide adequate supporting documentation to enable us to determine 
the validity of purchases totaling over $218,000. In our review of the 
available documentation, we identified some fraudulent, improper, and 
questionable purchases. 

We considered fraudulent purchases to be those that were unauthorized 
and intended for personal use. Improper purchases included those for 
government use that were not, or did not appear to be, for a purpose 
permitted by law or regulation. We also identified as improper 
purchases those made on the same day from the same vendor that 
appeared to circumvent cardholder single purchase limits.[Footnote 19] 
We defined questionable transactions as those that, while authorized, 
were for items purchased at an excessive cost, for a questionable 
government need, or both, as well as transactions for which Education 
could not provide adequate supporting documentation to enable us to 
determine whether the purchases were valid. 

We found one instance in which a cardholder made several fraudulent 
purchases from two Internet sites for pornographic services. 
Notwithstanding the relatively small amount of money involved, the 
name of at least one of the pornographic sites—-Slave Labor 
Productions.com--should have caused suspicion when it appeared on the 
employee's monthly credit card statement. To determine whether these 
purchases were approved, we obtained the monthly statements containing 
these charges. The statements contained handwritten notes next to the 
pornography charges indicating that these were charges for 
transparencies and other nondescript items. According to the approving 
official, he was not aware of the cardholder's day-to-day 
responsibilities and did not feel that he was in a position to review 
the monthly statements properly. The approving official stated that 
the primary focus of his review was to ensure there was enough money 
available in that particular appropriation to pay the bill. As a 
result of investigations related to these pornography purchases, 
Education management issued a termination letter, prompting the 
employee to resign. 

We also identified purchases totaling $4,427 from a restaurant in San 
Juan, Puerto Rico,[Footnote 20] that we determined to be improper. 
These restaurant charges were incurred during a Year 2000 (Y2K) focus 
group meeting, and included breakfasts and lunches for federal 
employees and nonfederal guests. The Statement of Work for the focus 
group notes that the travel expenses fell "under the invitational 
travel statute (5 U.S.C. 5703)." Appropriated funds may not be used to 
pay the costs of nonfederal individuals to attend meetings unless 
otherwise specifically authorized by law.[Footnote 21] Such authority 
exists in 5 U.S.C. 5703, which allows an agency to use invitational 
travel to pay the costs of nonfederal individuals to attend meetings 
if the attendees are providing direct services to the government. 
Education, however, could not provide us with any evidence that the 
nonfederal attendees provided direct services to the government. In 
fact, the Statement of Work for the focus group states that the 
purpose of the meeting was for attendees to "share their experiences 
with the Y2K issue and to assure that the education community's 
computers are compliant." Thus, rather than providing a direct service 
to the federal government, it appears that the attendees were 
receiving a benefit from the meeting. According to an Education 
official, there were eight additional Y2K focus group meetings, 
similar to the San Juan meeting, held in various cities throughout the 
United States. This official estimated that the agency paid 
approximately $45,000 in expenses for nonfederal individuals to attend 
the nine meetings. We have referred this matter to Education's OIG. 

We also found 28 improper purchases totaling $123,985 where Education 
employees made multiple purchases from a vendor on the same day. These 
purchases appear to violate the Federal Acquisition Regulation that 
prohibits splitting purchases into more than one segment to circumvent 
single purchase limits. For example, one cardholder purchased two 
computers from the same vendor at essentially the same time. Because 
the total cost of these computers exceeded the cardholder's $2,500 
single purchase limit, the total of $4,184.90 was split into two 
purchases of $2,092.45 each. In some instances, Education officials 
sent memos to the offending cardholders reminding them of the 
prohibition against split purchases. 

We identified five additional instances, totaling about $17,000, in 
which multiple purchases were made from a single vendor on the same 
day. Although we were unable to determine whether these purchases were 
improper, based on the available supporting documentation, these 
transactions share similar characteristics with the 28 split 
purchases. For example, one cardholder purchased two printers, costing 
$1,711 each, from the same vendor on the same day. The combined cost 
of these purchases, $3,422, exceeded the cardholder's $2,500 single 
purchase limit. Education provided us with no explanation for why 
these two items were purchased separately. 

We identified questionable purchases totaling $286,894 where Education 
employees paid for new office furniture and construction costs to 
renovate office space that they were planning to vacate. Only a small 
amount of furniture, including chairs for employees with special 
needs, were moved to the new building when department employees 
relocated. 

Other purchases we questioned included numerous charges, totaling 
$35,760 over several years, made by an Education employee for herself 
and a coworker to attend college. Some of the classes the employees 
took were apparently prerequisites to obtain a liberal arts degree, 
but were unrelated to Education's mission. The classes included 
biology, music, and theology, and represent $11,700 of the $35,760. 
Because the Government Employees Training Act, 5 U.S.C. 4103 and 4107, 
requires that training be related to an employee's job and prohibits 
expenditures to obtain a college degree unless necessitated by 
retention or recruitment needs, which was not the case here, we 
consider these purchases improper. Moreover, most of the monthly 
charge statements were not reviewed by anyone but the employee who 
made the charges and received more than half of the financial benefit. 
After we questioned the charges for these tuition expenses, Education 
determined that the classes costing $11,700 were improperly charged. 
As of December 2001, one of the employees had received a bachelor's 
degree and left the department; no funds had been recovered from 
either employee. 

In addition, we identified as questionable purchases totaling more 
than $218,000 for which Education provided us with no support or 
inadequate support to assess the validity of these purchases. These 
inadequately supported or unsupported purchases included charges to 
various hotels for more than $3,000, purchases of computer equipment 
and software totaling more than $22,000, and charges for various 
college and other training courses totaling about $51,000. Numerous 
other purchases were made from home electronics and appliance stores 
as well as toy, book, and furniture stores. Education could not 
provide any support for more than $152,000 of these purchases, nor 
does the department know specifically what was purchased, why it was 
purchased, or whether these purchases were appropriate. For the 
remaining $66,000, Education was able to provide only limited 
supporting documentation. As a result, we were unable to assess the 
validity of these payments, and we consider these purchases to be 
potentially improper. 

Recent Changes to Purchase Card Program Have Helped Improve the 
Overall Control Environment, but Vulnerabilities Remain: 

Our interim report, issued in September 2001, described the poor 
internal controls over Education's cash disbursement processes, 
including purchase cards. In that report, we recommended that the 
department: 

* reiterate to all employees established policies regarding the 
appropriate use of government purchase cards; 

* strengthen the process of reviewing and approving purchase card 
transactions, focusing on identifying split purchases and other 
inappropriate transactions; and; 

* expand the use of MCCs to block transactions with certain vendors. 
Recently, Education has made some changes in the way it administers 
its purchase card program in an effort to address these three 
recommendations. For example, in December 2001, the department issued 
new policies and procedures that, among other things, (1) establish 
detailed responsibilities for the cardholder and the approving 
official, (2) prohibit personal use of the card and split purchases to 
circumvent the cardholder's single purchase limits, (3) require 
approving officials to review the appropriateness of each individual 
purchase, (4) establish mandatory training prior to receiving the card 
and refresher training every 2 years, and (5) establish a quarterly 
quality review of a sample of purchase card transactions to ensure 
compliance with key aspects of the department's policy. If 
appropriately implemented, these new policies and procedures are a 
good step toward reducing Education's vulnerability to future improper 
purchases. 

Further, in July 2001, the department implemented a new process to 
approve purchase card purchases. Instead of the approving official 
signing a monthly statement indicating that all transactions are 
proper, the approval is now done electronically for each individual 
transaction. According to Education officials, most approving 
officials and cardholders received training on this new process. In 
order to assess the effectiveness of this new approval process, we 
reviewed a statistical sample of the monthly statements of cardholders 
for July, August, and September 2001. Purchases during these months 
totaled $1,881,220. While we found evidence in the department's system 
that all of the 87 statistically sampled monthly statements had been 
reviewed by the cardholder's approving official, 20 of the statements 
had inadequate or no support for items purchased, totaling $23,151. 
[Footnote 22] Based on our work, we estimate[Footnote 23] the most 
likely amount of unsupported or inadequately supported purchases 
during these 3 months is $65,817. The effectiveness of the 
department's new approval process has been minimized because approving 
officials are not ensuring that adequate supporting documentation 
exists for all purchases. In addition, these procedures do not address 
the problem of an authorizing official who does not have personal 
knowledge of the cardholder's daily activities and therefore is not in 
a position to know what types of purchases are appropriate. 

In response to our recommendation regarding the use of MCCs to block 
transactions from certain vendors, in November 2001, the department 
implemented blocks on purchases from a wide variety of merchants that 
provide goods and services totally unrelated to the department's 
mission, including veterinary services, boat and snowmobile dealers, 
and cruise lines. In total, Education blocked more than 300 MCCs. By 
blocking these codes, Education has made use of a key preventive 
control to help reduce its exposure to future improper purchases. 

Earlier in 2001, Education took action to improve internal controls 
related to the use of government purchase cards by lowering the 
maximum monthly spending limit to $30,000, lowering other cardholders' 
single purchase and total monthly purchase limits, and revoking some 
purchase cards. This action was in response to a letter from the 
Subcommittee on Select Education dated April 19, 2001, which 
highlighted our April 2001 testimony, in which we stated that some 
individual cardholders had monthly purchase limits as high as 
$300,000. These and the other steps described above have helped reduce 
Education's exposure to improper purchase card activities. However, 
more needs to be done to improve the approval function, which is key 
to adequate control of these activities. 

Poor Controls Contributed to Loss of Computer Equipment: 

As part of following up on computer purchases made with third party 
drafts and purchase cards, we assessed the controls over these 
portable assets. We found that Education lacked adequate physical 
controls over its computers, which contributed to 241 missing personal 
computers and computer-related equipment with an acquisition cost of 
about $261,500. After we completed our work in this area, we again 
visited the office where most of the computer equipment was missing 
because Education officials told us they had located some of the 
missing inventory. Although Education officials stated they had 
located 73 pieces of equipment, we were able to locate only 62 pieces 
of the equipment with an acquisition value of about $49,800. Education 
officials have been unable to locate the remaining 179 pieces of 
missing computer equipment with an acquisition value of about 
$211,700. This matter is currently under investigation by Education's 
OIG. 

From May 1998 through September 2000, the period covered by our audit, 
Education made purchases totaling more than $2.9 million from personal 
computer and other computer-related equipment vendors using purchase 
cards and third party drafts—a violation of Education's policy, which 
prohibited the use of purchase cards for this purpose. These purchases 
included personal computers, scanners, color printers, software, and 
other computer accessories. 

According to Education, during this period, the department's computer 
purchases were decentralized so that individual principal offices were 
able to purchase the types of equipment from any vendors they chose. 
This provided considerable flexibility and rapid acquisition of 
equipment, but had several drawbacks. For example, unnecessary, 
duplicate orders were placed even within the same offices. Further, 
equipment that could not be supported by Education's networked 
environment was ordered. Other equipment was ordered and then left in 
closets only to be found sometimes a year later, when it was no longer 
needed. As a result of this decentralized ordering, virtually no 
volume discounts could be used because of the small amounts of 
equipment being purchased at any given time. According to the 
Education Inspector General, the department had not taken a 
comprehensive physical inventory for at least 2 years prior to October 
2000, thus compounding the lack of accountability over this equipment. 

Education staff members who were involved with ordering and receiving 
this equipment described a process that included significant 
breakdowns in basic internal controls. Internal control standards 
state that key duties and responsibilities need to be divided or 
segregated among different people to reduce the risk of error or 
fraud. In the office where most of the missing equipment was 
purchased, two individuals had interchangeable responsibility for 
receiving more than $120,000 of computer equipment purchased by a 
single cardholder, from one particular vendor. In addition, these two 
individuals also had responsibility for bar coding the equipment, 
securing the equipment in a temporary storage area, and delivering the 
computers to the users.[Footnote 24] Furthermore, one of these two 
individuals was responsible for providing information on computer 
purchases to the person who entered the data into the department's 
asset management system. According to the cardholder who purchased the 
equipment, they did not routinely compare the purchase request with 
the receiving documents from the shipping company to ensure that all 
items purchased were received. In addition, our review of records 
obtained from the computer vendor from which Education made the 
largest number of purchase card and third party draft purchases showed 
that less than half of the $614,725 worth of computers had been 
properly entered in the department's property records. Combined, these 
weaknesses created an environment in which computer equipment could be 
easily lost or stolen without detection. 

In order to identify computers that were purchased with purchase cards 
and third party drafts that were not included in the department's 
asset management system, we obtained the serial numbers of all pieces 
of computer equipment purchased from the largest computer vendor the 
department used.[Footnote 25] We compared these serial numbers to 
those in the department's asset management system and found that 384 
pieces of equipment, totaling $399,900, appeared to be missing, 
including desktop computers, scanners, and printers. We conducted an 
unannounced inventory to determine whether these computers were 
actually missing or were inadvertently omitted from the property 
records. We located 143 pieces of equipment[Footnote 26] that were not 
on the property records, valued at about $138,400, and determined that 
241 pieces, valued at about $261,500, were missing. Education's 
Inspector General is in the process of investigating the disappearance 
of these vulnerable assets. 

After we completed our work in this area, we again visited the office 
where most of the computer equipment was missing because Education 
officials told us they had located some of the missing inventory. 
Officials in this office told us they hired a contractor to keep track 
of their computers when moving to their new space.[Footnote 27] 
According to the officials, as part of its work, the contractor 
recorded the serial numbers of all computers moved and identified 86 
of the 241 pieces of computer equipment that we were unable to locate 
during our unannounced inventory in September 2001. However, when 
Education staff and officials tried to locate this equipment, they 
were only able to find 73 of the 86 pieces of equipment. When we 
visited the department, we located only 62 pieces of equipment with an 
acquisition value of about $49,800. Education officials have been 
unable to locate the remaining 179 pieces of missing computer 
equipment with an acquisition value of about $211,700. They surmised 
that some of these items may have been surplused; however, there is no 
paperwork to determine whether this assertion is valid. 

According to Education officials, new policies have been implemented 
that do not allow individual offices to purchase computer equipment 
without the consent of the OCIO. However, during our previously 
mentioned review of a statistical sample of purchase card transactions 
made from July 2001 through September 2001, we found three 
transactions totaling $2,231 for the purchase of computer equipment 
without any supporting documentation from the OCIO. Based on these 
results, the new policies are not being effectively implemented. This 
is another indication that the new purchase card approval function is 
not operating as an effective deterrent to improper purchases. 

Further, we found mixed results in a walk-through of the new computer 
ordering and receiving processes in the office where most of the 
missing equipment was purchased. These new policies are designed to 
maintain control over the procurement of computers and related 
equipment and include: 

* purchasing computers from preferred vendors that apply the 
department's inventory bar code label and record the serial number of 
each computer on a computer disk that is sent directly to the 
Education official in charge of the property records; 

* loading the computer disk containing the bar code, serial number, 
and description of the computer into the property records; and; 

* having an employee verify that the computers received from the 
vendor match the serial numbers and bar codes on the shipping 
documents and the approved purchase order. 

However, a continued lack of adequate physical control negates the 
effectiveness of these new procedures. For example, the doors to the 
two rooms used to store computer equipment waiting to be installed 
were both unlocked and unattended. The receptionist at the mail 
counter next to the first storage room we visited told us that he had 
the door open to regulate the room temperature. The Education official 
responsible for this process stated that he did not know that mailroom 
personnel had access to this room. Furthermore, he stated that he does 
not have a key to either storage room. Also, during our second search 
for this equipment, we visited four rooms where some of the computers 
were stored and found them all to be unsecured. This lack of physical 
security was pointed out to the department nearly 7 weeks earlier when 
we first found some of its temporary computer storage rooms unsecured. 
The department's new written procedures state that security guards in 
the Washington, D.C., facilities should inspect all bags, cases, and 
boxes leaving the buildings to determine if they contain computer 
equipment, and require property passes for all equipment removed from 
the building. However, Education officials acknowledged that the 
primary focus of the building security is people and packages entering 
the building. Education officials told us that individuals could 
likely leave the building with equipment without being questioned by 
security. Without enhanced physical security, Education will continue 
to be at risk to further computer equipment losses. 

Conclusions: 

The problems we found in grant and loan payments, purchase card use, 
and physical controls over computer equipment leave Education 
vulnerable to fraudulent or otherwise improper payments, questionable 
purchases, and loss or theft of assets. While Education has taken 
steps to develop new policies and procedures to address these 
problems, in many cases they are not being effectively implemented. 
Vulnerabilities remain in all areas we reviewed, except for third 
party drafts, which have been discontinued. Until Education takes 
further action to strengthen its internal controls over Pell Grants, 
purchase cards, and computer equipment, it will continue to be 
susceptible to fraud, waste, abuse, and mismanagement in these areas. 

Recommendations for Executive Action: 

To strengthen its internal controls over Pell Grants and loans, 
purchase cards, and computer equipment and to reduce Education's 
vulnerability to improper payments and lost assets, we recommend that 
the Secretary of Education take the following actions. 

In the area of Pell Grants and loans, we recommend that the Secretary 
direct the Chief Operating Officer of student financial assistance 
programs to: 

* conduct on-site investigations, including interviews of school 
personnel and students, at the 28 schools with characteristics similar 
to those we found that improperly disbursed Pell Grants to determine 
whether the grants were properly disbursed; 

* follow up with the schools that had high concentrations of the $12 
million in potential improper payments for which the department did 
not provide adequate supporting documentation; and; 

* implement a process to verify borrowers' SSNs and dates of birth 
submitted by schools to LOS. 

In the third party drafts area, we recommend that the Secretary direct 
the Chief Financial Officer to follow up on the $1.7 million of third 
party draft payments for which the department did not provide adequate 
supporting documentation for us to use to determine their validity. 

For purchase cards, we recommend that the Secretary direct the Chief 
Financial Officer to: 

* implement an effective review and approval process that ensures all 
approving officials (1) conduct a thorough review of all purchases 
made, including the review of all supporting documentation, (2) are 
knowledgeable of the cardholders' daily responsibilities and therefore 
can effectively assess the appropriateness of each purchase, (3) are 
not reviewing a large volume of purchase card statements each month, 
and (4) are appropriately trained on how to perform their approving 
official responsibilities; 

* perform periodic tests of this new approval process and, where 
necessary, take action to ensure that approving officials comply with 
it; 

* take action to recover questioned tuition costs from the two 
employees; and; 

* follow up on the $218,000 of purchases for which the department did 
not provide adequate supporting documentation for us to use to 
determine the validity, to determine whether the purchases were proper. 

Regarding computer equipment, we recommend that the Secretary direct 
the Director, Office of Management, to: 

* conduct routine inventories of computer equipment, including 
reconciling computer purchases with property records; 

* enhance physical security over the computer storage rooms; 

* provide access to computer storage rooms only to authorized 
individuals; 

* ensure that security personnel in the Washington, D.C., facilities 
inspect all bags, cases, and boxes leaving the buildings to determine 
if they contain computer equipment and that property passes accompany 
all equipment removed from the buildings; and; 

* establish appropriate monitoring procedures to ensure that security 
personnel are actually inspecting items being removed from the 
buildings. 

Agency Comments and Our Evaluation: 

In written comments on a draft of this report, which are reprinted in 
appendix DI, the Deputy Secretary generally agreed with our findings 
and recommendations and stated that Education has made great strides 
to improve its internal controls and manage its payment processes to 
prevent and detect erroneous payments, and it is developing a formal 
corrective action plan to address each of our recommendations. 

Regarding grants and loans, the Deputy Secretary stated that, while 
there is room for improvement in Education's systems and processes, he 
believes the department's current controls are strong and provide 
reasonable assurance that its objectives can be met. He pointed out 
that the $3.4 million in Pell Grants we identified that was disbursed 
by four schools to ineligible students was less than five thousandths 
of a percent of the total disbursements we reviewed. We agree that the 
fraudulent and improper grant and loan payments we identified are a 
very small percentage of the total grants and loans disbursed every 
year. However, as we stated in our report, these improper payments 
represent an identified control risk that could easily be exploited to 
a greater extent. Although the Deputy Secretary stated that 
Education's controls were strong, he presented steps that the 
department is taking to strengthen the integrity of these payment 
processes. For example, he stated that, as an interim process, the 
department analyzed student data to identify high concentrations of 
students over 65 and eligible noncitizens at a single institution to 
determine if problems exist in the ESL programs that warrant further 
review. Also, he stated that, before we started our review, Education 
had already begun a matching process with SSA's death records. 
Further, as a result of our review, the Deputy Secretary stated that 
Education will implement an edit to identify all applicants whose 
dates of birth indicate they are 75 years of age or older beginning 
with the upcoming school year. He stated that the department is 
analyzing its data more systematically to establish baselines and 
indicators to focus its resources more effectively, and as we noted, 
the new COD system will assist Education in identifying unusual 
activity. We are encouraged by these actions, which, if properly 
implemented, should help improve internal controls over these 
vulnerable payments. 

With regards to our findings related to third party drafts, the Deputy 
Secretary stated that the department will refer the third party draft 
payments, for which we were unable to determine the validity, to the 
OIG for further investigation. 

In the purchase card area, the Deputy Secretary stated that Education 
issued an updated directive in January 2002, which strengthens the 
department's policies and practices regarding appropriate use of the 
purchase card and has trained cardholders and approving officials on 
these policies and procedures. According to the Deputy Secretary, the 
directive provides detailed instructions on cardholder and approving 
official responsibilities for reviewing and approving purchase card 
transactions. He stated the department will also provide monthly 
management reports containing information on purchase card 
transactions to each principal office for review and that the ()CFO 
will conduct quarterly internal control reviews and quality reviews of 
random sample purchase card transactions. This is an important action 
to determine whether cardholders and approving officials are following 
the directive and whether this training has effectively reduced 
unauthorized and improper purchases. The Deputy Secretary also stated 
that the department has blocked more than 300 MCCs, including those 
for wire transfer money orders, airline and car rentals, and banks. 
Regarding the improper charges for college tuition that we identified, 
the Deputy Secretary stated the department will follow established 
debt collection procedures to recover the questioned costs. 

To help it better account for its computer equipment, the Deputy 
Secretary stated that Education is developing a single comprehensive 
system that covers accountable assets from purchase to disposition. 
The Deputy Secretary also stated that the department hired contractors 
to perform an independent physical inventory, and upon completion, was 
able to locate 93 percent of the items sampled. The Deputy Secretary 
pointed out Education is in the process of documenting detailed 
property management procedures and centralizing the property 
management responsibility with its Office of Management. He also 
stated that, while the department has taken steps to enhance physical 
security over allocation, storage, and transit of equipment, and to 
ensure that only authorized individuals have access to storage areas, 
it will continue to work to improve in this area. We are encouraged by 
the department's efforts to account for and secure its computers. At 
the same time, based on our most recent search for missing computers, 
significant vulnerabilities remain unresolved. We urge the department 
to immediately focus on providing adequate physical security over 
these vulnerable assets. 

Overall, the actions the department has taken and plans to take to 
improve its controls over grant and loan payments, purchase card 
transactions, and computer and related equipment are encouraging and 
represent a positive tone at the top of the organization to improve 
internal control. As the department has recognized, it must 
continually review its processes to ensure that the improved controls 
are sustained and, therefore, will help to reduce the department's 
vulnerability to fraudulent and improper payments and lost assets and 
improve its financial management overall. 

As we arranged with your offices, unless you publicly announce its 
contents earlier, we plan no further distribution of this report until 
30 days from its date. At that time, we will send copies to the 
Ranking Minority Member of the Subcommittee on Select Education, House 
Committee on Education and the Workforce; the Secretary of Education; 
and other interested parties. We will make copies available to others 
upon request. 

Please contact me at (202) 512-9508 or by e-mail at calboml@gao.gov if 
you or your staff have any questions concerning this report. An 
additional GAO contact and staff acknowledgments are provided in 
appendix IV. 

Signed by: 

Linda M. Calbom: 
Director, Financial Management and Assurance: 

Appendix I: Description of Grant and Loan Programs Reviewed: 

The Department of Education disburses billions of dollars each year to 
recipients for various grant and loan programs. The programs we 
reviewed include formula grants, Pell Grants, discretionary grants, 
direct loans, campus-based programs, and Impact Aid. Recipients 
include schools, state agencies, organizations, and individuals. Table 
3 provides descriptions of the grant and loan programs we reviewed and 
the amounts disbursed for these programs during the period of our 
review. 

Table 3: Description of Programs and Amounts Disbursed: 

Program: Formula grants; 
Description: Grants to state education agencies based on populations 
of certain groups and per capita income; 
Amount disbursed, May 1998 through September 2000: $90.5 billion. 

Program: Direct loan program; 
Description: Includes Direct Subsidized and Unsubsidized Stafford/Ford 
Loans, Direct Parent Loans for Undergraduate Students, and Direct 
Consolidated Loans; 
Amount disbursed, May 1998 through September 2000: $57.2 billion. 

Program: Pell Grants; 
Description: Grants based on financial need to undergraduate students 
who have not earned bachelor's or professional degrees; 
Amount disbursed, May 1998 through September 2000: $17.1 billion. 

Program: Discretionary grants; 
Description: Grants awarded through a competitive process for programs 
established by Congress through authorizing legislation; 
Amount disbursed, May 1998 through September 2000: $10.7 billion. 

Program: Campus-based programs; 
Description: Financial assistance for students pursuing education 
beyond high school. Includes Federal Perkins Loan program (low-
interest loans), Federal Work-Study Program, and Federal Supplemental 
Education Opportunity Grant Program. 
Amount disbursed, May 1998 through September 2000: $3.6. 

[End of table] 

[End of section] 

Appendix II: Objectives, Scope, and Methodology: 

The objectives of our review were to assess internal controls in place 
during the period from May 1998 through September 2000 and to identify 
any fraudulent or otherwise improper payments that may have resulted 
from control weaknesses in Education's processes for (1) disbursing 
grants and loans, (2) paying for purchases with third party drafts, 
and (3) using government purchase cards. In addition, our objective 
was to assess Education's physical controls over its computer 
equipment during the period from May 1998 to September 2000 and 
identify any effects of weak controls. Further, at the subcommittee's 
request, we assessed the effectiveness of recent changes to 
Education's process for purchase card purchases, which took effect in 
July 2001 following our testimony before the subcommittee. 

To obtain an understanding of the payment processes, identify related 
controls, and assess the effectiveness of their design, we interviewed 
staff members and officials in Education's ()CFO and program offices; 
performed walk-throughs of the payment processes; reviewed Education's 
policies and procedures; reviewed previous reports we prepared, as 
well as reports issued by Education's OIG and independent auditors; 
and identified vulnerabilities in the payment processes. To identify 
potential improper payments, we requested and obtained disbursement 
and related data from Education and various external sources, 
including SSA, Rocky Mountain Bank, and Bank of America. 

Education provided us with computer-generated records on more than 19 
million disbursements totaling over $181 billion, made from May 1998 
through September 2000 from the following systems: 

* Grant Administration and Payment System (GAPS), 

* Pell Grant Recipient Financial Management System (RFMS),[Footnote 28] 

* Loan Origination System (LOS), 

* National Student Loan Data System, 

* Impact Aid system, 

* Campus-based program system, 

* Postsecondary Education Participants System, and, 

* Financial Management System Software (FMSS). 

Because of the large volume of data involved (millions of records), 
and the fact that we initially received some data in an unusable 
format, our testing extended to only selected portions of the data for 
certain systems. The majority of our tests were focused on data 
received from the GAPS, RFMS, LOS, and FMSS systems. 

In order to identify unusual grant and loan transactions that may have 
been improper payments, we searched databases, compared files, 
identified unusual transactions and patterns, and performed other 
detailed analyses to identify: 

SSNs of grant and loan recipients that were either invalid or in SSA's 
death records, 

* grant and loan recipients who were much older or younger than would 
be expected, 

* individual SSNs associated with more than one name or date of birth, 

* grants disbursed to individuals in excess of statutory limits, 

* loan disbursements with no recorded loan number in the system, 

* payments for grants and loans to schools that were either closed or 
ineligible for federal education funds, 

* payment transactions that were returned by the Federal Reserve Bank 
(FRB), 

* payment transactions that did not have FRB confirmation schedule 
numbers, 

* transactions that were posted on weekends, 

* grantees with invalid grantee ID numbers or multiple ID numbers, 

* Education employees who may have received grant funds, and; 

* disbursement records that did not contain required information such 
as a grant award number. 

To assist in our analysis and identification of improper payments, we 
contracted with forensic and information risk management experts. 

For those grant and loan payments that our tests indicated were 
potentially improper, we requested from Education documentation 
supporting their validity. After analyzing the documentation we 
received, we did the following. 

* For those recipients identified as being older or younger than 
expected, we looked for proof of age generated by a source other than 
the school or the department, such as a birth certificate, driver's 
license, or some other government-issued identification showing the 
recipient's name and date of birth. For Pell Grants, if the support 
confirmed that the recipient was older or younger than would be 
expected, we looked for proof of enrollment in an eligible program. 

* For those recipients we identified whose SSN was either invalid or 
in SSA's death records, we looked for proof of the recipient's SSN, 
such as a birth certificate, driver's license, social security card, 
or other government-issued ID that showed the recipient's name and 
SSN. If the support confirmed the accuracy of the recipient's SSN, we 
reviewed transcripts, if available, to show the recipient's dates of 
enrollment or additional support that was not generated by the school 
indicating the recipient's date of death for those students who died 
while they were receiving aid. 

* For those recipients who received grants in excess of the statutory 
limit, we looked for financial aid disbursement information from each 
institution the student attended during the award year showing the 
amounts disbursed and the dates on which the money was disbursed. We 
also looked for documentation showing repayment information, if 
applicable, or documentation demonstrating why repayment was not 
required for the recipient. 

* For direct loan recipients, we reviewed information on loan payment 
status. 

* For the schools that Education's system showed to be either closed 
or ineligible to receive federal student financial aid, we reviewed 
documentation such as audit reports and disbursement information for 
these schools. 

Separately, for the four schools we investigated that we identified as 
disbursing Pell Grants to disproportionately high numbers of older 
students, we (1) interviewed Pell Grant recipients, school officials, 
and Education officials and (2) reviewed documents from the 
recipients, the schools, and Education. 

For third party drafts, we requested and obtained data from the third 
party draft systems administrator consisting of drafts that had been 
reconciled with downloaded information from Gelco[Footnote 29] and 
matched with data in FMSS. We used these data to test for third party 
drafts that had been used to pay for split purchases greater than 
$10,000. We also reviewed data provided by the third party draft 
systems administrator to identify unusual payees. Upon identifying 
payees that we thought would not normally be engaged in business with 
Education, we requested supporting documentation, such as purchase 
orders, invoices, and receipts, to determine the propriety of the 
purchases. 

For government purchase cards, we requested data on transactions from 
November 1998 through September 2000. Based on these data, we 
performed tests to identify the following types of potential improper 
purchase card transactions: 

* unauthorized statements, such as purchases that were not properly 
reviewed by an approving official; 

* split purchases for which Education employees either split 
transactions or made multiple transactions to the same vendor on the 
same day to circumvent their single purchase limit; 

* purchases from questionable vendors; and; 

* purchases by Education employees on weekends or holidays. 

To assess Education's controls over computer equipment, we obtained 
(1) invoices from the computer vendor with the largest volume of 
purchase card purchases and (2) information from Education's asset 
management system. Using information on the invoices, including the 
serial numbers of the computer equipment purchased, we identified 
computer equipment that was purchased but not included in the asset 
management system. We then conducted an unannounced physical inventory 
of the computer equipment purchases that were not found in Education's 
asset management system. 

To assess the effectiveness of recent changes to Education's process 
for purchase card purchases, we requested monthly statements and 
invoices for purchases made during July, August, and September 2001. 
We reviewed a statistical sample of the monthly statements to 
determine whether approvals were done in accordance with the new 
policy. In addition, to identify any computer equipment that may have 
been purchased without the involvement of the OCIO and to determine 
whether purchases were sufficiently supported, we reviewed supporting 
documentation for each transaction in the statistical sample of 
monthly statements. 

While we identified some fraudulent and improper payments, our work 
was not designed to identify all fraudulent or otherwise improper 
payments. We performed our work from August 2000 through February 2002 
in accordance with generally accepted government auditing standards, as 
well as with investigative standards established by the President's 
Council on Integrity and Efficiency. We requested comments on a draft 
of this report from the Secretary of Education or his designee. 
Written comments were received from the Deputy Secretary and are 
reprinted in appendix III. 

[End of section] 

Appendix III: Comments from the Department of Education: 

United States Department Of Education: 
The Deputy Secretary: 
400 Maryland Ave., S.W. 
Washington, D.C. 20202-0500: 
[hyperlink, http://www.ed.gov] 
Our mission is to ensure equal access to education and to promote 
educational excellence throughout the Nation. 

February 28, 2002: 

Ms. Linda M. Calbom: 
Director: 
Financial Management and Assurance: 
General Accounting Office: 
Washington, DC 20548: 

Dear Ms. Calbom: 

Thank you for the opportunity to respond to the General Accounting 
Office (GAO) draft report, "Education Financial Management: Weak 
Internal Controls Led to Instances of Fraud and Other Improper 
Payments" (GAO-02-406). We believe that the Department of Education 
has made great strides to improve our internal controls, and to manage 
our payment processes to prevent and detect erroneous payments. 

Outlined below are actions underway to address GAO's recommendations. 
We are developing a formal Corrective Action Plan to address each of 
GAO's recommendations. 

SFA Grants and Loans: 

On Pell Grants and Direct Loans, GAO referred 28 schools to the 
Department for further review due to abnormal disbursement patterns. 
Nineteen of these schools disbursed $573,000 to students who were 70 
years of age and older and whose course of study was mainly English as 
a Second Language (ESL). The remaining nine schools had "similar 
disbursement patterns." We agree with GAO's concern that disbursements 
made to students aged 70 and over may be an indicator of potential 
ineligible disbursements when there is a higher than normal 
concentration of such disbursements. 

However, in analyzing the complete disbursement data for these 28 
schools, we have found that only four of the 28 schools had 
concentrations of older students that exceeded a normal range. 
However, as an interim process to address this sensitive issue, we 
analyzed National Student Loan Data System (NSLDS) data to identify 
high concentrations of students over 65 and eligible non-citizens at a 
single institution to determine if problems with the ESL program 
existed. We determined what the norm is for concentrations of such 
students and have begun to determine what constitutes "abnormal" 
concentrations, which warrant further review. With GAO and the OIG's 
assistance, we will refine our methodology for analyzing this 
information and conducting reviews at institutions. If staff suspect 
any cases of fraud and abuse, we will refer those cases to the Office 
of the Inspector General. We will continue to use NSLDS data to find 
unusual disbursement patterns until we can use our Common Origination 
and Disbursement (COD) system to provide such analysis. (See 
discussion on COD below.) 

GAO's fraud findings state that four schools disbursed approximately 
$3.4 million in Pell Grants to ineligible students. We feel it is 
important to point out that GAO reviewed SFA loan and grant 
disbursements totaling $77.9 billion at thousands of schools. The 
fraud was concentrated at four schools and represents less than five 
thousandths of a percent (.0044%) of the SFA disbursements reviewed. 

While there is still room for improvement in our systems and 
processes, we believe that our current controls are already very 
strong, and provide us with reasonable assurance that our objectives 
are met. As your report noted in Table 2, GAO's initial testing 
identified $36.6 million as potentially improper. This is about two-
hundredths of one-percent of the entire grant and loan transactions 
that GAO tested. Further, almost 58% of that amount, $21.2 million, 
was later determined to be proper. With respect to the $12 million GAO 
considers unsupported, SFA did not have sufficient time to collect the 
supporting documentation from such a large number of schools before 
the GAO submission deadline. 

We have taken several steps to strengthen the integrity of these 
payments. In fact, some of this work had begun before the GAO audit. 
For example, we began a matching process with the Social Security 
Administration's death records, and we implemented our new Recipient 
Financial Management System, increasing controls over grant payments. 
In addition, as a result of this review, we will implement an edit to 
identify all applicants whose date of birth indicates they are 75 
years of age or older beginning in 2002-03. In such cases, the 
applicant must verify his or her date of birth before his or her Free 
Application for Federal Student Aid (FAFSA) is processed completely. 
Funds cannot be disbursed to an applicant until a FAFSA is completely 
processed by our Central Processing System and an estimated family 
contribution is calculated. In December 2001, we also implemented a 
new process to identify and review schools with abnormal 
concentrations of students with unique characteristics (such as age). 

We continue to work toward strengthening our controls further. We are 
analyzing our data in a more systematic manner to establish baselines 
and indicators to focus our resources more effectively and, as your 
report noted, we will implement a new COD system that will assist us 
in identifying unusual activity. COD will also assure that borrowers' 
SSNs and dates of birth submitted by schools to the Department for the 
loan programs are verified. 

Third Party Drafts: 

The Department abolished the use of third party drafts in May 2001. 
The $1 7 million in unresolved items where adequate supporting 
documentation was not provided will be referred to our Office of 
Inspector General (OIG) for further investigation. 

Purchase Cards: 

On January 23, 2002, the Department issued an updated Administrative 
Communication System Directive on Purchase Cards. The revised 
Directive strengthens the Department's policies and practices 
regarding appropriate use of the purchase card. Since January 2001, 
the Office of the Chief Financial Officer (OCFO) has trained the 
Department's cardholders and approving officials on purchase card 
policies and procedures. ()CFO provided copies of the Directive to all 
cardholders, approving officials, executive officers, and supervisors 
with a self-test to emphasize key policy changes OCFO continues to 
answer questions and provides on-going support to cardholders and 
other relevant participants, as the Agency program coordinator and as 
the procurement resource for the Department. In addition, an on-line 
site is now available for cardholders to take a self-administered 
test, to help them determine any points of weakness in their knowledge. 

Additionally, the revised Directive and Department procedures provide 
detailed instructions on cardholder and approving official 
responsibilities for reviewing and approving purchase card 
transactions. With the new EDCAPS electronic reconciliation and 
payment approval process, the cardholder is required to provide 
reports to the approving official documenting the cardholder's 
transaction activity for the billing period. This is in addition to 
the hard copy receipts submitted for the approving official's review. 
Further, OCFO distributes monthly management reports to each principal 
office to review their cardholder purchase card transaction activity. 

As the Department program coordinator, OCFO will conduct internal 
control reviews and quality reviews of random sample purchase card 
transactions on a quarterly basis to: a) ensure that purchases above 
the micro-purchase threshold of $2,500 are only being made by 
warranted officials, b) review the appropriateness of purchases, 
including determining that individual purchases are appropriate, that 
the goods and services were properly received and accepted, that 
payment was proper through the review of merchant category codes 
(MCC), and by examining the record, c) ensure appropriate separation 
of duties between the cardholder and the approving official, and d) 
ensure that requirements are not split into more than a single 
purchase to circumvent procurement rules that apply to purchases 
exceeding the micro-purchase threshold or to circumvent purchase card 
limits. 

The Department has blocked more than 300 MCCs. Examples of merchant 
categories include: wire transfer money orders, veterinary services, 
airlines and car rentals, taxis and limousines, airline carriers, and 
banks As discussed, OCFO will utilize MCC data to identify potential 
transactions subject to restrictions when using the purchase card, or 
to identify additional MCCs that may track to improper purchases. 

With regard to the unauthorized payment of tuition with a purchase 
card, the Department will follow established debt collection 
procedures to recover the questioned costs. The Department also will 
follow up on the $218,000 in questionable purchases to determine 
validity and propriety. In addition, the Department will continue to 
work on improving our ability to readily obtain supporting 
documentation. Our newly published Directive on purchase card use 
highlights this effort. 

Computer Equipment: 

The Department is developing a single comprehensive system that covers 
accountable assets from purchase to disposition. Assets will be 
tracked and managed by a single dedicated group. We have completed a 
physical inventory of our accountable asset inventory. This property 
consisted of the following: office machines; computers, including mini-
computers, and personal computers; computer peripheral equipment; 
communications equipment; and Personal Digital Assistants. The 
Department hired KPMG and American Appraisal to perform an independent 
physical inventory. KPMG completed a physical inventory on a sample of 
819 items (out of a total 31,304 assets) representing 25 separate 
locations. KPMG's initial efforts located 58% of the items. Based on 
past experience of American Appraisal, between 40% and 60% of items 
are usually located while doing this type of verification. Upon 
completion of the initial verification, the Department performed its 
own inventory verification and also referred the results to American 
Appraisal. At the end of these three reviews, 93%, or all but five of 
the items, were located. 

The Department has come a long way in properly accounting for its 
physical assets. We are in the process of documenting detailed 
property management procedures and centralizing the property 
management responsibility within our Office of Management. In 
addition, KPMG was able to provide the Department with some valuable 
recommendations to improve our processes and procedures, and the 
Department expects to have these recommendations implemented by June 
2002. 

While we have taken steps to enhance physical security over 
allocation, storage and transit of equipment, and to ensure that only 
authorized individuals have access to storage areas, we will continue 
to work to improve in this area. We have strengthened guard security 
at our facilities to add additional oversight at the building level, 
and we are currently conducting a nationwide and comprehensive 
physical security assessment of all space where assets are housed. 

Thank you again for the opportunity to comment on your proposed 
report. We will use what we have learned during this audit to continue 
to improve our financial management processes. 

Sincerely, 

Signed by: 

William D. Hansen: 

[End of section] 

Appendix IV: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Dan Blair, (202) 512-9401: 

Acknowledgments: 

In addition to the contact named above, Lisa Crye, Anh Dang, Bonnie 
Derby, David Engstrom, Bill Hamel, Jeff Jacobson, Kelly Lehr, Sharon 
Loftin, Bridgette Lennon, Bonnie McEwan, Diane Morris, Andy O'Connell, 
Russell Rowe, Brooke Whittaker, and Doris Yanger made key 
contributions to this report. 

[End of section] 

Footnotes: 

[1] U.S. General Accounting Office, Major Management Challenges and 
Program Risks: Department of Education, [hyperlink, 
http://www.gao.gov/products/GAO-01-245] (Washington, D.C.: January 1, 
2001), and High-Risk Series: An Update, GAO-01-263 (Washington, D.C.: 
January 1, 2001). 

[2] Third party drafts are check-like instruments drawn on and paid by 
a financial institution or outside contractor. 

[3] U.S. General Accounting Office, Financial Management: Internal 
Control Weaknesses Leave Department of Education Vulnerable to 
Improper Payments, [hyperlink, 
http://www.gao.gov/products/GAO-01-585T] (Washington, D.C.: April 3, 
2001), and Financial Management: Poor Internal Control Exposes 
Department of Education to Improper Payments, [hyperlink, 
http://www.gao.gov/products/GAO-01-997T] (Washington, D.C.: July 24, 
2001). 

[4] In this report, when discussing Pell Grants and loans, we use the 
term "schools" to refer to postsecondary institutions, including 
colleges and universities, proprietary (for-profit) institutions, and 
vocational schools. 

[5] Computer application controls are directly related to specific 
computer programs. They help ensure that transactions are valid, 
properly authorized, and completely and accurately processed and 
reported. 

[6] As discussed later in this report, the limits were reduced 
following our April 2001 testimony before the Subcommittee on Select 
Education, House Committee on Education and the Workforce. 

[7] U.S. General Accounting Office, Internal Control: Standards for 
Internal Control in the Federal Government, [hyperlink, 
http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: 
November 1999). 

[8] Because Education's Pell Grant data are maintained by school year, 
the time frames for the Pell Grant disbursements we reviewed were for 
school years 1997-1998, 1998-1999, and 1999-2000. 

[9] As discussed later in this section, we referred 3 of these 31 
schools to Education's OIG and the remaining 28 schools to Education's 
Student Financial Assistance office. 

[10] A Pell Grant is a form of financial aid that is awarded to 
undergraduate students who have not earned bachelor's or professional 
degrees, and who are enrolled in degree or certificate programs. 

[11] U.S. General Accounting Office, Student Financial Aid Programs: 
Pell Grant Program Abuse, [hyperlink, 
http://www.gao.gov/products/GAO/T-OSI-94-8] (Washington, D.C.: October 
27, 1993). 

[12] The total amount of Pell Grants disbursed by the 707 schools 
increased to $7.8 million when we expanded our review. 

[13] Investigations at 2 of these schools were done in coordination 
with Education's OIG. 

[14] Under federal regulations, a Pell Grant can be obtained to study 
ESL but only if the student needs ESL to use existing knowledge, 
training, or skills, and if the student studies ESL as part of a 
degree program. 

[15] U.S. General Accounting Office, Financial Management: Poor 
Internal Controls Expose Department of Education to Improper Payments, 
[hyperlink, http://www.gao.gov/products/GAO-01-1151] (Washington, 
D.C.: September 9, 2001). 

[16] The $3.5 million includes the $1,120,000 of Pell Grant 
disbursements made by the 28 schools we previously discussed that we 
referred to Education for follow-up. 

[17] These 20 schools include the 9 schools that did not provide 
support for the $547,000 of Pell Grant disbursements that we discussed 
above. 

[18] In December 2001, Education updated its purchase card policies 
and procedures. 

[19] The Federal Acquisition Regulation prohibits splitting purchase 
card transactions into more than one segment to avoid the requirement 
to obtain competitive bids on purchases over the $2,500 micro-purchase 
threshold or to circumvent higher single purchase limits. 

[20] The Department of Education has a regional satellite office in 
Puerto Rico. 

[21] 31 U.S.C. 1345. 

[22] Subsequent to the completion of our work in this area, the 
department provided us with a copy of an invoice it had obtained to 
support one of the charges for training costing $525. According to 
Education officials, because the vendor does not routinely generate 
invoices for the training courses it provides, this invoice was not 
available at the time of our review. The approving official stated 
that she approved the charge based on a certificate of completion for 
the training course. This certificate was not in the file at the time 
of our review. 

[23] Our estimate is based on a 95-percent confidence level and used a 
test materiality of $94,061. Based on the sample results, the amount 
of improper purchases could be as much as $133,895. 

[24] One of these individuals was charged in connection with a theft 
ring that operated during the period covered by our audit. 

[25] We attempted to obtain the invoices from another vendor. However, 
it did not provide this information to us. 

[26] We did not attempt to find 1 piece of equipment because it was 
the only piece ordered by a particular office and the cardholder was 
not in when we did our unannounced inventory. 

[27] This office was in the process of moving to a new building while 
we were conducting our audit work. 

[28] Because the Pell Grant data are maintained by school year, the 
time frames for the Pell Grant disbursements we reviewed were for 
school years 1997-1998, 1998-1999, and 1999-2000. 

[29] Gelco was Education's contractor for third party drafts. Gelco 
paid the drafts and then was reimbursed by Education. 

[End of section] 

GAO’s Mission: 

The General Accounting Office, the investigative arm of Congress, 
exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO’s commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO’s Web site [hyperlink, 
http://www.gao.gov] contains abstracts and full text files of current 
reports and testimony and an expanding archive of older products. The 
Web site features a search engine to help you locate documents using 
key words and phrases. You can print these documents in their entirety, 
including charts and other graphics. 

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as “Today’s Reports,” on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
[hyperlink, http://www.gao.gov] and select “Subscribe to daily E-mail 
alert for newly released products” under the GAO Reports heading. 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. General Accounting Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Public Affairs: 

Jeff Nelligan, managing director, NelliganJ@gao.gov: 
(202) 512-4800: 
U.S. General Accounting Office: 
441 G Street NW, Room 7149:
Washington, D.C. 20548: