Improper Payments: Improvements Needed to Ensure Reliability and Accuracy in DOE's Risk Assessments and Reporting
Fast Facts
The Department of Energy (DOE) reported that it made about $36 million in improper payments—payments that shouldn’t have been made or were made in the incorrect amount—in FY 2018. But millions more dollars in FY 2018 improper payments could still be found, for example, through audits of contractors that won’t be finished until years later.
DOE doesn’t always track information to determine whether improper payments identified at a later date would increase its annual total to over $100 million—the threshold for additional reporting requirements.
We recommended that DOE track and disclose such information.
smashed piggy bank
Highlights
What GAO Found
The improper payments amounts that the Department of Energy (DOE) reported in its annual agency financial reports (AFR) for fiscal years 2015 through 2019 may not be accurate or complete. Agencies with programs that are susceptible to significant improper payments—including those with more than $100 million of improper payments in a year—are required to report statistically valid estimates of their improper payments. DOE determined these requirements did not apply, but optionally reported information on actual improper payments it made and identified in the prior year. For example, in its fiscal year 2019 AFR, DOE reported fiscal year 2018 improper payments—such as those made to contractors for unallowable costs—totaling about $36 million, less than 0.1 percent of its outlays. However, DOE did not disclose that these amounts do not include improper payments identified through reviews, audits, and investigations completed several years after it issues its AFR (see figure). For example, as of September 2019, DOE had not audited $23.8 billion of its $38.5 billion in fiscal year 2018 outlays. Such audits may increase the improper payments in a year by millions of dollars. For example, based on a 2017 audit, DOE identified $34 million in fiscal year 2010 improper payments. DOE does not always track information on the year improper payments were made that would allow it to determine whether improper payments identified later would increase the total to more than $100 million. By tracking and disclosing such information, DOE could better inform Congress, the public, and others about whether it exceeded the $100 million threshold and should be subject to additional reporting requirements.
Department of Energy's Fiscal Year 2018 Improper Payments
Note: Segments of the bar are not sized to scale and do not represent the amount of improper payments.
DOE determined that its risk of significant improper payments was low in its fiscal year 2018 risk assessment. However, GAO found that the risk assessment may not provide a reasonable basis for DOE's determination. DOE did not provide sufficient documentation to support that it considered the known lag in identifying improper payments as an inherent risk, nor did it provide sufficient documentation to support its rationale for the scale it used to score risk factors or for weighting risk ratings of payment reporting sites. For example, a payment site processing $3 million of outlays had the same weight in the overall assessment as a payment site processing $5.7 billion of outlays. As a result, DOE cannot demonstrate that its low-risk determination is reasonable and that its risk assessment process produces reliable results.
Why GAO Did This Study
Improper payments—payments that should not have been made or were made in an incorrect amount—are a significant problem in the federal government. Agencies are required to perform risk assessments to identify programs that are susceptible to significant improper payments.
House Report 115-697 included a provision for GAO to review DOE's system for tracking improper payments. This report examines the extent to which (1) the amounts reported in DOE's AFRs for fiscal years 2015 through 2019 were accurate and complete, and (2) its fiscal year 2018 risk assessment provided a reasonable basis for its risk determination. GAO reviewed DOE's improper payment reporting for fiscal years 2015 through 2019 and its fiscal year 2018 risk assessment, and reviewed documents and interviewed officials from 10 of 48 reporting sites selected to provide a range of sites and about half of fiscal year 2018 reported improper payments.
Recommendations
GAO is making nine recommendations to DOE, including to track and disclose information on improper payments identified later and determine whether these payments exceeded $100 million in any year, and to revise its risk assessment process to ensure the process has a reasonable basis and reliable results. DOE agreed with six of the recommendations, but did not agree with three recommendations, including to revise its risk assessment process. GAO maintains that the recommended actions are valid.
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Department of Energy | The Office of the Chief Financial Officer should require payment reporting sites to document their procedures for identifying, tracking, and reporting improper payments to ensure they provide consistent and comparable information about their improper payments over time. (Recommendation 1) |
DOE agreed with the recommendation. DOE updated its fiscal year 2020 payment integrity reporting guidance, issued in July 2020, to require contractors and sites to certify that they have developed and implemented procedures for implementing payment integrity requirements. Additionally, DOE established a working group to research and analyze improved methodologies to ensure sites provide consistent and comparable data.
|
Department of Energy | The Office of the Chief Financial Officer should develop a monitoring process to ensure that payment reporting sites document and implement procedures that will enable them to correctly identify and report improper payments to the OCFO. (Recommendation 2) |
DOE agreed with the recommendation. In 2021, DOE incorporated a detailed review of improper payments programs, plans, and procedures into its site visit procedures. The Office of the Chief Financial Officer has completed site visits to nine sites, and plans to continue to use the checklist during its visits to three to four sites per year, with a focus on the highest risk sites. The Office of the Chief Financial Officer collaborates with other divisions within the office and reviews the findings of the Office of the Inspector General's incurred cost audits to identify potentially high-risk sites for review.
|
Department of Energy | The Office of the Chief Financial Officer should require payment reporting sites to document policies for tracking questioned costs to resolution. (Recommendation 3) |
DOE updated its Payment Integrity Reporting Guidance for fiscal year 2023 to require sites to track questioned costs--also referred to as "unknown payments"--to resolution using the template that all sites are required to submit as part of their annual improper payments reporting. This meets the intent of our recommendation.
|
Department of Energy |
Priority Rec.
The Office of the Chief Financial Officer should track information on the year the payment occurred for all improper payments, regardless of when they are identified, and determine and disclose in DOE's AFR whether the department's total annual improper payments exceeded $100 million in any given year. (Recommendation 4)
|
DOE agreed with the recommendation. In 2021, DOE assessed its improper payments identified in fiscal years 2015 through 2019 to determine the years that those improper payments occurred. Based on this analysis, DOE determined that its improper payments did not exceed $100 million in any given year from fiscal year 2006 to present. Additionally, in 2021, DOE started tracking the year that improper payments occurred--in addition to the year they are identified--which should allow DOE to better assess whether its improper payments exceed $100 million in any given year.
|
Department of Energy | The Office of the Chief Financial Officer should clarify guidance to (1) define the factors for assessing adequacy of payment reporting sites' justifications that conducting recapture audits would not be cost-effective, and (2) require that the Office of the Chief Financial Officer review the sufficiency of these justifications against the criteria defined. (Recommendation 5) |
DOE updated its Payment Integrity Guidance for fiscal year 2023 to include a list of criteria that the Office of the Chief Financial Officer uses to assess the adequacy of payment reporting sites' justifications that conducting payment recapture audits would not be cost-effective.
|
Department of Energy | The Office of the Chief Financial Officer should evaluate whether payment reporting sites could identify enough additional improper payments through payment recapture audits to make those audits cost-effective, such as by performing audits at selected sites. (Recommendation 6) |
DOE updated its Payment Integrity Guidance for fiscal year 2023 to include a list of criteria that reporting sites are to address in their justifications that conducting payment recapture audits would not be cost-effective. According to DOE officials, the sites continued to find that payment recapture audits are not cost effective to recover improper payments. This is primarily because the sites already use other strategies to identify improper payments. Updating the criteria used to determine whether conducting payment recapture audits would be effective and meets the intent of our recommendation.
|
Department of Energy | The Office of the Chief Financial Officer should revise DOE's department-level process for conducting improper payment risk assessments to include (1) developing and documenting the rationale for the variable scale used to score risk factors and weighting of the payment reporting sites; and (2) documenting DOE's consideration of the inherent risk associated with the lag in identifying certain improper payments subsequent to the fiscal year they occurred to ensure that the process results in a reliable assessment of whether the department is susceptible to significant improper payments. (Recommendation 7) |
DOE did not agree with the recommendation. DOE revised its risk assessment template for its fiscal year 2021 assessment and included documentation of the variable scale for risk factors and the weighting of those factors. Regarding the consideration of inherent risk, DOE updated its Payment Integrity Reporting Guidance for fiscal year 2021, including the risk assessment template, to include consideration of unknown payments, which are those that have not been determined to be allowable or improper.
|
Department of Energy | The Office of the Chief Financial Officer should revise DOE's department-level policies and procedures for reviewing risk assessments submitted by payment reporting sites to require a review and approval of the documentation supporting these assessments to help ensure the accuracy of the sites' assessments. (Recommendation 8) |
DOE requires payment sites to maintain documentation supporting its risk assessments. DOE reviews the documentation as part of the site visits the Office of the Chief Financial completes to payment sites each year. Since 2021, staff from the Office of the Chief Financial Officer have completed visits to and reviews of documentation at nine sites. This meets the intent of our recommendation.
|
Department of Energy | The Office of the Chief Financial Officer should revise DOE's department-level policies and procedures for conducting improper payment risk assessments to define the process for overriding a payment reporting site's risk determination, when appropriate. (Recommendation 9) |
DOE agreed with the recommendation. DOE officials revised the department's risk assessment template used for fiscal year 2021 so that it is no longer subjective or based on the site's judgement. Instead, the template includes questions about the specifics of the site's operations, including program history, complexity, volume, program changes, inherent risk, deficiencies, internal controls, oversight, and data systems. The responses to these questions are used to calculate the risk for each payment category using an automated spreadsheet. According to DOE officials, they do not override a site's determination; rather, they work with sites to determine the correct rating.
|