An initiative of the President’s Management Agenda, implemented in August 2001, is the identification and reduction of improper payments within the federal government. Improper payments are payments that should not have been made or payments that were made for an incorrect amount because of errors, poor business practices, or intentional fraud or abuse. Improper payments include: (1) payments to an ineligible recipient, (2) payments for an ineligible service, (3) duplicate payments, (4) payments for services not rendered, and (5) payments that do not account for credit for applicable discounts. Additionally, when an agency is unable to discern whether a payment was proper due to insufficient or lack of documentation, this payment must also be considered an error.¹

According to a February 2006 Office of Management and Budget (OMB) report, Improving the Accuracy and Integrity of Federal Payments, the government-wide improper payment total reported for fiscal year (FY) 2005 was $37.3 billion. The report also found that the amount reported for FY 2005 was approximately $7.8 billion less than the $45.1 billion reported in FY 2004.² However, improper payments remain a significant problem in the federal government.

In recent years, legislation has been enacted to address this problem followed by implementation of guidance from OMB. This legislation requires government agencies to conduct program inventories and assess each program’s risk of making improper payments. Additionally, government agencies are to report on progress made in identifying and recovering improper payments.

Background

Two federal laws address the prevention, identification, and recovery of improper payments. Pub. L. No. 107-300 (2002), the Improper Payments Information Act of 2002 (IPIA), requires the heads of federal agencies to annually: (1) review all programs and activities to identify those susceptible to significant improper payments, (2) estimate the amount of improper payments, and (3) report the estimate to Congress. Additionally, for improper payments estimated in excess of $10 million, the agency must report the actions it is taking to reduce improper payments, including a discussion of the potential causes, a statement on whether the agency's information system and infrastructure are adequate to reduce improper payments, and a description of the steps taken to ensure agency managers are held accountable for reducing improper payments.

Pub. L. No. 107-107 (2001), the National Defense Authorization Act for FY 2002 (NDAA), Subchapter VI - Recovery Audits, requires all agencies that enter into contracts totaling more than $500 million in a fiscal year to carry out a cost‑effective program to identify errors in payments and recover amounts erroneously paid.

Between January and May 2003, OMB issued three memoranda that provided additional guidance related to the IPIA and the NDAA. In August 2006, these three memoranda were consolidated into OMB Circular A‑123, Appendix C, Requirements for Effective Measurement and Remediation of Improper Payments, which became effective immediately for the FY 2006 Performance and Accountability Report (PAR).³

OMB Circular A-123, Appendix C details the IPIA information that should be included within an agency’s PAR and requires that “when an agency’s review is unable to discern whether a payment was proper as a result of insufficient or lack of documentation, this payment must also be considered an error.”

For recovery auditing, OMB Circular A-123, Appendix C permits contingency fee contracts, which allow a portion of recovered funds to be used to pay recovery audit contractors. OMB Circular A-123, Appendix C also provides guidance on the disposition of recovered amounts and directs affected agencies to submit annual reports detailing recovery audit activities. Additionally, the guidance states that "agency Inspectors General and other external agency auditors are encouraged to assess the effectiveness of agencies' recovery audit programs."

OMB issued Circular A-136 - Revised July 2006, Financial Reporting Requirements, which superseded Memorandum M‑04‑20, FY 2004 Performance and Accountability Reports and Reporting Requirements for the Financial Report of the United States Government, July 2004. Memorandum M-04-20 directed agencies to include a description of recovery audit activities in the PAR for FY 2004 forward. OMB Circular A-136 - Revised July 2006, requires additional information to be included in an agency’s annual IPIA report, such as information from grant‑making agencies, an improper payment reduction outlook table, a list of contracts excluded from the recovery audit program, and a table detailing the overall recovery audit effort.

In March 2006, the Department of Justice’s (DOJ) Justice Management Division (JMD) issued the Financial Management Policies and Procedures Bulletin 06‑11 (Bulletin 06‑11), which provides direction on recovery audit programs and the IPIA for DOJ components.

Prior Audit

In April 2005, the Office of the Inspector General (OIG) issued an audit report on the Department of Justice Process for Identifying, Preventing, and Recovering Improper and Erroneous Payments, Audit Report Number 05‑19. The audit included four DOJ components: (1) the Federal Bureau of Prisons (BOP), (2) Office of Justice Programs (OJP), (3) Federal Bureau of Investigation (FBI), and (4) United States Marshals Service (USMS). The audit found that:

• The USMS and OJP risk assessments were not adequate to completely measure the risk of improper payments for all programs the components administered.

• The BOP, OJP, and USMS IPIA reports did not contain a complete description of the risk assessment performed.

• Weaknesses were identified in certain FBI and USMS policies and procedures used to prevent improper payments.

• None of the risk assessments included an analysis or consideration of any material weaknesses, reportable conditions, or non‑compliance matters resulting from the components’ annual financial statement audits.
• The FBI, OJP, and USMS did not have processes in place to determine the full extent of improper payments.

• The BOP and OJP initiated recovery audit programs but had not implemented written policies and procedures. Additionally, the FBI and USMS had not initiated any type of formalized recovery audit program.

• JMD did not have an official reporting mechanism in place to monitor each component’s recovery audit activities. Additionally, JMD’s recovery audit guidance was not adequate to ensure consistency among the components related to progress in implementing and maintaining a recovery audit program.

The OIG provided recommendations to these conditions. At the time of this audit, all 22 recommendations had been agreed upon, 13 have been fully implemented, and 9 are in the process of being implemented.

Audit Approach

This audit was requested by JMD to review the remaining DOJ components. Based on the magnitude of the government-wide improper payments identified in the February 2006 OMB report and the findings identified in the April 2005 OIG audit, we conducted a follow‑up audit, which included the: (1) Offices, Boards and Divisions (OBDs); ⁴ (2) Federal Prison Industries (FPI); (3) Drug Enforcement Administration (DEA); and (4) Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF).

The purpose of the audit was to assess these components’ processes for preventing, identifying, and recovering improper and erroneous payments. Specifically, the objectives of the audit were to determine whether the components established:

• policies and procedures for preventing improper and erroneous payments,

• policies and procedures for identifying improper and erroneous payments, and

• methods to recover improper and erroneous payments.

We reviewed the FY 2005 IPIA reports submitted by the components to JMD. The information in these reports was analyzed in conjunction with Bulletin 06-11, dated March 2006. We used this approach in order to identify any necessary enhancements for full compliance in the FY 2006 IPIA reporting period.

Summary of Findings and Recommendations

Preventing Improper and Erroneous Payments

We reviewed the policies and procedures to prevent improper payments that were used by management at the OBDs, FPI, DEA, and ATF, and the risk assessment prepared by each of those components.

In evaluating the components’ efforts, we determined that the risk assessments conducted by the OBDs, FPI, and ATF did not include an analysis of the results from the most recent financial statement audit as required by Bulletin 06-11. We also found that the OBDs’ risk assessment did not include a review of federal award payments made by the recipients and subrecipients as required by Bulletin 06‑11. In addition, we found that ATF did not conduct a risk assessment or program inventory for FY 2005 as required by Bulletin 06-11.

We recommend that JMD evaluate the recent changes to OMB Circular A‑123, Appendix C and determine whether changes need to be made to Bulletin 06‑11. We also recommend that Bulletin 06-11 be updated to include component disclosure of: (1) an unqualified, qualified, or no‑assurance opinion related to the adequacy and effectiveness of internal controls and the effectiveness of the internal controls over financial reporting, following the requirements of OMB Circular A-123 revision, Management’s Responsibility for Internal Control; (2) the reason for the opinion and its effect on the component's risk of making improper payments; and (3) any corrective actions being taken to address the opinion and the component's risk.

Identifying and Recovering Improper and Erroneous Payments

JMD oversees DOJ components’ compliance with the IPIA and the NDAA. In addressing this function, JMD has issued guidance that is detailed in Bulletin 06‑11 on complying with the IPIA and on conducting recovery audits. After comparing Bulletin 06-11 to applicable laws and regulations, we recommend that JMD improve Bulletin 06-11 by including time limits for confirming or providing documentation refuting any improper payments identified by the recovery audit contractor.

In assessing the components’ efforts in identifying and recovering improper payments, we reviewed laws and regulations applicable to recovery audit activities, including Bulletin 06-11. We reviewed each component’s FY 2005 IPIA report, which included a description of its recovery audit program, and reviewed the recovery audit program in place at each component. In addition, we interviewed component officials and reviewed policies and procedures used by the OBDs, FPI, DEA, and ATF to identify and recover improper payments.

Table 1 illustrates the amounts identified and recovered by DOJ components included in this audit.

Offices, Boards and Divisions. JMD manages the recovery audit program for the OBDs. Beginning in May 2003, the OBDs utilized a private contractor to conduct recovery audits. Payments made from FYs 1999 through 2004 were reviewed by the private contractor, as of April 2006. While this effort was ongoing, the recovery audit contractor identified improper payments totaling $1,198,443 for all of the OBDs. At the time of our audit, the recovery audit contractor stated that $916,711 (76 percent) had been recovered and $281,732 remained to be recovered. Additionally, the six OBD subcomponents included in our audit identified an additional $215,212 in improper payments, of which the subcomponents stated $203,896 (95 percent) was recovered, and $11,316 remained to be recovered.

However, we determined that the OBDs could be underreporting the improper payment amounts identified and recovered to JMD, due to breaks in communication. These breaks occur when the OBD subcomponents do not utilize the Notification of Erroneous Payments form (Attachment 2 of Financial Management Policies and Procedures Bulletin 05‑03⁷) when reporting improper payments to JMD. Additionally, the OBDs’ recovery audit program did not consider a review of all categories of payments as required by Bulletin 06‑11. Specifically, a review of all grant payments was not included in the OBDs’ recovery audit program.

Federal Prison Industries. Beginning in July 2004, the FPI began using a private contractor to conduct recovery audits. Payments made in FY 2003 were reviewed and vendor letters requesting reimbursement for overpayments were sent for FYs 2003 through 2005. As of April 2006, a total of $43,182 in improper payments had been identified and confirmed from those fiscal years, and the FPI stated that $12,355 (29 percent) of this amount had been recovered. The FPI stated that it is in the process of recovering the remaining $30,827 from a single vendor and has requested that the funds be returned.

We determined that the FPI does not include a contract compliance review as required by Bulletin 06‑11. Specifically, according to FPI management, the contract compliance review had not started because the recovery audit contractor is not at the level to conduct this review. The recovery audit contractor operates in phases, and has not implemented the review yet. Further, we found that the FPI had not implemented a final written policy for its recovery audit program as required by Bulletin 06-11.

Drug Enforcement Administration. Although the DEA's initial recovery audit program began in FY 2004 and continued through FY 2005, it was not a comprehensive recovery audit program. Instead, a statistical sample of payments pulled from a population of all DEA payment categories, except payroll, were selected and tested to determine if any improper payments were made. Additionally, improper payments were identified by Contracting Officer Technical Representatives, Financial Management Division, as well as through other internal controls. In FY 2006, the DEA established a new recovery audit program, administered by the Financial Analysis and Reporting Unit (FNOF). The FNOF reviews all payments applicable to the IPIA, instead of sampling payments. This effort constitutes a comprehensive recovery audit program. As of May 2006, a total of $403,305 in improper payments were identified and confirmed from FYs 2003 through 2005. The DEA stated that it has recovered $386,833 (96 percent) of this amount and is in the process of recovering the remaining $16,472.

Bureau of Alcohol, Tobacco, Firearms and Explosives. Although ATF began its internal recovery audit activities in 2001, as of May 2006, ATF stated that it had recovered only $8,830 (21 percent) of the $42,465 in improper payments it had identified, leaving $33,636 still to be recovered. ATF officials stated that they planned to pursue the remaining amount, as well as pursue collection of all identified improper payments.

We determined that ATF did not consider a review of all categories of payments required by Bulletin 06‑11. Specifically, ATF should expand the scope of its review to include all payments made from FY 2003 forward. Further, ATF could be underreporting the improper payment amounts identified and recovered to JMD because it is not tracking improper payments separately from other debts and it is not maintaining information on the scope of the improper payments identified and recovered.

We also noted that ATF needs to improve its policy implementation and compliance with existing requirements. We found that ATF should demonstrate progress toward utilizing the recovery audit contractor or in developing an internal recovery audit program compliant with all areas of Bulletin 06‑11 and other applicable laws and regulations. In addition, we found that ATF did not have a final written policy for its recovery audit program, which should be developed and implemented when a program is in place as required by Bulletin 06-11.

1. The scope of this audit did not include improper payments identified when an agency was unable to discern whether the payment was proper due to insufficient or lack of documentation. This type of improper payment was first defined in Office of Management and Budget Circular A-123, Appendix C, Requirements for Effective Measurement and Remediation of Improper Payments, August 2006.

2. Office of Management and Budget, Improving the Accuracy and Integrity of Federal Payments, February 2006.

3. The PAR is an annual report that provides information on an agency’s actual performance and progress in achieving the goals in its strategic plan and performance budget.

4. In order to assess the OBDs, we selected a sample of six subcomponents of the OBDs to review and conclude upon compliance with the IPIA and the NDAA. The subcomponents selected were the: (1) Regime Crimes Liaison Office (RCLO), (2) Office on Violence Against Women (OVW), (3) Civil Division (CIV), (4) Office of Community Oriented Policing Services (COPS), (5) Executive Office for Immigration Review (EOIR), and (6) Wireless Management Office (WMO). The methodology for the selection of the OBD subcomponents is detailed in Appendix I.

5. These totals are the amounts the recovery audit contractor identified and recovered for all of the OBD’s components.

6. These totals are the additional amounts identified and recovered by the six OBD subcomponents that were included in the scope of this audit. The subcomponents included the: RCLO, COPS, OVW, WMO, CIV, and EOIR.

7. Financial Management Policies and Procedures Bulletin 05‑03, November 2004, details the OBDs’ procedures for preventing, identifying, and recovering improper payments, including controls built into the OBDs’ financial management system.