oversight

Department Progress in Implementing Corrective Actions for Prior Audits of Programs that Subsequently Received Funding Under the Recovery Act

Published by the Department of Education, Office of Inspector General on 2010-07-12.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

            U.S. Department of Education
             Office of Inspector General


    American Recovery and
    Reinvestment Act of 2009
      Department Progress in Implementing Corrective Actions for
Prior Audits of Programs that Subsequently Received Funding Under the
          American Recovery and Reinvestment Act of 2009

                    Final Alert Memorandum




  ED-OIG/L20K0003                                  July 2010
Final Alert                              UNITED STATES DEPARTMENT OF EDUCATION
                                              OFFICE OF INSPECTOR GENERAL

                                                                                                          AUDIT SERVICES


                                                                                                       Control Number L20K0003

                                                               July 12, 2010

FINAL ALERT MEMORANDUM

TO:                     Phil Maestri, Director
                        Risk Management Service

                        Hugh Hurwitz, Deputy Chief Financial Officer
                        Office of the Chief Financial Officer

FROM:                   Keith West, Assistant Inspector General for Audit /s/
                        Office of the Inspector General

SUBJECT:                Department Progress in Implementing Corrective Actions for Prior Audits of
                        Programs that Subsequently Received Funding Under the American Recovery and
                        Reinvestment Act of 2009

The purpose of this Final Alert Memorandum is to report progress made by the U.S. Department
of Education (Department) in expediting corrective actions from prior Office of Inspector General
(OIG) audits of programs that subsequently received funding under the American Recovery and
Reinvestment Act of 2009 (Recovery Act).

In February and April 2009, the Office of Management and Budget (OMB) issued two
memoranda with government-wide implementing guidance for Recovery Act programs. 1 The
guidance requires agencies to identify, prioritize, and develop plans to mitigate risks associated
with Recovery Act programs. As part of this effort, the guidance states that agencies should
expedite final actions with respect to findings from prior audits and investigations affecting
programs funded by the Recovery Act or explain why such actions cannot or should not be
taken.

On March 19, 2009, OIG provided a Recovery Act Advisory Memorandum (prior memorandum)
which identified unimplemented corrective actions from OIG audits to assist the Department in
implementing the OMB requirements. This alert memorandum provides updated information on
the status of these corrective actions and assesses the Department’s progress in meeting OMB
requirements.

1
 See the Background section of this report for detailed excerpts from guidance issued by the OMB and other
authorities related to the audit resolution and implementation of corrective actions.



    The Department of Education's mission is to promote student achievement and preparation for global competitiveness by fostering educational
                                                      excellence and ensuring equal access.
Final Alert Memorandum
ED-OIG/L20K0003                                                                         Page 2 of 12



                         RESULTS AND RECOMMENDATIONS


In the prior memorandum, OIG identified 152 recommendations for which corrective actions had
not yet been implemented as of February 28, 2009. The recommendations were from OIG audits
issued prior to September 2008 and as such represent audits of funds expended prior to the
enactment of the Recovery Act. The prior audits did not review Recovery Act funding but
included recommendations related to programs that subsequently received funding under the
Recovery Act, as described in the OMB guidance.

As of April 30, 2010, we found the Department made progress in completing corrective actions
for internal audits; however, the majority of corrective actions for external audits had not been
implemented. In total, corrective actions for 99 of the 152 recommendations (65 percent) had
not been completed in the l4 months since the prior memorandum.

Department staff stated that no specific efforts were made to expedite implementation of
corrective actions from audits of programs that subsequently received funding under the
Recovery Act. Although the Department had included consideration of prior audits in its risk
mitigation plan, other than the list provided by OIG through the prior memorandum, it had not
taken action to identify all relevant prior audits, such as single or compliance audits, or audits
conducted by the Government Accountability Office (GAO). Nor had the Department assessed
the status of its progress in this area, although such an assessment was included in its risk
mitigation plan. Without a complete list of the audits, corrective actions to be implemented, and
an assessment of progress made, the Department cannot ensure that corrective actions were being
expedited as required by OMB.

Through review of Federal and State Web sites, we noted that 9 of the 11 entities involved in the
prior OIG external audits subsequently received funding under the Recovery Act. The
Department may be vulnerable to criticism for providing Recovery Act funds to these entities, or
permitting subrecipient awards to these entities, without first requiring correction of known
conditions that impair the entities’ abilities to use and account for the funds in accordance with
applicable requirements, or without first providing conditions on the grants or subgrants to
ensure Recovery Act funds are protected and used for their intended purposes.


Status of Corrective Action Implementation for Previously Identified OIG Audits

A list of the internal and external OIG audit reports identified in the prior memorandum,
detailing the numbers of recommendations for which corrective actions were not yet
implemented as of February 28, 2009, and as of April 30, 2010, is provided as Attachment B.
The prior memorandum is provided as Exhibit 1. Summary information is provided below.
Final Alert Memorandum
ED-OIG/L20K0003                                                                         Page 3 of 12

Internal Audit Recommendations

The prior memorandum identified 38 recommendations from 12 internal audits for which the
Department had not implemented corrective action. As of April 30, 2010, corrective actions for
6 of these recommendations (16 percent) had still not been completed. These audits were issued
by OIG in FY 2007 and FY 2008. The corrective actions that had not yet been implemented
addressed recommendations related to data quality and reporting, grant monitoring, and
information technology (IT) security. All of these issues remain relevant to the Department’s
administration of Recovery Act programs.


External Audit Recommendations

The prior memorandum identified 114 recommendations from 11 external audits that the
Department had not yet resolved. Resolution is the process by which the management decision
is issued to the auditee as to what corrective actions are to be taken to address the
recommendations. We found that 9 of the 11 entities involved in the prior audits subsequently
received funding under the Recovery Act. These entities related to 91 of the 114
recommendations identified in the prior memorandum. As of April 30, 2010, 82 of the 91
recommendations (90 percent) from these 9 external audits remained unresolved. The audit
reports were issued as long ago as FY 2005, with the most recent issued in FY 2008. Since
OMB Circular A-50, Audit Followup, requires audits to be resolved in a maximum of 6 months,
each of these external audits was overdue for resolution, some significantly overdue, at the time
of the prior memorandum.

For external audits, the Department’s resolution process includes review of the OIG audit report
and other documentation prior to providing its management decision. In its response to the draft
alert memorandum, the Department also reported actions in process to work with the auditees on
implementing corrective actions during the resolution process. In some cases, the Department
reported placing special conditions on the grants or freezing grant funding to mitigate risks
associated with the unresolved recommendations (see Attachment A for the Department’s
response). Until the Department issues its decision, however, the external auditee is under no
obligation to change its operations or processes to correct weaknesses or deficiencies noted, or to
return funds that were inappropriately expended. Since February 28, 2009, only 3 of the 9
external audits have been resolved. Until the Department resolves the audits, any weaknesses or
deficiencies may continue, placing additional funds at risk for inappropriate use.

The external audit recommendations that remain unresolved addressed unallowable costs
charged to grants, lack of adequate documentation to support costs charged to grants, weaknesses
in accounting systems and internal controls, use of Federal funds to supplant non-Federal funds,
weaknesses in contract monitoring, conflicts of interest, and training needed for grant and
contract administration staff. All of these issues remain relevant to the Department’s and the
entities’ administration of the Recovery Act programs.
Final Alert Memorandum
ED-OIG/L20K0003                                                                          Page 4 of 12



Department Risk Mitigation Plan

The Department’s Recovery Act risk mitigation plan followed the template provided in OMB
guidance and also added a column entitled “Impediments to Mitigation Actions.” Risks 11 and
12 of the plan addressed audit resolution and corrective action implementation for internal and
external audits, respectively.

       Risk 11 – [Department of Education] ED has not completed corrective actions
       related to OIG and [Government Accountability Office] GAO audits of ED
       programs – Weaknesses in program operations or management that are identified by
       internal audits and remain unresolved or for which corrective actions are not complete
       leave programs with some degree of continuing risk.

       Risk 12 – ED has not resolved outstanding findings of OIG and [OMB Circular] A-
       133 audits of grantees – Known weaknesses in grantees’ grants management continue
       because ED OIG external and A-133 audits are not resolved and closed.

Under Risk 11, the plan assigned the responsible office as the individual offices for the grant
programs, and included a plan to review the status of the audits early in calendar year 2010. The
Department listed as impediments to mitigation actions limited resources and staff expertise to
develop and execute corrective action plans, and that some corrective actions will take a long
time to complete.

Under Risk 12, the Department assigned the Office of the Chief Financial Officer (OCFO) and
individual program offices as responsible offices. There was no information included in the plan
related to a trigger for reassessing the area or a review of the status of the area at a later date.
The Department listed as impediments to mitigation actions lack of resources for audit resolution
and follow-up.

We met with Department officials in Risk Management Service (RMS), the office that
coordinated development of the Recovery Act risk mitigation plan. RMS stated that it did not
“own” these particular risks and was not responsible for following up on actions taken. RMS
stated it was not aware whether progress in the area had been reassessed or whether responsible
offices had provided updates in this area. RMS stated that the risk plan was available on a
shared drive for Department staff but that it had not been officially distributed with a
memorandum or email or other guidance regarding implementation or requirements for progress
reports or other updates.

The Office of the Chief Financial Officer (OCFO) Financial Improvement and Post Audit
Operations (FIPAO), Post-Audit Group (PAG), is the office responsible for Department-wide
oversight of the audit resolution and follow-up process. PAG stated the Department’s Audit
Accountability and Resolution Tracking System (AARTS) includes information for all audits –
those conducted by OIG, GAO, and non-Federal auditors under the Single Audit Act. PAG
stated that through AARTS, individual principal offices have access to information regarding
resolution and corrective actions and are responsible for taking appropriate actions.
Final Alert Memorandum
ED-OIG/L20K0003                                                                        Page 5 of 12

PAG stated that no new processes or reporting was developed to address the OMB requirements.
Other than the list provided by OIG through the prior memorandum, PAG was not aware of any
list developed of all audits that included weaknesses or deficiencies in programs funded under
the Recovery Act. PAG stated no special reports have been generated and no specific efforts
were made to expedite corrective actions of these audits over other audits. PAG was not aware
of any assessment of progress made in this area.

OMB continues to emphasize the timely implementation of corrective actions related to
Recovery Act programs and the OMB memoranda discussed remain in effect. OMB issued
further guidance in March 2010 to require agencies to prioritize and expedite corrective actions
on Recovery Act program single audit findings with the highest risk.

The data presented in the prior OIG memorandum included reports issued prior to September
2008. Since that time, OIG has issued 23 additional internal and external audit reports resulting
from our reviews of programs that subsequently received funding under the Recovery Act and
from reviews of the implementation of the Recovery Act by the Department and by external
entities. These additional reports and products included 203 total recommendations related to the
programs. (A list of these products and the numbers of recommendations made in each is
provided as Attachment C to this memorandum.)


Recommendations

To ensure actions are taken to meet OMB requirements and to enhance effective implementation
of the Recovery Act risk management plan, OIG recommends that the Director, Risk
Management Service, in conjunction with the Chief Financial Officer:

1.1    Identify corrective actions that have not yet been completed regarding weaknesses or
       deficiencies disclosed by audits in programs that subsequently received funding under the
       Recovery Act, or in audits or other reviews of the Department or external entities’
       implementation of the Recovery Act. This identification process should include review
       of prior and more recent audits from all sources – OIG, GAO, and non-Federal auditors,
       as well as any relevant investigations, as provided in OMB guidance.

1.2    Based on the above, prioritize audit resolution activities and corrective action
       implementation for the findings with the highest risks to protect the integrity of Recovery
       Act and other funding and to enhance internal control over and management of these
       programs. As stated in the prior memorandum, OIG is prepared to assist the Department
       in providing additional information it may need to expedite resolution and corrective
       actions for OIG audits.

1.3    Develop and implement a periodic monitoring process to measure progress in expediting
       audit resolution and implementing corrective actions for the identified audits and other
       reviews, and provide status reports to the Department’s senior leadership and affected
       managers.
Final Alert Memorandum
ED-OIG/L20K0003                                                                          Page 6 of 12

1.4    Ensure all appropriate Department officials are aware of their responsibilities for items
       included in the Recovery Act risk mitigation plan by distributing the plan, assigning
       coordinating offices as needed, and providing guidance on any requirements for status or
       progress reports.


Department Response:

A draft of this memorandum was provided to RMS and OCFO for comment. In its response, the
Department stated it “agreed with the importance of addressing significant audit findings in a
timely manner; having appropriate follow-up and accountability measures in place; and
prioritizing limited resources to ensure that funds under the American Recovery and
Reinvestment Act of 2009 and all of the programs administered by the Department are
administered properly.” The Department agreed that the majority of the auditors’
recommendations had not been fully resolved within the six-month timeframe set form in OMB
Circular A-50.

The Department provided statistical information on the status of resolution for the
unimplemented external audit recommendations included in the draft alert memorandum. The
Department reported audit resolution actions in process or taken to date as follows—20 of the 93
recommendations had been resolved, 17 had been substantially resolved with closeout pending,
and 56 recommendations were in the process of resolution. For the 56 recommendations in the
process of resolution, the Department provided general information on the resolution activity
underway. The Department asked that the alert memorandum be updated to include the updated
status information to reflect a more accurate assessment of the progress made in resolving
external audits and mitigating risk associated with the audits that remain open.

The Department also stated that it determined AARTS does not necessarily provide a complete
view of actions taken to date with respect to the implementation of corrective actions or risk
mitigation activities, and that the timeliness of audit resolution might be potentially improved by
more coordinated tracking. The Department stated it intends to review the overall audit
resolution process, and consider changes to AARTS. The Department stated it would work with
OIG to address the alert memorandum’s recommendations.

The Department’s response in full, including updated audit resolution activity provided, is
included as Attachment A of this memorandum.


Office of Inspector General Comments:

The Department agreed with the importance of timely audit resolution, and agreed that the
majority of the audit recommendations were not resolved within the OMB guidelines.
We commend the Department on its intention to upgrade its resolution system to provide more
complete information for external audits. In its response, the Department stated that the contract
for AARTS will be recompeted in FY 2011. As such, a more immediate solution is needed to
address the OMB memoranda requirements.
Final Alert Memorandum
ED-OIG/L20K0003                                                                        Page 7 of 12

We presented the updated audit resolution information provided by the Department as part of its
response in Attachment A. We annotated the audits listed in Attachment B to indicate the
Department provided additional information and that the updated information could be found in
Attachment A. We also added statements within the alert memo that the Department reported
actions in process to work with the auditees on implementing corrective actions during the
resolution process. We noted that the Department reported placing special conditions on the
grants or freezing grant funding to mitigate risks associated with unresolved recommendations.
In one case, the Department pointed out that the grantee no longer receives education funds.
(Our memorandum correctly reflected this fact and reported that 9 of the 11 grantees received
Recovery Act funding, and that 82 of the recommendations related to grantees that subsequently
received Recovery Act funds.)

The Department did not provide supporting documentation or detailed information on the
resolution actions it included in its response, and as previously mentioned, AARTS does not
present the status of resolution or corrective action implementation on a recommendation level.
OIG did verify that two of the audits had been resolved since our draft alert memorandum was
issued, indicating the Department issued its management decision. These audits represented the
20 recommendations the Department reported as resolved. Since these actions took place after
our draft memorandum was issued, we did not change the specific results in the memorandum
which were accurate as of April 30, 2010. We did not otherwise verify the accuracy of the
information provided by the Department for the other audits, or when the resolution or other
mitigating actions were taken, as the audits remained unresolved.

The OMB memoranda requirements focus on expediting final corrective actions. We
acknowledge that some actions reported by the Department in its resolution process represent
corrective actions, but final corrective action cannot be completed until the Department resolves
the audit, issues its management decision, and the auditee completes all corrective actions. Since
we identified these still unresolved audits for the Department more than a year ago in our prior
memorandum, and the audits were originally issued between February 2005 and July 2008, we
do not believe that final corrective action has been expedited as required.

We look forward to working with the Department on the specific recommendations made in this
memorandum.




                                      BACKGROUND


Federal agencies have long been responsible for taking timely corrective actions to address audit
recommendations. OMB Circular A-50 (OMB Circular), Audit Followup (issued September 29,
1982) and the GAO Standards for Internal Control in the Federal Government (issued
November 1999), each include requirements for timely resolution and implementation of audit
recommendations. The OMB Circular requires agencies to establish systems to assure the
Final Alert Memorandum
ED-OIG/L20K0003                                                                       Page 8 of 12

prompt and proper resolution and implementation of audit recommendations. The OMB
Circular states:

       Audit followup is an integral part of good management, and is a shared
       responsibility of agency management officials and auditors. Corrective action
       taken by management on resolved findings and recommendations is essential to
       improving the effectiveness and efficiency of Government operations...Resolution
       shall be made within a maximum of six months after issuance of a final report...
       Corrective action should proceed as rapidly as possible.”

GAO’s Standards for Internal Control in the Federal Government state:

       Monitoring of internal control should include policies and procedures for ensuring
       that the findings of audits and other reviews are promptly resolved. Managers are
       to (1) promptly evaluate findings from audits and other reviews…(2) determine
       proper actions in response to findings and recommendations…and (3) complete,
       within established timeframes, all actions that otherwise correct or resolve the
       matters brought to management’s attention.

Specific to the Recovery Act, OMB issued two memoranda to provide government-wide
guidance for carrying out programs and activities under the Recovery Act.

   •   OMB Memorandum, M-09-10, Initial Implementing Guidance for the American
       Recovery and Reinvestment Act of 2009, was issued February 18, 2009 (Initial OMB
       Memorandum).
   •   OMB Memorandum, M-09-15, Updated Implementing Guidance for the American
       Recovery and Reinvestment Act of 2009, was issued April 3, 2009 (Updated OMB
       Memorandum).

Our prior memorandum cited the requirements of the Initial OMB Memorandum in effect at that
time. All areas involving the subject of this report are also included in the Updated OMB
Memorandum. Excerpts provided below are from the Updated OMB Memorandum currently in
effect.

       Section 3.10 –“How should agencies begin developing such a [risk mitigation] plan?”

       Agencies should also begin their planning by determining whether final action has
       been taken regarding weaknesses or deficiencies disclosed by prior audits and
       investigations in program areas under which Recovery Act funds are authorized.
       If final action has not been completed, agencies should: (1) expedite such action
       to preclude the continuance of such weaknesses or deficiencies in the
       administration of Recovery Act funded programs; or (2) provide an explanation of
       why such corrective actions cannot or should not be taken in the administration of
       Recovery Act funded programs.
Final Alert Memorandum
ED-OIG/L20K0003                                                                         Page 9 of 12

       Section 3.12 – “What risk mitigation actions must agencies take for risks specific to their
       agency and programs?”

       … [A]gencies should develop mitigation plans that align with specific risks. At a
       minimum, agencies should prepare mitigation plans for those risks with the
       highest probability of occurrence and the greatest impact if not mitigated.
       Whenever possible, agencies should identify quantifiable measures of
       performance, including ranges of acceptable and unacceptable performance.
       Along with mitigation actions, agencies should also identify a “trigger” to
       determine if it should initiate a contingency plan. Triggers could include program
       performance falling outside of an acceptable range or not completing critical
       actions by specified dates.

       Section 3.13 – “What are the reporting requirements for these agency-specific risk
       areas?”

       … [A]gencies will eventually be required to report on their risk management
       efforts to OMB and/or the [Recovery Accountability and Transparency] Board,
       including performance measures for the accountability objectives with associated
       performance ranges. However, agencies risk assessments, mitigation plans, and
       reporting for risks specific to an agency or program will initially be for internal
       agency use. Agencies must include details in program-specific planning
       documents details on how managers will be held accountable for achieving
       recovery program goals.

Appendix 4 to the Updated OMB Memorandum includes program risk considerations. Under
“Overarching/Performance” risks, the following is listed,

       “Does my organization have a corrective action plan process in place to promptly
       resolve the audit findings identified that may impact the ability to successfully
       implement Recovery Act?”

Appendix 6 to the Updated OMB Memorandum provides a template for use in developing a risk
mitigation plan.

On March 22, 2010, OMB issued Memorandum M-10-14 entitled, “Updated Guidance on the
American Recovery and Reinvestment Act.” This memorandum instructs Federal agencies to
take immediate action, as appropriate, to review and act on Single Audit findings.

       Section 7 – What steps should be taken on Single Audits reports for oversight and
       accountability of Recovery Act funding?

       Single Audit is a key tool used to drive accountability for Federal awards under
       the Recovery Act. Non-Federal entities (States, local governments, colleges and
       universities, and non-profit organizations) are required by the Single Audit Act
       Amendments of 1996 (Single Audit) and OMB Circular A-133 to have an annual
Final Alert Memorandum
ED-OIG/L20K0003                                                                          Page 10 of 12

       audit of their Federal awards, including the Recovery Act programs. Many non-
       Federal entities, particularly states, will submit their annual Single Audit by
       March 30, 2010 (for entities with fiscal year-end June 30, 2009). The Federal
       Audit Clearinghouse (FAC) processes all Single Audit submissions and will
       prepare a report that summarizes the audit findings by type of non compliance
       (i.e., activities allowed or unallowable, allowable costs, eligibility, reporting) for
       all Recovery Act programs identified by recipients for all single audits with fiscal
       year ended September 30, 2009 and later.

       Federal awarding agencies shall review these reports and take action on them.
       Actions at a minimum should include the following:
          • Expedite review and resolution of audit findings to ensure all findings are
              resolved within 6 months after the date the FAC shows filing status as
              complete.
          • Focus audit resolution on high risk programs and auditees.
          • Analyze audit findings across grantees and programs to identify high risk
              areas. Use the FAC’s special report for Recovery Act programs as a tool to
              identify areas of weaknesses. (http://harvester.census.gov/sac/).
          • Work with recipients of Federal awards to make sure appropriate
              corrective action plans are developed and implemented to address areas of
              highest risk for ARRA [American Recovery and Reinvestment Act]
              programs as identified in the previous bullet.
          • Consider additional monitoring, inspections, or audits for grantees where
              Single Audits identified greatest risk.
          • Report synopses of highest risk audit findings by major Recovery Act
              programs to OMB by September 30, 2010.

       For fiscal year 2009, OMB has implemented an internal control project that
       resulted in early reporting of internal control deficiencies and weaknesses for
       major Recovery Act programs by 16 volunteer States. Interim reports along with
       corrective action plans were submitted to the Department of Health and Human
       Services (the Federal cognizant agency) and OMB by January 31, 2010. Federal
       agencies should immediately follow-up on weaknesses disclosed by the Single
       Audit Internal Control Pilot Project and work with the States in implementing the
       necessary steps in the corrective action plan.




                  OBJECTIVE, SCOPE, AND METHODOLOGY


The purpose of the prior memorandum was to assist the Department in meeting its requirements
under the Recovery Act by summarizing unimplemented OIG audit recommendations that
include issues relevant to the Recovery Act. The objective of this review was to provide updated
Final Alert Memorandum
ED-OIG/L20K0003                                                                        Page 11 of 12

information on the status of the corrective actions and assess the Department’s progress in
meeting these requirements.

To accomplish this objective, we reviewed guidance provided by OMB and GAO. We held
discussions with Department officials to obtain information about risk mitigation plans and
progress, and on actions taken as a result of our prior memorandum. We also evaluated the
Department’s risk mitigation plan as it relates to audit resolution and corrective action
implementation.

We relied on computer-processed data included in the Department’s audit resolution system,
AARTS, to identify internal audits for which corrective actions had not been completed, and
external audits that had not been resolved. We validated and supplemented AARTS data with
that from OIG’s Audit Tracking System (ATS), and from the OIG audits reports, where
appropriate. Based on this validation, and since AARTS is the Department’s official system of
records for tracking audit resolution and corrective action implementation, and OIG has
extensive experience using the system, we deemed the information extracted from this system as
reliable for the purposes of our review.

For the prior memorandum, we extracted data from AARTS to include only OIG audits that had
been issued prior to August 2008 so that at the time of the prior memorandum, all the audits were
at least 6 months old, and by the standards set in OMB Circular A-50, overdue for resolution.
For external audits, once resolved, information is not available in AARTS as to the status of
corrective action implementation. To ensure our analysis included only those external audits for
which corrective action had not been completed, we included only unresolved external audits.
For the prior memorandum, information was extracted as of February 28, 2009. We identified
12 internal audits with 38 recommendations, and 11 external audits with 114 recommendations
relevant to the Recovery Act for which corrective actions had not been implemented. The total
represents the 152 recommendations identified in the prior memorandum.

For this report, we again evaluated AARTS and ATS data to determine the current status of
corrective action implementation for the same 152 recommendations as of April 30, 2010. We
also assessed information on Federal and State Web sites to determine whether the external
entities included in the prior memorandum received Recovery Act funds. Due to the number of
programs involved, the fluid nature of the data, and the undetermined reliability of Web site data,
we did not attempt to calculate total Recovery Act funding provided these entities. Instead, we
used these data for informational purposes only to indicate the number of external entities that
were allocated Recovery Act funding for which prior audit findings have still not been resolved.
We determined the data sufficiently reliable for this purpose, especially as a number of the
entities were large school districts and U.S. territories that would likely receive Recovery Act
funding.

Finally, we queried OIG records for reports issued from September 1, 2008, through April 30,
2010, to determine the number of OIG internal and external audits reports issued and
recommendations made since the time of the prior memorandum. We identified OIG audit
reports that either (a) resulted from reviews of programs that subsequently received funding
under the Recovery Act, or (b) resulted from reviews of the implementation of the Recovery Act
Final Alert Memorandum
ED-OIG/L20K0003                                                                        Page 12 of 12

by the Department and by external entities. We identified 23 such reports with a total of 203
recommendation made.

The fieldwork for the review was conducted at Department and OIG offices in Washington, D.C.,
during the period January 2010 through May 2010. We conducted our work in accordance with
OIG quality standards for alert memoranda.




                            ADMINISTRATIVE MATTERS



Corrective actions proposed (resolution phase) and implemented (closure phase) will be
monitored and tracked through the Department’s Audit Accountability and Resolution Tracking
System (AARTS). ED policy requires that you develop a final corrective action plan (CAP) for
our review in the automated system within 30 days of the issuance of this report. The CAP
should set forth the specific action items, and targeted completion dates, necessary to implement
final corrective actions on the findings and recommendations contained in this final audit report.

Alert memoranda issued by the Office of Inspector General will be made available to members
of the press and general public to the extent information contained in the memoranda is not
subject to exemptions in the Freedom of Information Act (5 U.S.C. § 552).

Should you have any questions or need any further information, please contact me at
(202) 245-7041.

Attachments
                                                                                                                      Attachment A

                                 UNITED STATES DEPARTMENT OF EDUCATION




MEMORANDUM

DATE:          June 9, 2010

TO:            Keith West
               Assistant Inspector General for Audit
               Office of Inspector General

FROM:          Philip A. Maestri
               Director, Risk Management Service
               Office of the Secretary

               Hugh J. Hurwitz
               Deputy Chief Financial Officer
               Office of the Chief Financial Officer

SUBJECT:        Response to Draft Alert Memorandum
               “Department Progress in Implementing Corrective Actions for Prior Audits of
               Programs that Subsequently Received Funding under the American Recovery and
               Reinvestment Act of 2009”
               Control Number ED-OIG/L20K0003

Summary. We appreciate the opportunity to review and provide comments on the draft Alert
Memorandum (Alert Memo) regarding implementing audit-related corrective actions. The U.S.
Department of Education (Department or ED) fully agrees with the importance of addressing
significant audit findings in a timely manner; having appropriate follow-up and accountability
measures in place; and prioritizing limited resources to ensure that funds under the American
Recovery and Reinvestment Act of 2009 (ARRA) and all of the programs administered by the
Department are administered properly.

With respect to Office of Inspector General (OIG) external audits in particular, we agree that the
majority of the auditors’ recommendations have not been fully resolved within the six-month
timeframe set forth in OMB Circular A-50. However, we believe that the Alert Memo does not
adequately represent the progress made to date in implementing the corrective actions, nor does it
reflect the internal controls that have been put in place and interim steps taken to ensure appropriate
accountability for the affected Federal funds. As such, we are concerned that anyone reading the
current draft version may be left with an inaccurate impression of the level of unmitigated risk
associated with recommendations that have not yet been fully resolved.

We request that the Alert Memo include updated audit status information as outlined below to reflect
a more accurate assessment of the progress we have made in resolving external audits, as well as the
steps we have taken to mitigate risk associated with the audits that remain open.

                               400 Maryland Avenue, SW, 4th Floor, Washington, DC 20202-4447
              Our Mission is to promote student achievement and preparation for global competitiveness by fostering
                                        educational excellence and ensuring equal access
Page 2 –Response to Draft Alert Memorandum (Control Number ED-OIG/L20K0003)

Status of Audit Recommendations. With respect to the specific audits referred to in the Alert
Memo, we agree that the majority of the 93 external-audit recommendations have not been fully
resolved within the six-month timeframe set forth in OMB Circular A-50. The status of these
recommendations as of June 3, 2010 is as follows:

               •   20 Fully resolved (22%)
               •   17 Substantially resolved, close-out pending (18%)
               •   7 Work ongoing, close-out within 45 days (13%)
               •   38 Work ongoing, close-out within 3 months (68%)
               •   11 Work ongoing, close-out within 4 months (12%)

The status of the 56 recommendations where work is ongoing is further detailed below:

   •   05H0016 – The Office of the Chief Financial Officer (OCFO), the Office of the General
       Counsel (OGC), and the Office of Post-Secondary Education (OPE) are working to resolve
       the questioned cost items in this audit (7 recommendations). We anticipate that this audit
       will be resolved by July 23. Questioned costs in the amount of $85,705 are expected to be
       recovered from the grantee by June 25th. The Program Determination Letter (PDL) is
       currently being drafted and OCFO expects to share this document with OIG for its review
       shortly. To mitigate risks associated with this award while the grantee addresses on-going
       deficiencies, the Department froze the funding to this grantee for a period of approximately
       18 months.

   •   04H0011 – The Office of Elementary and Secondary Education (OESE) is revising the PDL
       and anticipates that the audit (10 recommendations) will be resolved by August 30. The
       Department convened an ED-wide task force to provide oversight and targeted assistance to
       this grantee. Special conditions are placed on all grant awards to this grantee and quarterly
       progress reviews are being conducted. Task force efforts have resulted in improving the
       grantee’s procurement process and policies, which should mitigate the risk of recurring
       procurement issues.

   •   06E0008 and 05H0010 – Due to the scale and complexity of the issues involved, we
       anticipate that the PDLs for these two audits (7 and 21 recommendations respectively) will be
       issued by August 30. It should be noted that, resolution of the Orleans Parrish issues has
       been hindered by the aftermath of the Katrina disaster. The Department and the States are
       providing additional oversight of these two grantees, such as interim fiscal managers and
       quarterly progress reviews by ED, to mitigate future risk. Both grantees have been declared
       high risk. ED-wide teams have provided on-site technical assistance and are working with
       the State education agencies involved to provide the necessary oversight and assistance
       required to rebuild failing management infrastructures that led to the findings. Both grantees
       have new management structures in place as a result of State actions and legislation.

   •   06H0002 – OCFO is working to resolve this audit (11 recommendations). We anticipate that
       the PDL will be issued by September 30. OCFO is currently focused on resolving
       disagreements among OCFO, OIG, and OGC on how to proceed with resolution. It should
       be noted that the ongoing risk associated with this grantee is mitigated because the grantee is
       not currently a recipient of any Department funds and is not receiving ARRA funds. OCFO
       is working with the Office of Innovation and Improvement (OII) and OESE to ensure that
       appropriate controls are put in place to address all financial risks associated with this grantee.
Page 3 –Response to Draft Alert Memorandum (Control Number ED-OIG/L20K0003)


Process and Systems Changes. In the course of addressing the issues raised in the memorandum,
we have determined that our current Audit Accountability and Resolution Accounting System
(AARTS) does not necessarily provide a complete view of the actions taken to date with respect to
the implementation of corrective actions or risk mitigation activities and that the timeliness of audit
resolution might potentially be improved by more coordinated tracking. Therefore, we intend to
review our overall audit resolution process and as part of this review, we will consider changes to
AARTS to enable more timely and complete tracking of audits. 2

Any changes made to improve the process for tracking and resolving audits in a more timely manner
would pertain to all programs, including the funds made available under ARRA.

Under the leadership of OCFO, the Risk Management Service, OGC, and the Office of the Deputy
Secretary, the Department looks forward to working with you to address the Alert Memo’s
recommendations. If you have any questions, please do not hesitate to contact either one of us.




2
    The AARTS maintenance contract will be re-competed in FY 2011.
                                                                                                         Attachment B
                                                                                                           Page 1 of 2

                            Prior OIG Internal Audit Reports with
           Unimplemented Recommendations in Programs Funded under the Recovery Act
                                As of 2/28/2009 and 4/30/2010

                                                                                              2/28/09       4/30/10
Control                                                              Issue        Total #     Unimpl.       Unimpl.
Number               Internal Audit Title                Office 3     Date        of Rec.      Rec.          Rec.
04I0040     The Government of the Virgin                  RMS       05/14/08         4           3             3
            Islands Has Not Fully Implemented a
            Credible Financial Management
            System to Manage Department Funds
            (Alert Memorandum) **
06H0001     Selected Portions of the U.S.                OESE       04/04/08         6              4           0
            Department of Education's Oversight
            of the Consolidated State
            Performance Reports
02H0018     Teach for America, Inc., Review of             OII      12/12/07         1              1           0
            the U.S. Department of Education
            Discretionary Grant Awards (Alert
            Memorandum) **
11H0001     Common Origination Disbursement               FSA       09/27/07         68             1           0
            System Security Controls **
11H0002     Information Security Risk –                   OCIO      07/02/07         3              2           1
            Keylogger Vulnerability (Alert
            Memorandum) **
11F0005     Effectiveness of the Department's             OCIO      06/26/07         9              5           0
            Financial Management Support
            System Oracle 11i Reimplementation
19F0025     Controls Over Excessive Cash                  OCIO      12/18/06         9              2           2
            Drawdowns by Grantees
11G0004     Department’s Online Privacy Policy            OCIO      09/29/06         2              1           0
            and Protection of Sensitive
            Information Review**
11G0002     System Security Review of the                 OCIO      09/28/06         14             5           0
            Education Data Center FY 2006**
11F0006     Department of Education’s IT                  OCIO      01/31/06         4              4           0
            Contingency Planning Program –
            Asset Classification**
07F0014     The U.S. Department of Education's           OESE       12/29/05         4              4           0
            Activities Relating to Consolidating
            Funds in Schoolwide Programs
            Provisions
11F0002     Department of Education’s Incident            OCIO      10/06/05         9              6           0
            Handling Program and EDNet
            Security Controls**
            Total                                                                   133             38          6


* See Attachment C for office acronym definitions
** Reports not publicly posted on the website, but available to Department officials upon request
                                                                                                 Attachment B
                                                                                                   Page 2 of 2

                             Prior OIG External Audit Reports with
             Unresolved Recommendations in Programs Funded under the Recovery Act
                                  As of 2/28/2009 and 4/30/2010

                                                                                         2/28/09     4/30/10
Control                 External Audit Title                           Issue     Total   Unresol.    Unresol.
Number       (Click on title to link to report on website)   Office     Date     Rec.     Rec.       Rec. **
06H0002     Review of Project GRAD USA's                     PAG      07/21/08    11        11          11
            Administration of Fund for the
            Improvement of Education Grants
05H0010     The School District of the City of Detroit's     OESE     07/18/08    21       21           21
   *        Use of Title I, Part A Funds Under the No
            Child Left Behind Act of 2001
05H0016     Saint Paul Public Schools' Teacher Quality       PAG      05/23/08    7         7            7
   *        Enhancement Grant
04H0011     Puerto Rico Department of Education's            OESE     05/20/08    10       10           10
   *        Administration of Contracts Awarded to
            Excellence in Education, Inc. and the
            University of Puerto Rico's Cayey Campus
09H0014     San Diego Unified School District's Use of       OCFO     12/18/07    1         1            0
   *        Federal Funds for Costs of Its Supplemental
            Early Retirement Plan
02G0020     Elizabeth School District Allowability of        OESE     10/09/07    14       14           14
   *        Title I, Part A Expenditures
05G0031     Columbus City School District's                  OESE     06/20/07    8         8            0
   *        Compliance with Financial Accountability
            Requirements for Its Expenditures Under
            Selected No Child Left Behind Act
            Programs
06F0019     Bureau of Indian Affairs Administration of       OSERS    03/28/07    6         6            6
   *        Individuals with Disabilities Education Act
03F0010     The Education Leaders Council's                   ICG     01/31/06    12       12            0
            Drawdown and Expenditure of Federal
            Funds
02E0020     The Virgin Islands Department of Health's        OSERS    09/28/05    17       17           17
   *        Administration of the Infants and Toddlers
            Program
06E0008     Title I Funds Administered by Orleans            OESE     02/16/05    7         7            7
   *        Parish School Board
            Total                                                                114       114          93
                                                                                                        **

* Indicates external entities that subsequently received funding under the Recovery Act. These entities
represented 91 of the 114 total recommendations in the prior memorandum, 82 of which (90 percent)
remain unresolved as of 4/30/2010.

** In its response (see Attachment A), the Department reported audit resolution actions in process or
taken to date for some of these audits as follows—20 of the 93 recommendation had been resolved, 17
had been substantially resolved with closeout pending, and 56 recommendations were in the process of
resolution. The Department did not report that corrective actions were completed for any of these audits.
As such the detailed information included in this chart was not updated.
                                                                                       Attachment C
                                                                                         Page 1 of 2



                            Recent Recovery Act and Related OIG
                             Internal and External Audit Reports
          (Not included in the March 19, 2009 OIG Recovery Act Advisory Memorandum)



 Control                                                                                Total
 Number                     Internal Audits                    Office    Issue Date     Rec.
A19H0010     Audit of the Department’s Process to Resolve       OCFO       8/24/2009        3
             Lapsed Funds



Control                                                                                   Total
Number                      External Audits                     Office    Issue Date      Rec.
A02J0006     New York State System of Internal Control Over     OESE      11/10/2009         7
             American Recovery and Reinvestment Act Funds
A02J0009     New York State Local Educational Agencies          OESE       2/17/2010        16
             Systems of Internal Control Over American
             Recovery and Reinvestment Act Funds
A03H0010     Philadelphia School District’s Controls Over       OESE       1/15/2010        27
             Federal Expenditures
A03J0010     Commonwealth of Pennsylvania Recovery Act,         OESE       3/15/2010         8
             Audit of Internal Controls over Selected Funds
A04H0017     Puerto Rico Department of Education’s              OESE       10/9/2008        15
             Administration of Title I Services Provided to
             Private School Students
A04I0041     Puerto Rico Department of Education’s              OESE       4/21/2009         8
             Compliance with Title I – Supplemental
             Educational Services
A04I0042     Virgin Islands Department of Education’s           OESE       8/17/2009        10
             Administration of Property Purchased with
             Federal Funds
A04J0004     Virgin Islands Department of Education’s           OESE      11/23/2009         3
             Current Efforts to Address Prior Audit Findings
A04J0009     Puerto Rico Recovery Act Audit, Vocational        OSERS      12/14/2009        11
             Rehabilitation Administration
A04J0010     Tennessee Recovery Act Audit, Internal             OESE      12/15/2009         2
             Controls over Selected Funds
A05H0025     Harvey Public Schools District’s Use of            OESE      11/25/2008         9
             Selected U.S. Department of Education Grant
             Funds
                                                                                    Attachment C
                                                                                      Page 2 of 2



Control                                                                                Total
Number              External Audits (Continued)               Office   Issue Date      Rec.
A05I0016   Illinois State Board of Education’s Oversight of   OESE     9/23/2009          9
           Subrecipients
A05J0011   Systems of Internal Control Over                   OESE     1/14/2010          7
           Selected ARRA Funds in the State of Indiana
A05J0012   Systems of Internal Control Over                   OESE     2/23/2010          4
           Selected ARRA Funds in the State of Illinois
A06H0011   Adequacy of Fiscal Controls Over the Use of        OESE     4/14/2009          6
           Title I, Part A Funds at Dallas Independent
           School District
A06H0017   Adequacy of Houston Independent School             OESE     6/30/2009          9
           District’s Fiscal Controls over Accounting
           for and Using Federal Funds
A06J0013   Systems of Internal Control Over Selected ARRA     OESE     1/27/2010          5
           Funds in the State of Texas
A07H0017   St. Louis Public School District’s Use of          OESE     9/29/2008          7
           Selected U.S. Department of Education Grant
           Funds
A09H0019   Los Angeles Unified School District’s              OCFO     12/2/2008         15
           Procedures for Calculating and Remitting
           Interest Earned on Federal Cash Advances
A09H0020   California Department of Education Advances        OCFO     3/9/2009          10
           of Federal Funding to Local Educational
           Agencies
A09J0004   Colorado Department of Education’s Use of          OESE     2/26/2010          5
           Federal Funds for State Employee Personnel
           Costs
A09J0006   State and Local Controls over ARRA Funds in        OESE     1/15/2010          7
           California



           Total Internal/External Audits – 23 Reports                                  203
                                                                             Attachment D
                                                                               Page 1 of 2

               Acronyms/Abbreviations Used in this Report

AARTS           Audit Accountability and Resolution Tracking System

ATS             Audit Tracking System

Department      U.S. Department of Education

ED              U.S. Department of Education

EDNet           Education Network

FAC             Federal Audit Clearinghouse

FIPAO           Financial Improvement and Post Audit Operations

FSA             Federal Student Aid

GAO             Government Accountability Office

ICG             Indirect Cost Group, Office of the Chief Financial Officer

IT              Information Technology

OCFO            Office of the Chief Financial Officer

OCIO            Office of the Chief Information Officer

OESE            Office of Elementary and Secondary Education

OIG             Office of Inspector General

OII             Office of Innovation and Improvement

OMB             Office of Management and Budget

OSERS           Office of Special Education and Rehabilitation Services

PAG             Post Audit Group, OCFO

Recovery Act    American Reinvestment and Recovery Act of 2009

RMS             Risk Management Service
                                                                                                                                 Exhibit 1
                                                                                                                               Page 1 of 7

                                   UNITED STATES DEPARTMENT OF EDUCATION
                                          OFFICE OF INSPECTOR GENERAL

                                                                                                             The Inspector General
                                                          March 19, 2009

MEMORANDUM


TO:                  Tony Miller
                     Chief Operating Officer
                     U.S. Department of Education

FROM:                Mary Mitchelson /s/
                     Acting Inspector General

SUBJECT:             Recovery Act Advisory Memorandum
                     Unimplemented Recommendations Relevant to the Programs in the American
                     Recovery and Reinvestment Act of 2009


The purpose of this Recovery Act Advisory Memorandum is to summarize U.S. Department of
Education (Department), Office of Inspector General (OIG) audit recommendations that include
issues relevant to the programs included in the American Recovery and Reinvestment Act of 2009
(Recovery Act) that have not yet been implemented. This memo lists audit reports that are
overdue for resolution or for which corrective actions have not been completed, and highlights
selected recommendations related to Recovery Act programs that illustrate the types of issues
OIG has noted.


Background

Office of Management and Budget (OMB) Memorandum, M-09-10, Initial Implementing
Guidance for the American Recovery and Reinvestment Act of 2009, dated February 18, 2009,
contains actions that Federal agencies must take to meet the objectives and implement the Act
effectively. Section 3 of the memorandum is entitled, “Governance and Risk Management,” and
includes the following under Item 3.8 related to risk mitigation:

          Agencies should determine whether final action has been taken regarding
          weaknesses or deficiencies disclosed by prior audits and investigations in
          program areas under which Recovery Act funds are authorized. If final action
          has not been completed, agencies should: (1) expedite such action to preclude the
          continuance of such weaknesses or deficiencies in the administration of Recovery
          Act funded programs; or (2) provide an explanation of why such corrective
          actions cannot or should not be taken in the administration of Recovery Act
          funded programs.
 The Department of Education's mission is to promote student achievement and preparation for global competitiveness by fostering educational
                                                   excellence and ensuring equal access.
                                                                                           Exhibit 1
                                                                                         Page 2 of 7



OMB Circular A-50 (Circular), Audit Followup, requires agencies to establish systems to
assure the prompt and proper resolution and implementation of audit recommendations.
The Circular states, “Audit followup is an integral part of good management, and is a
shared responsibility of agency management officials and auditors. Corrective action
taken by management on resolved findings and recommendations is essential to
improving the effectiveness and efficiency of Government operations.” The Circular
further states, “Resolution shall be made within a maximum of six months after issuance
of a final report …. Corrective action should proceed as rapidly as possible.”

The Circular provides definitions as follows:

    •   Audit Resolution – The point at which the audit organization and agency management or
        contracting officials agree on action to be taken on reported findings and recommendations.
    •   Corrective Action – Measures taken to implement resolved audit findings and
        recommendations.

The Government Accountability Office, Standards for Internal Control in the Federal
Government, issued November 1999, states, “Monitoring of internal control should include
policies and procedures for ensuring that the findings of audits and other reviews are promptly
resolved. Managers are to (1) promptly evaluate findings from audits and other reviews… (2)
determine proper actions in response to findings and recommendations … and (3) complete,
within established timeframes, all actions that otherwise correct or resolve the matters brought to
management’s attention.”


Summary Information on Recommendations Not Implemented

For this memorandum, OIG has identified recommendations from its audit reports that include
issues relevant to Recovery Act programs that have not yet been implemented as of February 28,
2009. We included only those OIG reports issued up through August 31, 2008, to focus on those
recommendations that are overdue for resolution; in other words, recommendations made in
reports issued more than six month ago. Information on the status of resolution and corrective
action implementation was extracted from the Department’s Audit Accountability Resolution
Tracking System (AARTS). Information on the numbers of external audit recommendations and
dollar amount of the findings included in those reports was determined from OIG’s Audit
Tracking System. Resolution and recommendation status was verified in AARTS as of
March 11, 2009.

   o Internal Audits – As of February 28, 2009, a total of 38 recommendations from internal
     audits relevant to Recovery Act programs had not yet been implemented. AARTS
     provides recommendation-level detail for internal reports. Of these recommendations, all
     38 were resolved. Thirty-one of the recommendations were from reports issued more
     than a year ago; 22 of the recommendations were from reports issued more than 2 years
     ago (as of February 28, 2009). The oldest recommendations that had not been
     implemented dated from reports issued in 2005.
                                                                                           Exhibit 1
                                                                                         Page 3 of 7

   o External Audits – As of February 28, 2009, a total of 114 recommendations were listed
     for external audits relevant to Recovery Act programs that were not resolved. AARTS
     does not provide recommendation-level detail for external audits, so information is not
     readily available as to which recommendations for resolved external audits have been
     implemented (barring review of Department or auditee files to follow up on each
     recommendation). Our review was therefore limited to unresolved external audits. These
     audits included findings totaling over $492 million. Sixty-five of the 114 unresolved
     recommendations were from reports issued more than a year ago; 36 of the
     recommendations were from reports issued more than 2 years ago. The oldest
     recommendations that had not yet been resolved by the Department dated from reports
     issued in 2005.

In total, 152 recommendations had not yet been implemented from internal audits and unresolved
external audits that contain issues relevant to Recovery Act programs. A list of the
internal/external reports, detailing the numbers of recommendations not yet implemented and
dollar value of findings in external audit reports, is provided as Attachment A to this
memorandum. Links are provided in the attachment to the reports on the OIG website.


Highlighted Recommendations Not Yet Implemented/Resolved

In an effort to assist the Department as it implements the Recovery Act, OIG has highlighted
significant recommendations that are illustrative of the types of issues OIG has noted that are
relevant to Recovery Act programs. A high-level summary of the unimplemented
recommendations for each report is provided below, as well as a link to the report on the OIG
website.


Internal Audit Recommendations

As stated above, as of February 28, 2009, corrective actions for a total of 38 recommendations
for internal audits had not been implemented. The unimplemented recommendations relate to
data quality and reporting, grant monitoring – including monitoring of funds drawn by grantees –
and information technology (IT) security and management. Given the magnitude of funds made
available under the Recovery Act, these critical areas will require heightened management
attention.

   •   Selected Portions of the U.S. Department of Education’s Oversight of the
       Consolidated State Performance Reports, April 4, 2008 – OIG recommended that the
       Department continue to impress upon the states the importance of data quality and the
       need to provide regular guidance, training, and monitoring of their local educational
       agencies. OIG also recommended that the Department publish a list of data definitions
       that states will be required to use in No Child Left Behind reports and include procedures
       on how to handle different classifications of students. OIG further recommended that the
       Department continue to develop and implement written policies and procedures to
       monitor states that are in the process of developing data collection systems and
                                                                                                     Exhibit 1
                                                                                                   Page 4 of 7

          periodically review its procedures to monitor the accuracy of data used by the states and
          districts to compute graduation rates and make any necessary adjustments. Although the
          focus of this audit was on the Department’s oversight of graduation and dropout rates to
          ensure the rates were supported by reliable information, data quality and reliability are
          critical to the Recovery Act programs and the accuracy of reporting on Recovery.gov.
          Link to report:
          http://www.ed.gov/about/offices/list/oig/auditreports/fy2008/a06h0001.pdf.

      •   Controls over Excessive Cash Drawdowns by Grantees, December 18, 2006 – OIG
          recommended improvements to the Department’s monitoring of cash drawdowns by
          grantees. OIG recommended that the Department design additional fields in the payment
          system to allow staff to enter resolution information for potentially excessive drawdowns
          so that, if resolved, the grants do not appear on future reports until the next threshold is
          reached. OIG also recommended that the Department develop and implement a method
          to communicate payment flag information, including the reasons the flag was imposed or
          cleared, to all program offices responsible for monitoring additional grants awarded to
          the same recipient.
          Link to report: http://www.ed.gov/about/offices/list/oig/auditreports/a19f0025.pdf

      •   Information Technology Security and Management, Reports issued between
          October 6, 2005, and August 31, 2008 – Annually, OIG issues reports related to the
          security of the Department’s IT systems, and the Department’s management of those
          systems and programs. The Department’s network and these systems are used to provide
          funds to grantees and are also used for tracking and monitoring grantees. Security of
          these IT assets is critical to allow effective management of all Department programs,
          including management of the funds provided under the Recovery Act. As of
          February 28, 2009, recommendations related to incident handling, contingency planning,
          security controls, on-line privacy policy, and the Common Origination and Disbursement
          system 4 remain unimplemented. Because of the sensitive nature of the issues discussed,
          IT security and similar audit reports are generally not posted on OIG’s website but are
          available to Department officials upon request.


External Audit Recommendations

As stated above, as of February 28, 2009, corrective actions for a total of 114 unresolved
recommendations for external audit reports had not been implemented. A selection of
unresolved reports related to Recovery Act programs, and highlights of the more significant
recommendations for those reports, are provided below. The audits highlighted include
unresolved recommendations related to lack of adequate documentation to support costs charged
to grants, weaknesses in accounting systems and internal controls, using Federal funds to
supplant non-Federal funds, weaknesses in contract monitoring, conflicts of interest, and training
needed for grant and contract administration staff. Given the magnitude of funds made available
under the Recovery Act, these critical areas will require heightened management attention.

4
    The Common Origination and Disbursement system supports disbursements made under the Pell Grant Program.
                                                                                             Exhibit 1
                                                                                           Page 5 of 7

The external reports below include additional recommendations that are not highlighted here.
Because the reports have not yet been resolved, all recommendations in the reports remain
unimplemented. Please see the links provided for additional recommendations in the reports.

   •   Project GRAD USA’s Administration of Fund for the Improvement of Education
       Grants, July 21, 2008 – OIG recommended review of $13.8 million charged as pre-
       award costs to the grant to identify those costs that meet the criteria for a pre-award cost.
       For the eligible pre-award costs, OIG recommended the grantee provide adequate
       documentation to support allowability; for the remaining costs, OIG recommended the
       grantee provide adequate documentation supporting the allowability of the cost as if the
       cost had been claimed in the appropriate grant period. OIG further recommended that
       any amounts that could not be adequately supported be returned to the Department. OIG
       also recommended that the grantee develop and implement policy and procedures that
       provide reasonable assurance that documentation adequately supports expenses charged.
       Link to report:
       http://www.ed.gov/about/offices/list/oig/auditreports/fy2008/a06h0002.pdf

   •   The School District of the City of Detroit’s Use of Title I, Part A Funds Under the
       No Child Left Behind Act of 2001, July 18, 2008 – OIG made a number of
       recommendations related to the District’s administration of Title I funds. OIG
       recommended that training be provided to officials regarding the allowability of costs
       charged to the program and that the District either provide adequate documentation to
       support $47.5 million in projected costs or return any portion of the amount for which it
       does not provide adequate documentation. Recommendations were also made regarding
       appropriately accounting for multiple cost activity charges, approval of journal entries,
       and developing and implementing policies and procedures to ensure proper controls over
       Federal funds. OIG also recommended that the Michigan Department of Education
       provide greater oversight of Federal grant funds that are distributed to the District. Link
       to report: http://www.ed.gov/about/offices/list/oig/auditreports/fy2008/a05h0010.pdf

   •   Puerto Rico Department of Education (PRDE) Administration of Contracts
       Awarded to Excellence in Education, Inc. and the University of Puerto Rico’s Cayey
       Campus, May 20, 2008 – OIG made a number of recommendations to improve PRDE’s
       procurement and contract administration processes. The recommendations included
       actions to ensure employees’ independence from contractors, to establish adequate
       controls to ensure compliance with contract requirements and regulations, to ensure
       payments made are proper, and to provide training and oversight to PRDE staff
       responsible for overseeing contracts. Acquisition planning and contract administration
       are significant areas stressed in the OMB Guidance for the Recovery Act. Link to report:
       http://www.ed.gov/about/offices/list/oig/auditreports/fy2008/a04h0011.pdf

   •   Elizabeth Public School District Allowability of Title I, Part A Expenditures,
       October 9, 2007 – OIG recommended that the District be required to provide support for
       over $822,796 in expenditures or return the funds with applicable interest and provide
       support that Title I funds were not used by the District to supplant non-Federal funds or
       return $505,737 with applicable interest. OIG also recommended that the District
                                                                                           Exhibit 1
                                                                                         Page 6 of 7

       implement internal control procedures to provide reasonable assurance that Title I is
       managed in accordance with laws and regulations, including adequate segregation of
       duties. Link to report:
       http://www.ed.gov/about/offices/list/oig/auditreports/fy2008/a02g0020.pdf

   •   Individuals with Disabilities Education Act (IDEA), Part B Requirements at Schools
       under the Supervision of the Department of the Interior's (Interior) Bureau of
       Indian Affairs (BIA), March 28, 2007 – OIG issued this report to summarize the results
       noted in five audits. OIG recommended that the Department obtain assurance from BIA
       officials that the $111 million of IDEA, Part B funds were used to deliver educational
       assistance to the children with disabilities at all of the BIA funded schools and return any
       funds not used for those purposes. OIG also recommended that the Department
       coordinate with Interior to require BIA to account for the remaining $217 million in other
       Department funds it received during the audit period or return those funds to the
       Department. OIG made additional recommendations regarding documentation of
       services provided, establishing written accounting policies and procedures, and ensuring
       problems identified in the individual school audits are corrected at all BIA-funded
       schools. Link to report:
       http://www.ed.gov/about/offices/list/oig/auditreports/a06f0019.pdf

   •   Virgin Islands Department of Health (VIDH) Administration of the Infants and
       Toddlers Program, September 28, 2005 – VIDH established a contractual arrangement
       with a third-party fiduciary to manage the Individuals with Disabilities Education Act
       (IDEA), Part C grants. OIG evaluated the effectiveness of this arrangement and the status of
       IDEA, Part C grant funds. OIG recommended that the fiduciary follow applicable cash
       management requirements, correct over $201,576 in incorrectly charged items, and either
       provide support for expenditures or return $99,512 to the Federal government for
       overdraws of the grant. Link to report:
       http://www.ed.gov/about/offices/list/oig/auditreports/a02e0020.pdf

   •   Title I Funds Administered by the Orleans Parish School Board , February 16, 2005
       – OIG recommended the School Board establish a formal system of management controls
       to ensure costs charged to Title I and other Federal grants are properly accounted for and
       used in accordance with applicable laws and regulations. OIG also recommended
       establishment of proper controls in the School Board’s accounting system and
       improvements to its documentation, records storage, and records retention and retrieval
       procedures. Link to report:
       http://www.ed.gov/about/offices/list/oig/auditreports/a06e0008.pdf


Suggestions

Resolving audits and implementing corrective actions are important internal controls to ensure
that operations are improved and deficiencies noted are corrected and do not continue. Timely
audit resolution and corrective action implementation assists in safeguarding the funds managed
                                                                                              Exhibit 1
                                                                                            Page 7 of 7

by the Department and provided to its recipients. OIG is prepared to assist the Department in
providing additional information it may need to expedite the process.

As the Department implements the Recovery Act and develops its risk mitigation processes, OIG
suggests that the Department’s Chief Operating Officer:

      1. Ensure Principal Offices take timely action to resolve and implement corrective actions
         for internal audits and to resolve and provide management decisions to external entities
         so that they may begin to take corrective action. Especially for those reports involving
         Recovery Act programs, weaknesses identified in OIG reports, including potential
         inappropriate use of funds, may continue until the Department issues its management
         decision to the external entity.

      2. In addition to OIG reports, evaluate Single Audit Act and compliance audit reports
         received to identify issues relevant to Recovery Act programs and ensure Principal
         Offices take timely action to resolve the audits and instruct the external entities on
         corrective actions required.

      3. When considering new grant or contract awards, OIG suggests that the Department
         consider results of OIG audits, as well as any applicable single or compliance audits, of
         the program and on any individual grant recipients to address weaknesses. If OIG has
         noted problems with a grantee’s management of education funds – whether in the grant
         program under consideration or another program – OIG suggests the Department
         consider carefully whether that entity should receive additional education funds, whether
         restrictions should be included in the grant for that entity to allow closer monitoring of
         the use of grant funds, and whether other risk mitigation strategies should be employed.

No response is required to this memorandum. The information is provided to assist the
Department in meeting its responsibilities under the Recovery Act. Should you have any
questions or need any further information, please contact Keith West, Assistant Inspector
General for Audit, at (202) 245-7041.


cc:      Thomas Skelly, Acting Chief Financial Officer
         Linda Stracke, Financial Improvement and Post Audit Operations, Office of the Chief
                Financial Officer (OCFO)
         Insuk Chin, Post Audit Group, OCFO


Attachment
                                                                                                               Exhibit 1
                                                                                                          Attachment A
                                                                                                            Page 1 of 2



                              Audit Reports with Unimplemented Recommendations
                                      Relevant to Recovery Act Programs

Internal Audits: (No resolution date indicates the audit is not yet resolved)

                                                                                               Audit               # Un-
 Control                          Audit Title                                                Resolution   Total    impl.
 Number          (Click on title to link to report on website)       Office 5   Issue Date     Date       # Rec     Rec.
               The Government of the Virgin Islands
               Has Not Fully Implemented a Credible
               Financial Management System to Manage
 04I0040       Department Funds (Alert Memorandum) *                  RMS       05/14/2008   08/08/2008    4         3
               Selected Portions of the U.S. Department of
               Education's Oversight of the Consolidated
 06H0001       State Performance Reports                              OESE      04/04/2008   12/22/2008    6         4
               Teach for America, Inc., Review of the U.S.
               Department of Education Discretionary Grant
 02H0018       Awards (Alert Memorandum) *                                OII   12/12/2007   09/30/2008    1         1
               Common Origination and Disbursement
 11H0001       System Security Controls *                             FSA       09/27/2007   11/20/2007    68        1
               Information Security Risk – Keylogger
 11H0002       Vulnerability (Alert Memorandum) *                     OCIO      07/02/2007   09/20/2007    3         2
               Effectiveness of the Department's Financial
               Management Support System Oracle 11i Re-
 11F0005       Implementation                                         OCIO      06/26/2007   05/12/2008    9         5
               Controls Over Excessive Cash Drawdowns by
 19F0025       Grantees                                               OCIO      12/18/2006   09/28/2007    9         2
               Department’s Online Privacy Policy and
 11G0004       Protection of Sensitive Information Review*            OCIO      09/29/2006   11/17/2006    2         1
               System Security Review of the Education
 11G0002       Data Center FY 2006*                                   OCIO      09/28/2006   04/09/2007    14        5
               Department of Education’s IT Contingency
 11F0006       Planning Program – Asset Classification*               OCIO      01/31/2006   05/25/2006    4         4
               The U.S. Department of Education's
               Activities Relating to Consolidating Funds in
 07F0014       Schoolwide Programs Provisions                         OESE      12/29/2005   07/10/2007    4         4
               Department of Education’s Incident Handling
 11F0002       Program and EDNet Security Controls*                   OCIO      10/06/2005   11/16/2005    9         6

               Total Internal Audits                                                                      133       38

     * = Reports not posted on the website but available upon request.




     5
         See last page of attachment for definitions of office acronyms
                                                                                                      Exhibit 1
                                                                                                 Attachment A
                                                                                                   Page 2 of 2

External Audits: (All external audits listed are unresolved, all recommendations are unimplemented)

                                                                                         Total
 Control                        Audit Title                                                #     Total Value of
 Number        (Click on title to link to report on website)    Office     Issue Date     Rec      Findings
           Review of Project GRAD USA's Administration
           of Fund for the Improvement of Education
 06H0002   Grants                                               PAG       07/21/2008      11       $31,384,603
           The School District of the City of Detroit's Use
           of Title I, Part A Funds Under the No Child Left
 05H0010   Behind Act of 2001                                   OESE      07/18/2008      21       $53,618,859
           Saint Paul Public Schools' Teacher Quality
 05H0016   Enhancement Grant                                    PAG       05/23/2008      7           $124,646
           Puerto Rico Department of Education's
           Administration of Contracts Awarded to
           Excellence in Education, Inc. and the University
 04H0011   of Puerto Rico's Cayey Campus                        OESE      05/20/2008      10          $189,011
           San Diego Unified School District's Use of
           Federal Funds for Costs of Its Supplemental
 09H0014   Early Retirement Plan                                OCFO      12/18/2007      1         $1,904,918
           Elizabeth School District Allowability of Title I,
 02G0020   Part A Expenditures                                  OESE      10/09/2007      14        $1,946,925
           Columbus City School District's Compliance
           with Financial Accountability Requirements for
           Its Expenditures Under Selected No Child Left
 05G0031   Behind Act Programs                                  OESE      06/20/2007      8             $48,158
           Bureau of Indian Affairs Administration of
 06F0019   Individuals with Disabilities Education Act          OSERS     03/28/2007      6       $328,000,000
           The Education Leaders Council's Drawdown and
 03F0010   Expenditure of Federal Funds                          ICG      01/31/2006      12          $760,570
           The Virgin Islands Department of Health's
           Administration of the Infants and Toddlers
 02E0020   Program                                              OSERS     09/28/2005      17          $327,577
           Title I Funds Administered by Orleans Parish
 06E0008   School Board                                         OESE      02/16/2005      7        $73,936,273

           Total External Audits                                                         114      $492,241,540


     Office Acronyms:
     FSA                    Federal Student Aid
     ICG                    Indirect Cost Group, Office of the Chief Financial Officer
     OCFO                   Office of the Chief Financial Officer
     OCIO                   Office of the Chief Information Officer
     OESE                   Office of Elementary and Secondary Education
     OII                    Office of Innovation and Improvement
     OSERS                  Office of Special Education and Rehabilitation Services
     PAG                    Post Audit Group, OCFO
     RMS                    Risk Management Service
     Anyone knowing of fraud, waste, or abuse involving
      U.S. Department of Education funds or programs
  should call, write, or e-mail the Office of Inspector General.

                          Call toll-free:
                   The Inspector General Hotline
                1-800-MISUSED (1-800-647-8733)

                             Or write:
                     Inspector General Hotline
                   U.S. Department of Education
                    Office of Inspector General
                   400 Maryland Avenue, S.W.
                      Washington, DC 20202

                             Or e-mail:
                         oig.hotline@ed.gov

    Your report may be made anonymously or in confidence.

For information on identity theft prevention for students and schools,
  visit the Office of Inspector General Identity Theft Web site at:
                        www.ed.gov/misused



           The Department of Education’s mission is to promote
     student achievement and preparation for global competitiveness
      by fostering educational excellence and ensuring equal access.

                              www.ed.gov