Statement of Lorraine Lewis Inspector General Department of Education Before the Subcommittee on Labor, Health and Human Services, Education and Related Agencies Committee on Appropriations United States House of Representatives March 5, 2002 Mr. Chairman and Members of the Subcommittee: Thank you for the opportunity to discuss the top three management challenges facing the United States Department of Education (the Department). The Office of Inspector General (OIG) has identified 11 challenges that are included in the Department’s Accountability Report for Fiscal Year (FY) 2001. Today, I will focus on the following: 1) financial management, 2) information technology (IT) security, and 3) student financial assistance programs. I look forward to continuing to work together with the Congress and Secretary Paige to ensure that Department programs and operations serve the nation’s students and taxpayers with efficiency, effectiveness, and integrity. 1. Financial Management We have identified financial management on our list of management challenges for the past three years. Improving financial management is on the President’s Management Agenda and is a central goal of Secretary Paige’s management improvement initiatives. The benefits of sound financial management are two-fold. First, sound financial management allows managers to make decisions based on reliable financial information. Second, sound financial management ensures the basic trust between a government agency and the public remains intact. The Department has made, and continues to make, progress in this area. Last April, the Secretary created a Management Improvement Team (MIT) to focus attention on long-standing financial management issues. The MIT’s mandate included such goals as addressing outstanding recommendations related to the financial statement audits and other audits from the OIG and the General Accounting Office (GAO), ensuring an environment with effective internal controls, and removing student financial assistance programs from the GAO High Risk List. The MIT’s October 2001 report, Blueprint for Management Excellence (Blueprint), includes impressive corrective action items for improving the Department’s programs and operations. The Secretary has started the process by making it clear to Departmental managers that financial management must improve. The Secretary has established an Executive Management Team to lead this effort. Two key players in this effort are the recently confirmed Chief Financial Officer and the Assistant Secretary for Management. This focused attention by Department officials is key to continual progress and to reaching the goal. FY 2001 Audit Results For the second year in a row, the Department has received a qualified opinion on all five financial statements. The audit of the Department’s financial statements for FY 2001, conducted by Ernst & Young, LLP, resulted in reports on the financial statements, internal controls, and on compliance with laws and regulations. The OIG monitored progress and completion of the work to ensure the audit complied with Government Auditing Standards, issued by the Comptroller General of the United States. Copies of the auditors’ reports will be available on our web site at http://www.ed.gov/about/offices/list/oig/areports.html. The Report on Internal Control details certain matters that are considered to be material weaknesses and reportable conditions under professional standards. There is one material weakness--financial management systems and financial reporting. There are three reportable conditions--1) financial reporting related to credit reform, 2) information systems’ controls, and 3) reporting and monitoring of property and equipment. This is an improvement from the FY 2000 audit that disclosed three material weaknesses and two reportable conditions. The following is a description of the results for FY 2001. Material Weakness: Financial Management Systems and Financial Reporting (modified repeat condition) – While progress has been made, the absence of a fully integrated financial management system and limitations in the process for preparing and analyzing interim and final financial statements hinders the Department’s ability to accumulate, analyze, and present reliable financial information. The Department has implemented a replacement of the general ledger software package in an effort to address some of these problems. Reportable Conditions: Financial Reporting Related to Credit Reform (modified repeat condition) – Credit reform issues are complex and require an effective management control structure to ensure appropriate financial presentation. The Department needs to strengthen its credit reform reporting by improving: monitoring and analysis of the underlying financial activity of its credit programs; systems, policies, and procedures to streamline the process for preparing credit reform disclosures; and coordination of the various Department offices that oversee and account for the credit reform activity. Information Systems’ Controls (modified repeat condition) – During fiscal year 2001, the Department has made progress in strengthening controls over information technology processes. However, continued effort is needed to further address control weaknesses identified by OIG, GAO, and the Department itself related to information technology and systems. Reporting and Monitoring of Property and Equipment (modified repeat condition) – The Department needs to ensure that it can adequately account for its assets. By developing and implementing Department-wide policies and procedures, it could track and safeguard property and equipment. Prior to implementing the department-wide policies, the Department must first reconcile discrepancies between annual physical inventories and internal records. The Report on Compliance with Laws and Regulations disclosed no instances of noncompliance with laws and regulations. As part of this work, the auditors are also required to report whether the Department’s financial management systems substantially comply with certain financial system requirements referred to in the Federal Financial Management Improvement Act of 1996 (FFMIA). The auditors noted two instances of noncompliance with FFMIA--deficiencies in the general ledger system and the manual adjustment process, and deficiencies in systems security. In the next audit cycle, the Department faces three critical issues relating to the FY 2002 financial statements. First, the overall time to prepare and audit the Department’s financial statements has been shortened by one month. Office Management and Budget (OMB) guidance requires FY 2002 performance and accountability reports to be issued to OMB and Congress by February 1, 2003. Second, OMB guidance requires interim financial statements. Unaudited financial statements are to be submitted to OMB by May 31, for the six-month period ending March 31, 2002. Finally, the Department will be using a new general ledger system to prepare its FY 2002 financial statements. Implementing and using a new system frequently results in additional challenges. Implementation of Oracle Federal Financials System In January 2002, the Department replaced its existing general ledger system with Oracle Federal Financials. We have completed audits of the development and implementation of the new system. The Department generally did not agree with the deficiencies we identified in testing, training, security, and development. The Blueprint identified Oracle implementation as a major goal, and the Department has planned steps to address shortcomings in the system. Post-implementation shortcomings may be identified by the independent verification and validation contractor the Department has recently engaged and continued testing by the Department. Of particular importance is the interface between the Department’s Oracle system and the system containing critical data from Student Financial Assistance (SFA). Internal Controls We have conducted extensive work in the area of internal controls including work to identify improper payments. Strong internal controls are critical to protecting programs and operations from waste, fraud, and abuse; weak internal controls can contribute to improper payments. Our reports have identified weaknesses in controls over purchase cards, third-party drafts, cellular telephones, the contract payment process, and government equipment, for example. These reports and others may be found on our website: http://www.ed.gov/about/offices/list/oig/. In addition, GAO has performed oversight work concerning Department programs and operations and has provided valuable findings and recommendations. The Department has recognized the importance of having and maintaining a stronger internal control environment and the Blueprint contains plans to carry this out. The Secretary himself has spoken to all Department employees about the importance of a culture of accountability and results and convened a Department-wide group to foster such an environment throughout the Department. The Secretary recently announced that all Department employees must complete internal controls training by April 2002. In June 2001, the Department eliminated the use of third-party drafts. The OIG will continue to have a robust internal control focus. We currently have two reviews on-going in the areas of travel cards and telephone calling cards. We will also identify and analyze management controls while conducting all audit projects relating to the internal operations of the Department. 2. INFORMATION TECHNOLOGY SECURITY A top priority of the President’s Management Agenda is the expansion of e-government services. IT security is a critical component for achieving this objective. The events of September 11th and the continued threat of terrorist attacks heightened the importance of this challenge. The Department’s more than 100 systems must be capable of ensuring the availability, confidentiality, and integrity of the data they contain. Critical operations, assets, and sensitive information must be safeguarded from unauthorized access, disruption, and loss. The Department has recognized the importance of IT security and has initiated a number of actions to strengthen the security of its IT systems. The Blueprint focused on better management of information technology systems to improve the Department’s business and communication needs. The Blueprint also stated that the Department would maintain integrated, secure, and reliable systems to safeguard its assets and set specific goals and timetables for strengthening IT security. Our work has identified a number of improvements that are necessary for the Department to ensure the security of its systems, to comply with the Government Information Security Reform Act (GISRA), and to develop Disaster Recovery Plans (DRPs). The Department has initiated a number of actions to address GISRA requirements. For example, the Department identified over 600 security weaknesses and has indicated that it corrected more than 120 of these weaknesses. We will assess the effectiveness of the Department’s corrective actions during the second year of our independent evaluation of the Department’s IT security plans, programs, and practices. Our first GISRA independent evaluation identified significant shortcomings in the management, operational, and technical controls for mission critical systems. We also found deficiencies in the areas of security training, incident reporting, and protection of critical assets due to the lack of an agency-wide risk based IT security program. The Chief Information Officer (CIO) concurred with many of our findings and had raised similar concerns in the Department’s GISRA review. For example, both OIG’s report and the Department’s identified systemic weaknesses including lack of adequate IT security capital planning and the need for security training for Department personnel. The Department is developing corrective actions to address these deficiencies. In addition to strengthening IT security, the Department also needs to develop and test DRPs for the delivery of essential services. Our work concluded that many of the Department’s systems did not have fully developed and tested DRPs. The CIO concurred with many of our findings and has identified corrective actions to develop and test DRPs. It is essential for the Department to continue its efforts to develop a comprehensive strategy to strengthen IT security, to maintain and test DRPs, and to carry out its corrective action plans. Billions of taxpayers’ dollars are under the stewardship of the Department of Education. IT systems that are used to administer these funds should be secure from intrusion, disruption, and loss. 3. STUDENT FINANCIAL ASSISTANCE PROGRAMS Student financial assistance programs are the largest dollar value programs in the Department. The Department is charged with managing student financial programs that disburse approximately $50 billion annually and manages a loan portfolio of $170 billion. The GAO has included these programs in its High Risk Series since 1990, and these programs are included as a program initiative in the President’s Management Agenda. From the OIG perspective, most of our work (audits, investigations, inspections, and other reviews) is dedicated to student financial assistance programs. These programs are the largest focus of our investigative efforts relating to fraud perpetrated by third parties on the Department. The very nature of student financial assistance programs makes them risky: funds are provided up-front to both institutions and recipients and the Department must rely on these parties to act responsibly and lawfully, and student financial assistance recipients usually have no credit history. Our work has continually led us to recommend that the Department increase its monitoring and enforcement activities and continue to strengthen its internal controls over these programs. The Secretary has set a goal of removing these programs from GAO’s High Risk list. Many of the Blueprint action items support that goal. For example, the Blueprint addresses overawards of student aid funds. One means to do this is for the Department to match income data set forth on the Department’s Free Application for Federal Student Assistance with that of the Internal Revenue Service (IRS). The Department has performed two sample income matches with IRS, and continues to work with IRS and OMB to address further legislative changes for such a match. We recommend Congress pass such legislation. The need for this match was again highlighted in March 2001 when 26 people were charged in 23 separate criminal cases with fraudulently obtaining a total of more that $2.6 million from the Department in the form of grants, work-study, and loans. To date, 21 people have pled guilty. A data match with the IRS of income information might have prevented such ineligible awards. Other examples of recipient fraud include: An individual received numerous student loan checks based on fraudulent applications supported by false, fraudulent, and altered documents and forged signatures. The individual deposited the checks in several bank accounts and wire-transferred funds to accounts held by family members in Israel. The individual fraudulently obtained or attempted to obtain about $1.1 million in student loan disbursements through this scheme. The individual was sentenced to 30 months in prison followed by 36 months of supervised release, and was ordered to pay about $200,000 in restitution. An individual fraudulently claimed U.S. citizenship, producing his own certificate of naturalization with a home scanner and submitting the document to California Polytechnic University in Pomona to qualify for and obtain about $36,000 in loan funds. The individual was sentenced to 18 months imprisonment and ordered to make restitution of $31,981 after pleading guilty to student financial aid fraud and false claims of U.S. citizenship. Two brothers, who were physicians, claimed they were 100 percent disabled because they were house-confined or wheelchair-bound submitted false disability claims to have over $50,000 in student loans discharged. The older brother, who accepted full responsibility for the fraud, was sentenced to 18 months in prison to be followed by three years of probation. He was ordered to pay $145,350 in restitution jointly and severally with his brother. The younger doctor received five years of probation, 300 hours of community service and was ordered to pay restitution with his brother. In addition to the types of recipient fraud discussed above, our investigative work continues to identify trends in fraud by institutions participating in the Department’s student financial aid programs, or officials and employees of those institutions. Some examples of institutional fraud include: Refund Fraud The former president and chief executive officer of International Education Center (IEC) pled guilty for failing to make refunds to the Pell Grant program. IEC failed to make refunds totaling more than $600,000 when students either did not attend IEC after enrolling, or withdrew after completing only a small percentage of the educational program. Loan Default/Collections Fraud A Maryland attorney devised a scheme to collect monies from borrowers, but did not forward all of the funds he collected to the guaranty agencies. He was sentenced to four months in a halfway house, four months home detention, and two years of supervised probation, and was ordered to pay $16,655 in restitution. A proprietary school and a default management company operating in Oklahoma and Kansas entered into civil settlements in which they agreed to pay the Department a total of $475,000. The case involved allegations that employees at both institutions submitted fraudulent forbearance forms to lenders, lowering the schools’ cohort default rates, thereby preserving their participation in student loan programs. While no set of internal controls can guarantee that mistakes will not happen or persons intent on committing fraud will not succeed, we continue to recommend that greater program monitoring and enforcement should be done by SFA to protect the integrity of the programs. Last year, we issued three audit reports that cited significant deficiencies in SFA’s oversight of schools in the areas of program reviews, tracking and resolving audit recommendations, and recertifying foreign schools. Corrective actions are not yet completed on these audits. We recently issued an audit report that found SFA had not sufficiently monitored the financial responsibility of schools. We also audit higher education institutions directly. We have recommended that SFA take the necessary actions to address compliance problems at those schools, including seeking repayment of funds where appropriate. These reports and others may be found on our website: http://www.ed.gov/about/offices/list/oig/. Our work in the Federal Family Education Loan Program (FFELP) continues to show that the FFELP is vulnerable to fraud perpetrated by individuals who claim to be enrolled in a foreign school but who are not actually enrolled. Since there are different procedures for receiving student financial assistance when attending a foreign school, we have recommended that SFA ensure that there is a verification of enrollment in foreign schools of borrowers prior to disbursement of federal funds. Thank you for the opportunity to focus on these three Department management challenges. A complete discussion of our management challenges as of February 2002 may be found on our web site: http://www.ed.gov/offices/OIG/. This concludes my statement. I would be happy to answer any questions that you may have. 13
on the top three management challenges facing the United States Department of Education, before the Subcommittee on Labor, Health and Human Services, Education and Related Agencies, Committee on Appropriations, United States House of Representatives, March 5, 2002. MS Word
Published by the Department of Education, Office of Inspector General on 2002-03-05.
Below is a raw (and likely hideous) rendition of the original report.