Statement of LORRAINE LEWIS INSPECTOR GENERAL U.S. DEPARTMENT OF EDUCATION Before the SUBCOMMITTEE ON LABOR, HEALTH AND HUMAN SERVICES AND EDUCATION Committee on Appropriations United States House of Representatives Regarding PROPOSED FISCAL YEAR 2001 BUDGET REQUEST MARCH 28, 2000 Mr. Chairman and Members of the Committee: Thank you for the opportunity to discuss our Fiscal Year (FY) 2001 budget request to support salaries and expenses of the Department of Education's Office of Inspector General. I would like to submit my statement for the record and present a short summary of it to the Subcommittee. PURPOSE OF OPERATIONS The Office of Inspector General (OIG) was created under the Inspector General Act of 1978, as amended, to prevent and detect fraud, waste and abuse and improve the economy, efficiency and effectiveness of Education Department (ED) programs and operations. As the Inspector General I am statutorily responsible for the work of the OIG, including the audits of the Department-wide financial statements and the separate financial statements of the performance-based organization, Student Financial Assistance (SFA). These responsibilities are carried out by staff in headquarters and in regional offices and under contracts administered by the OIG staff. FY 2001 BUDGET REQUEST ED’s FY 2001 budget request for the OIG is $36.5 million, a net increase of $2.5 million above the 2000 appropriation. The request supports 285 full-time equivalent positions, the same staffing level as 2000. Approximately $1.2 million of the increase will support personnel costs, including annualization of the 2000 pay raise averaging 4.8 percent, the proposed 3.7 percent government-wide 2001 pay raise, and increased employee benefits. The remaining increase balance of $1.3 million will cover primarily the increased cost to contract for the audits of the Department-wide financial statements and the separate SFA financial statements and our increased share of the Department’s 1 overhead costs for services such as rent, ADP processing, contracts and communications. SIGNIFICANT ACCOMPLISHMENTS I would like to highlight a few examples of the significant accomplishments of this office to demonstrate the type of efforts we have undertaken and plan to continue to take with the appropriation the Congress provides. • We issued the audit reports on the Department’s FY 1999 consolidated financial statements and the SFA financial statements by the March 1 statutory reporting date. I am committed to achieving the March first deadline in the future for the audits of both sets of financial statements. Ernst & Young, LLP (E&Y) conducted the audits under contract with ED OIG. E&Y issued a qualified opinion for both the Department and SFA on the balance sheet, statement of net cost, statement of changes in net position, and statement of budgetary resources. E&Y disclaimed an opinion for both the Department and SFA on the statement of financing. A qualified opinion on four of the statements is an important improvement over FY 1998, which were disclaimers of opinion on all five of the statements. For FY 1999, there were four material weaknesses and four reportable conditions included in the auditor’s report on the Department’s internal controls and four material weaknesses and three reportable conditions in the report on SFA’s internal controls. • In February 2000 we issued an audit report on the Department’s security policies and plans for its mission-critical systems. Our review revealed that the Department has significant control weaknesses including a lack of security plans and reviews for six mission-critical systems, no process to ensure resolution of identified security deficiencies and a lack of technical security training for many employees responsible 2 for overseeing the Department’s computer security. The Department agreed with our findings and is making progress on taking corrective action. We are now conducting a follow-up audit to determine the adequacy of security reviews performed on eight mission-critical systems and we are evaluating the public, internal and privileged access vulnerabilities of the Department's EDNET communication infrastructure. We plan additional reviews of security controls for other systems in the future. • On March 6, in an investigation that is continuing, one individual pled guilty to a one- count information of conspiracy to misapply federal Pell Grant funds. The loss resulting from the conspiracy is approximately $1.4 million. The investigation revealed that employees of a trade school took part in a scheme that involved creating false documents for non-existent or non-eligible students. The school for which these individuals worked lost its eligibility to participate in the federal Guaranteed Student Loan program due to its high default rate. • Last year, we reported to you on a long and complex OIG investigation we conducted with several other law enforcement agencies. This investigation recently culminated in guilty verdicts by a Federal jury in White Plains, New York. Four defendants were found guilty in an 11-week trial of conspiracy, wire fraud and mail fraud in connection with the theft of millions of government dollars, including 11 million dollars in Pell Grants for ineligible persons. I am proud to announce that our agents received government-wide recognition from the President’s Council on Integrity and Efficiency for their efforts on that successful investigation. FY 2001 PERFORMANCE GOALS/PRIORITIES Let me turn now to the future. Our budget justification includes a description of 3 the major initiatives we plan to undertake to support the continuous improvement in ED’s programs and operations and to identify fraud and abuse. Our initiatives include a mix of improvement and deterrence activities focusing on systemic improvements, up- front assistance to ED in designing and improving its information systems, and identifying significant instances of non-compliance. For today, I would like to focus on three areas: management operations, the financial statement audits, and information technology work. Reorganization to Intensify Focus on Management Operations While we will continue our efforts on the activities mentioned above, I have decided to increase our attention on Department operations. We spend much of our Washington-based staff audit resources on the Department’s financial statement audits and on information technology issues. Jobs involving the Department’s day-to-day management operations must compete with others, particularly the financial and information technology work. Internal operations often don’t rise to the top. To help change that, I am reorganizing the OIG to focus the activities of two new groups on Department operations. The first group, the Analysis and Inspections Services, is already operating. One of its major responsibilities will be to conduct quick management reviews that do not require a traditional audit. An example of this type of effort is one we just began where, at the Department’s request, we are reviewing controls over the procurement of goods and certain services. This group will also be involved in reviewing the Department’s performance in meeting the requirements under the Government Performance and Results Act. The second group, which we are in the process of establishing, will be an internal audit staff. We will use that staff to audit the Department’s management operations and 4 to analyze problems that require the special expertise that auditors possess. Some examples of these efforts may be determining over or under payment of interest, identifying overpayments, following up on issues identified during the financial statement audits, and determining whether corrective actions from audit recommendations have actually been implemented. Increased Contract Funds for Financial Statement Audit The second area that I would like to mention today is the need for contract funds to supplement my staff. We will need the full contract amount of $1.575 million requested to complete the mandated financial statement audits, including the separate audit of SFA’s financial statements. The legislation that created SFA also established a new requirement for OIG to provide a separate report on SFA’s financial statements. Same Level Funding for Contract to Support IT Efforts Earlier, I mentioned an example of our information technology (IT) audit work. I am not seeking additional funds for this work, but I do request that we receive the same level of funds as FY 2000. Due to the complexity of the issues involved with IT, OIG requires the assistance of experienced IT systems audit contractors. We anticipate that our need for contractual support in this area will be ongoing, given the complexity and speed of systems security developments and our desire to provide quality on-the-job training for our IT audit staff. Let me briefly summarize our planned information technology-related activity. OIG has designated oversight of systems development as one of its highest priorities. It is much more efficient and effective to provide audit assistance during systems development then to identify problems after a system is operational. We will conduct audits and reviews of the Department’s development of information systems. 5 ED oversees the delivery of approximately $40 billion per year in student financial aid and a total $120 billion loan portfolio through the use of “legacy” information systems. These systems are not integrated, do not share a common systems architecture, and do not provide the timely, accurate and complete data needed to manage the SFA programs. With the passage of the Clinger-Cohen Act and other legislation, Congress signaled to Federal agencies the importance of improving the management of Federal information systems. OIG is also planning for audits of the Department’s security for critical information systems, including assessments of system vulnerability. Information system managers face the dilemma of balancing the need for security controls with the need for faster performance. Highly publicized incidents of successful hacking of government systems raise the awareness of the need for better security over Federal information systems and data. Security concerns are amplified as agencies provide increasing access to systems and databases over the Internet. We also are participating with 16 federal agencies in a President's Council on Integrity and Efficiency (PCIE) effort to evaluate compliance with Presidential Decision Directive (PDD) 63. PDD 63 calls for a national effort to ensure the security of the interconnected infrastructures of the United States. Our work focuses on the Department's efforts to comply with the requirements of PDD 63. Additionally, we have initiated an audit of the Department's disaster recovery planning for its mission- critical systems. Our security reviews will provide an independent assessment on the adequacy of security controls and the impact of any weaknesses on the IT environment. The reviews 6 will provide risk exposure assessments for both the electronic data processing and manual portions of the IT control environment. CONCLUSION I would like to close by stating that when I became the Inspector General last June, I made a commitment to communicate with the Congress. Towards that end, the OIG has reached out to our Appropriators, Authorizors and Oversight Committees in both the House and Senate. This effort has focused on several areas of concern: financial management, Year 2000 challenges, and the management challenges facing the Department. By working within the Department and with Congress, we can work toward solutions to long-term problems. Mr. Chairman and members of the Committee, this concludes my statement. I will be happy to respond to any questions that you and the Committee members may have. 7
before the Subcommittee on Labor, Health and Human Services, Education and Related Agencies, Committee on Appropriations, US House of Representatives, on the FY 2001 budget request for the OIG on March 28, 2000 PDF
Published by the Department of Education, Office of Inspector General on 2000-03-28.
Below is a raw (and likely hideous) rendition of the original report. (PDF)