. Statement of Lorraine Lewis Inspector General Department of Education Before the Subcommittee on Select Education Committee on Education and the Workforce United States House of Representatives July 24, 2001 Mr. Chairman and Members of the Subcommittee: Thank you for the opportunity to participate in today’s hearing on financial management practices at the Department of Education. You requested that I focus my testimony on the work of the Office of Inspector General (OIG) concerning internal controls at the Department. Specifically, I will address our reviews over the use of government purchase cards and third party drafts, comment on investigations, and discuss our recommendations to the Department on how to improve its financial management. The Department of Education has serious financial management issues it must address. While progress has been made and is continuing, much work remains. We will keep working closely with the Subcommittee, the Department, and the General Accounting Office (GAO) to help the Department continue to move forward in improving its financial management practices. I commend the Subcommittee for its strong interest in these important matters and for the attention it has given to financial management at the Department. Secretary Paige’s establishment of the Management Improvement Team (MIT) is an important step toward improvement. The MIT’s interim report of last week reflects a comprehensive . review of financial management, information technology security, and other management issues and illustrates the significant challenges that still lie ahead. As I have testified in the past, the financial statements audit reports, particularly the Report on Internal Controls, provide the blueprint for addressing financial management issues. As the GAO noted in a report on the Department's financial management, "internal control serves as the first line of defense in safeguarding assets and in helping detect and prevent waste, fraud, and abuse." (GAO-01-104R, Education's FY 1999 Financial Management Weaknesses, October 16, 2000, p. 9.) While an unqualified, or clean, opinion is an important goal, an equally important goal is the resolution of the three material weaknesses and two reportable conditions in the Report on Internal Controls. The material weaknesses identified were: 1) financial management systems and financial reporting need to be strengthened; 2) reconciliations need to be improved; and 3) controls surrounding information systems need enhancement. The reportable conditions were: 1) improvement of financial reporting related to credit reform is needed; and 2) reporting and monitoring of property needs to be improved. We welcome the opportunity to have GAO join us in our oversight activity concerning internal controls in the Department. We have shared with GAO the results from our purchase card and third party draft reviews, as well as information on improper payments and information technology security. We appreciate GAO’s work and results, and have learned from its efforts. 2 . Internal Control Review over Purchase Card and Third Party Draft Payments In October 2000, we issued our review of the Department’s internal control over the use of purchase cards and third party drafts. (Results of the OIG Review of Internal Controls over the Use of Purchase Cards and Third Party Drafts (A&I 2000-15), see Appendix A). We found that the Department’s established procedures for these programs were not always current and were not always followed. Additionally, the Office of Chief Financial Officer, which is responsible for the programs, needed to improve its administration of both programs. To help safeguard against potential misuse or waste, while ensuring that purchase card transactions and third-party drafts serve program needs, we made 22 recommendations to the Department. They were designed to: • strengthen the control environment over the use of purchase cards and drafts; • provide for an assessment of the external and internal risks the agency faces; • strengthen control activities over the use of purchase cards and drafts; • strengthen information and communication regarding the use of purchase cards and drafts; and • strengthen monitoring over the use of purchase cards and drafts. Department officials concurred with our findings and recommendations. We initiated a follow-up review to address two specific recommendations that are key to ensuring that these purchase cards are used properly and that the Department is paying the correct amount. Those are: 1) requiring that all approving officials review and sign monthly purchase card statements; and 2) reconciling the monthly Department-wide purchase card 3 . statement to the monthly statements approved by the approving officials from the principal offices and to the Department’s accounting system, EDCAPS. Specifically, in this follow-up review, we focused on the statements for the month ending February 16, 2001. We reviewed the purchase card statements for 184 cardholders who had activity for that month. With regard to approving official review, we found that six statements lacked required signatures. We also found 68 statements were not submitted timely. Consequently, some statements were unsigned or missing when the Department’s consolidated bill was paid, 38 days after the due date. With regard to reconciliation, the Department’s Financial Management Policies and Administrative Programs (FMPAP) provided us documentation of reconciliation that we are still evaluating. The FMPAP staff stated that when the Department’s new financial system is operational, the reconciliation process should be more efficient. We subsequently asked FMPAP to provide documentation for the payment of the Department- wide purchase card statement for May 2001. From the documentation we received, we found that FMPAP had not sent timely notices to purchase card approving officials for 22 overdue statements. This contributed to the Department’s statement being paid 10 days past the due date. Since our initial reports in this area, in response to our work, the Department has taken several steps to correct weaknesses in the purchase card and third party draft programs. For example, the Department has conducted mandatory training sessions for cardholders and supervisors, 4 . conducted a risk assessment, provided written delegations, and provided managers GAO’s Standards for Internal Control in the Federal Government. (GAO/AIMD-00-21.3.1, issued November 1999.) Additional Reviews of Internal Operations We have also reviewed a number of other internal operations of the Department. Disbursement Process Controls Under contract to OIG, Ernst & Young is examining the Department's controls over its payment systems and processes. Three have been completed: • The Impact Aid Program within the Office of Elementary and Secondary Education; • The discretionary grant disbursement process within the Office of Educational Research and Improvement; and • The formula grant disbursement process within the Office of Vocational and Adult Education. The objectives of each review were to determine the processes by which payments can be made by the Department and to assess the controls over the payments in those processes to determine if the controls are operating effectively. [Review of the Impact Aid Program Disbursement Process Within the U.S. Department of Education Office of Elementary and Secondary Education (Audit Control Number: ED-OIG/S17-B0013, July 19, 2001); Review of the Discretionary Grant Disbursement Process Within the U.S. Department of Education Office of Educational Research and Improvement (Audit Control Number: ED-OIG/S17-B0014; July 19, 2001); Review of the Formula Grant Disbursement Process Within the U.S. Department of Education Office of 5 . Vocational and Adult Education (Audit Control Number: ED-OIG/S17-B0015, July 19, 2001), see Appendix A]. Based on its reviews, Ernst & Young identified several areas where enhanced controls and needed operational changes, if properly implemented, will reduce the risk of erroneous payments. One common theme among these reviews was the need for improved data integrity controls. The reviews contained recommendations to 1) establish procedures for and perform formal reconciliation from feeder systems to the Grant Administration Payment System, and 2) enhance grants monitoring. Cellular Phones In September 2000, we assessed the Department's controls over the purchase and management of cellular phones. We found that improvements were needed in policies and procedures, inventory controls, segregation of duties, billing processes, vendor selection, and maintenance of documentation. As a result of the ineffective controls, the risk of errors, theft, fraud and abuse was increased. The Department concurred with our findings and recommendations. (Audit of the U.S. Department of Education's Controls over Cellular Phones (ED-OIG/A11-A0014), see Appendix A). We also note that in a recent investigation, we developed evidence that a Department employee permitted his family members to use his Department-issued cell phone to make over 8,000 personal telephone calls between May 1998 and December 1999. In May 2001, the employee pled guilty to a one-count criminal information and resigned from the Department. 6 . Contracting Operations We have consistently issued reports recommending improvements in the Department's management of contracts and contractors. ¾ In March 2001, we assessed the Department's contract payment process and whether controls were in place to prevent and detect improper payments. We found that improvements were needed in controls over the invoice review process, segregation of duties, and the process for establishing vendor information in the Department's contract payment system. Based on our work, the Department lacked assurance that payments are proper. We made several recommendations to the Department to improve the controls. The Department generally concurred with our findings and agreed to take action on our recommendations. (Audit of Controls over Contract Payments (ED-OIG/A07-A0015), see Appendix A.) ¾ We issued two reports in 2001 on the Department's controls over property furnished to the Department's major student financial assistance contractors and found that the two contractors did not comply with recordkeeping, reporting, and inventory requirements, and that Government property was not properly identified. The contractors have concurred with our findings and recommendations on the reports issued to date. (Audit of Controls Over Government Property Furnished to Computer Sciences Corporation (ED-OIG/A19-B0003); Audit of Controls Over Government Property Furnished to Affiliated Computer Services, Inc. (ED-OIG/A19-B0004), see Appendix A). 7 . ¾ Since Fiscal Year 1999, most of our work has focused on the major Student Financial Assistance contractors. We evaluated the Department's processes for monitoring contract performance, including the activities of the Contracting Officer, Contract Specialist, and Contracting Officers’ Representative, as well as internal controls and processes at the individual contractors. We found that: 1) contract changes were not formalized; 2) contract terms were not adequately defined; 3) changes in key personnel were not approved in advance; 4) key contract personnel were not devoting the time specified in the contract; 5) contractor remittances to the Department were not monitored; and 6) incorrect contractor billings were not detected. (See Appendix B for a list of the audits and other products.) As a result, the Department was not getting what it was paying for with respect to the quality of the projects and the contractors’ responsibilities under the contracts. Informal contract agreements and ambiguous contract terms could result in misunderstandings and disputes over what is expected under the contract. Changes in key personnel and key personnel working other projects reduced the level of effort and quality of the overall project, and resulted in overcharges since key personnel costs were built into the contract prices. Failure to monitor remittances resulted in loss of funds. The Department's failure to appropriately review contractor billings resulted in improper payments to contractors. ¾ In 2001, we conducted an audit follow-up review of these issues to determine if corrective actions were taken. We found that corrective actions were taken to formalize contract changes, define contract terms, and approve changes in key personnel in advance. Further actions were needed, however, to implement corrective actions to ensure that contract personnel 8 . devote the time specified in the contract, monitor contract remittances, and detect incorrect billings. (Audit Follow-up Review on Corrective Actions the Department Had Taken in Response to Issues Reported During the Office of Inspector General’s Contract Monitoring Audits of Student Financial Assistance Information Technology Contracts (ED OIG/A07- A0014), see Appendix A.) Information Technology Security Security of information technology systems is an important internal control. For several years, we have reported security as a management challenge for the Department and have focused our audit resources on identifying and reporting on vulnerabilities in the Department’s systems. As a result of our audit work, the Department has identified information technology security as a material weakness in its annual Federal Managers’ Financial Integrity Act reports since Fiscal Year 1999. Additionally, Ernst & Young’s Report on Internal Controls for Fiscal Year 2000 identified controls surrounding information systems as a material weakness. We also welcome GAO’s ongoing security work on the Department’s financial system, EDCAPS. To assist in its effort, we provided GAO with the results of our previous audits and access to our workpapers. Over the course of the last two years, we have issued numerous reports related to security controls, including: Review of Security Posture, Policies and Plans (ED-OIG/A11-90013, February 2000); Review of EDNet Security (ED-OIG/A11-90018, July 2000); Review of Planning and Assessment Activities for Presidential Decision Directive 63 on Critical Infrastructure Protection (ED-OIG/A11-A0005, September 2000); Audit of Collection of Personally Identifiable Information Through ED Internet Sites (ED-OIG/A11-B0002, February 9 . 2001); Security Review of the Virtual Data Center (ED-OIG/A11-A0015, March 2001) (see Appendix B). These reports highlighted weaknesses in the Department’s security controls and provided recommendations for better securing the Department’s systems. Some of our most significant findings included the Department’s need to: • Complete required security plans and reviews for mission-critical systems; • Provide security training to staff; • Improve technical and physical controls over its network and data centers to address existing vulnerabilities; • Improve incident response capabilities, audit logging and tracking, and disaster recovery planning; • Complete a critical infrastructure protection plan, identify critical assets, and conduct vulnerability assessments; • Strengthen controls over collection of personally identifiable information on its Internet sites and posting of required privacy notices. These identified internal control weaknesses collectively constitute a significant threat to the security of the Department’s information technology systems and the data that they process. We have made numerous recommendations for the Department to take action to develop and implement the policies and practices necessary to protect the integrity and privacy of its IT systems. 10 . The Department has corrective action plans in place to address our recommendations and has made progress. For example, the Department has completed security plans for all but one the mission critical systems included in our report and completed security reviews for all of its mission critical systems included in our report. Additionally, by December 2000, the Department provided security awareness training to 97 percent of its staff. The Department must remain diligent in addressing our remaining recommendations. Until these remaining actions are taken, the Department remains vulnerable to security breaches such as outside hackers, malicious viruses, and damage caused by disgruntled employees. We will continue to focus on security issues in the Department as we complete our 2001 security evaluation required by Title X, Subtitle G, “Government Information Security Reform,” of the FY 2001 Defense Authorization Act. The results of this evaluation will be reported to the Office of Management and Budget in September 2001. Improper Payments In an October 12, 2000 memorandum, we encouraged the Department to develop a process for estimating improper payments for the Department. An estimate of improper payments could be used by the Department to help it manage its financial resources and to make programmatic decisions. The MIT Interim Report stated that the Department is preparing to implement Office of Management and Budget guidance on estimates of erroneous or improper payments. (MIT Interim Report on Management Improvement, July 17, 2001, p. 10.) 11 . During the Subcommittee’s April 2001 hearing, we referred to data reported in our previous three fiscal years of Semiannual Reports to Congress and our recent work in the area of duplicate payments to identify the known amount of improper payments. We identified a three-year total of approximately $450 million. We are pleased that the Department addressed this important issue and discussed its, and the Justice Department’s, efforts to recover these amounts. We agree with Secretary Paige that collective efforts by the Department, the OIG, and the Justice Department to find problems, recover funds, and enforce the law are examples of efforts we need to make to protect the federal interest. (Secretary Paige’s letter to Chairman John Boehner, May 22, 2001.) One method by which the Department could minimize improper payments is to obtain income verification from the Internal Revenue Service. (OIG letter on Management Challenges, December 8, 2000.) A significant concern for the Department has been student aid applicants and their parents who under-report their income on the Free Application for Federal Student Aid in order to receive student financial assistance funds to which they are not entitled. Congress should enact whatever legislation is necessary to authorize this verification. Investigative Activities In my previous appearances before the Subcommittee, we indicated that we are conducting an investigation of individuals who, between 1997 and 1999, purchased and/or received equipment paid for with federal funds for non-business related purposes and billed the Department for overtime hours not worked. The defendants defrauded the government of more than $300,000 in property and more than $700,000 in false overtime charges. On May 23, 2001, 11 individuals, 12 . including four employees of the Department, were charged in a 19-count indictment. The charges included conspiracy to defraud the government, theft of government property, receipt of stolen government property, sale of stolen government property, and conspiracy to submit false claims to the government. Eight individuals, including four former Department employees, previously pled guilty. All the Department employees who were involved or are alleged to be involved, in these criminal cases have resigned or have been placed on indefinite suspension without pay. Recommendations to Improve Financial Management Operations In December 2000, we responded to a joint House and Senate request for an update on the status of the management challenges facing the Department. The first four management challenges that we identified relate to financial management, information technology management, systems security, and internal controls. While the Department has made progress on each of these challenges, much work remains. These problems did not occur overnight. In some cases, the challenges deal with complex issues, such as implementing new financial management systems and information security policies and practices. As a result, some of the management challenges facing the Department will take time to resolve. We are working with the Secretary to improve the programs and operations of the Department and protect the integrity of those programs and operations. The Secretary’s commitment and that of his senior management team must be sustained if the Department is to make positive long lasting changes. 13 . The Department needs to establish and maintain appropriate internal controls over Department programs and operations by applying GAO’s Standards for Internal Control in the Federal Government. The internal control structure must be well designed and operated, appropriately updated to meet changing conditions, and provide reasonable assurance that the objectives of the Department are being achieved. Adherence to these standards will provide management with reasonable, but not absolute, assurance that assets are safeguarded against loss from unauthorized use or disposition; that transactions are executed in accordance with management’s authorization and recorded properly; and that data supporting performance measures are properly recorded and accounted for so that performance information will be reliable and complete. Conclusion We are committed to identifying problems and working with the Department and Congress on solutions. The continued interest of the Subcommittee and the work of GAO will aid the Department in improving its financial management practices and internal controls. We look forward to contributing to this combined effort to improve the Department’s stewardship of taxpayer dollars. Mr. Chairman, this concludes my statement. I would be pleased to respond to any questions that you or other Members of the Subcommittee may have. 14 . OFFICE OF INSPECTOR GENERAL DEPARTMENT OF EDUCATION Appendix A The following products that are referenced in this statement are available on the Internet at http://www.ed.gov/offices/OIG/ • Results of the OIG Review of Internal Controls Over the Use of Purchase Cards and Third Party Drafts (A&I 2000-15, October 13, 2000) • Review of the Impact Aid Program Disbursement Process Within the U.S. Department of Education Office of Elementary and Secondary Education (ED-OIG/S17-B0013, July 19, 2001) • Review of the Discretionary Grant Disbursement Process Within the U.S. Department of Education Office of Educational Research and Improvement (ED-OIG/S17-B0014, July 19, 2001) • Review of the Formula Grant Disbursement Process Within the U.S. Department of Education Office of Vocational and Adult Education (ED-OIG/S17-B0015, July 19, 2001) • Audit of the U.S. Department of Education's Controls Over Cellular Phones (ED- OIG/A11-A0014, September 15, 2000) • Audit of Controls Over Contract Payments (ED-OIG/A07-A0015, March 13, 2001) • Audit of Controls Over Government Property Furnished to Computer Sciences Corporation (ED-OIG/A19-B0003, March 19, 2001) • Audit of Controls Over Government Property Furnished to Affiliated Computer Services, Inc. (ED-OIG/A19-B0004, April 20, 2001) • Audit Follow-up Review on Corrective Actions the Department Had Taken in Response to Issues Reported During the Office of Inspector General’s Contract Monitoring Audits of Student Financial Assistance Information Technology Contracts (ED OIG/A07- A0014, September, 2000) • Review of Security Posture, Policies and Plans (ED-OIG/A11-90013, February 2000) • Review of EDNet Security (ED-OIG/A11-90018, July 2000) • Review of Planning and Assessment Activities for Presidential Decision Directive 63 on Critical Infrastructure Protection (ED-OIG/A11-A0005, September 2000) • Audit of Collection of Personally Identifiable Information Through ED Internet Sites (ED-OIG/A11-B0002, February 2001) • Security Review of the Virtual Data Center (ED-OIG/A11-A0015, March 2001) . OFFICE OF INSPECTOR GENERAL DEPARTMENT OF EDUCATION Appendix B The following reports, while not specifically referenced, relate to internal controls. Some may be found on the Internet; other must be requested. • Audit of Public Inquiry Contract, National Computer Systems, Iowa City, IA (ED OIG/A07-80017, November 1998) • OSFAP Action Memorandum 99-01 – Informal Contract Task Orders/Modifications, Title IV Wide Area Network Contract (ED OIG/E07-90014, October 27, 1998) • OSFAP Action Memorandum 99-02 – Outstanding Title IV Wide Area Network Remittances, (ED OIG/E07-90013, November 2, 1998) • OSFAP Action Memorandum 99-05 – Title IV Wide Area Network Contract – Inappropriate Charges for Key Personnel to New Tasks and Other NCS Contracts, (ED OIG/E07-90012, December 16, 1998) • OSFAP Action Memorandum 99-09 – Department Officials Should Avoid the Appearance of Limiting Full and Open Competition (ED OIG/E07-90011, February 25, 1999) • Audit of Title IV Wide Area Network Contract, National Computer Systems, Iowa City, IA, (ED OIG/A07-80018, May 1999) • OSFAP Action Memorandum 99-11 – Key Personnel Requirements Should be Clarified Prior to Award of the Editorial Services Contract (ED OIG/E07-90025, May 25, 1999) • OSFAP Action Memorandum 99-12 – Allowing Contracting Officer’s Technical Representatives to Authorize Work is Contrary to Procurement Regulations (ED OIG/E07-90027, May 28, 1999) • Audit of the Central Processing System Contract (ED OIG/A07-90003, March 2000) • Audit of Compliance with Cost Accounting Standards for Travel, National Computer Systems, Iowa City, IA, (ED OIG/A07-90017, March 2000) • SFA Action Memorandum 00-01 -- Planned Payment to Contractor for Unauthorized Work (ED OIG/E07-A0017, May 8, 2000) • Recipient Financial Management System Contract awarded to Computer Data System, Incorporated (CDSI) (ED OIG/A02-80002, September 2000) • Review of the Department's Requirements Definition & Testing Processes for the Loan Origination and Loan Consolidation Systems (ED OIG/A11-70010, March 30, 1999) • Assessment of Direct Consolidation Loan Program Administration and Operations by EDS, Inc. Since December 1, 1997, (ED OIG/A04-80009, May 28, 1999) • Review of the Department's Acquisition Process for Office of Student Financial Assistance Programs Information Systems, (ED OIG/A11-80004, May 1999) • Review of Collection Activities at Unger and Associates, (ED OIG/A06-90011, February 8, 2000) • Audit of Controls over Government Property Furnished to Affiliated Computer Services, Inc., (ED OIG/A19-B0004, April 20, 2001) . OFFICE OF INSPECTOR GENERAL DEPARTMENT OF EDUCATION Appendix B • Assessment of Direct Consolidation Loan Program Administration and Operations by EDS, Inc. Since December 1, 1997, (ED OIG/A04-80009, May 28, 1999) • Review of the Department's Acquisition Process for Office of Student Financial Assistance Programs Information Systems, (ED OIG/A11-80004, May 1999) • Review of Collection Activities at Unger and Associates, (ED OIG/A06-90011, February 8, 2000) • Audit of Controls over Government Property Furnished to Affiliated Computer Services, Inc., (ED OIG/A19-B0004, April 20, 2001) • Appendix B WestEd's Administration of the Regional Educational Laboratory Contracts (ED OIG/A09-60009, March 31, 1998) • State and Local Action Memorandum 00-05, Duplicate Payment Made to Policy Studies Associates, Inc. (ED OIG/E07-A0022, July 13, 2000) 17
on Select Education, Committee on Education and the Workforce, US House of Representatives, on the status of financial management at the Department of Education, Tuesday, July 24, 2001. PDF
Published by the Department of Education, Office of Inspector General on 2001-07-24.
Below is a raw (and likely hideous) rendition of the original report. (PDF)