About The National Science Foundation... The National Science Foundation (NSF) is charged with supporting and strengthening all research disciplines, and providing leadership across the broad and expanding frontiers of scientific and engineering knowledge. It is governed by the National Science Board which sets agency policies and provides oversight of its activities. NSF invests approximately $5 billion per year in almost 20,000 research and education projects in science and engineering, and is responsible for the establishment of an information base for science and engineering appropriate for development of national and international policy. Over time, other responsibilities have been added including fostering and supporting the development and use of computers and other scientific methods and technologies; providing Antarctic research, facilities and logistic support; and addressing issues of equal opportunity in science and engineering. ... And The Office of Inspector General NSF’s Office of Inspector General promotes economy, efficiency, and effectiveness in administering the Foundation’s programs; detects and prevents fraud, waste, and abuse within NSF or by individuals that receive NSF funding; and identifies and helps to resolve cases of misconduct in science. The OIG was established in 1989, in compliance with the Inspector General Act of 1978, as amended. Because the Inspector General reports directly to the National Science Board and Congress, the Office is organizationally and operationally independent from the agency. From the Inspector General This report highlights the activities of the National Science Foundation (NSF) Office of Inspector General (OIG) for the six-month period ending September 30, 2003. It has been another eventful reporting period for our office. We issued 15 audit reports that contained $2,837,713 in questioned costs. We also made recommendations that would put $4,619,248 in funds to better use. In addition, we closed 11 civil/criminal cases, 29 administrative cases, and made $1,218,883 in recoveries. Finally, we referred 3 criminal/civil cases to the Department of Justice, and 4 administrative cases to NSF management. In October, we marked the 25th anniversary of the signing of the Inspector General Act which established the institution of an independent IG at most large agencies. Upon signing the bill, President Carter called the Act “a chance to protect the taxpayer’s dollar, to root out corruption, fraud, waste, mismanagement, in the most effective and enthusiastic fashion.” The effectiveness of the IG Act has been born out over time, but it is interesting that the President chose to use the word “enthusiastic.” The people I have met in the OIG community are enthusiastic, I believe, because it is a privilege to be doing this important work. During the October meeting of the National Science Board, Dr. Warren Washington, Chairman, recognized the contributions that Inspectors General make to the general efficiency and effectiveness of government, and specifically thanked the NSF’s OIG for assisting the Board in overseeing the complex and challenging operations of NSF. Science and engineering research is becoming increasingly global. Through both formal and informal collaborations, individual researchers around the world are engaging in diverse and complex projects intended to foster creative solutions to important global challenges. In practice, international collaborations are frequently a good investment. They ease the financial burden on any one National Science Board Chairman nation for shouldering the cost of complex and expensive Dr. Warren Washington with projects, while they enhance the scientific knowledge base Inspector General Dr. Christine Boesz (Picture by Christy Bowe, for participating nations. NSF supports international Imagecatcher News) science through both U.S. and foreign institutions. During the past six months I have had the opportunity to meet with some of my colleagues engaged in the oversight of research funding. The purpose of the meetings was to promote an international exchange among those responsible for providing accountability through audits and investigations. These meetings were productive and demonstrated a commonality among those charged with detecting and preventing fraud and waste. While the countries with a shorter history of science funding benefited from exchanging information with their more experienced counterparts, all participants came away with a fresh perspective on familiar problems. As NSF moves into fiscal year 2004, the OIG is committed to assisting the agency as it faces the challenges in a rapidly changing world of science and technology. We appreciate the cooperation and responsiveness of NSF management and staff, and look forward to a continuing productive relationship. Christine C. Boesz, Dr.P.H. Inspector General November 17, 2003 Table of Contents Executive Summary ............................................................................ 5 OIG Management Activities ................................................................. 7 Legal Review ........................................................................................................... 7 Outreach/Prevention Activities .......................................................................... 8 Audits and Reviews .......................................................................... 13 Significant Reports................................................................................................ 13 Corrective Actions Prompted by Previous Audits .......................................... 23 Work in Progress ................................................................................................... 26 A-133 Audit Reports ............................................................................................ 27 Investigations .................................................................................... 29 Civil and Criminal Investigations ....................................................................... 29 Administrative Investigations ............................................................................. 35 Proactive Reviews ................................................................................................ 41 Statistical Data ................................................................................. 43 Appendicies Reporting Requirements ...................................................................................... 57 Acronyms ............................................................................................................... 59 Executive Summary • The FY 2002 Management Letter Report provides details on two internal control findings identified during the FY 2002 financial statement audit: post-award management and cost accounting. The audit found that NSF had initiated steps to improve post- award monitoring, but that the procedures needed to be refined and implemented before effective monitoring can take place. More comprehensive criteria for identifying high-risk awardees, as well as increased guidance for conducting on-site reviews are needed. In addition, NSF needs to develop a meaningful cost accounting architecture that will provide accurate and timely information to support management decision-making and performance reporting. NSF recently submitted its revised Strategic Plan to Congress and has stated that its next step is to develop a full cost allocation process that will link the costs of its programs to their performance. (See p. 13) • An audit report on NSF’s Committees of Visitors (COVs) discusses NSF’s reliance on these committees of external experts convened to evaluate the quality of NSF’s management of its portfolio of awards, the performance of its grant programs, and the extent to which agency programs contribute to NSF attaining its strategic goals. The audit found that COVs provide valuable independent feedback to NSF on its programs, and constructive suggestions for improvement. However, NSF does not have a process to document how it has responded to recommendations in the COV reports. Also, in its GPRA performance reports provided to Congress and the Office of Management and Budget, NSF does not clearly disclose the limitations of data related to COV evaluations and judgmental sampling, upon which the reports rely. (See p. 16) • A western university inappropriately recovered $1.43 million in routine administrative and indirect type costs greater than the maximum allowed under federal regulations. NSF first questioned the appropriateness of the university adding research management services (RMS) charges as direct costs to its award proposals in 1994, and directed the university to obtain written approval from HHS, its cognizant federal agency for audit, before including RMS charges on future proposals. 5 Executive Summary In 1997, HHS concluded that the university’s RMS costing methodology did not comply with federal grant regulations for direct-charging of administrative and clerical costs to federal awards. However, the university continued to direct-charge RMS to NSF awards while simultaneously recovering the full amount of administrative support service costs allowed through its approved F&A cost rate. NSF has been working with the university to resolve the $1.43 million of questioned RMS costs. (See p. 19) • A researcher was sentenced to a year in prison after pleading guilty to embezzling $202,000 in NSF grant money and other funds. The subject was hired in 1994 to work as Co-Principal Investigator, and spent the next 5 years embezzling funds and stealing items purchased under the project. When the fraud was discovered by the grantee, it required him to repay the organization $108,497 over 4 years, reimburse $56,676 to NSF, and removed his ability to charge expenditures to the grant, but allowed him to continue working on the grant project. However OIG found a large number of suspicious transactions that had not been previously identified by the organization. The Government and the subject agreed that the amount of loss was $202,000. Based on his admissions and the evidence against him, the subject agreed to plead guilty to one count of stealing federal funds. The court sentenced him to serve 1 year in prison, and ordered him to pay additional restitution to NSF. (See p. 29) • The U.S. Antarctic Program experienced three separate computer related incidents in as many months. In the most serious incident, NSF received an email from a hacker stating that he had breached the South Pole Station network. The hacker claimed to have downloaded everything on the network and threatened to sell the information to “the Russians or the media” if NSF did not pay him. A joint investigation with the FBI resulted in the apprehension of two computer hackers in Bucharest, Romania. The hackers are awaiting trial in Romania, pursuant to cyber-crime related violations and extortion. (See p. 32) • A university committee determined that a PI had committed an egregious act of plagiarism by submitting a proposal to NSF that contained more than a page of text and ideas taken from a confidential research proposal submitted by others. The allegation was referred to the university by OIG after verifying that it contained substance. The committee found that the copied material represented the scientific core of the NSF proposal. It concluded that the PI’s plagiarism represented very serious research misconduct, aggravated by the breach of confidentiality in the peer review process, and applied sanctions. Based on the evidence, we concurred with the university’s findings and accepted its report. Consistent with the university’s actions, we recommended the PI be debarred for 2 years from receiving any federal funds and, further, to protect the merit review process, we recommended that the PI be prohibited from reviewing any NSF proposals for 3 years. (See p. 35) 6 OIG Management Activities Legal Review The Inspector General Act of 1978, as amended, mandates that our office monitor and review legislative and regulatory proposals for their impact on the Office of Inspector General (OIG) and the National Science Foundation’s (NSF) programs and operations. We perform these tasks for the purpose of providing leadership in activities that are designed to promote economy, effectiveness, efficiency, and the prevention of fraud, waste, abuse and mismanagement. We also keep Congress and NSF management informed of problems and monitor legal issues that may have a broad effect on the Inspector General community. During this reporting period, we reviewed 9 bills that either affected NSF, OIG, or both. The following bill merits discussion in this section. Program Fraud Civil Remedies Act of 1986 (PFCRA) (31 U.S.C. §§ 3801-3812) A legislative priority that we support is amending PFCRA to include NSF and the 27 other Designated Federal Entity (DFE) agencies that are currently excluded from participation under PFCRA’s enforcement provisions. The OIG’s concern involves the ability of DFE agencies to fully implement their statutory mission to prevent fraud, waste and abuse by availing themselves of the enforcement capabilities contained within PFCRA. We have raised the issue of NSF’s inclusion under PFCRA in several prior semiannual reports. The DFEs are generally smaller agencies that intrinsically are more likely to have cases involving smaller dollar amounts. PFCRA sets forth administrative procedures that enable defrauded agencies to proceed administratively to recover double damages and penalties when the amount of loss is less than $150,000.00. Using the enforcement HIGHLIGHTS provisions of PFCRA will enhance NSF and other DFE agencies recovery efforts in instances of fraud that fall below PFCRA’s financial Legal Review 7 cap of $150,000.00. We believe that by not including DFE agencies, PFCRA fails to maximize its potential. Amending PFCRA to include Outreach/ NSF and the other DFE agencies will strengthen the OIG community’s Prevention Activities 8 statutory mission to deter fraud, waste and abuse. 7 OIG Management Activities Outreach/Prevention Activities Partnering with International Agencies Workshop on International Audit Issues. Our office is continuing its work to ensure the appropriate use of NSF funds spent overseas. We initiated and coordinated the workshop Accountability in Science Research Funding to enable compliance and auditing officials from multiple countries to meet, learn about differing requirements, and discuss best practices. Participants presented and discussed models of award monitoring and auditing for science and engineering projects and shared Discussing international audit issues are: David Schindel NSF, Henry L. Barrett AID Director of Audit, Mary Santonastasso NSF, Debbie Cureton NSF, Tina Boesz NSF IG, Everett L. Mosley AID IG. best practices. Projects involving international collaborations were also discussed at the meeting. Countries represented at the workshop included Austria, Finland, France, Germany, Netherlands, Norway, Switzerland, European Community, and the United States. Korean National Science Organizations. OIG audit staff met with representatives from various Korean science and technology organizations, including the Ministry of Science and Technology and the Korean Science and Engineering Foundation, to discuss the role of the OIG in the federal government and issues such as the federal audit resolution process and our relationships with other audit organizations such as the GAO. 8 OIG Semiannual Report September 2003 Working with the Federal Community Misconduct in Research Working Group Activities. NSF OIG continues in its leadership role with the President’s/Executive Councils of Integrity and Efficiency (PCIE/ECIE) Misconduct in Research Working Group (MIRWG). We presented an update on the status of agency implementation of the federal policy on research misconduct at a PCIE/ECIE meeting. A representative from the working group also provided a report on the status of MIRWG activities to a group from the Office of Science and Technology Policy. Later this fall, we are planning to brief the roundtable of the PCIE/ECIE Inspections and Evaluations Committee on the guidelines the MIRWG has developed to assist other agencies and IGs in conducting investigations of research misconduct allegations. We expect the MIRWG to reconvene late in the year. Erroneous Payments Working Group. The OIG is participating in a joint working group of members of the PCIE and Chief Financial Officer Council (CFOC) to address improper and erroneous payments. The working group is developing benchmark methods to reduce improper payments and assisting OMB in establishing appropriate guidance. The Improper Payments Information Act of 2002 (Public Law No: 107-300) expanded the Administration’s efforts to identify and reduce erroneous payments in the government’s programs and activities. All CFO Act agencies must submit their plans for implementation of P.L. 107-300 to OMB by November 30, 2003. Consequently, agencies are carefully examining the risk of erroneous payments in all programs and activities they administer, including grant programs. The Erroneous Payments Working Group will continue to explore this issue and develop guidance and best practices to assist the agencies in their efforts. Financial Statement Audit Network. One of our senior auditors currently serves as the Chairman of the Financial Statement Audit Network (FSAN), a subcommittee of the Federal Audit Executive Council (FAEC). The FSAN is comprised of auditors from federal agencies, the General Accounting Office, the Federal Accounting Standards Advisory Board, and the Office of Management and Budget. The purpose of the FSAN is to highlight financial statement related issues for discussion during the monthly FAEC meeting. The same OIG auditor is also the co-Chairman of the Members in Government Committee of the Maryland Association of Certified Public Accountants (MACPA). Inspector General Academy. OIG investigative staff continued to contribute to the Inspector General Academy’s “Editing Investigative Products Training Program,” teaching a module on English grammar and style under the supervision of Executive Director Terry Freedy. 9 OIG Management Activities Presentations AGA Professional Development Conference and Exposition. At the Association of Government Accountants’ 52nd Annual Professional Development Conference & Exposition, OIG presented information and participated in a panel discussion regarding Federal Audit Committees: why federal agencies should have them, and what rules they should follow. Our office was able to provide unique insight regarding this matter, since NSF is one of the few federal agencies that has an audit committee, and our IG reports to the Audit and Oversight Committee of the National Science Board. This topic was of particular interest to the audience because of the new Sarbanes-Oxley law and its implications for the audit community. OIG Meets with Universities, Small Businesses. During this reporting period, OIG conducted several outreach activities to help raise awareness of compliance issues among NSF grantees. We visited three universities, where we discussed university misconduct policies with administrators, undergraduate and graduate students, and faculty. We explored with administrators what constitutes an effective misconduct policy and how a policy can be formulated to encourage people to bring complaints forward. For example, a university policy might assure complainants that their identity would be kept confidential and that if desired, they could seek the support of their Chair or Dean for bringing an allegation forward. We also recommended that university misconduct policies state that the specific agency making the grant should be contacted regarding allegations, to avoid delays in case processing. For example, the Office of Research Integrity, which only handles allegations regarding the Department of Health and Human Services, often receives allegations related to other agencies’ grants. Finally, we discussed the expectations of the community for the present government-wide misconduct policy and NSF’s misconduct regulation, and encouraged the universities to establish a record retention policy for research records created by its researchers. In discussions with students, we explained general OIG procedures, defined misconduct, discussed data sharing and ownership issues, and conducted case studies. In one session with undergraduates, we had an opportunity to focus on the philosophy behind research ethics, as well as present case studies intended to foster a pragmatic approach to the resolution of misconduct issues. We also continued our outreach efforts to small business grantees by participating in the 2003 Phase I Grantees Workshop sponsored by the Small Business Innovation Research / Small Business Technology Transfer (SBIR/STTR) programs. We focused on issues that are common with small business grantees and how these grantees can avoid compliance problems. Assisting NSF with FMFIA briefings. The Federal Managers Financial Integrity Act (FMFIA) requires that all federal agencies assess their management controls and provide an assurance statement on the condition of those controls on 10 OIG Semiannual Report September 2003 an annual basis. The self-assessment process raises awareness among managers of the importance of good internal controls and surfaces problems at an early stage. During this reporting period, one of our senior audit managers briefed NSF staff on audit risk-assessment techniques and how these techniques can be used in the annual FMFIA annual assurance process. Publications Interns Develop Outreach Publications, Facilitate OIG Work. OIG summer interns enhanced our outreach efforts by producing two brochures, one booklet, and one poster. They also developed a database of our civil and criminal cases, from the inception of NSF OIG in 1989 through the present that will assist us in preparing proactive reviews aimed at identifying activities or types of grants that are at risk for fraud. The characteristics of the various cases were summarized and depicted in the brochure and poster, and highlighted in several case studies. Our interns also worked with the Federal Trade Commission to produce a brochure and a booklet for NSF on Identity Theft. These materials will be distributed to NSF employees at new employee orientation and during the NSF OIG Open House. Our interns further facilitated our work by developing the agenda for the Grant Fraud Working Group meeting to be convened in October, implementing a plagiarism detection program that will facilitate our investigation of these allegations, and analyzing our process for gathering evidence within research misconduct cases. 11 OIG Management Activities 12 Audits & Reviews Significant Reports Financial Statement Audit and Review of Information Systems Improving financial management and information security has been an important priority of the federal government for many years. The President’s Management Agenda identified improved financial management as one of its five government-wide initiatives. The President’s goal is to ensure that federal financial management systems produce accurate and timely information to support operating, budget, and policy decisions. Since 1990, Congress has enacted several laws intended to improve federal financial management and information systems security. The Chief Financial Officer’s (CFO) Act of 1990, as amended, requires that federal agencies prepare financial statements and that each agency’s OIG, or an independent public accounting firm selected by the OIG, audit these statements annually. The Federal Information Security Management Act of 2002 (FISMA) requires agencies to perform annual reviews and report to the Office of Management and Budget on their information systems’ security programs. In addition, Inspectors General are to provide independent evaluations of the information security programs and practices of their agencies. During this semiannual period we issued three reports on work performed for NSF in accordance with the CFO Act and FISMA: the HIGHLIGHTS FY 2002 Management Letter Report, the FY 2003 Federal Information Security Management Act (FISMA) Independent Evaluation Report, Significant Reports 13 and the FY 2003 FISMA Evaluation Summary Report. Corrective Actions The FY 2002 Management Letter Report Prompted by Previous Audits 23 The FY 2002 Management Letter Report provides details on internal control findings identified during the FY 2002 financial statement audit Work in Progress 26 (see discussion of audit in the March 2003 Semiannual Report, p. 17). The Report again identifies two areas of significant concern: post-award A-133 Audit Reports 27 management, and cost accounting. 13 Audits & Reviews Post-Award Management: Although NSF has a robust system of award management over its pre-award and award phases, NSF does not have a comprehensive and systematic risk-based grants management program for monitoring grants once they are issued. As a result, awardees’ use of federal funds may not be consistent with the objectives of the grant; programs and resources may not be protected from waste, fraud and mismanagement; laws and regulations may not be followed; and reliable and timely information needed for decision makers may not be obtained. In FY 2002, NSF initiated steps to improve post-award monitoring including the development of a Risk Assessment and Award Monitoring Guide that includes post-award monitoring policies and procedures, a process for identifying high-risk awardees, and various techniques for analyzing the risks associated with grantees. However, the audit found that the procedures in the Guide needed to be improved and implemented before effective monitoring can take place. For example, the Guide needed more comprehensive criteria for identifying high-risk grantees including additional factors such as poor financial award management or poor program performance on previous grants. Also, NSF’s procedures for conducting on-site reviews lacked sufficient detail describing how they are to be conducted and documented, how key financial risk areas will be analyzed, and how the grantee internal control systems will be evaluated. The guidance does not include follow-up procedures for addressing concerns raised as a result of the on-site reviews. Finally, in implementing the guidance NSF did not use a consistent methodology for conducting on-site reviews. NSF management concurred with substantially all of our recommendations concerning post-award monitoring. Because NSF funding at many institutions does not meet the threshold to require audit coverage under OMB’s Circular A-133, Audits of States, Local Governments and Nonprofit Organizations, effective post-award monitoring is imperative to ensure the integrity and accuracy of grantee expenditures reported in the NSF financial statements. Currently, grantee expenditures represent approximately 90 percent of total NSF expenditures in any year. In addition, the recent enactment of the Improper Payments Act of 2002 requires federal agencies to assess risk and estimate potential erroneous payments at awardee organizations, responsibilities that require a stronger award oversight role on the part of NSF. Accordingly, while NSF is taking action to improve its post-award management, a strong commitment by NSF senior management to provide the leadership and the appropriate resources for this task is needed to address this significant and continuing issue. Cost Accounting: The FY 2002 Management Letter also identified an internal control finding related to cost accounting. NSF needs to develop a meaningful cost accounting architecture that will provide accurate and timely information to support 14 OIG Semiannual Report September 2003 management decision-making including information to assess the full cost and performance of its programs and activities. We have reported this issue in the Management Letter Reports for the past three years and the Inspector General has included cost accounting in her management challenges letter since FY 2001. The President’s Management Agenda (PMA) has also identified “Budget and Performance Integration” as one of its five initiatives for improving government performance. The goal of this initiative is to provide greater focus on performance results and accountability, and to facilitate allocation of budget resources. It requires agencies to track and report the full cost of their programs and associated performance outcomes. Currently however, NSF’s financial and award systems do not aggregate full cost data for its programs and projects. This makes monitoring the full cost of a program or project difficult. Over the past year, NSF has been working with OMB to begin to address this issue. On September 30, 2003, NSF submitted its revised strategic plan to Congress as required under the Government Performance and Results Act of 1993. The plan, which was previously approved by OMB, defines a program framework for performance reporting purposes. The framework establishes investment categories that tie to NSF’s strategic goals of People, Ideas, Tools and Organizational Excellence. NSF has stated that its next step is to develop a full cost allocation process that will link the costs of its programs to their performance. We will monitor NSF’s progress in implementing its post-award grant-monitoring program and in developing a methodology for identifying the full cost of its programs and their associated performance outcomes. OIG will report on the status of the agency’s efforts to address these findings in the FY 2003 Financial Statement Auditors’ Report and Management Letter Report to be issued in the upcoming semiannual period. FY 2003 FISMA Information Systems Reports During this semiannual period we also issued the FY 2003 Federal Information Security Management Act (FISMA) Independent Evaluation Report and the FY 2003 FISMA Evaluation Summary Report, which reported three findings that we identified as significant deficiencies: 1) not all major information systems have been certified and accredited; 2) the U.S. Antarctic Program information system security program needs to be strengthened to meet federal requirements such as those related to patch management and configuration standards; and 3) additional security policies and procedures need to be implemented and enforced in all NSF directorates and offices. These weaknesses in NSF’s security program could result in unauthorized access to and modification of financial, programmatic, and other sensitive information; loss of assets; and disruption of critical operations. 15 Audits & Reviews Despite these deficiencies, the FY 2003 Independent Evaluation Report also indicated that NSF had made significant progress in developing, refining, and implementing its information security program. Since the issuance of the FISMA Independent Evaluation Report, NSF has informed the OIG that as of September 30, 2003, 18 of the 19 of its major systems have been certified and accredited. Management generally agreed with the findings and recommendations in these reports. However, NSF does not agree that the findings rise to the level of a significant deficiency designation because they do not believe that they represent a weakness in a policy, procedure, or practice that materially impacts the effectiveness of the entity-wide security program. Committees of Visitors Provide Useful Information to NSF Managers In September we issued our report on the results of our audit of NSF’s Committees of Visitors (COVs). NSF relies on these committees of external experts from academia, industry, and the public sector to evaluate the quality of NSF’s management of its research and education portfolio of awards, and to assess the performance of its grant programs. The COVs also provide NSF with expert judgments about the extent to which agency programs contribute to NSF attaining its strategic goals under the Government Performance and Results Act of 1993 (GPRA). The audit found that COVs provide a valuable service to NSF by performing independent assessments of the quality and management of its award portfolio, as well as the programs’ contributions to the overall accomplishment of NSF’s mission. The COV reports provide NSF with important feedback on its programs and make constructive suggestions and recommendations for improvement. For example, program managers have used COV recommendations to improve how the agency documents the accomplishments of principal investigators. However, NSF does not have a process to document how it has responded to recommendations in the COV reports. As a result, the benefits of the COV process, particularly given NSF’s transient workforce, could be lost and the recommended improvements could be overlooked. Additionally, in its GPRA performance reports provided to Congress and the Office of Management and Budget, NSF does not clearly disclose the limitations of data upon which the reports rely. For example, NSF relies on COV’s ratings of its strategic goals and indicators in measuring its performance. However, the COV’s ratings were incomplete in that not all strategic goals and indicators were rated. Yet NSF did not adequately discuss this data limitation in its FY 2001 performance report. Further, changes made to NSF’s performance data and collection process in 16 OIG Semiannual Report September 2003 FY 2002 raise new concerns about the objectivity of its performance reports. NSF established a new external advisory committee to assess its success in achieving strategic goals and indicators. To conduct the assessment, the committee relied primarily on the COV reports and “nuggets,” i.e., examples of noteworthy or significant research, engineering and education outcomes, judgmentally selected for the committee by NSF. NSF did not adequately disclose this limitation in its FY 2002 performance report. As a result, decision makers and other users of NSF’s performance reports may be unaware of the data limitations and may not be able to adequately judge the methodology and reliability of the data used to assess NSF’s performance. To address these issues, we recommended that NSF require its directorates to document whether or not they implemented the COV recommendations with their rationale, and that NSF provide the next COV with the written record of actions taken regarding the previous COV recommendations. Furthermore, to ensure that decision makers are fully able to judge the reliability of the data used to assess NSF’s performance, we recommended that NSF disclose in its GPRA performance reports all limitations in the data collection and reporting process. Although NSF does not agree with our characterization of judgmental sampling as a limitation of its GPRA reporting process, the agency has agreed to implement the report’s recommendations. NSF Awards for International Programs NSF estimates that five to ten percent of its annual budget (between $240 to $480 million in fiscal year 2003) is invested in activities with significant international scope. The vast majority of these funds go to U. S. institutions to support international activities and collaboration, but approximately $60 million was awarded directly to foreign institutions during fiscal years 1998-2002. NSF believes that by bringing together people from different countries and diverse backgrounds with a wide variety of infor mation, expertise, and resources, there is the potential to foster creative solutions to important global research Auditors Jeff Salisbury and Joyce Werking visit an problems. Also, many scientific international science organization that receives NSF funding. tools, such as large instrumentation and facilities, are affordable only through international partnerships. Thus, NSF anticipates that the funding allocated to international scientific activities will increase. 17 Audits & Reviews Notwithstanding the many benefits of international research programs, NSF awards made directly to foreign institutions are at increased risk for financial problems and lack of compliance with award requirements. Foreign organizations are less likely to understand U. S. grant requirements and are accustomed to different accounting practices and standards in their countries. Furthermore, NSF processes that are typically applied to awarding and administering domestic grants may not be appropriate for the unique nature of most foreign funding arrangements. Therefore, we plan to audit four foreign organizations that directly received $46 million (76 percent of total awards made directly to foreign institutions) during fiscal years 1998-2002. The audit objectives are to evaluate the adequacy of NSF processes and controls for awarding and monitoring foreign institutions and to determine whether foreign grantees are administering their awards in accordance with NSF terms and conditions. During this reporting period, we completed one of the audits, as discussed below, and are continuing audit work at two other recipient organizations. NSF Management of Grants To Foreign Organization Needs Improvement In September, we issued our report on an audit of a foreign organization that since 1993 has received $6.5 million in NSF awards. The NSF funds represent the United States contribution to the operating costs of the organization. Fifty other countries also support the organization, which coordinates global change research. While the audit did not disclose any misspending, it did identify weaknesses in NSF’s procedures for managing and monitoring foreign grants. NSF grant award letters were unclear as to what organization was the grantee institution, and whether or not NSF had verified the legal status of the foreign organization. Further, NSF’s grant agreements inappropriately allowed the foreign organization to commingle its NSF funds with other revenue sources rather than requiring separate accounting for NSF’s awards. Additionally, the agreements did not establish financial accountability for $1.3 million the awardee was directed to pass through to two other foreign organizations. As a result, NSF had little assurance that subrecipient expenditures were properly spent for authorized grant purposes and limited recourse if grant funds were misspent. NSF was effectively precluded from fulfilling its oversight responsibilities for monitoring grant expenditures to ensure funds were spent in compliance with federal and NSF policies and procedures. The report identified several reasons for NSF’s weak grant administration procedures. In particular, NSF staff did not adapt their normal procedures and practices to allow for the unusual nature of the awards. NSF was not able to demonstrate what documentation it requested or reviewed to make a determination 18 OIG Semiannual Report September 2003 of the legal status of these foreign institutions. Furthermore NSF’s grant agreements did not address the unique circumstances of the award, as a contribution in support of the overall infrastructure of a foreign organization rather than for specific research projects. Instead, NSF modified its standard cost reimbursable grant agreement, typically used for domestic research awards, without addressing the implications for financial compliance that flowed from these modifications. We recommended that NSF: 1) ensure that its grant officers follow existing procedures to verify and document the legal status of new foreign awardees; 2) notify its intended foreign awardee institution of federal grant requirements and assess its understanding of these requirements; 3) use a fixed amount award instrument for foreign contribution type awards and perform a rigorous preaward analysis of proposed grant costs; and 4) identify an organization, having legal status, that will accept the pass-through grant funding to the foreign subrecipient organization and establish an award agreement that will contractually obligate that subrecipient to comply with NSF award terms and conditions. NSF disagreed with our finding that its awards were to a foreign organization with no legal standing, but did not take a position with respect to the other audit findings and recommendations. Nevertheless, pursuant to recommendations included in our draft audit report, NSF has taken some corrective actions, including developing new foreign grant terms and conditions and changing the name of the awardee institution cited in its grant award letters. We have revised the final audit report and recommendations to reflect these corrective actions. NSF is currently considering our final audit report and we will continue to work with them in resolving the recommendations. A Western University Inappropriately Claims $1.4 Million For Reimbursement A western state university inappropriately recovered $1.43 million in routine administrative and indirect type costs greater than the maximum allowed under federal regulations. We reviewed these research management services (RMS) costs claimed by the university from July 1994 to April 2001 to determine whether these costs were allowable as direct grant charges. The university incurred RMS costs in carrying out administrative functions such as payroll, purchasing, travel-forms processing, award-expenditure monitoring, project accounting, and the receiving and inventorying of supplies. Although federal regulations consider RMS costs to be indirect administrative support services costs recoverable through an institution’s facilities and administrative (F&A) rate, the University charged these costs separately as direct costs to federal awards. NSF first questioned the appropriateness of the university adding RMS charges as direct costs to its award proposals in July 1994. In July 1995, NSF directed the 19 Audits & Reviews university to obtain written approval from the Department of Health and Human Services (HHS), its cognizant federal agency for audit, before including RMS charges on future proposals. In January 1997, HHS concluded that the university’s RMS costing methodology did not comply with federal grant regulations for direct-charging of administrative and clerical costs to federal awards. However, the university continued to direct-charge RMS to NSF awards while simultaneously recovering the full amount of administrative support service costs allowed through its approved F&A cost rate. Since the issuance of our May 2003 audit report, NSF has been working with the university to resolve the $1.43 million of questioned RMS costs. To date, the university has agreed to return $1.17 million to NSF, but believes that $262,339 is allowable under federal regulations. We will continue to work with NSF in resolving the audit finding. A Management Framework for Effective Award Monitoring We reported on the results of our study of practices used by eight federal, state, and private grant-making organizations to administer and monitor their awards, during this period. Given the increasing size and complexity of its award portfolio and its limited staffing, NSF is challenged to adequately monitor its awards. This study was intended to assist NSF in meeting this challenge by reporting on the award administration activities that other grant-making organizations have found effective. The study used the basic management control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. In this internal control framework, we identified a set of 6 management principles for effective award monitoring, and within each principle, identified 15 policies and practices of the grant-making organizations that best exemplified those principles. The management framework notes that fundamental to an effective award monitoring program is senior management’s recognition of the importance of this activity, as well as its willingness to commit time and resources to support monitoring. Accordingly, the first two principles, establishing senior management commitment and vision and establishing an effective organizational structure, are the basic building blocks for a successful award-monitoring program. Within those fundamental principles, objectives for award administration and monitoring are specified, and award monitoring roles and responsibilities are defined for both financial and programmatic oversight personnel. 20 OIG Semiannual Report September 2003 The next three principles call for: implementing award monitoring policies and procedures; training personnel on their roles, responsibilities, and procedures for monitoring awards; and using information systems to facilitate and automate award monitoring. Within these principles, practices such as establishing risk-based award monitoring policies and procedures, and developing policies for managing known high-risk awardees are noted. Finally, the framework states that management should periodically evaluate its own processes to ensure that the objectives of the monitoring program are being carried out effectively and efficiently. Collectively, the practices and methods used by these organizations provide a strategic management framework for effectively monitoring awards. We are hopeful that our report will assist NSF in improving its award monitoring procedures. Indirect Cost Rate Audits Projected To Save Government $5.3 Million Approximately one-third, or $1.6 billion of the more than $5 billion of costs incurred annually on NSF awards, are indirect costs. Based on both our own risk assessments and NSF recommendations, OIG has selected twelve indirect cost proposals submitted by NSF awardees for audit. In total, these awardees received $41.4 million of federal funding in FY 2001, which included approximately $14 million for indirect costs. Of the eight audits that have been completed to date, we have found that awardees have overstated their indirect cost rates by as much as 45 percentage points. We estimate that NSF could save about $2.2 million and the federal government more than $5.3 million over five years, when NSF negotiates future indirect cost rates with these awardees based on the unallowable indirect costs and other issues identified during our audits. During this reporting period, we completed three of these audits. We found that one scientific organization included $450,202 of unallowable costs in its indirect costs pools. The unallowable costs included such items as the salary for an investment manager, charitable contributions, gifts, artwork, alcohol, fines, and penalties. The awardee did not offset $948,794 of revenues against associated costs included in the indirect cost pools, thus simultaneously recovering the same costs from revenue and through the indirect cost rates. The awardee also incorrectly excluded $1.7 million of stipends for postdoctoral associates and fellows from the direct cost base. These errors resulted in the awardee overstating its proposed indirect costs rates by an average of 12 percentage points. Another audit of a botanical garden that received an NSF award overstated its proposed indirect cost rates by 45 percentage points by incorrectly including the costs to maintain its botanical gardens in the indirect cost pool. Although plant preservation and maintenance (i.e., curatorial costs) support research at the botanical 21 Audits & Reviews garden, this curatorial activity is part of the garden’s core mission and should not be allocated to federal awards through indirect cost rates in accordance with federal guidelines. The botanical garden included over $4.0 million or 51 percent of these mission related costs in its indirect cost pools over two years, resulting in the overstated indirect costs rates. A third audit found that a natural and cultural history museum overstated its indirect cost rate by 5 percentage points because it included $534,929 of unallowable costs such as depreciation on government-funded assets, advertising, fundraising, and entertainment in its indirect cost pool. The museum also excluded $271,839 of costs for advertising, rental, and entertainment costs that should have been included in the direct cost base. Although these costs were for unallowable activities, they nevertheless should have been treated as allocated indirect costs by including them in the indirect cost base. The costs were incurred to generate revenue and benefited from the museum’s indirect activities. In general, these errors occurred because the organizations did not understand the federal requirements for preparing indirect cost proposals, had inadequate accounting systems to segregate direct and indirect costs, and lack the necessary documentation to support the classification of costs as either indirect or direct activities. We made a number of recommendations to address the internal control weaknesses and compliance deficiencies. Although the awardees generally agreed with our recommendations to strengthen the internal controls over the process for developing the indirect cost rates, they mostly disagreed with recommendations that would result in reducing their indirect cost rates. We referred the audit reports to NSF’s Division of Acquisition and Cost Support for audit resolution. Audits of Community Colleges Community colleges historically have received approximately $30 to $40 million in annual NSF funding. Our prior audits of community colleges have identified questioned costs and grant accounting control weaknesses. To assess the extent of these problems, we initiated audits over the past two years at 14 community colleges that had received 78 NSF awards totaling about $46 million. In our September 2002 Semiannual Report (pp. 24-26), we reported on the results of four community college audits. We identified significant weaknesses in some of the colleges’ systems of accounting for and administering a total of $9.8 million in NSF awards. Since then we have completed an additional four audits of community colleges. Similar to our prior audits, we found that the colleges had weaknesses in the areas of cost sharing, subawardee monitoring, and labor activity reporting. In particular, the colleges did not have either the primary documentation for, or an adequate system to track, $14.1 million or 71 percent of their claimed costs 22 OIG Semiannual Report September 2003 and cost sharing. Two colleges did not track or record any of their $11.5 million of required cost sharing. Two colleges did not have adequate subawardee monitoring procedures to ensure the accuracy and validity of $1.7 million or 46 percent of the total in expenditures that their subawardees claimed on the NSF awards. In addition, one college did not maintain labor activity reports to support its over $900,000 in salary and wage and related fringe benefit costs, representing 32 percent of the total claimed costs. Without adequate primary documentation, we had to perform significant and costly additional audit procedures in order to determine the allowability of the costs claimed by these community colleges. These additional procedures involved interviews and extensive crosschecking of alternative records and information. While the audits were able to eventually substantiate all but $300,000 of the NSF funded costs and $1.2 million of the cost sharing claimed under the NSF awards, neither the colleges nor NSF have assurance that the existing grants management accounting and control systems at these colleges ensure the propriety of costs claimed under NSF awards. Currently, the four colleges have 14 active awards valued at over $10.7 million. Overall the colleges agreed to take actions to correct the weaknesses identified in these reports, as part of the audit resolution process. Corrective Action Prompted by Previous Audits Recommendations to Improve NSF’s Oversight of Large Facility Projects Remain Unresolved In prior semiannual reports, we have reported on two audits of NSF’s financial management of its large facility projects. While NSF continues to make progress towards implementation, many of the recommendations associated with these two audits remain unresolved. The recommendations in our initial report on NSF’s financial management of large facility projects focused on enhancing NSF’s oversight of these projects by updating and expanding existing policies and procedures to improve project management. Our subsequent audit recommended that NSF ensure that its projects remain within authorized funding levels, and that the means be developed to make accurate and complete information on the total costs of major research equipment and facilities available to decision makers. NSF has made progress toward implementing the original recommendations. Most notably, it appointed a Deputy Director for Large Facilities Projects Management and Oversight during this semiannual period. However, while a corrective action plan is in place and progress is being made, key actions from both audit reports remain unresolved. A major feature of NSF’s corrective action plan is the development of a Facilities Management and Oversight Guide. Earlier this year, we provided NSF with our comments on a draft version of the Guide, noting that 23 Audits & Reviews the Guide needs to contain more practical and detailed guidance for Program Officers doing the day-to-day work. Moreover, we noted that the Guide does not address recording and tracking the full cost of large facility projects. In July 2003, NSF issued the Guide in final form, and informed us that it plans to provide the detailed guidance we suggested through the development of on-line modules that will supplement the Guide. The modules will contain in-depth discussions of topics such as financial management, risk management, and the roles and responsibilities of NSF management and the awardee. According to the Guide, these detailed modules will not be available for use until Fall 2003. Once these supplemental modules are completed and published, we will reassess whether the Guide and the modules together adequately address the audits’ recommendations. Resolution of Recommendations for Antarctic Infrastructure Planning In March 2003, we issued our report on the audit of the Occupational Health and Safety and Medical Programs in the United States Antarctic Program (USAP). Although our primary finding was that the programs generally protect the overall health and safety of USAP participants, we noted several opportunities for improvement. We recommended that NSF initiate life cycle planning for the aging USAP facilities and infrastructure. By performing periodic planning for needed maintenance, improvement, and replacement, NSF would be able to maintain the structural integrity and soundness of the physical facilities and infrastructure supporting the Antarctic researchers and contractors, thereby enhancing their personal safety. To ensure that the replenishment of these assets do not have to compete for funding with day-to-day USAP operations or scientific research activities, we also recommended that NSF fund this plan through a separate budget line item. NSF disagreed with this recommendation, preferring instead to retain the flexibility of its current practice of using its funds, as circumstances require. We continue to discuss this recommendation with NSF management. Finally we recommended that NSF: 1) develop and implement a formal work center assessment program to identify hazards and conditions that contribute to musculoskeletal injuries at specific work centers; 2) develop procedures for overseeing the shipboard medical programs on the R/V Nathaniel B. Palmer and the R/V Laurence M. Gould; and 3) ensure Raytheon’s compliance with its contractual responsibility to provide emergency medical technicians (EMT) on board these ships. NSF generally agreed with these recommendations and will complete their implementation this fall. 24 OIG Semiannual Report September 2003 Indirect Cost Audits Resolved During this reporting period, NSF successfully resolved 25 recommendations in four indirect cost audits issued last semiannual period by ensuring that the awardee organizations strengthened internal controls and developed procedures to help ensure compliance with federal guidelines in developing indirect cost rates. For one awardee, our recommendations will help save the federal government $86,200 of indirect costs on future awards. For two other awardees, NSF sustained $49,271 of questioned indirect costs, and the awardees have agreed to offset the questioned amount against current costs or return the funds to NSF. NSF found that awardees had complied with our recommendations to develop and implement policies and procedures for indirect cost proposal preparation and to train their staffs on the federal requirements for preparing indirect proposals. These corrective actions should help ensure that awardees: (1) correctly classify direct and indirect costs to prevent future overcharges on indirect costs; (2) use revenue related to indirect activities to reduce indirect costs; (3) properly allocate indirect costs by excluding from the direct cost base certain unallowable items such as participant support, equipment costs and subcontract costs; (4) record and retain adequate records to support claimed indirect costs; and, (5) improve controls over labor effort reporting. Each of these actions will help ensure that the federal government is charged for only allowable indirect costs associated with each awardee. Community Colleges Agree to Strengthen Internal Controls In this Semiannual (pp. 22-23) and our September 2002 Reports (pp. 24-26), we reported on eight community college audits. In general, the colleges did not consistently monitor subawardee expenditures, failed to comply with activity reporting to indicate effort expended on NSF awards, and underspent participant support without obtaining NSF prior approval. In addition, they did not consistently document how consultants were selected, observe the statutory consultant maximum daily rate of pay limitation, and record and report cost sharing on NSF awards as required. Costs questioned as a result of these audits would have been greater, but for the additional audit work performed at the government’s expense, to ensure that the costs in question are allowable. During the resolution of the findings, the colleges generally agreed to take corrective actions to address the issues raised during the audits. 25 Audits & Reviews Work in Progress Audit of NSF’s Math and Science Partnership Program We recently initiated an audit of NSF’s Math and Science Partnership Program (MSP). NSF has been designated the lead agency on MSP, a key element of the President’s initiative No Child Left Behind, aimed at strengthening and reforming K- 12 education. Through MSP, NSF plans to invest $240 million over 5 years for partnerships between school districts and colleges and universities dedicated to improving math and science education at the pre K-12 level. The program provided approximately $160 million in FYs 2002 and 2003 to implement MSP projects. This audit will examine how NSF plans to measure and evaluate the projects funded by MSP, as well as how NSF oversees the programmatic and fiscal operations of the projects after they receive their NSF awards. We expect to issue the audit report in the next semiannual reporting period. Quality Control Reviews of A-133 Audits Non-federal entities expending more than $25 million a year in federal awards ($50 million for fiscal years ending after December 31, 2003) have a cognizant agency for audit, that is responsible for conducting quality control reviews (QCRs) of A-133 audits performed by non-federal auditors. As a cognizant agency, NSF is currently responsible for 18 non-federal entities1. During this reporting period, we reviewed auditors’ work for A-133 audits at two NSF awardees and expect to issue reports on our reviews in the next semiannual report. In fiscal year 2004, we plan to complete two more QCRs of A-133 audits. These reviews are part of a longer-term OIG effort to assess the extent to which NSF can rely on the A-133 audits to provide assurance that NSF awardees are properly accounting for and managing NSF funds. Urban School District Reviews In our September 2002 Semiannual Report (p. 22), we reported on four audits of urban school district awardees under NSF’s Urban Systemic Program and Urban Systemic Initiative (USP/USI). USP/USI Programs were established to strengthen the science, mathematics, and technology education infrastructure of the nation’s urban centers and represent a significant investment of NSF’s resources. Two audits of these awardees identified financial management deficiencies, particularly in internal controls over systems for cost sharing, payroll, and participant support costs. Therefore, we have continued audits of the USP/USI awardees to determine the 1 The number will decrease to 11 with the change in threshold for 2004. 26 OIG Semiannual Report September 2003 extent of these and other problems. Currently, we are conducting seven audits of USP/USI awardees, three of which we plan to finish during this semiannual period. The seven audits in process cover eleven awards, with a total value of more than $83 million, and committed cost sharing of more than $231 million. A-133 Audit Reports The Single Audit Act of 1984 (Public Law 98-502) and the Single Audit Act amendments of 1996 (Public Law 104-156) established uniform requirements for audits of non-federal entities receiving federal awards. Under the Act, non-Federal entities that expend $300,000 or more a year in Federal awards are required to have an organization-wide audit that includes the non-federal entity’s financial statements and compliance with federal award requirements. OMB is increasing the threshold from $300,000 to $500,000 effective for audits having fiscal years ending after December 31, 2003. The non-federal entities are responsible for procuring these audits and submitting the report through the Federal Audit Clearinghouse (FAC) within nine months after the end of their fiscal year. Single audits are usually performed by an independent public accountant or State auditor, and must be conducted according to Government Auditing Standards. OMB Circular A-133, “Audits of States, Local Governments, and Non-Profit Organizations” (the Circular) is the implementing guidance for the Act and sets forth standards for obtaining consistency and uniformity among federal agencies for these audits. Audit Quality. NSF, like other federal agencies, relies on the During a quality control review, auditor Jennifer results of the single audit to Agee inspects samples of the earth’s core monitor the more than $5 billion collected by the NSF funded Ocean Drilling Program. of awards it funds annually. Thus, the quality of these audits is important to enabling NSF to carryout its stewardship responsibilities. However, as reported in our previous semiannual reports, recent Quality Control Reviews (QCR) 27 Audits & Reviews conducted by other federal agencies has raised concerns about the overall quality of these audits and the pervasiveness of the problem. Of particular concern is the amount and quality of A-133 audit coverage NSF awards received, since these awards tend to be small relative to the awardee’s other federal awards. To address audit quality concerns, a government-wide project commenced in FY 2003 to assess the quality of Single Audits and to provide a baseline for measuring Single Audit quality in the future. The project will perform QCRs of a statistically representative sample of A-133 audits and project the results to the universe of single audits. Development of a sampling methodology and an evaluation instrument are currently underway and the reviews are expected to begin in the spring of 2004. OMB has requested funding for this project in the President’s FY 2004 budget. Given the importance of the A-133 audits to NSF’s post award administration, the OIG is participating in both the planning of the approach for this project and the performance of the QCRs. We also continue to participate in various federal A-133 audit groups including the PCIE National Single Audit Coordinators and the AICPA Single Audit Roundtable. These groups provide an opportunity for government single audit coordinators and the private sector auditors to discuss current developments and future directions for audits of federal awards. Desk Reviews. In this reporting period, we reviewed 90 A-133 audit reports with NSF expenditures of $1.1 billion for fiscal years 1998 through 2002. In total, the auditors questioned $40,666 of NSF-funded costs and cost sharing claimed by award recipients. Of the 90 A-133 reports reviewed, 57 contained reportable conditions and non-compliance findings. The most common deficiencies related to non-compliance with federal cost principles, unallowable costs, cash management, equipment management, reporting, and subrecipent monitoring. Our office also continued to examine Management Letters, which report internal control weaknesses that are generally less significant than those reported in the A- 133 reports, but still require management’s attention. Our examination of Management Letters in this reporting period identified 16 awardees with internal control problems in the areas of financial management and information systems related to NSF awards. Awardees cited for internal control problems may be at higher risk for fraud, waste, and abuse. 28 Investigations The Office of Investigations handles allegations of fraud, waste, abuse, and mismanagement in NSF programs and operations, as well as allegations of research misconduct associated with NSF programs and operations. We work in partnership with NSF, other federal agencies, and awardee institutions to resolve issues whenever possible. As appropriate, we 1) refer our investigations to the Department of Justice or other prosecutorial authorities for criminal prosecution or civil litigation, 2) recommend administrative action to NSF, or 3) recommend debarment. The following is an over view of investigative activities, including civil and criminal investigations, significant administrative cases, and focused reviews. Civil and Criminal Investigations Investigation Leads to Guilty Plea and Prison A researcher was sentenced to a year in prison after pleading guilty to embezzling $202,000 in NSF grant money and other funds. In 1994, a nonprofit organization engaged in scientific research and education activities received a 5-year, $3.8 million grant to enhance local public school teachers’ communication of science to their students. The subject was hired to work under the grant as Co-Principal Investigator, and spent the next 5 years embezzling funds and stealing items purchased under the project. The organization became suspicious of the subject in 1999 and began an internal review. He acknowledged the fraud uncovered by the organization, but did not disclose the full extent of his fraudulent activities, which were subsequently uncovered during the OIG HIGHLIGHTS investigation. The organization allowed the subject to continue Civil and Criminal working on the grant project, though it removed his ability to charge Investigations 29 expenditures to the grant and required him to repay the $108,497 over the next 4 years. The organization reimbursed $56,676 to NSF, the Administrative portion of the subject’s theft attributable to the NSF grant. Investigations 35 After examining all of the organization’s records pertaining to expenditures under the NSF grant, we found a large number of Proactive Reviews 41 suspicious transactions that had not been previously identified by the 29 Investigations organization. An extensive interview with the subject confirmed the full scope of his fraudulent activities. Slightly more than half of the subject’s fraud was accomplished by purchasing items with NSF grant funds and other project-related accounts and taking them home for his personal use, thereby committing the crime of conversion. The subject converted literally hundreds of items over a period of five years. He habitually used the VISA card issued to him for the project by the organization as if it were his own, buying expensive clothing and jewelry for his wife, clothing and toys for his children, and household items such as groceries, garden and pet supplies, and hardware. When the subject purchased items for his personal use that could plausibly be considered as project-related (such as science-related children’s books), he accurately identified them on the reimbursement form. For receipts that contained no information about the nature of the store or the items purchased, the subject simply made up explanations that sounded project-related. He also fabricated invoices and receipts when the actual receipt or invoice would reveal that the items were clearly for his personal use. An example is shown below. The original receipt (left) indicates that the subject bought furniture for his home using the organization’s VISA card. The document on the right was fabricated using a blank receipt from the store pad. 30 OIG Semiannual Report September 2003 The subject also embezzled funds from the grant. For a 2½-year period when his wife worked on the project, the subject filled out her timesheets with falsified hours and forged her signature. Although the subject kept no records of the hours his wife actually worked, based on his testimony it is estimated that the subject embezzled approximately $83,646. Based on his admissions and the extensive evidence against him, the subject agreed to plead guilty to one count of violating 18 U.S.C. § 666, “theft or bribery concerning programs receiving federal funds.” The Government and the subject agreed that the amount of loss was $202,000. The subject sought a reduction of the sentence range mandated by the U.S. Sentencing Guidelines, arguing diminished mental capacity. The subject’s expert diagnosed him as suffering from bipolar disorder, and urged the court to absolve the subject of all responsibility for his crimes. However, an expert retained by the Government noted that, regardless of whether the subject is or was suffering from bipolar disorder, his condition did not impair his mental abilities between 1994 and 1999 in the manner required for a reduction under the Guidelines. The court rejected the subject’s request for a reduction and sentenced him to serve 1 year in prison, followed by 2 years of supervised release. He was also ordered to pay restitution to NSF in the amount of $93,503, in addition to what had been previously repaid. NSF Employee Refuses to Cooperate With Investigation An NSF employee sold stolen property thru the agency’s electronic bulletin board (EBB) and then refused to cooperate with a subsequent investigation. OIG has recommended that her employment be terminated. The investigation was opened when a number of identical electronic devices were advertised for sale on the EBB at a steeply discounted price. Current NSF policy permits employees to use NSF resources, including the EBB, if there is no cost to the agency and the use is neither illegal nor in promotion of personal business interests. In this case, advertising several identical items seemed consistent with conducting a business, and prompted OIG to investigate. In the course of the investigation, the employee provided serial numbers for two of the electronic devices sold through the EBB, from which we determined that they were part of a stolen shipment. During questioning, the employee acknowledged placing the advertisement on the EBB, but refused to tell investigators where she got the items and to whom she sold them. All efforts to identify the source of the items and the subsequent purchasers by other means were unsuccessful. The employee repeatedly refused to cooperate with our investigation, even after she was informed of NSF’s policy requiring full cooperation with OIG investigations. 31 Investigations South Pole Computer Security Is Compromised in Three Incidents The U.S. Antarctic Program experienced three separate computer related incidents in as many months. In the most serious incident, NSF received an email from a hacker stating that he had breached the South Pole Station network. The hacker claimed to have downloaded everything on the network and threatened to sell the information to “the Russians or the media” if NSF did not pay him. A joint investigation with the FBI resulted in the arrest of two computer hackers in Bucharest, Romania. The hackers are awaiting trial in Romania, pursuant to cyber-crime related violations and extortion. In another incident, a grantee’s computer servers at NSF’s Admundson Scott South Pole Station were defaced by a hacker. The intrusions exploited vulnerabilities in the servers’ operating system (which had not been upgraded) as well as inadequate firewall rules. While this hack did not threaten the safety of station personnel or continued operations, we were concerned because other systems share the same network and could have been affected had the intruder introduced a hidden program. Finally, it was reported to NSF that a computer on its U.S. Antarctic Program network had been compromised and was part of a drone network, meaning it could be used to commit a Distributed Denial of Service attack. The machine was a personal laptop owned by a grantee working at McMurdo Station. Apparently, no operational systems were affected, and the compromised machine was promptly removed from the network. This incident highlighted the need for procedures to ensure that compromised machines do not connect to NSF’s networks. Investigation of Cost-Sharing Concerns A Principal Investigator submitted a final report to NSF stating that required cost-sharing funds were not used to upgrade the computer as proposed. We asked that the university supply us with financial documentation to support the costs associated with the grant. While assembling the documents, the university confirmed that, it had not fulfilled its cost-sharing requirement. As part of its reply, the university expressed a strong desire to correct its oversight and included several proposals for corrective action. We forwarded these proposals to NSF’s Division of Grants Administration for comments and approval. NSF decided that the university would be permitted to purchase the computer equipment initially identified to fulfill the cost-sharing requirement for the original grant and provide continued support to current grants in the same research field. The university was notified and agreed to provide funds totaling approximately $42,000 for the purchase of the computer upgrades. 32 OIG Semiannual Report September 2003 Over $100,000 in Grant Funds Are Restored A university returned over $100,000 in funds that were incorrectly charged to a grant as the result of an OIG inquiry into two allegations that NSF grant funds were spent for unauthorized projects. The first allegation was that various claimed costs that went primarily for supplies were inflated and billed to grant accounts, with the funds transferred to other university unrestricted accounts for use by the department. We found that the university had been informed of the allegation and audited the NSF grants associated with the department. The audit did not identify any specific wrongdoing on the part of university staff, but did find $16,770 in unsupported costs that we confirmed were returned to the grant. In response to the audit report, the university also implemented new procedures for allocating supply expenses to various grant accounts. The second allegation asserted that a Principal Investigator (PI) for an NSF grant had improperly charged approximately $18,000 in labor and other indirect costs to the NSF grant. It was alleged that on two occasions the PI billed the NSF account to pay employees for work performed for his private company, and that the PI’s lab was being financially mismanaged, with an operating deficit in excess of $1.5 million. We requested that the university conduct an audit of the labor costs associated with the NSF grant at issue. The audit report identified a total of $95,606 in labor charges and associated indirect costs that were inappropriately charged to the NSF grant account, due to poor financial management of the lab. There was no information or evidence to indicate that the incorrect charges were intentional or involved any potentially criminal activity. Based on the audit findings, the university returned $95,606 to the active grant account to be used in accordance with the grant conditions, and implemented appropriate corrective actions. NSF Places Research Company on Cost-Reimbursement Status At OIG’s recommendation, NSF placed a for-profit research firm on cost- reimbursement status because of inadequate accounting. We received an allegation that the company had over-billed NSF for hotel and meal expenses. At our request, the company retained an outside auditing firm that determined that the company’s accounting procedures, systems, and supporting documentation were flawed and did not provide adequate information about expenditures. The review also revealed numerous other problems with the company’s accounting system. Although our review of company records and interviews with employees raised additional concerns regarding the management of the federal funds, we found no evidence of fraud. 33 Investigations The company agreed to establish adequate accounting systems and to reconstruct accounting records for NSF awards to comply with the grant terms and conditions. Based on the company’s unreliable records and poor management of NSF award funds, we recommended that NSF place the company on a Reimbursement Payment Agreement. We plan to monitor the company for a period of one year to assess progress in complying with the imposed cost reimbursement payment agreement. Grantee University Works to Develop Sound Internal Audit System In connection with an $812,494 settlement of a case against a major northwestern university, OIG conducted a review of the questionable internal control policies and procedures involved in the matter. The university had adopted a corrective action plan as part of the settlement of a previous case with another federal agency. However, when reviewing the university’s internal investigation report, we identified a number of problematic controls including: 1) inadequate documentation for time and effort, personnel and equipment charges, cost sharing, and program income; 2) commingling of federal project charges and of private and federal funds; 3) inadequate review of conflict-of-interests issues; and, 4) absence of employee training in the relevant areas. At our request, the institution conducted an independent audit of its systems to ensure that the controls in question provide reasonable assurance of good management. The audit was reviewed and approved by an external reviewer. The audit found that many of the university’s systems that were established as part of the corrective action plan worked to ensure compliance with federal regulations, but it also noted that there were still instances where quarterly effort certification cards were not always completed, and effort reported as cost sharing was not accurately recorded. It also found that purchases from the university storehouse were not adequately justified and that follow-up was needed to ensure the accuracy of annual internal activity reports. Finally, the university found some instances in which annual technical reports were not submitted timely to federal agencies. The university stated that for the instances where it was not in compliance with its internal policies or its policies needed revision, it had developed resolutions to the problems. The external reviewer concurred with the Dr. Boesz congratulates Barbara Palmer for her results of the audit and the university’s 35 years of distinguished federal service. proposed resolutions. 34 OIG Semiannual Report September 2003 NSF Program Assistant Fabricates Jury Duty Notice We received an allegation that an NSF program assistant (PA) asked a colleague to create a jury duty notice to justify the PA’s absence from work. Accompanying the allegation were two supporting documents: a copy of an apparent jury duty notice from Prince George’s (PG) County, Maryland; and an email message from the PA to the colleague containing the same PG County logo as appears on the jury duty notice. We determined that the jury duty notice had been fabricated by the PA and intentionally submitted to receive salary for a day she did not work. We reported our findings and conclusions to the PA’s division director and recommended that appropriate action be taken. NSF Proposes Debarment of University Grant Administrator In our March 2003 Semiannual Report (Page 34) we reported that an A-133 audit revealed that a university grant administrator fraudulently charged $235,000 to various university accounts. The administrator pled guilty and was sentenced to 18 months in prison followed by 3 years of supervised release and ordered to pay restitution to the institution. The institution implemented procedures to minimize a recurrence of the fraudulent activity. In August 2003, NSF sent the former grant administrator a letter advising him of NSF’s proposal to debar him from obtaining the benefits of federal grants for a period of three years. Administrative Investigations Reports Forwarded to the Deputy Director PI Takes Ideas for NSF Proposal From Another PI’s Proposal We received an allegation that a proposal submitted to NSF contained more than a page of text and associated ideas plagiarized from a confidential research proposal submitted by other scientists to another agency. After confirming that the PI had received the research proposal for merit review prior to his submission of the NSF proposal, we wrote separately to the PI and co-PI requesting explanations. Only the PI responded, admitting that he received the research proposal for review and accepting full responsibility for the copied text. The PI said he developed the ideas, working closely with one of the research proposal’s authors. He opined that, because he suggested one of the research proposal’s authors as a reviewer for his 35 Investigations NSF proposal, he clearly did not plagiarize intentionally. We determined that the allegation had substance and referred it to the university for investigation. The university committee interviewed the PI, the co-PI, several experts, and one of the research proposal’s authors. It exonerated the co-PI from any culpability, but found that the PI knowingly copied the language and ideas from the research proposal, an act that was a significant departure from the standards within his field of study. The committee determined that the copied material represented the scientific core of the research proposal and the NSF proposal. It concluded that the PI’s plagiarism from a confidential proposal was egregious, representing a threat to the integrity of science because (1) it is harder to discover plagiarism in confidential proposals; (2) it raises the possibility of individual gain with the use of new and novel ideas not yet in the published arena; and (3) it potentially discourages scientists from presenting their best ideas in confidential proposals. The Committee concluded that the PI’s plagiarism represented very serious research misconduct, aggravated by: (1) the PI’s breach of the confidentiality in the peer review process clearly established by the agency; (2) the PI’s “inability or unwillingness” to comprehend the serious nature of his misconduct; and (3) the PI’s interception of OIG’s initial Federal Express letter to the co-PI, which prevented the co-PI from responding to defend himself, potentially obstructing NSF’s inquiry. The university sanctioned the PI by: 1) reprimanding him; 2) withdrawing any federal government proposals he submitted as PI; 3) removing his name from pending federal government proposals on which he was a co-PI or key personnel; 4) prohibiting him from submitting proposals for funding to any federal agency for 2 years; 5) prohibiting him from acting as a peer reviewer for research proposals for any federal agency for 3 years; and 6) requiring him to certify and provide assurances for 3 years for any proposal he submits to any funding source that the work in the proposal is original to him or appropriately cited. Based on the evidence, we concurred with the university’s findings and accepted its report. We forwarded our report to NSF, recommending that NSF make a finding of research misconduct. Consistent with the university’s actions, we recommended the PI receive a letter of reprimand, be debarred for 2 years from receiving any federal funds and, further, to protect the merit review process, we recommended that the PI be prohibited from reviewing any NSF proposals for 3 years. This case is awaiting the agency’s adjudication. Debarment Recommended in Plagiarism Case We received an allegation of multiple instances of plagiarized text in a collaborative proposal submitted to NSF. We contacted the PI (subject) who assumed responsibility for inclusion of the duplicated texts and conceded that the sources were not referenced in the proposal. He asserted that because the text was used for 36 OIG Semiannual Report September 2003 general descriptions, he did not consider it necessary to cite the references. Further, because some of the plagiarized documents were authored by researchers with whom collaborations were proposed, he did not consider citations necessary in those cases either. Finally, he suggested that the rush to complete the proposal by the submission deadline might have changed his citation practices. The subject assured us that there were no other instances of plagiarism in proposals he had previously submitted to NSF. However, after examining three other NSF proposals submitted by the subject, we found one that contained a substantial overlap in text with the original proposal examined, as well as additional instances of plagiarism. We determined that the allegation had substance and referred it to the university for investigation. The subject suggested to the university’s investigation committee that proposals should be held to different standards of scholarship than publications. The subject indicated that two proposals he submitted to other federal agencies included the same plagiarized text identified within the NSF proposals. After being confronted with the allegation of plagiarism in his NSF proposal, he contacted the program officers at those agencies to provide correct attributions for the text in those proposals. The committee concluded that each instance of text duplication in the two NSF proposals constituted plagiarism. Moreover, it questioned whether the subject had a clear understanding of scholarship standards and practices of proper citation, citing the subject’s contention that the plagiarized materials were in the introduction of the proposal and provided only background and context. The Committee unanimously concluded, by a preponderance of the evidence, that the collective actions of the subject represented a reckless disregard of standards of scholarship, and as such constituted research misconduct. The university’s adjudicative actions in this case included non-renewal of the subject’s contract with the university, prevention of submission of any grant proposals through the university, review of all research publications submitted by the subject, and a requirement for completion by the subject of a course on ethics and integrity in research. We agreed with the university that the preponderance of the evidence demonstrates that the subject did introduce significant amounts of plagiarized text into each of two proposals submitted to NSF, and we accepted the report of the Committee in lieu of conducting our own investigation. We also concluded that his lack of proper citations departed significantly from the standards of scholarship and that the subject’s intent was to save time and effort in proposal preparation. Based on extensive plagiarism in two proposals submitted by the subject to NSF, and similar plagiarism in proposals submitted to other federal agencies, we concluded that the plagiarism was part of a pattern of behavior by the subject. We have forwarded our report to the agency and have recommended that NSF take the following actions as final disposition in this case: 1) a letter of reprimand informing the subject that NSF has made a finding of research misconduct against 37 Investigations him; 2) debarment of the subject from participation in federal programs for a period of one year from the date of an agency finding of research misconduct; and 3) certification and assurances for two years following the end of the debarment period, by a responsible official, that proposals submitted by the subject are free of plagiarism. This case is awaiting agency adjudication. Action by the Deputy Director Computer Scientist Enters into Voluntary Exclusion Agreement In our March 2003 Semiannual Report (pp. 36-37), we described the case of an assistant professor of computer science (the subject) who incorporated text from another scientist’s successful proposal into his own Faculty Early Career Development proposal. We referred the matter to the subject’s university, which investigated and found that he had committed plagiarism constituting misconduct in science. The university Provost decided that the seriousness of the matter warranted termination and placed the subject on a one-year nonrenewable contract. Our further investigation uncovered plagiarism in four other NSF proposals as well as the subject’s doctoral dissertation, demonstrating a substantial pattern of plagiarism warranting debarment. To protect the interests of NSF and the federal government, we recommended that the subject be debarred for three years and excluded from serving as an NSF reviewer, advisor, or consultant for a period of five years. During this semiannual period, the subject completed his one-year teaching contract and took a faculty position outside the United States. NSF and the subject entered into a settlement agreement under which the subject voluntarily excludes himself from receiving U.S. federal assistance and benefits for a period of 18 months and is prohibited from serving as an NSF peer reviewer or panelist during that period. The subject also agreed to complete a two-week training session on citation methods and practices for scientific papers. Significant Administrative Cases PI Plagiarizes Text From Published Article We received an allegation that an NSF proposal contained more than two paragraphs of background text plagiarized from a published paper. In response to our inquiry, the PI accepted full responsibility for the plagiarism, explaining that he failed to cite the text in his rush to complete the proposal. Because the allegation had substance, we referred it to the PI’s university for investigation. 38 OIG Semiannual Report September 2003 The university’s investigative committee determined that the FINDING OF PI was solely responsible for the copied text. Further, it found MISCONDUCT DEFINED that the PI committed self plagiarism when he copied background text from his earlier publication into a more recent publication A finding of misconduct by without appropriately citing the source of the text. Finally, it NSF under the new research concluded that the PI’s copying of text in the NSF proposal and misconduct regulation his self-plagiarism was a deviation from accepted practices and requires proof by a represented a pattern of behavior. The committee concluded that preponderance of the the PI committed misconduct in science, as defined by the evidence that: (1) there was university’s policy. a significant departure from accepted practices of the The university’s adjudicator accepted the committee’s relevant research assessment that the PI plagiarized text from the paper into his NSF community; and (2) the proposal, but disagreed that the PI’s self-plagiarism constituted research misconduct was evidence of a pattern of behavior. The adjudicator concluded the committed intentionally, PI committed misconduct in science, sent him a letter of reprimand, knowingly, or recklessly. We asked the university to and required him to certify to university officials for 3 years that readdress these points, since any proposal sent to an external funding agency contains no the language of its report plagiarized material. was unclear. Because the We accepted the university’s evaluation and decision. Because alleged conduct occurred the university did not find the PI’s behavior to be a serious deviation before April 17, 2002, NSF used the following definition from accepted practice within his community, the conduct did not of misconduct in science: meet the federal definition of research misconduct. We also believe “Fabrication, falsification, the university’s actions adequately protected the interests of the plagiarism, or other serious federal government. We discussed our decision with NSF and wrote deviation from accepted to the PI warning him to be more vigilant in the future when he practices in proposing, prepares material for proposals or publication. carrying out, or reporting results from activities funded Employee Who Abused Telephone Privilege by NSF.” The university, using the prior definition of Resigns misconduct in science explained that (1) it Our March 2003 Semiannual Report to the Congress (page considered the PI’s act to be 38) summarized the results of a proactive review into long distance a deviation, but not a serious phone charges at NSF and an isolated instance in which an NSF deviation, from accepted employee made a large number of personal long distance phone practice; and (2) it found that calls, including calls in support of the employee’s outside business the PI acted knowingly. activities. We completed an investigation in the case of that employee and referred the results to NSF for administrative resolution. Shortly thereafter, NSF provided a notice of proposed separation to the employee and afforded the employee a statutorily mandated response period. Rather than responding, the employee resigned from her position and from the federal service. 39 Investigations Failure to Comply with Certification Requirements In this period we addressed three matters involving significant failures to comply with administrative requirements imposed by NSF as a resolution of misconduct cases. In our September 2001 (pp. 35-36) and September 2002 Semiannual Reports (p. 42), we described a case in which a scientist failed to observe requirements imposed by NSF following a finding that he committed misconduct in science. That matter, in which the subject repeatedly and knowingly failed to provide the certifications or assurances that he was required to submit, was resolved with a settlement agreement that required the subject to provide detailed certifications and assurances in connection with any research proposals or reports he submits to NSF for an additional term. We described a case in our March 2001 (p. 27) and March 2002 (p. 47) Semiannual Reports in which the Deputy Director found that the subject committed misconduct in science when he plagiarized material from another scientist’s proposal. The Deputy Director required the subject to provide certifications to OIG for 2 years starting in October 2001, in connection with any proposal submitted to NSF. When we asked the subject why he failed to provide certifications for three proposals he submitted to NSF, both the subject and his dean stated their understanding that the subject’s obligations were met by providing certifications to the university (a requirement that had been imposed on the subject by the university before NSF’s action). The dean provided copies of certification pages that the subject apparently signed, dated, and provided to the university when the proposals were submitted, and on that basis we concluded that the university had acted in good faith. In contrast, we concluded that the subject had not acted in good faith. The letter from NSF’s Deputy Director, which was sent to the subject and not the university, was unambiguous in imposing a distinct requirement that certifications be provided to our office. However, we concluded that the subject’s failure to comply with the requirement imposed on him by NSF’s Deputy Director did not warrant additional action by NSF. We emphasized to the subject that he should take care to comply with the certification requirement with any proposals he submitted to NSF for the time remaining, and we subsequently received certifications from him during that period. Finally, we discussed a case in our September 1999 (pp. 19-21) and September 2000 (p. 26) Semiannual Reports in which we concluded that an institution failed to provide reasonable oversight of biohazardous research. On the basis of our report, NSF concluded that “questions remain concerning the effectiveness of the oversight structure of biohazardous research” at the institution, and NSF required the institution to submit supporting documentation with any proposal sent to NSF relating to biohazardous research for a period of three years. During the three-year period, which expired in July 2003, the institution submitted 16 proposals to NSF related to biohazardous research, but submitted the 40 OIG Semiannual Report September 2003 required letters with only half of those. On the occasions when we contacted the institution about proposals submitted without the required letters, they were belatedly provided. We wrote to the institution, expressing our concern that its haphazard approach to compliance with the requirements imposed by NSF appeared to reflect continued indifference to biosafety. We sought the institution’s views on why additional administrative requirements should not be imposed and asked it to suggest requirements that would result in actual compliance. The institution stated that it would audit its compliance with the requirements for biohazardous research, and also continue to provide documentation of compliance for another year. We determined that these additional steps were responsive to our concerns. Proactive Reviews Review of Conference Awards Prompts Investigations A proactive review of NSF awards for conferences, workshops, and symposia uncovered numerous instances of non-compliance with a variety of grant conditions. Our interest in these awards was prompted by the case of an engineering professor who failed to account properly for $124,955 in conference registration fees, spent NSF funds improperly, and violated conflict-of-interest rules in the planning and implementation of an NSF-sponsored conference (March 2002 Semiannual Report, p. 50). The award in question was governed by special grant conditions (FL26) which require that conference fees be used to defray reasonable meeting expenses and to offset allowable costs otherwise chargeable to the grant. We used a stratified random sample of 71 awards for review, drawn from one year’s awards for conferences, workshops and symposia. Specific information about the awards was requested from the grantee institutions. Preliminary results indicate that activities associated with these awards generated close to $1 million in registration and other fees, some of which grantees first discovered in the course of responding to our request for information. We also found numerous instances where grant conditions were violated, particularly in the area of funds designated specifically for participant support. Investigations have been opened, where appropriate, to pursue recoveries and to consider allegations of fraud. One such investigation has already resulted in the return of over $20,000 in unspent program income to NSF. During the next semiannual period we expect to report on the further outcomes of this project. 41 Investigations OIG Reviews Travel Card Issues Every NSF employee who travels on official business more than three times a year has a Government Travel Credit Card VISA (“Travel Card”) issued by the Bank of America. At NSF, there are over 1,200 active Travel Card accounts, with a combined credit limit total of over $19,000,000. While travel Cards are accepted at business establishments like any other VISA card, they are supposed to be used only for official travel and travel related expenses. All NSF travel cardholders are required to sign a Bank of America agreement before activating a travel card. This agreement contains provisions regarding procedures and rules for travel card purchases. In response to public and congressional interest, as well as an increase in fraud allegations, OIG recently established procedures for periodic proactive reviews of NSF’s travel cards to detect possible fraud and/or abuse. These reviews, along with the investigation of any individual travel card fraud allegations brought through traditional channels, will be conducted with the help of a Bank of America system that enables us to download information on all NSF Travel Card transactions. Our review plan draws on our recent experience with credit card investigations, interagency training, and extensive research on recent federal agency credit card fraud reports. During this semiannual period, our office reviewed several instances of travel card misuse and delinquency by non-frequent travelers. The misuse of the travel card typically involved cash advances and personal, non-travel related purchases in the local area. The misuse cases are being reviewed for appropriate disposition and/or disciplinary action. By following up on the leads generated by the proactive review plan and information obtained from the agency, we provided the agency with specific recommendations for tightening internal controls and improving the monitoring of travel card misuse or delinquency. OIG Prepares for ECIE Investigative Quality Assessment Review Peer Review OIG Offices of Investigations across the federal government have been working to develop a process by which they can be peer reviewed to ensure that investigations meet the standards articulated in the President’s Council for Integrity and Efficiency/ Executive Council for Integrity and Efficiency (PCIE/ECIE) Quality Standards for Investigations. In connection with the Homeland Security Bill and the receipt of statutory law enforcement authority, the PCIE OIGs developed a schedule for conducting peer reviews of PCIE OIG investigative operations. We are working closely with Government Printing Office’s Office of Investigation to develop voluntary participation in a similar peer review process for ECIE OIGs. At two meetings of the ECIE peer review planning group during this reporting period, representatives of 12 ECIE OIG offices agreed to participate in the process and began preparations for conducting the peer reviews. 42 Statistical Data Audit Reports Issued With Recommendations for Better Use of Funds 45 Audit Reports Issued With Questioned Costs 46 Audit Reports Involving Cost-Sharing Shortfalls 47 Status of Internal NSF Recommendations 48 List of Reports 49 Audit Reports With Outstanding Management Decisions 53 Investigations Case Activity 54 Investigations Case Statistics 55 Freedom of Information Act and Privacy Act Requests 56 43 Statistical Data Reporting Terms Defined Some of the more common terms that we use in reporting audit statistics and findings are defined below: Questioned Cost. Auditors question costs because of an alleged violation of a provision of a law, regulation, grant, cooperative agreement, or contract. In addition, a questioned cost may be a finding in which, at the time of the audit, either a cost is not supported by adequate documentation, or the expenditure of funds for the intended purpose is deemed unnecessary or unreasonable. Unsupported Cost. A cost that is questioned because it is not supported by adequate documentation at the time of audit. At-Risk Cost Sharing. Cost sharing is identified as “at risk” if an awardee is lagging in meeting its cost-sharing obligation for an award that is still active. In some situations, the awardee may purport to be funding its obligation but lacks internal controls and documentation to support its claim, making it difficult to determine their allowability under federal cost principles. Management Decision. Management’s evaluation of the findings and recommendations included in the audit report, and the issuance of a response or final decision. It is important to note that NSF is responsible for making a management decision regarding questioned costs that determines whether they will be sustained (i.e., disallowed) or allowed. Funds Put to Better Use. Audit recommendations that identify ways to improve the efficiency of programs frequently lead to prospective benefits over the life of an award or funds put to better use. Examples include reducing outlays, deobligating funds, or avoiding unnecessary expenditures. Final Action. The completion of all management actions that are described in a management decision with respect to audit findings and recommendations. If management concluded that no actions were necessary, final action occurs when a management decision is issued. Compliance or Internal Control Issues. Audits often result in recommendations either to improve the auditee’s compliance with NSF and federal regulations, or to strengthen the auditee’s internal control structure to safeguard federal funds from fraud, waste, abuse, and mismanagement. 44 OIG Semiannual Report September 2003 Audit Reports Issued With Recommendations for Better Use of Funds Dollar Value A. For which no management decision has been made by the commencement of the reporting period $86,200 B. Recommendations that were issued during the reporting period $4,619,248 C. Adjustments related to prior recommendations $0 Subtotal of A+B+C $4,705,448 D. For which a management decision was made during the reporting period $86,200 i) Dollar value of management decisions that were consistent with OIG recommendations $86,200 ii) Dollar value of recommendations that were not agreed to by management $0 E. For which no management decision had been made by the end of the reporting period $4,619,248 For which no management decision was made within 6 months of issuance 0 45 Statistical Data Audit Reports Issued With Questioned Costs Number of Questioned Unsupported Reports Costs Costs A. For which no manage- ment decision has been made by the commence- ment of the reporting period 7 $334,768 $74,235 B. That were issued during the reporting period 11 $2,878,379 $40,196 C. Adjustments related to prior recommendations $0 $0 Subtotal of A+B+C 18 $3,213,147 $114,431 D. For which a manage- ment decision was made during the reporting period: 8 $335,717 $75,184 1. Dollar value of disallowed costs N/A $44,241 N/A 2. Dollar value of costs not disallowed N/A $291,476 N/A E. For which no manage- ment decision had been made by the end of the reporting period 10 $2,877,430 $39,247 For which no management decision was made within 6 months of issuance $0 $0 46 OIG Semiannual Report September 2003 Audit Reports Involving Cost-Sharing Shortfalls Number Cost- At Risk of Actual of Sharing Cost Cost Sharing Reports Promised Sharing Shortfalls Shortfall (Completed (Ongoing Project) A. Reports with monetary Project) findings for which no management decision has been made by the beginning of the reporting period: 1 $91,947 $0 $54,849 B. Reports with monetary findings that were issued during the reporting period: 1 $5,758,278 $0 $1,209,714 C. Adjustments related to prior recommendations $0 $0 $0 Total of Reports with Cost Sharing Findings (A+B+C) 2 $5,850,225 $0 $1,264,563 D. For which a manage- ment decision was made during the reporting period: 1 $91,947 $0 $54,849 1. Dollar value of cost- sharing shortfall that grantee agreed to provide N/A N/A $0 $0 2. Dollar value of cost- sharing shortfall that management waived1 N/A N/A $0 $54,849 E. Reports with monetary findings for which no management decision has been made by the end of the reporting period 1 $5,758,278 $0 $1,209,714 1 Indicates the dollar value waived by management or that the grantee provided additional documentation during audit resolution to support the at-risk amounts. 47 Statistical Data Status of Internal NSF Recommendations Open Recommendations (as of 9/30/03) Recommendations Open at the Beginning of the Reporting Period 49 New Recommendations Made During Reporting Period 49 Total Recommendations to be Addressed 98 Management Resolution of Recommendations2 Awaiting Resolution 36 Resolved Consistent With OIG Recommendations 62 Management Decision That No Action is Required 0 Final Action on OIG Recommendations3 Final Action Completed 57 Recommendations Open at End of Period 41 Aging of Open Recommendations Awaiting Management Resolution: 0 through 6 months 29 7 through 12 months 7 More than 12 months 0 Awaiting Final Action After Resolution: 0 through 6 months 0 7 through 12 months 0 More than 12 months 5 2 “Management Resolution” occurs when the OIG and NSF management agree on the corrective action plan that will be implemented in response to the audit recommendations. 3 “Final Action” occurs when management has completed all actions it agreed to in the corrective action plan. 48 OIG Semiannual Report September 2003 List of Reports NSF and CPA Performed Reviews Cost Better Report Questioned Unsupported Sharing Subject Use of Number Costs Costs At- Funds Risk 03-1-007 Non-profit association $4,661 $0 $3,100,438 $0 03-1-008 State university $1,428,971 $0 $0 $0 03-1-009 Community college $1,209,174 $0 $0 $0 03-1-010 Museum $46,326 $0 $594,954 $0 03-1-011 Botanical garden $0 $0 $643,401 $0 03-1-012 Community college $133,092 $0 $0 $0 03-1-013 Community college $15,489 $0 $0 $0 03-2-009 NSF internal review $0 $0 $0 $0 03-2-010 NSF internal review $0 $0 $0 $0 03-2-011 NSF internal review $0 $0 $0 $0 03-2-012 NSF internal review $0 $0 $0 $0 03-2-013 NSF internal review $0 $0 $0 $0 03-2-014 International organization $0 $0 $280,455 $0 03-2-015 NSF internal review $0 $0 $0 $0 03-6-002 NSF internal review $0 $0 $0 $0 Total: $2,837,713 $0 $4,619,248 $0 49 Statistical Data NSF-Cognizant Reports Cost Report Questioned Unsupported Subject Sharing Number Costs Costs At-Risk 03-4-015 Non-profit research institute $0 $0 $0 03-4-016 School district $0 $0 $0 03-4-017 School district $0 $0 $0 03-4-018 Science museum $0 $0 $0 03-4-019 Educational association $0 $0 $0 03-4-020 Science organization $0 $0 $0 03-4-021 School district $0 $0 $0 03-4-022 Non-profit society $0 $0 $0 03-4-023 State university $0 $0 $0 03-4-024 School district $0 $0 $0 03-4-025 Non-profit consortium $0 $0 $0 03-4-026 Non-profit organization $0 $0 $0 03-4-027 Scientific society $0 $0 $0 03-4-028 Professional association $470 $0 $0 03-4-029 Scientific consortium $0 $0 $0 03-4-030 School district $0 $0 $0 03-4-031 School district $0 $0 $0 03-4-032 Non-profit corporation $18,400 $18,400 $0 03-4-033 School district $0 $0 $0 03-4-034 Research institute $0 $0 $0 03-4-035 Educational association $0 $0 $0 03-4-036 Non-profit association $0 $0 $0 03-4-037 School district $0 $0 $0 03-4-038 Non-profit academy $18,437 $18,437 $0 03-4-039 School district $0 $0 $0 Total: $37,307 $36,837 $0 50 OIG Semiannual Report September 2003 Other Federal Audits Cost Report Questioned Unsupported Subject Sharing Number Costs Costs At-Risk 03-5-067 University $949 $949 $0 03-5-130 College $2,500 $2,500 $0 Total: $3,449 $3,449 $0 51 Statistical Data 52 OIG Semiannual Report September 2003 Audit Reports With Outstanding Management Decisions This section identifies audit reports involving questioned costs, funds put to better use, and cost sharing at risk where management had not made a final decision on the corrective action necessary for report resolution with 6 months of the report’s issue date. At the end of the reporting period there were no reports remaining that met this condition. The status of recommendations that involve internal NSF management is described on page 48. 53 Statistical Data Investigations Case Activity April 1, 2003 - September 30, 2003 Preliminary Civil/Criminal Administrative Total Active Cases at Beginning of Period 14 28 31 73 Opened Cases 161 23 38 222 Closed Cases 100 11 29 140 Active Cases at End of Period 75 40 40 155 54 OIG Semiannual Report September 2003 Investigations Case Statistics Referrals to DOJ 3 Criminal Convictions/Pleas 1 Civil Settlements 0 Administrative Actions 4 Investigative Recoveries4 $1,218,883.60 Research Misconduct Findings by NSF 1 Cases Forwarded to NSF Management for Action 4 Cases Forwarded to NSF Management in Prior Periods Awaiting Action 0 Assurances and Certifications5 Number of Cases Requiring Assurances During This Period 3 Number of Cases Requiring Certifications During This Period 3 Assurances Received During This Period 0 Certifications Received During This Period 1 Number of Debarments in Effect During This Period 5 4 Investigative recoveries include civil penalties, criminal fines, and funds paid in restitution, as well as specific cost savings for the government. 5 NSF accompanies some actions with a certification and/or assurance requirement. For example, for a specified period, the subject may be required to confidentially submit to OIG a personal certification and/or institutional assurance that any newly submitted NSF proposal does not contain anything that violates NSF regulations. 55 Statistical Data Freedom of Information Act and Privacy Act Requests Our office responds to requests for information contained in our files under the freedom of Information Act (“FOIA,” 5 U.S.C. paragraph 552) and the Privacy Act (5 U.S.C. paragraph 552a). During this reporting period: • We received 10 FOIA requests compared to 8 in the last reporting period. The response time ranged between 2 days and 20 days, with a median of 14 days and the average around 13 days. • No Privacy Act requests were received this reporting period. • We received one appeal this reporting period, which was later withdrawn by the appellant. 56 OIG Semiannual Report September 2003 Appendix 1 Reporting Requirements Under the Inspector General Act, we report to the Congress every six months on the following activities: • Reports issued, significant problems identified, the value of questioned costs and recommendations that funds be put to better use, and NSF’s decisions in response (or, if none, an explanation of why and a desired timetable for such decisions). (See p.5-6, 45) • Matters referred to prosecutors, and the resulting prosecutions and convictions. (See p.29, 57) • Revisions to significant management decisions on previously reported recommendations, and significant recommendations for which NSF has not completed its response. (See p.23, 50) • Legislation and regulations that may affect the efficiency or integrity of NSF’s programs. (See p.7) • OIG disagreement with any significant decision by NSF management. (None) • Any matter in which the agency unreasonably refused to provide us with information or assistance. (None) 57 OIG Semiannual Report September 2003 Appendix 2 Acronyms AICPA Association of Independent Certified Public Accountants AGA Association of Government Accountants CFOC Chief Financial Officer Council CIO Chief Information Officer COI Conflict of Interest COSO Committee of Sponsoring Organizations Treadway Commission COV Committee of Visitors CPO Division of Contracts, Policy and Oversight DACS Division of Acquisition and Cost Support DCAA Defense Contract Audit Agency DD Division Director DFE Designated Federal Entity DGA Division of Grants and Agreements DOJ Department of Justice EBB Electronic Bulletin Board ECIE Executive Council of Integrity and Efficiency FAC Federal Audit Clearinghouse FAEC Financial Audit Executive Council FISMA Federal Information Security Management Act FMFIA Federal Managers Financial Integrity Act FOIA Freedom of Information Act FSAN Financial Statement Audit Network FY Fiscal Year GISRA Government Information Security Act GPRA Government Performance and Results Act HHS Department of Health and Human Services HUD Department of Housing and Urban Development IG Inspector General MIRWG Misconduct in Research Working Group MRE Major Research Equipment MREFC Major Research Equipment and Facilities Construction MSP Math and Science Partnership NSB National Science Board NSF National Science Foundation OIG Office of Inspector General OMB Office of Management and Budget OPP Office of Polar Programs 59 Statistical Data Acronyms (cont’d) OSTP Office of Science and Technology Policy PA Program Assistant PCIE President’s Council on Integrity and Efficiency PI Principal Investigator PFCRA Program Fraud Civil Remedies Act QCR Quality Control Review RMS Research Management Services SBIR Small Business Innovation Research STTR Small Business Technology Transfer USAP United States Antarctic Program USI Urban Systemic Initiative USP Urban Systemic Program 60 Organization Chart INSPECTOR GENERAL Christine C. Boesz DEPUTY INSPECTOR GENERAL Tim Cross COUNSEL TO THE INSPECTOR GENERAL Arthur A. Elkins ASSOCIATE IG FOR ASSOCIATE IG FOR AUDIT INVESTIGATIONS Deborah H. Cureton Peggy L. Fischer AUDIT ADMINISTRATIVE INVESTIGATIVE STAFF STAFF STAFF
Semiannual Report - September 2003
Published by the National Science Foundation, Office of Inspector General on 2003-09-01.
Below is a raw (and likely hideous) rendition of the original report. (PDF)