UNITED STATES OFFICE OF PERSONNEL MANAGEMENT
Washington, DC 20415
Office of the
Inspector General
. January 8, 20 I0
MEMORANDUM FOR JOHN BERRY / j J.
Director _ ~~ ~!l!I~\
FROM: PATRICKE.McFARLAND fYpV'" .
Inspector General p V'
SUBJECT: Review of the Service Credit Redeposit and Deposit System (Report
Number 4A-CF-OO-IO-021)
The purpose of this memorandum is to communicate to you the findings and conclusions
resulting from our review of the Service Credit Redeposit and Deposit (SCRD) system. In your
July 15,2009 memorandum, you requested that my office investigate the circumstances that led
to incorrect computations of amounts owed by employees to obtain credit for previous federal
service. Our review was limited to identifying the causes of the computational errors and
validating whether the updated system is now correctly calculating initial balance, interest, and
payments.
Executive Summary
Overall, nothing carne to our attention that caused us to believe that the Service Credit Redeposit
and Deposit system version 4.4 is not properly calculating initial interest or accruing interest
when payments are made. However, we did note several areas of concern associated with the
original and continuing system development and maintenance process, as well as other system
problems, unrelated to the computational module, that could result in accounts with understated
or overstated balances.
• Separation of duties: There is an inadequate separation of duties related to the procedures
for managing changes to the SCRD application. Software modifications can be
programmed and compiled by the same person. This means that unauthorized
programming changes can be made to the application without the knowledge or approval
of the system owners. The Benefit Systems Group (BSO), within the Center for
Information Services (CIS), has purchased new change management software that
ensures separation of duties and is designing and implementing new procedures.
• System requirements: The system requirements (or business rules) were not fully
developed and documented prior to system implementation. We identified a number of
cases where either the business rules were incorrect or were not properly incorporated in
the system.
• Data entry errors: We found a high percentage of errors that occurred during the manual
process of establishing employees' service credit accounts. In most of these cases, either
incorrect periods of service or earnings amounts were entered.
www.opm.gov www.lIsajobs.gov
Honorable John Berry 2
Background
Under the Civil Service Retirement System (CSRS), employees may make optional deposits for
periods of service during which retirement contributions were not withheld from their pay. They
may also redeposit refunds of retirement contributions during previous periods of service.
Employees who are covered by the Federal Employees Retirement System (FERS) may make
optional deposits of retirement contributions that were not withheld from their pay, but, prior to
October 28, 2009, they could not redeposit refunds of retirement contributions. Under either
system, interest is due on the deposited or redeposited amounts, although interest rates and
periods vary. The purpose of making these deposits or redeposits is to obtain credit toward
retirement for previous periods of service.
Ownership of this service credit business process is shared between OPM's Center for
Retirement and Insurance Services (CRIS) and the Office of the Chief Financial Officer (OCFO).
Federal employees submit an application (standard forms 2803 or 3108) to participate in the
program, and the CRlS staff gather the necessary information to process the request, including
prior periods of service, earnings, refund amounts, and other related data. They determine the
initial balance, including interest, and set up an account. The OCFO staff is responsible for
processing service credit payments made after accounts have been established.
Until 2006, this process was facilitated by a mainframe-based information system that had been
in place for many years. This system handled basic transactions, but was not designed to
accommodate the many complexities of the business process, particularly the special retirement
rules for various classes of federal employees. These more complex transactions were processed
manually. However, in April 2006, a newer, more modem version of the service credit system
was released which was designed to allow most types of transactions to be automatically
processed on users' desktop computers.
The new system was designed and built using Microsoft .NET (dot NET) technology, a software
framework that includes a large library of coded solutions to common programming problems
and a virtual machine that manages the execution of programs written specifically for the
framework. The .NET framework is intended to be used by most new applications created for the
Windows platform. Before this project, aPM had limited experience developing software
applications using .NET technology. Therefore, BSG, which was responsible for the project,
turned to several contractors to assist in the system development process.
In December 2007, the bank that manages. deposit payments generated a list of duplicate
payments, and while researching the problem the CRIS staff discovered anomalies in the
payment and interest amounts. It was later discovered that the system was not properly
calculating interest in some cases. Attempts to correct the problems were not successful, and the
system was eventually taken offline in July 2008.
Corrections were made to the system and it was brought back on-line in October of2008.
The BSG continued to work with the system owners, CRIS and OCFO, to identify and correct
the problems and Service Credit account data in the system. In August 2009, a new version of
the system (SCRD version 4.4) was distributed to users and a data fix routine was executed
Honorable John Berry 3
which corrected the accounts. This system is now being used to establish new accounts, but
CRIS and the OCFO continue to manually calculate balances and update accounts to reflect
payment activity while system testing continues.
aPM has convened a Tiger Team with full responsibility for correcting the current problems
with the system. This group includes members from CRIS, OCFO, BSG, and the Office of the
Inspector General (OIG). The mandate is to identify all existing problems in the SCRD
application, develop a corrective action plan, correct all known issues, and implement an updated
system that properly handles the majority of service credit cases.
Our review was not conducted in accordance with Generally Accepted Government Auditing
Standards (GAGAS). The nature and scope of the work performed was consistent with that
expected of a GAGAS audit; however, because we consider this to be a review, the
documentation, reporting, and quality control standards are not as stringent.
Scope and Methodology
Our office reviewed the change control process and performed tests of transactions in the SCRD
system. We interviewed individuals involved in managing system changes, and examined
documentation associated with user acceptance testing and approval. For our transaction testing,
we selected a random sample of 100 from a universe of the 1,000 most recently established
accounts as of August 26,2009. We also sampled 20 Peace Corps accounts to evaluate whether
the special rules for these cases had been properly programmed in the system. Finally, we
sampled 50 accounts from the universe of accounts set up between April 2006 and July 2008
where payments had been applied. Based on the business rules appropriate to the type of case
involved in the sampled accounts, we manually re-calculated initial balances, including interest,
and, in the cases where payments had been made, the current balance with accrued interest. We
compared our results to the same information entered into the system's test environment.
We used the following documentation, policies, and regulations to evaluate our results:
• Federal Information System Controls Audit Manual (FISCAM)
• 5 U.S.C. §§ 8334 and 8411 "Deductions, Contributions, and Deposits" and "Creditable
Service"
• 5 C.F.R. § 842.305 "Deposits for Civilian Service"
• CSRS and FERS Handbook for Personnel and Payroll Offices
o Administration and General Provisions: "OPM Responsibilities" (§4 1C2.1-1)
o Service Credit Payments for Civilian Service: «CSRS" (§ 21A)
o Service Credit Payments for Civilian Service: "FERS" (§ 21B)
• CSRS and FERS Applications: Information about Service Credit Payments Page
• Job Aids - Straight CSRS Deposits and Redeposits Training Manual, provided by the
Center for Retirement and Insurance Services (CRIS) in Boyers, Pennsylvania.
• OPM Website: http://www.opm.R:ov/retire/pre/csrs/index.asp
Honorable John Berry 4
Results
1. Separation of Duties
There is an inadequate separation of duties related to the procedures for managing changes to
the SCRD application. Software modifications can be programmed and compiled by the
same person. This means that unauthorized programming changes can be made to the
application without the knowledge or approval of the system owners.
We interviewed the BSG staff responsible for the SCRD system development and
maintenance and found that .NET programmers typically make changes to source code and
compile the code into an installation package for distribution. The installation package is
placed on a network drive and made available to staff from the agency's Network
Management Group to be distributed across the OPM network to user desktops.
After changes are programmed, tested, and compiled, the installation package is distributed
to business users for user acceptance testing. However, because the programmers can
modify the source code and compile programs, there is nothing to prevent a programmer
from making and compiling additional changes after user acceptance testing and approval.
A better approach would be to limit programmers' access to the development process. When
the user acceptance testing phase begins, the programmer should not be at all involved unless
there are additional changes required; then the change management cycle should start from
the beginning: development; unit, integration, and system testing; user acceptance testing;
implementation. Ideally, the programmer's involvement would end after the system testing
phase. A different person or group would then be responsible for compiling source code and
distributing the installation packages after the user acceptance testing and approval phase.
FISCAM section 3.3, Configuration Management, states that the "movement of programs
and data among libraries should be controlled by an entity group or person that is
independent of both the user and the programming staff. This group should be responsible
for ... moving programs from development/maintenance to user testing and from user testing
to production."
FISCAM section 3.4, Segregation of Duties, states that "Work responsibilities should be
segregated so that one individual does not control all critical stages of a process. For
example, while users may authorize program changes, programmers should not be allowed to
do so because they are not the owners of the system and do not have the responsibility to see
that the system meets user needs. Similarly, one computer programmer should not be allowed
to independently write, test, and approve program changes...
"Inadequately segregated duties increase the risk that ... improper program changes could
be implemented. For example a computer programmer responsible for authorizing,
writing, testing, and distributing program modifications could either inadvertently or
deliberately implement computer programs that did not process transactions in accordance
with management's policies or that included malicious code."
Honorable John Berry 5
The BSG managed the development, implementation, and ongoing maintenance of the SCRD
system. In the Enterprise Server (mainframe) environment, there are well-established
controls for ensuring separation of duties between the development, testing, and production
areas. However, because the new system involved Microsoft's .NET technology, which was
new to DPM, the development process occurred in a less controlled, server-based
environment.
As a result, programmers would have been able to make unapproved and/or untested system
changes which may have caused the computational errors to occur. Although we could not
document any such changes, we did obtain anecdotal evidence that a contractor supporting
the system made a large number of "informal" changes just before the system's July 2008
failure. Based on interviews of knowledgeable staff, it is not clear whether these changes
were tested and approved by the system owners prior to implementation.
We were told that BSG has purchased new change management software that enforces
proper separation of duties, and is designing and implementing new procedures.
Recommendation 1
We recommend that BSG implement the new change management software as soon as
possible, and design change management procedures that include appropriate separation of
duties. Such procedures should also cover employee roles and responsibilities, change
control and system documentation requirements, establishment of a decision-making
structure, and configuration management training.
DCID Response:
"The DCIO has purchased a new configuration management tool (Serena) for the distributed
environment at aPM that should mitigate the issue raised by DIG staff. We are currently
awaiting the agreement on the service contract with the vendor so that the tool can be
installed and training provided for those who will use the tool."
Recommendation 2
We recommend that aPM provide funding for the SCRD system to adequately support
ongoing maintenance and ensure an appropriate separation of duties.
2. System Requirements
In addition to the lack of change management controls, we found that the business owners
did not fully develop the system requirements during the SCRD system development project.
While there is a "User Requirements Document for the Service Credit System (SCRD)" that
quite comprehensively documents functional requirements, system integrity, and the
technical environment, there are no business rules included in this document.
Honorable John Berry 6
There are many complexities involved with the service credit business process, many of
which derive from legislation affecting federal retirement. We reviewed CSRS and FERS
handbooks, job aids, and relevant areas of the aPM website to obtain an understanding of
these business rules. From our interviews and tests of transactions, we determined that many
of the business rules were either not included in the SCRD system, or were not properly
programmed. For example:
• For CSRS cases that have a period of service spanning October 1, 1982, the system
automatically splits it into two separate periods of service because there is a different
procedure for calculating interest before and after this date. The system appropriately
handles this business rule for CSRS cases; howev.er, it also incorrectly applies the same
treatment to FERS cases. This causes the interest on FERS cases with periods of service
spanning October 1, 1982 to be overstated.
• The system applies an incorrect deduction rate for Peace Corps cases with periods of
service in 1999 and 2000. This causes the initial balance owed to be understated. We
were told that CRIS has been aware of this issue and is manually processing applications
from Peace Corps members. However, we found several Peace Corps cases that had been
processed incorrectly through the production SCRD system.
• With several exceptions, employees covered by FERS are not allowed to obtain service
credit for periods of service occurring on or after January 1, 1989. However, we found
that the system will accept a FERS application with a period of service after this date,
create an initial account balance, and trigger a bill. There should be edits that prevent
transactions with invalid periods of service from being entered into the system.
• To determine the retirement contributions that must be repaid for employees to obtain
credit for past service, the amount that the employee earned during the period of service
must be determined. There are CRIS job aids that describe how to calculate this amount.
In cases where supporting documentation only references the annual salary for the
applicable grade level and time period, the actual earnings amount must be inferred based
on the date range of the period of service. The job aids contain various hourly tables that
are used to determine the number of hours worked during a date range, and indicate that
the earnings amount should be calculated based on the product of hours worked and the
hourly rate. This approach is consistent with OPM salary tables, which present salaries in
both annual and hourly amounts.
However, we found that the system applies a factor to the salary based on the number of
days worked rather than the number of hours. A 360-day year is assumed for this
calculation. The use of either method only results in an estimate of the actual earnings
amount; however, the hourly approach is slightly more accurate. In the future, CRIS has
agreed to obtain the actual earnings amount, instead of salary or hourly wage amounts.
This will result in a more precise calculation of the initial service credit balance owed.
The Service Credit Tiger Team has established a scope document that contains a total of nine
tasks detailing core business requirements that were not included in the existing SCRD
Honorable John Berry 7
application (including the items detailed above), and two items that have been defined as
'enhancements' to be addressed after the next system update. Clearly, the business rules
were not comprehensively identified and documented during the original SCRD system
development process. This may have occurred because of a lack of knowledgeable business
users involved in the original effort. However, CRIS has assigned new staff to the service
credit project who appear to be very knowledgeable regarding the appropriate business rules
and are working on the Tiger Team to correct the current application.
Because the business rules were not fully developed and programmed into the original
application, there are service credit accounts that have incorrect balances.
Recommendation 3
We recommend that CRIS and the Tiger Team develop a comprehensive repository that
contains all known business requirements, and ensure that the system is updated and
thoroughly tested before being placed into production.
CRIS Response:
"RSP is working closely with the programmers to ensure appropriate business rules are
applied. The requirements guide will be updated with the rules as necessary and detailed job
aids for using the Service Credit system are being developed. In addition, rigorous testing of
the system is now underway.
The Tiger Team will recommend that the OCFO collaborate with CRIS on the
documentation and storage of all business rules in a repository. The Tiger Team may not be
in existence long enough to document all of the rules. However, the customer organizations
should complete the process."
Recommendation 4
We recommend that CRIS ensure that the business rules repository is maintained and
updated when required, and that ongoing system enhancements are thoroughly tested before
and after implementation.
3. Data Entry Errors
In testing our random sample of 100 of the 1,000 most recently created accounts, we found
that CRIS clerks had entered incorrect dates or salary rates in 18 cases (or an 18 percent error
rate). One of these sample items had an error that resulted in an overcharge of $1,178.80. In
addition, the BSG evaluated the service credit database to identify outliers that involved
high-dollar account balances, and found that 40 percent were caused by data entry errors.
FISCAM section 4.2, Business Process Controls, states that "The entity should implement
procedures to reasonably assure that (1) all data input is done in a controlled manner, (2) data
input into the application is complete, accurate, and valid, (3) any incorrect information is
Honorable John Berry 8
identified, rejected, and corrected for subsequent processing, and (4) the confidentiality of
data is adequately protected. Inadequate input controls can result in incomplete, inaccurate,
and/or invalid records in the application data or unauthorized disclosure of application data."
This situation apparentlyresulted from inadequately trained data entry clerks, a lack of
system edits and validity checks, and an ineffective monitoring and auditing capability. As a
result, there is a very high risk that initial account balances could be significantly understated
or overstated.
Recommendation 5
We recommend that appropriate validity checks and system edits be programmed into the
system to prevent incorrect or unreasonable entries.
CRlS Response:
"RSP is working with the programmers to implement comprehensive edits and error
messages. BSG staff will look at ways to build in validation edits and at a minimum add
"pop-ups" when there is a possibility of erroneous data being entered although it may pass
edits (such as the size of a Service Credit account)."
Recommendation 6
We recommend that training aids be updated and that refresher training be provided to data
entry clerks.
CRIS Response:
"Job aids are being developed and will be available once the system has been updated."
Recommendation 7
We recommend a monitoring and auditing capability be established that includes second
level review of transactions input into the system and periodic random sampling and
reporting to management.
CRlS Response:
"RSP has implemented I00% review since October 2009 and the Quality Assurance Group
will be conducting periodic audits."
Recommendation 8
We recommend that aJl accounts established since April], 2006 be reviewed for accuracy of
input data and corrected if necessary.
Honorable John Berry 9
CRIS Response:
"RSP has acknowledged that the error rate found by the IG was inordinately high due to the
inexperience of the new staff handling the service credit claims as of October 2008. Before
that date, experienced staff processed new claims and so we have a high confidence level that
those claims were entered accurately. Therefore, we are working with the Quality Assurance
Group to provide a random sampling review on service credit accounts computed between
October 2008 and October 2009. Effective 10101/09 RSP has senior Legal Administrative
Specialists reviewing all initial billing data entries prior to triggering and issuing statement. .
In addition, aU accounts not paid in full by the employee's retirement date will be reviewed
during the retirement adjudication process and the retiree will be given the opportunity to
make payment."
If we can be of assistance during your review of this report, please contact me or your staff can
contact Michael R. Esser, Assistant Inspector General for Audits, on _ or _
_ Chief, Information Systems Audits Group, on _
cc: Elizabeth A. Montoya
Chief of Staff and Director of External Affairs
Richard B. Lowe
Deputy Chief of Staff and Executive Secretariat
Mark Reger
Chief Financial Officer
David M. Cushing
Deputy Chief Financial Officer & Policy and Internal Control Group
Kathleen McGettigan
Deputy Associate Director
Center for Retirement and Insurance Services
Ronald C. Flom
Associate Director & Chief Human Capital Officer
Matthew E. Perry
Acting Chief Information Officer
Reivew of the Service Credit Redeposit System
Published by the Office of Personnel Management, Office of Inspector General on 2010-01-08.
Below is a raw (and likely hideous) rendition of the original report. (PDF)