2012   Financial Report of the United States Government

U.S. Government Accountability Office Independent Auditor's Report

APPENDIX III

Other Material Weaknesses

Material weaknesses in internal control discussed in this report resulted in ineffective controls over financial reporting. In addition to the material weaknesses discussed in appendix II that contributed to our disclaimer of opinion on the accrual-based consolidated financial statements, we found the following four other material weaknesses in internal control.

Improper Payments

Reducing improper payments is critical to safeguarding federal funds.44 During fiscal year 2012, the federal government continued to make progress in identifying and reporting on improper payments. Entities reported improper payment estimates for nine additional programs when compared to fiscal year 2011.45 Most notably, the Department of Health and Human Services (HHS) reported an estimated improper payment amount for the Children’s Health Insurance Program of $704 million. Nevertheless, the federal government continues to face challenges in determining the full extent of improper payments. For example, four federal entities did not report fiscal year 2012 estimated improper payment amounts for 10 risk-susceptible programs, including HHS’s Temporary Assistance for Needy Families. The Improper Payments Information Act of 2002 (IPIA), as amended by the Improper Payments Elimination and Recovery Act of 2010 (IPERA),46 requires federal executive branch entities to (1) review all programs and activities, (2) identify those that may be susceptible to significant improper payments, (3) estimate the annual amount of improper payments for those programs and activities, (4) implement actions to reduce improper payments and set reduction targets, and (5) report on the results of addressing the foregoing requirements. IPERA also established a requirement for entity inspectors general to report annually on entities’ compliance, as defined in IPERA. In March 2012, the inspectors general began issuing their reports under this requirement covering fiscal year 2011. The reports identified issues such as improper risk assessment methods used by entities to identify programs and activities susceptible to significant improper payments, estimates not being reported for susceptible programs, and improper payment reduction targets not being set.

The Office of Management and Budget (OMB) reported total federal entity improper payment estimates of $107.7 billion in fiscal year 2012. This is a decrease from the prior year revised estimate of $115.7 billion as reported by federal entities.47 These estimates represented about 4.4 percent and 4.7 percent of reported outlays for the associated programs in fiscal years 2012 and 2011, respectively. Decreases in reported estimates of improper payments were mostly attributable to four major programs: the decreases for the Department of Labor’s Unemployment Insurance and the Department of the Treasury’s Earned Income Tax Credit programs were attributable to decreases in reported outlays, and the decreases for HHS’s Medicaid and the Social Security Administration’s Old-Age, Survivors, and Disability Insurance programs were attributable to decreases in reported error rates.48 It is important to note that, pursuant to OMB implementing guidance, reported improper payment estimates include overpayments, underpayments, and payments for which adequate documentation was not found, and may also include amounts of payments for years prior to the current fiscal year.

In addition to the issues reported by entity inspectors general as noted above, entity auditors continued to report internal control deficiencies over financial reporting, such as financial system limitations and information system control weaknesses, which significantly increase the risk that improper payments may occur and not be detected promptly.

Until the federal government has implemented effective processes to determine the full extent to which improper payments occur and appropriate actions are taken across entities and programs to effectively reduce improper payments, the federal government will not have reasonable assurance that the use of federal funds is adequately safeguarded.

Information Security

Although progress has been made, serious and widespread information security control deficiencies reported during fiscal year 2012 continue to place federal assets at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure, and critical operations at risk of disruption. Specifically, control deficiencies were identified related to (1) security management; (2) access to computer resources (data, equipment, and facilities); (3) changes to information system resources; (4) segregation of incompatible duties; and (5) contingency planning. We have reported information security as a high-risk area across government since February 1997.

Such information security control deficiencies unnecessarily increase the risk that data recorded in or transmitted by federal financial management systems are not reliable and available. A primary reason for these deficiencies is that federal entities generally have not yet fully institutionalized comprehensive security management programs, which are critical to identifying information security control deficiencies, resolving information security problems, and managing information security risks on an ongoing basis. The federal government has taken important actions to improve information security, such as enhancing performance measures and reporting processes necessary for monitoring and assessing the effectiveness of agenciesí information security programs. In addition, the administration established goals to achieve, by the end of fiscal year 2014, 95 percent use of (1) trusted Internet connections to consolidate external telecommunication access points; (2) continuous monitoring of federal information systems; and (3) strong authentication through the increased use of federal smart card credentials, such as Personal Identity Verification and Common Access Cards. Until entities identify and resolve information security control deficiencies and manage information security risks on an ongoing basis, federal data and systems, including financial information, will remain at risk.

Tax Collection Activities

During fiscal year 2012, a material weakness continued to affect the federal government's ability to effectively manage its tax collection activities. Due to financial system limitations, as well as errors and delays in recording taxpayer information, the federal government’s records did not always reflect the correct amount of taxes owed by the public to the federal government. Such errors and delays may cause undue burden and frustration to taxpayers who either have already paid taxes owed or who owe significantly lower amounts. Collectively, these deficiencies indicate that internal controls were not effective in (1) ensuring that reported amounts of taxes receivable and other tax assessments were accurate on an ongoing basis and could be relied upon by management as a tool to aid in making and supporting resource allocation decisions and (2) supporting timely and reliable financial statements, accompanying notes, and required supplementary information and other information without extensive supplemental procedures and adjustments.

Loans Receivable and Loan Guarantee Liabilities

Internal control deficiencies were identified at certain federal entities that accounted for the majority of the reported balances for loans receivable and loan guarantee liabilities. The deficiencies related to monitoring and reporting loan and loan-related activity, and to credit subsidy estimation and related financial reporting processes. In fiscal year 2012, the Department of Education, which accounted for the largest reported balance of loans receivable, experienced internal control deficiencies related to the implementation of new debt management collection and direct loan servicing systems. The departmentís deficiencies affected, among other things, its ability to process certain types of transactions, prepare certain system reconciliations in a timely manner, and properly report interest accruals.

Such deficiencies and issues, and complexities associated with estimating the costs of lending and other loan-related financing activities, significantly increase the risk that misstatements in entity and government-wide financial statements could occur and go undetected. Further, control deficiencies related to estimating the costs of lending and other loan-related financing activities can adversely affect the federal governmentís ability to support annual budget requests for these programs, make future budgetary decisions, manage program costs, and measure the performance of lending activities.

Footnotes

44Under the Improper Payments Information Act of 2002, as amended, improper payments are statutorily defined as any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements. It includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received (except for such payments where authorized by law), and any payment that does not account for credit for applicable discounts. (Back to Content)

45Of the nine programs, the Office of Management and Budget (OMB) excluded four programs from its governmentwide totals because those programs did not have OMB-approved sampling methodologies for estimating improper payments. (Back to Content)

46IPIA, Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002), as amended by IPERA, Pub. L. No. 111-204, 124 Stat. 2224 (July 22, 2010), and reprinted in 31 U.S.C. 3321 note. As of the date of this report, H.R. 4053, the Improper Payments Elimination and Recovery Improvement Act of 2012, was awaiting the Presidentís signature. The Act would require federal entities to take additional steps to identify and prevent improper payments. The Act would enact into law elements of the Presidentís ďDo Not Pay ListĒ initiative by requiring entities to review prepayment and pre-award procedures and ensure a thorough review of available databases to determine program or award eligibility before the release of any federal funds. The Act would also direct OMB to annually identify a list of high-priority federal programs for greater levels of oversight and review and would require each entity responsible for one of these high-priority programs to annually submit a program report to its inspector general and make a report copy available to the public. (Back to Content)

47In their fiscal year 2012 Performance and Accountability Reports (PAR) and Annual Financial Reports (AFR), three federal entities updated their fiscal year 2011 improper payment estimates to reflect changes since issuance of their fiscal year 2011 PARs and AFRs. These updates increased the government-wide improper payment estimate for fiscal year 2011 from $115.3 billion to $115.7 billion. (Back to Content)

48Reported error rates reflect the estimated improper payments as a percentage of total program outlays. (Back to Content)


Last Updated:  February 27, 2013