Improper Payments Legislation: Key Provisions, Implementation, and Selected Proposals in the 114th Congress

As Congress searches for ways to generate savings, reduce the deficit, and fund federal programs, it has held hearings and passed legislation to prevent and recover improper payments. Improper payments—which exceeded $137 billion in FY2015—are payments made in an incorrect amount, payments that should not have been made at all, or payments made to an ineligible recipient or for an ineligible purpose. The total amount of improper payments may be even higher than reported because several agencies have yet to determine improper payment amounts for all of their programs.

In 2002, Congress passed the Improper Payments Information Act (IPIA; P.L. 107-300; 116 Stat. 2350), which established an initial framework for identifying, measuring, preventing, and reporting on improper payments at each agency. That same year, Congress also passed legislation, the Recovery Audit Act (P.L. 107-107; Section 831; 115 Stat. 1186), which required agencies that awarded more than $500 million annually in contracts to establish programs to recover overpayments to contractors.

Congress passed new legislation, the Improper Payments Elimination and Recovery Act of 2010 (IPERA, P.L. 111-204; 124 Stat. 2224), which replaced and consolidated the requirements of both IPIA and the Recovery Audit Act. IPERA retained the core provisions of the IPIA while requiring improvements in agency improper payment estimation methodologies and improper payment reduction plans. It also significantly expanded the scope and reporting requirements of recovery audit programs.

The Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA; P.L. 112-248; 126 Stat. 2390) requires agencies to improve the quality of oversight for high-dollar and high-risk programs, and mandates that agencies share data regarding recipient eligibility and payment amounts. In addition, IPERIA requires the Office of Management and Budget (OMB) to examine the rates and amounts of improper payments that agencies have recovered and establish targets for increasing those amounts.

Implementation of improper payments legislation has been uneven across the government. While error rates have decreased for some programs, they have increased for others—including some high-priority programs with billions in annual outlays. Some agencies have not established error rates for all of their risk-susceptible programs, or have not consistently reported required improper payments reduction goals. Data sharing among agencies—a key tool for preventing improper payments—has been limited, and some agencies have not implemented and reported on their recovery audit programs, despite being required by law to do so.

The Fraud Reduction and Data Analytics Act of 2015 (H.R. 4180/S. 2133) would require the OMB to establish financial and administrative controls related to fraud and improper payments. Agencies would be required to include in their annual financial reports a discussion of their progress in implementing fraud risk guidance. OMB would also be required to establish a working group to improve the sharing of (1) best practices for mitigating fraud, and (2) effective data analytics techniques. The working group would also submit a plan to Congress for establishing an interagency library of data analytics and data sets, which would be used by federal agencies and IGs to facilitate the detection, prevention, and recovery of fraud, including improper payments.

Improper Payments Legislation: Key Provisions, Implementation, and Selected Proposals in the 114th Congress

December 7, 2016 (R44702)
Jump to Main Text of Report

Summary

As Congress searches for ways to generate savings, reduce the deficit, and fund federal programs, it has held hearings and passed legislation to prevent and recover improper payments. Improper payments—which exceeded $137 billion in FY2015—are payments made in an incorrect amount, payments that should not have been made at all, or payments made to an ineligible recipient or for an ineligible purpose. The total amount of improper payments may be even higher than reported because several agencies have yet to determine improper payment amounts for all of their programs.

In 2002, Congress passed the Improper Payments Information Act (IPIA; P.L. 107-300; 116 Stat. 2350), which established an initial framework for identifying, measuring, preventing, and reporting on improper payments at each agency. That same year, Congress also passed legislation, the Recovery Audit Act (P.L. 107-107; Section 831; 115 Stat. 1186), which required agencies that awarded more than $500 million annually in contracts to establish programs to recover overpayments to contractors.

Congress passed new legislation, the Improper Payments Elimination and Recovery Act of 2010 (IPERA, P.L. 111-204; 124 Stat. 2224), which replaced and consolidated the requirements of both IPIA and the Recovery Audit Act. IPERA retained the core provisions of the IPIA while requiring improvements in agency improper payment estimation methodologies and improper payment reduction plans. It also significantly expanded the scope and reporting requirements of recovery audit programs.

The Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA; P.L. 112-248; 126 Stat. 2390) requires agencies to improve the quality of oversight for high-dollar and high-risk programs, and mandates that agencies share data regarding recipient eligibility and payment amounts. In addition, IPERIA requires the Office of Management and Budget (OMB) to examine the rates and amounts of improper payments that agencies have recovered and establish targets for increasing those amounts.

Implementation of improper payments legislation has been uneven across the government. While error rates have decreased for some programs, they have increased for others—including some high-priority programs with billions in annual outlays. Some agencies have not established error rates for all of their risk-susceptible programs, or have not consistently reported required improper payments reduction goals. Data sharing among agencies—a key tool for preventing improper payments—has been limited, and some agencies have not implemented and reported on their recovery audit programs, despite being required by law to do so.

The Fraud Reduction and Data Analytics Act of 2015 (H.R. 4180/S. 2133) would require the OMB to establish financial and administrative controls related to fraud and improper payments. Agencies would be required to include in their annual financial reports a discussion of their progress in implementing fraud risk guidance. OMB would also be required to establish a working group to improve the sharing of (1) best practices for mitigating fraud, and (2) effective data analytics techniques. The working group would also submit a plan to Congress for establishing an interagency library of data analytics and data sets, which would be used by federal agencies and IGs to facilitate the detection, prevention, and recovery of fraud, including improper payments.


Improper Payments Legislation: Key Provisions, Implementation, and Selected Proposals in the 114th Congress

Improper Payments Elimination and Recovery Act of 2010

Background

In an effort to reduce and ultimately eliminate billions of dollars in improper payments made by federal agencies each fiscal year, Congress passed the Improper Payments Information Act (IPIA; P.L. 107-300; 116 Stat. 2350) in 2002. IPIA established an initial framework for identifying, measuring, preventing, and reporting on improper payments at each agency. Separately, Congress also passed legislation, the Recovery Audit Act of 2002 (P.L. 107-107; Section 831; 115 Stat. 1186), which required agencies that awarded more than $500 million annually in contracts to implement plans to recover overpayments to contractors.1

Reports on improper payments and recovery audits were first issued for FY2004. After five years of reporting, the data showed that progress under IPIA was uneven—while many individual programs reduced their improper payment rates, the total amount of improper payments and the government-wide improper payment rate both increased between FY2004 and FY2008. During that same time period, Government Accountability Office (GAO) auditors had identified weaknesses in numerous agencies' recovery audit programs.2

In response, Congress passed new legislation, the Improper Payments Elimination and Recovery Act of 2010 (IPERA; P.L. 111-204; 124 Stat. 2224), which amended and consolidated the requirements of both IPIA and the Recovery Audit Act. As discussed below, IPERA retained the core provisions of the IPIA while requiring improvements in agency improper payment estimation methodologies and improper payment reduction plans. It also significantly expanded the scope and reporting requirements of recovery audit programs.

Improper Payments

IPERA defines an improper payment as a payment that should not have been made or that was made in an incorrect amount, including both overpayments and underpayments. This definition includes payments that were made to an ineligible recipient, duplicate payments, payments for a good or service not received, and payments that do not account for credit for applicable discounts. Under IPERA, "payment" is defined as a transfer or commitment to transfer federal funds in the future—including cash, securities, loans, loan guarantees, and insurance subsidies—to a nonfederal entity. Thus, the law applies to federal funds paid or obligated by a federal agency to nonfederal grantees, contractors, and loan recipients, including state or local governments who administer federal programs or activities.

Risk Assessments

IPERA requires agencies to take specific steps to identify and reduce improper payments. First, it requires agencies to perform a risk assessment of all programs and activities and identify those that were susceptible to "significant" improper payments. IPERA defined "significant" for FY2011 and FY2012 as either (1) improper payments that exceed both $10 million and 2.5% of program or activity outlays; or (2) improper payments in excess of $100 million. Beginning in FY2013, the 2.5% threshold dropped to 1.5%, with other aspects of the definition unchanged. IPERA also requires agencies to perform the initial risk assessment for every program and activity during the year in which IPERA was enacted (i.e., in 2011) and to perform subsequent risk assessments at least every three years.

When performing risk assessments, IPERA requires agencies to consider several risk factors that may make a program or activity susceptible to "significant" improper payments:

  • whether the program or activity is new to the agency;
  • the complexity of the program or activity;
  • the volume of payments;
  • whether payments or payment eligibility decisions are made outside the agency, such as by a state government;
  • recent major changes in program funding, authorities, practices, or procedures;
  • the level of experience and quality of training for personnel responsible for making program eligibility determinations or certifying that payments are accurate; and
  • major deficiencies in an agency's audit report or other source that might result in inaccurate payment certification.

Once a program or activity has been identified as susceptible to "significant" improper payments, agencies are required to estimate the amount of improper payments made under each.

Reporting on Agency Efforts to Reduce Improper Payments

IPERA requires agencies to report on the actions they have taken to reduce improper payments for each program and activity in the accompanying materials to their annual financial statement. IPERA also requires agencies to provide an estimate of improper payments for each program or activity identified as susceptible through the risk assessment, and to describe the causes of improper payments, the actions planned or taken to correct those problems, and when those actions were completed or will be completed. Target dates for achieving reductions in improper payments must be approved by the Office of Management and Budget (OMB), and agencies must include annual performance criteria used to hold the appropriate parties accountable for meeting those targets—whether they work for the agency or for a state or local government that helps implement the program. The performance criteria must also include an evaluation of the internal controls within the agency, or state or local government, that are intended to prevent, detect, and recover improper payments. IPERA also requires agencies to include a statement as to whether they have sufficient resources to develop their own internal controls for reducing improper payments—such as human capital and information systems—and, if not, to identify what additional resources are needed to do so. OMB is also required to establish criteria that agencies must meet to demonstrate that they have effective internal control systems.

IPERA also requires OMB to submit a report to two congressional committees—the House Committee on Oversight and Government Reform and the Senate Committee on Homeland Security and Governmental Affairs—that provides a government-wide summary of agency efforts to reduce and recover improper payments. This report must include (1) government-wide improper payment reduction targets; (2) the compliance status of each agency; (3) a discussion of progress made towards meeting improper payment reduction targets; and (4) a summary of the improper payment reduction and recovery actions of each agency. IPERA further directs OMB to provide guidance on the timing and format of the improper payments reports required by IPERA, both at the agency level and government wide. OMB's guidance, which was issued in 2011, is discussed in detail in the "OMB Guidance" section of this report.

Compliance

The inspector general of each agency must determine whether the agency is in compliance with IPERA and report its findings to the head of the agency, the Comptroller General, the House Committee on Oversight and Governmental Reform, and the Senate Committee on Homeland Security and Government Affairs. An agency is deemed in compliance if it has

  • published an annual financial statement;
  • conducted risk assessments for each program or activity;
  • published improper payment estimates, corrective action plans, and improper payment reduction targets for all risk-susceptible programs and activities; and
  • reported no improper payment rate that met or exceeded 10%.

By definition, then, an agency must report that all of its programs and activities have an improper payment rate of less than 10% to be deemed in compliance with IPERA.

Agencies that are deemed noncompliant must submit a plan to Congress that describes the steps they will take to become fully compliant. The plan must include (1) measurable milestones that will result in compliance for each program or activity deemed noncompliant; (2) the name of a senior agency official who is responsible for ensuring the agency becomes compliant; and (3) an "accountability mechanism" that may include incentives and consequences tied to the ability of the responsible official to bring the agency into compliance.

If an agency is deemed noncompliant for two consecutive years, and OMB has determined that additional funding would help the agency become compliant, then the agency head would be required to obligate additional funds—in an amount determined by OMB—for "intensified compliance efforts." IPERA does not provide agencies with new authority for transferring funds. Agencies that were unable to obligate all of the additional funds required by OMB under their existing authorities, then, would need statutory authority to transfer funds under Title 31 of the U.S. Code.3

If an agency is deemed noncompliant for three or more consecutive years for the same program or activity, then the agency must submit to Congress reauthorization proposals for those programs or activities, along with proposed statutory changes that may bring the agency into compliance.

IPERA gives OMB the authority to conduct compliance pilot programs to "test potential accountability mechanisms" and to report the findings from those pilot programs within five years from enactment (i.e., before July 22, 2015).

Recovery Audits

A recovery audit, or payment recapture audit, is a review process designed to identify overpayments. According to OMB guidance,4 "It is not an audit in the traditional sense. Rather it is a detective and corrective control activity designed to identify and recapture overpayments, and, as such, is a management function and responsibility."5

IPERA requires agencies to perform recovery audits on each program or activity6 with expenditures of $1 million or more per year. In addition, the legislation stipulates that the performance of recovery audits is conditional on cost-effectiveness, though the term "cost-effective" is not defined in law. IPERA contains provisions for the conduct of these recovery audits.7 The legislation establishes agencies' threshold requirement for recovery auditing, details certain procedures for the performance of recovery audits, mandates collection of overpayments, specifies disposition allotments for recovered amounts, and imposes reporting requirements on actions to recover improper payments.

The legislation institutes two procedural requirements for the conduct of recovery audits. First, it requires agencies to prioritize both the most recent payments and those deemed susceptible to "significant" improper payments. Second, the legislation specifies options for recovery audit services—they could be performed within the agency itself or by other U.S. departments and agencies, or private sector services could be procured by contract.

Although IPERA permits contractors to conduct recovery audits on agencies' behalf, it circumscribes their scope of authority. Only with the express consent of the agency head are contractors authorized to notify entities of potential overpayments,8 respond to questions pertaining to potential overpayments, and take administrative action on overpayment claims. In addition, contractors are not allowed to render a final decision as to whether or not an overpayment occurred, and they are not authorized to adjudicate overpayment claims. IPERA requires recovery audit contractors to report all overpayments detected through recovery audits to the procuring agency, regardless of whether a given overpayment occurred at the agency that contracted the audit or another agency beyond the scope of the contract.

Nongovernmental entities are prohibited from disclosing information uncovered through a recovery audit that would identify an individual for any purpose other than the recovery audit itself. An individual could waive this privacy protection, however, and permit the executive agency that contracted the audit to disclose identifying information for other purposes.

The legislation directs agencies to take "prompt and appropriate action" to collect overpayments identified in recovery audits upon receipt of an overpayment notification. Distribution of collected amounts was left to the discretion of agency heads, though there were limits on the maximum percentage of recovered amounts that could be applied to certain programs, purposes, and activities:

  • At most, 25% for a financial management improvement program, to be implemented by agency heads to address improper payments and reduce errors and waste across agency programs and operations.
  • At most, 25% credited to the appropriation or fund from which the overpayment was made.
  • At most, 5% for inspector general activities relating to implementation of the legislation itself or investigation of improper payments.
  • The remaining 45% of collected amounts—and up to 100% depending on how much the agencies actually allocated in accordance with these criteria—are to be deposited in the Treasury as miscellaneous receipts.

IPERA specifies four reporting requirements which relate to the conduct of recovery audits. First, the legislation requires agency heads to provide a report on improper payment recovery actions, which is to include a statistically valid estimate of improper payments made by each program or activity, along with the following:

  • a discussion of the methods used to recover overpayments;
  • the amounts recovered, outstanding, and determined not to be collectable;
  • a written justification explaining any uncollected amounts;
  • an aging schedule of outstanding amounts;9
  • a summary of the disposition of recovered amounts;
  • a discussion of conditions giving rise to improper payments and how these are being resolved; and
  • if an agency determined that a recovery audit was not cost-effective, then a justification as to why.10

Second, by November 1 of each year, agencies are required to submit a report to OMB and Congress on actions taken on those conditions that promote overpayments, as identified and reported by recovery audit contractors. Third, the Director of OMB must provide the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Oversight and Government Reform a government-wide report on agencies' reports of improper payments information and recovery actions, as well as the compliance status of each agency covered by the law. Lastly, within two years of IPERA's enactment, the Chief Financial Officers Council must conduct a study, in consultation with the Council of Inspectors General on Integrity and Efficiency and recovery audit experts, on the implementation of IPERA's recovery audit provisions, the costs and benefits of agency recovery audit activities, and, in particular, the effectiveness of service provision by private contractors, agency employees, cross-servicing from other agencies, or any combination of the three.

Improper Payments Elimination and Recovery Audit Improvement Act of 2012

In an attempt to expand the scope of data used to verify that payments are being made to eligible recipients and for the correct amount, Congress passed the Improper Payments Elimination and Recovery Audit Improvement Act of 2012 (IPERIA; P.L. 112-248). IPERIA was subsequently amended by the Bipartisan Budget Act of 2013 (P.L. 113-67), and the Federal Improper Payments Coordination Act of 2015 (FIPCA, P.L. 114-109). The following section discusses the requirements of IPERIA, as amended.

Improper Payments

IPERIA requires OMB to identify a list of "high-priority" federal programs for greater levels of oversight. These programs must be chosen on the basis of the relatively high dollar value or error rate of improper payments, or because they are deemed more susceptible to improper payments when compared to other high-risk programs, regardless of size. IPERIA also requires OMB to establish annual targets, as well as quarterly and semi-annual actions for reducing improper payments for the high-priority programs. In addition, each agency with a high-priority program is required to submit an annual report on the steps agencies have taken, and plan to take, to prevent and recover future improper payments. The report will be submitted to the inspector general of the agency and posted on a website accessible to the public. The inspector general, in turn, must submit a report to Congress that assesses the quality of the improper payment estimates for each high-priority program, determines whether proper controls are in place to identify and prevent future improper payments, and makes recommendations to Congress on how agency plans might be modified to improve their improper payment estimates and internal controls.

IPERIA also requires OMB to issue guidance intended to increase the accuracy of agency improper payment estimates. To that end, IPERIA

  • established new standards for sampling payments;
  • bars agencies from relying on self-reporting by recipients for estimates;
  • requires agencies to include all improper payments in their estimates, including those payments recovered or in the process of being recovered; and
  • includes payments to employees in their estimates.

In addition, IPERIA requires agencies to verify recipient eligibility by reviewing available databases prior to issuing a payment or award. Under this "Do Not Pay" initiative, agencies must verify eligibility by reviewing data in the

  • Death Master File, maintained by the Social Security Administration (SSA);
  • Excluded Parties List System, maintained by the General Services Administration;
  • Debt Check Database, maintained by the Department of the Treasury;
  • Credit Alert System, maintained by the Department of Housing and Urban Development;
  • List of Excluded Parties and Entities, maintained by the inspector general of the Department of Health and Human Services; and
  • SSA data on incarcerated individuals.

IPERIA gives OMB the authority to include additional databases as part of the "Do Not Pay Initiative," as long as the public is provided notice and opportunity to comment before the database is included. OMB must issue a report to Congress each year that evaluates agency efforts to implement the "Do Not Pay Initiative," including whether the initiative has led to reduced improper payments and the identification of incorrect data.

To facilitate data integration across agencies, IPERIA required OMB to submit a plan for (1) including other databases in the "Do Not Pay Initiative" (DNP); (2) maximizing agency access to the databases; and (3) developing agreements between agency inspectors general that would permit data sharing. OMB is required to issue guidance on the IG agreements, including standards for reimbursement of costs associated with implementation, retention and destruction of records, and privacy protections. IPERIA required OMB to ensure that a working data-sharing system was in place no later than thirty days after submitting its plan, and to ensure that agencies review all their payments for all programs through the DNP. In addition, IPERIA grants states (and their contractors) access to the DNP databases, upon determination from OMB that they have an "appropriate" DNP system in place.

In addition to drawing on data from existing sources, IPERIA required the Attorney General to submit a report to Congress within a year of enactment that assessed the ability of using state, local, and federal incarceration status as a method for identifying and preventing improper payments. IPERIA also required SSA to take steps to improve the accuracy and timeliness of death data it maintains, and required the Secretary of the Treasury to submit a report within 180 days from enactment that included a description of the data analytics Treasury performed for the purpose of detecting, preventing and recovering improper payments.

Recovery Audits

Under IPERA, agencies must establish annual payment recapture targets for their programs. By FY2013, the proportion of recovered amounts to amounts identified for recovery must be at least 0.85 (that is, a recovery rate of at least 85%). IPERIA expands upon these provisions by requiring the Director of OMB to set recovery targets for improper payments, with specific amounts identified for recovery audit contractors. In addition, the law requires the Director of OMB to determine both current and historical improper payments recovery amounts and rates, including those recaptured by recovery audit contractors, and provide a list of agency recovery audit contract programs.11

OMB Guidance

OMB's guidance to agencies for implementing improper payments legislation is generally found in Appendix C of OMB Circular A-123, Management's Responsibility for Internal Control.12

Improper Payments

OMB's definition of an improper payment is consistent with IPERA's, though A-123 clarifies that when an agency does not have the documentation necessary to determine that a payment was proper, it is to be considered improper. OMB's guidance also provides a definition for program, which IPERA does not.13 According to A-123, a program includes all types of grants, procurements, and credit programs, as well as regulatory activities, research and development activities, and activities that agencies perform to support their programs. OMB's guidance specifies that payments to other agencies are not considered programs, although payments related to government charge cards, and payments to federal employees are included in the definition of program.

Risk Assessments

A-123 requires agencies to (1) review all programs and identify those susceptible to improper payments; (2) develop a valid estimate of the amount of improper payments for those programs identified as susceptible to "significant" improper payments; (3) implement a plan to reduce improper payments; and (4) report estimates of the annual amounts of improper payments and progress in reducing them. For each of those steps, discussed below, A-123 establishes a detailed process by which agencies are to fulfill their statutory obligations.

A-123 and IPERA both use the same definition of "significant" improper payments for agencies to follow when identifying programs susceptible to improper payments: either the total amount of improper payments exceeds 1.5% of outlays and $10 million, or total outlays exceed $100 million (regardless of improper payment amounts). The guidance and IPERA also identified the same risk factors that may indicate a program is susceptible to "significant" improper payments. OMB may determine on a case-by-case basis whether certain programs below the threshold may be required to have risk assessments performed.

Like IPERA, A-123 requires OMB to approve of agency sampling methodologies to ensure they accurately reflect the annual amount of improper payments. A-123 provides agencies with detailed explanations of steps they should take to establish valid methodologies, including sampling technique and size. OMB's guidance specifies that improper payment estimates should only include the erroneous amount. For example, if a payment of $50 was due, and the agency paid $60, then only the $10 above the correct amount would be counted in the improper payment total. Similarly, if the agency had paid $40 to a recipient that was supposed to receive $50, then only the $10 below the correct amount would be counted as improper. However, if a $100 payment was made without sufficient documentation to confirm that the payment was correct, the entire $100 would be included in the improper payment total. A-123 permits agencies to sample transactions at certain steps within the lifecycle of a payment rather than the entire payment process, if the agency believes that only those steps have the highest risk or have the greatest return on investment. For example, if an agency determines that a five-step payment has two high-risk steps, then it may sample, review, and report an estimate for just those two steps.

As with IPERA, A-123 requires each agency to develop a plan to reduce improper payments that includes three components: a description of the root causes of improper payments for each risk-susceptible program; OMB-approved improper payment reduction targets and a timeline within which those targets will be reached; and the steps taken to ensure that all of the parties involved—federal and nonfederal—are held accountable. The guidance requires agencies to assess whether they or their partners have the necessary infrastructure (i.e., human capital, internal controls, information systems) to reduce improper payments. A-123, like IPERA, also requires agencies to identify any statutory or regulatory barriers to implementing their plans. However, A-123 permits agencies to request a waiver for this reporting for programs or activities that have been deemed not risk-susceptible for two consecutive years, an allowance which is not found in IPERA.

A-123 requires agencies to include in its Performance and Accountability Report (PAR) or Annual Financial Report (AFR), an improper payment estimate for each program that meets the statutory thresholds for significant improper payments; narrative information on agency plans to prevent, detect, and recover improper payments; and what resources, if any, they lack to implement their plans.

Compliance

A-123 provides numerous examples of steps agencies should take to prevent, detect, and recapture improper payments. The guidance acknowledges that fully implementing long-term corrective actions may take several years, but that those actions should be intensified and expanded whenever possible. A-123 identifies best-practices that could be used by agencies to reduce and recover improper payments, including predictive modeling, forensic accounting, partnering with agency inspectors general to focus on fraud prevention, data mining, and training agency staff on tools to identify improper payments.

High-Priority Programs

A-123 establishes criteria for high-priority programs. Generally, OMB may classify a program as high-priority if it is susceptible to significant improper payments and its improper payments are greater than $750 million. A-123 gives OMB the discretion to provide an exemption for programs that exceed the $750 million threshold, but which have an improper payment rate of less than 1.5%. Agencies are required, consistent with IPERIA, to develop corrective action plans that are tailored to the unique risks involved with each high-priority program, and to report to their IGs on the steps they have taken or plan to take to prevent and recover improper payments.

Recovery Audits

As noted, IPERA requires agencies that have programs or activities with expenditures of $1 million or more per fiscal year to conduct payment recapture audits. A-123 further requires agencies to implement payment recapture audit programs, which consist of overall plans for risk analysis, payment recapture audits, and recapture (recovery) activities.14 While the agency head has discretion over the manner and combination of payment recapture activities, the cost-effectiveness mandate means that the benefits of the payment recapture audit program, such as recaptured amounts, should exceed the costs of implementation and oversight.

A-123's scope for payment recapture audit programs is consistent with IPERA, though A-123 specifies that programs and activities that expend more than $1 million annually which require recovery audits includes grants, benefits, loans, and contract programs. In addition, A-123 states that agencies

  • must prioritize payment recapture audits for payment categories that have the highest potential for overpayment recoveries;
  • must design the program so as to ensure the greatest financial benefit for the government;
  • may exclude payments from recovery audit activities if payment recapture audits are not determined to be cost-effective;
  • may permit payment recapture audit contractors to notify entities of potential overpayments, respond to questions about overpayments, and take administrative action on overpayment claims but cannot authorize these contractors to render a final decision as to whether or not an overpayment occurred nor to adjudicate overpayment claims;
  • must report instances of potential fraud discovered through payment recapture audits to the appropriate parties; and
  • must correct underpayments identified through the recovery audit process, as well as overpayments.15

IPERA requires agencies to perform recovery audits if doing so is cost-effective. According to A-123, agencies should consider the likelihood of overpayment recapture in determining whether a recapture audit is cost-effective. In making this determination, agencies may weigh (1) whether laws or regulations permit recovery; (2) whether the recipient of the overpayment is likely to have resources to repay overpayments from nonfederal funds; (3) whether the evidence of overpayment is clear versus contestable; and (4) whether the overpayment is truly a recoverable improper payment rather than a payment with unsupported documentation.16

If an agency determines that a payment recapture audit program would not be cost-effective, then it must advise OMB and the agency's inspector general of this decision, along with the analysis it performed to reach that decision. OMB may review the analysis and instruct the agency to conduct a payment recapture audit program. Agencies must also report in its annual AFR or PAR a list of programs and activities where it has determined conducting a payment recapture audit program would not be cost-effective, and an explanation of how it reached that determination.

Agencies are required to establish annual payment recapture targets for their programs, which OMB must approve. The targets may vary in accordance with the different types of payments the agency makes, such as grants versus contracts. Targets are expected to show an increase in recoveries over time, and OMB may require agencies to establish stricter targets.

A-123 establishes guidelines for coordination between federal agencies and state or local governments, with respect to both payment recapture audits and financial management improvement efforts authorized by IPERA. Grant programs are subject to IPERA's recovery audit provisions, as noted previously, and these programs are often administered by states and local governments. The guidance instructs federal agencies to work with state and local governments to ensure that sufficient resources are available to perform payment recapture audits; federal agencies must also coordinate among themselves to reach partnerships with grant recipients for cost-effective payment recapture audit implementation. Agencies with state-administered programs may use a portion of the funds recovered under a payment recapture program available to states and local governments for their financial management improvement efforts.17

IPERA specifies three options for recovery audit services—recovery audits can be performed (1) within the agency itself, (2) by other U.S. departments and agencies, or (3) by a private sector entity. A-123 added a fourth option: by nonfederal entities that expend federal awards.18 IPERA allows agencies flexibility in the type of contract they use to procure recovery audit services, including contingency contracts, in which private sector contractors receive a percentage of overpayments that the agency is able to collect as payment for their services.19 However, certain types of payments recovered—amounts recovered due to interim improper payments made under ongoing contracts, recoveries from nondiscretionary appropriations, amounts recovered from unexpired appropriations, amongst others—cannot be used to pay contingency fee contracts. In these cases, agencies must establish alternative payment arrangements, such as through appropriations, to pay contractors.

A specific set of requirements and prohibitions governs the use of contracted payment recapture auditing firms. Contractors are required to provide periodic reports to the contracting agency on conditions giving rise to improper payments and recommendations for mitigation of these conditions; notify the agency of identified overpayments, regardless of whether they occurred at the contracting agency or another agency beyond the scope of the contract; and report credible evidence of fraud to the agency and its Office of Inspector General. In addition, contractors must familiarize themselves with agencies' policies and procedures and protect the confidentiality of sensitive financial information that could identify an individual. Payment recapture audit contractors are not prohibited from visiting the property of a payment recapture audit subject, though they cannot compel the production of records or information from the agency's contractors, nor can they act as agents for the federal government in the recovery of funds. Actual collection activities are carried out by federal agencies or nonfederal entities expending federal awards; a payment recapture audit contractor may only perform the collection activity if it is permitted by statute.

A-123 elaborates on IPERA's delineation of the disposition of amounts from unexpired and expired discretionary funds. Overpayments recaptured from unexpired discretionary funds, appropriated after the enactment of IPERA, must be returned to the appropriation from which they were made and not used for any other purpose. Overpayments from mandatory fund accounts, trust fund accounts, or special fund accounts must revert back to those accounts, as well. The distribution of any expired, recaptured discretionary collected amounts may be used to pay contractors for payment recapture services, and to reimburse actual expenses incurred by the agency for the administration of its payment recapture program. Recaptured overpayments that are not used to reimburse agency expenses or pay audit contractors shall be used as follows:

  • Up to 25% may be used for a financial management improvement program.
  • Up to 25% may be used for the original purpose of the funds.
  • Up to 5% shall be available to the agency IG.
  • The remainder shall be credited to the expired account from which the overpayment was made.

IPERA subjects agencies to two payment recapture reporting requirements. First, it requires agencies to report annually on their payment recapture audit programs in their Performance and Accountability Reports (PARs) or Agency Financial Reports (AFRs). OMB's guidance in A-123 on information to be included in these reports is consistent with IPERA, though it adds some additional requirements:

  • a list of programs and activities where it has been determined that conducting a payment recapture audit program would not be cost-effective, and
  • a description and justification of the classes of payments excluded from payment recapture audit review by the agency.

Further guidance on payment recapture reporting is found in Section II of OMB Circular A-136.20 The guidance in A-136 requires agencies to include in their PAR or AFR

  • the dollar amount of cumulative recoveries collected beginning with FY2004;
  • the actions and methods used to recover overpayments;
  • a justification of any overpayments that have been determined to be uncollectible;
  • total overpayments and underpayments; and
  • a summary of the disposition of recovered amounts.

Second, under A-123, agencies using federal employees or external contractors must complete an additional annual report for OMB, the Senate Committee on Homeland Security and Governmental Affairs, and the House Committee on Oversight and Government Reform. That report must contain recommendations from payment recapture auditors on mitigation of conditions that promote overpayments and corrective actions taken by the agency in response to these recommendations. It is due by November 1 each year and should describe recommendations and actions taken by the agency during the previous fiscal year.

Analysis

Agencies have had 14 years to implement improper payment legislation, beginning with the enactment of IPIA in 2002, which established the core requirements of improper payments reduction. IPERA and IPERIA, while enacted more recently, reinforced IPIA's core requirements and expanded agencies' responsibilities to prevent and recover improper payments. The data show that over time, while individual programs have reduced their improper payment rates and amounts, there has been no sustained progress on a government-wide basis, and several programs with billions of dollars in annual improper payments have seen no substantial improvement.

Improper Payments

The data in Table 1 show that the government's improper payment rate of 4.39% in FY2015 is nearly unchanged from the improper payment rate of 4.35% reported in FY2004—the first year of reporting required by IPIA. While the rate has fluctuated over the 11-year period for which data are available, it has equaled or exceeded the FY2004 level for five of the past seven years. The data also show that agencies have made over a trillion dollars in improper payments since IPIA took effect. In FY2015 alone the government made $137 billion in improper payments, the highest amount reported and the seventh consecutive year that improper payments exceeded $100 billion.21

Table 1. Government-Wide Improper Payment
Amounts and Rates (FY2004–FY2015)

($ amounts in billions)

 

Improper Payment Amount ($)

Improper Payment Rate (%)

FY2004

45

4.35

FY2005

38

3.14

FY2006

41

2.91

FY2007

42

2.81

FY2008

73

3.95

FY2009

105

5.42

FY2010

121

5.29

FY2011

115

4.69

FY2012

108

4.35

FY2013

106

3.53

FY2014

125

4.02

FY2015

137

4.39

Total

1,056

-

Source: Improper payment amounts for FY2004-FY2015 in this table were constructed from the Office of Federal Financial Management's improper payments dataset and data published on the PaymentAccuracy.gov website, at https://paymentaccuracy.gov/. Amounts are approximate due to rounding.

Limited Progress with High-Priority Programs

The inability of the government to reduce its overall improper payment rate is partly due to agencies' failure to reduce substantially the error rates for high-priority programs. In some cases, error rates for those programs have actually increased over time. The improper payment rate for the Medicare Fee-for-Service (FFS) program, for example, increased from 5.2% in FY2005 to 12.1% in FY2015, and the amount of improper payments made under the program has more than tripled in that same period of time, increasing from $12 billion to approximately $43 billion.22 Similarly, the improper payment rates have increased for the Unemployment Insurance (UI) program23 and the Supplemental Security Income (SSI) program.24 Other programs have reduced their error rates, but not substantially. The error rate for the Earned Income Tax Credit (EITC) program has decreased from 25.4% to 23.8% in ten years25, Medicaid's error rate has decreased from 10.5% to 9.8% in seven years, and Medicare Part C's error rate has decreased from 10.6% to 9.5% in seven years.26 Given that FFS, EITC, Medicaid, and Medicare Part C alone accounted for $102.1 billion in all improper payments in FY201527—approximately 80% of total improper payments that year—the pace of improvement in the government' overall error rate and amounts may be closely linked to the ability of agencies to address problems in a small number of high-priority programs.

Incomplete Scope

The full scope of improper payments has not been determined because agencies have not yet developed estimates for all of their risk-susceptible programs or are not consistently reporting improper payment rates and amounts. Among these programs are several that have multi-billion dollar outlays and may have annual improper payment amounts in the hundreds of millions to billions of dollars. Federal agencies did not report on five risk-susceptible programs in FY2015, including Temporary Aid for Needy Families, a program administered by the Department of Health and Human Services (HHS) with nearly $17 billion in outlays.28 One of the largest risk-susceptible programs lacking an established improper payment error rate is the EITC, which is administered by the Department of the Treasury. The initial improper payment rate for the EITC, published for FY2004 expenditures, was 24.5%, with total outlays $39.4 billion, resulting in $9.7 billion in improper payments.29 OMB estimates that the FY2015 improper payment rate for the EITC was between 21% and 26%, with a "rough" estimate of improper payments in excess of $15 billion.30 Until these and all other risk-susceptible programs have valid improper payment rates, the extent of the problem will remain unknown.

Non-Compliance with Reporting

To ensure that agencies are setting and reaching goals for improving their error rates, IPERA requires them to publish and meet annual improper payments reduction targets. In FY2014, ten agencies published reduction targets but did not meet them—meaning progress was below expectations—and one agency did not publish a reduction target rate.31 Improper payment reduction targets may be important oversight tools for Congress, as they may be used evaluate agency efforts to make needed changes to their payment processes and policies. If agencies consistently do not meet their targets, then it may indicate that agencies are not implementing new strategies effectively, or that those strategies do not actually address the root causes of improper payments. The absence of published reduction targets may indicate that an agency does not understand what factors are driving the error rate.

Agency Inspectors General (IGs) did not always meet IPERA reporting requirements. Agency IGs are required to include in their agency PAR or AFR a statement on the agency's overall compliance status, and a statement on which IPERA criteria the agency complied with and which it did not. In FY2014, the IGs for the Department of the Interior and the Department of State did not include either statement in their reports; the IGs for the General Services Administration and the Social Security Administration did not report on which criteria their agencies complied with or did not comply with; and the IG for the Department of Transportation did not report on whether DOT was in overall compliance with IPERA.32 This information may be useful for oversight, since it provides a summary of the agency's overall compliance status, as well as details on which provisions of law have been met and which have not. The absence of this information also limits the ability of Congress to compare agencies' implementation status.

Limited Use of the Do Not Pay Databases

IPERIA, as amended, requires agencies to verify recipient eligibility against six databases before issuing payments. OMB is responsible for implementing the DNP initiative, and the Department of the Treasury is responsible for hosting the DNP "working system" that enables agencies to access the six databases in an integrated manner. A recent review of the DNP working system by the Government Accountability Office, however, included a finding that agencies have no access, or only partial access, to three of the six mandatory databases.33 As a consequence, only $680,000 in improper payments was prevented through the use of the DNP working system in FY2015.34 According to GAO, the lack of clear guidance and a comprehensive strategy on the DNP initiative from OMB and Treasury is a key factor in its limited effectiveness.35

Recovery Auditing

IPERA requires agencies to conduct recovery audits for programs and activities with expenditures of $1 million or more, so long as those audits would be cost-effective. If an agency determines it would not be cost effective to establish a recovery audit program, it must identify which programs have received that determination and provide a justification for that decision in its PAR or AFR. IG reports show that these requirements are not being consistently met across the government, which may result in fewer overpayments recaptured and less oversight of risk-susceptible programs.

Some agencies have not yet implemented recovery audit programs as required. To take one example, the Department of Health and Human Services (HHS) did not conduct audit recovery activities for Medicare Advantage (Part C) in FY2015.36 As noted previously, Part C has one of the highest improper payment totals of any federal program, with improper payments exceeding $14 billion in FY2015. HHS said it was unable to find a contractor in time for FY2015, but hopes to have one in place for FY2016.37 Similarly, the U.S. Department of Agriculture (USDA) IG reported that USDA has faced legal and accounting issues which have prevented it from engaging in full-scale recovery audit programs.38 As a consequence, in FY2016, USDA will require compliance with the IPERA recovery audit criteria for all of its programs and activities for the first time.39 The absence of recovery audit programs at HHS and USDA may be an indication that additional guidance or monitoring is needed to ensure agencies are meeting recovery audit requirements, even when they face unexpected circumstances.

In addition, agencies do not consistently report on the programs which they have exempted from recovery audit requirements on the grounds such audits would not be cost-effective. The Department of Housing and Urban Development (HUD), for example, did not include information on the programs it exempted from in its FY2015 PAR.40 The IG determined that HUD lacked a process for ensuring that all of its programs and activities were systematically evaluated for recovery audits.41 As a consequence, Congress does not know the scope of the recovery audit programs exemptions at HUD, nor can it evaluate the justifications used for these determinations. It is not known how many other agencies have not included information on exempted programs.

Fraud Reduction and Data Analytics Act

The Fraud Reduction and Data Analytics Act of 2015 (FRDAA, S. 2133) passed the Senate on April 12, 2016. Companion legislation (H.R. 4180) was reported by the House Committee on Oversight and Government Reform on February 9, 2016. The FRDAA became P.L. 114-186 on June 30, 2016.

The FRDAA requires OMB, in consultation with the Comptroller General, to establish guidelines for agencies to establish financial and administrative controls for (1) identifying and assessing fraud risks, and (2) designing and implementing control activities in order to prevent, detect, and respond to fraud, including improper payments. The act requires that the guidelines include the leading practices identified in a report published by GAO on fraud risk management.42 The financial and administrative controls required to be included are

  • conducting an evaluation of fraud risks and using a risk-based approach to design and implement control activities;
  • collecting and analyzing data to monitor fraud trends and using that data to continuously improve fraud prevention controls; and
  • using the results of monitoring, evaluation, audits, and investigations to improve fraud prevention, detection, and response.

Agencies are required to include in their annual financial reports a discussion of their progress in implementing fraud risk guidance and controls, identifying risks and vulnerabilities to fraud, and establishing strategies and procedures to combat fraud. The reporting requirement applies for the first three fiscal years following the enactment.

The FRDAA also requires OMB to establish a working group to develop strategies to improve the sharing of (1) best practices for detecting, preventing and responding to fraud; and (2) data analytics techniques. The working group is to submit a plan to Congress for establishing an interagency library of data analytics and data sets, which could be used by federal agencies and IGs to facilitate the detection, prevention, and recovery of fraud, including improper payments. The working group is to be composed of the OMB Controller, who would serve as Chairperson, the Chief Financial Officer of each agency, and any other party determined to be appropriate by the OMB Director. The working group also is required to consult with agency IGs, and other experts on fraud risk assessments.

Author Contact Information

[author name scrubbed], Specialist in American National Government ([email address scrubbed], [phone number scrubbed])

Footnotes

1.

P.L. 107-107 is the National Defense Authorization Act of FY2002. Section 831 of P.L. 107-107 is commonly referred to as the Recovery Audit Act of 2002.

2.

Government Accountability Office, Status of Agencies' Efforts to Address Improper Payment and Recovery Auditing Requirements, GAO-08-438T, January 31, 2008.

3.

31 U.S.C. §1532.

4.

IPERA does not define the term "recovery audit."

5.

Office of Management and Budget, OMB Circular A-123, Appendix C (Revised), April 14, 2011, at http://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-16.pdf.

6.

IPERA does not provide a definition for "program" or "activity." OMB guidance on the implementation of IPERA states that "program and activity" is referred to as "program," and programs include grants, benefits, loans, and contract programs. See Office of Management and Budget, OMB Circular A-123, Appendix C (Revised), April 14, 2011, at http://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-16.pdf.

7.

This law repealed that which established initial recovery audit requirements (P.L. 107-107).

8.

Entities may include persons (IPERA at 124 Stat. 2229).

9.

The aging schedule of outstanding amounts shows the amount of overpayments that have been identified through a payment recapture audit program but not yet recovered. Aging typically begins at the time when an overpayment has been detected. For a table template, see Table 4 in Office of Management and Budget, Financial Reporting Requirements, August 3, 2012, p. 157, at http://www.whitehouse.gov/sites/default/files/omb/assets/omb/circulars/a136/a136_revised_2012.pdf

10.

The legislation does not indicate where the report was to be submitted. In the section on reporting the statistically valid estimates, it states that these estimates should be included in the materials accompanying the annual financial statement of the agency. OMB guidance on the implementation of IPERA states that agencies must report annually on their payment recapture program in their Performance and Accountability Reports (PARs) and Agency Financial Reports (AFRs). See Office of Management and Budget, OMB Circular A-123, Appendix C (Revised), April 14, 2011, at http://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-16.pdf.

11.

Agencies report current-year information on recaptured amounts and rates, as well as cumulative recoveries, in their AFRs. OMB Circular A-123 requires agencies to separate reportable information resulting from internal recovery audits from that uncovered by recovery audit contractors.

12.

Office of Management and Budget, Appendix C to Circular A-123, Requirements for Effective Estimation and Remediation of Improper Payments, October, 2014.

13.

OMB uses the term "program" to refer to both programs and activities in Appendix C of A-123.

14.

Recapture activities are designed to identify and recover overpayments identified by a payment recapture audit or post-award audit. A post-award audit is defined in the guidance as a "post-award examination of the accounting and financial records of a payment recipient that is performed by an agency official, or an authorized representative of the agency official." A post-award audit differs from a payment recapture audit in that a post-award audit is conducted to assess compliance with the terms of an award or contract, whereas a recovery audit is intended to identify overpayments.

15.

IPERA's recovery audit provisions are limited to overpayments.

16.

Agencies may also consider the likelihood that expected recoveries will exceed the costs associated with identifying overpayments. This hinges on the availability of tools that can efficiently perform the recovery audits and whether such tools can be employed to identify significant overpayments in lieu of labor-intensive techniques.

17.

Under IPERA, up to 25% of funds recovered through a payment recapture audit program may be dedicated to financial management improvement programs, a portion of which may be distributed to state and local governments for these purposes.

18.

A nonfederal entity is a state, local government, or non-profit organization. Defined in Office of Management and Budget, OMB Circular A-133: Audits of States, Local Governments, and Non-Profit Organizations, June 30, 1997, at http://www.whitehouse.gov/sites/default/files/omb/assets/a133/a133_revised_2007.pdf.

19.

Under these contracts, recoveries must be collected by the agency before payments to contractors are rendered.

20.

Office of Management and Budget, OMB Circular A-136: Federal Financial Reporting Requirements, October 6, 2016, at https://www.whitehouse.gov/sites/default/files/omb/assets/OMB/circulars/a136/a136_revised_2016.pdf.

21.

Office of Management and Budget, About Improper Payments, PaymentAccuracy.gov, at http://www.paymentaccuracy.gov/about-improper-payments.

22.

PaymentAccuracy.gov, at http://www.paymentaccuracy.gov/tabular-data/historical-by-program/186.

23.

Payment Accuracy.gov at https://paymentaccuracy.gov/tracked/unemployment-insurance-ui-2015.

24.

Payment Accuracy.gov at https://paymentaccuracy.gov/tracked/supplemental-security-income-ssi-2015.

25.

Payment Accuracy.gov at https://paymentaccuracy.gov/tracked/earned-income-tax-credit-eitc-2015.

26.

Payment Accuracy.gov at https://paymentaccuracy.gov/tracked/medicaid-2015. https://paymentaccuracy.gov/tracked/medicare-advantage-part-c-2015.

27.

Payment Accuracy.gov.

28.

U.S. Department of Health and Human Services, Administration for Children and Families, Budget in Brief, at http://www.hhs.gov/about/budget/fy2017/budget-in-brief/overview-tables/index.html.

29.

Ibid., p. 24.

30.

PaymentAccuracy.gov, at https://paymentaccuracy.gov/tracked/earned-income-tax-credit-eitc-2015#learnmore.

31.

U.S. Government Accountability Office, Improper Payments: CFO Act Agencies Need to Improve Efforts to Address Compliance Issues, GAO-16-554, June 2014, p. 10, at http://www.gao.gov/products/GAO-16-554.

32.

Ibid., p. 25.

33.

U.S. Government Accountability Office, Improper Payments: Strategy and Additional Actions Needed to Help Ensure Agencies Use the Do Not Pay Working System as Intended, GAO-17-15, October 2016, p. 9, at http://www.gao.gov/products/GAO-17-15.

34.

Ibid., p. 23.

35.

Ibid., p. 26.

36.

U.S. Department of Health and Human Services, Office of Inspector General, HHS Met Many of the Requirements of the Improper Payments Information act of 2002 but did not Fully Comply for FY2015, A-17-16-52000, May 2016, p. 15, at https://oig.hhs.gov/oas/reports/region1/171652000.pdf.

37.

Ibid.

38.

U.S. Department of Agriculture, Office of Inspector General, USDA's FY215 Compliance with Improper Payments Requirements, AR-50024—11, May 2016, p. 20, at https://www.usda.gov/oig/webdocs/50024-0009-11.pdf.

39.

Ibid.

40.

U.S. Department of Housing and Urban Development, Office of Inspector General, Compliance with Improper Payments Elimination and Recovery Act, 2016-FO-0005, May 2016, p. 22, at https://www.hudoig.gov/sites/default/files/documents/2016-FO-0005.pdf.

41.

Ibid.

42.

U.S. Government Accountability Office, A Framework for Managing Fraud Risk in Government Programs, GAO-15-593SP, July 2015, at http://www.gao.gov/assets/680/671664.pdf.