LegiStorm

What GAO Found

The Department of Energy (DOE) developed a process to assess its programs for risks of improper payments, but its assessments do not fully evaluate risk. To comply with the Improper Payments Elimination and Recovery Act of 2010 (IPERA), in fiscal year 2011, DOE directed its programs to develop risk assessments using eight qualitative risk factors, such as recent major changes in program funding, and report quantitative information on improper payments. GAO found that 26 of 55 programs did not prepare risk assessments in 2011 and that the quantitative information reported, including the estimated amount of improper payments, was not reliable because, for example, it did not include information for all programs. In reviewing DOE's 2011 risk assessments, GAO also found the following:

DOE did not always include a clear basis for risk determinations . At least 6 of the 29 programs that prepared risk assessments did not take into account the eight qualitative risk factors, making the basis of their risk determinations unclear. At most, the assessments for 23 programs took into account the risk factors. However, support for their determinations varied widely, and some did not contain enough information to identify how the program arrived at its risk determination, which is inconsistent with federal standards for internal control. DOE's guidance directs personnel to prepare a risk assessment that considers these eight factors but does not provide further direction on what to include. Absent such direction, DOE personnel may not have a consistent understanding of how to complete their risk assessments.

DOE did not fully evaluate other relevant risk factors . DOE's risk assessments did not fully evaluate other relevant risk factors, such as weaknesses in key controls for preventing and detecting improper payments—including inadequate subcontractor oversight. GAO found that some risk assessments included information from internal control evaluations, but many did not. DOE guidance does not instruct personnel to consider weaknesses in key controls for preventing and detecting improper payments. Without providing specific examples of other relevant risk factors in guidance and directing personnel to consider them when performing risk assessments, DOE will not have reasonable assurance that each of its programs fully evaluates risks.

Based on its 2011 assessments, DOE was not required under IPERA to prepare risk assessments or report on the amount of improper payments in 2012 and 2013. However, not fully considering program risks in its 2011 assessments and including unreliable data raises questions about whether the 2011 assessments were reliable.

Improper payments are a significant problem in the federal government. To address this problem, IPERA requires that federal agencies review their programs and identify those that are susceptible to significant improper payments—a process known as a risk assessment. DOE's history of inadequate management and oversight of its contractors led GAO to designate DOE's contract management as a high-risk area vulnerable to fraud, waste, abuse, and mismanagement. However, DOE reported that it does not have any programs susceptible to significant improper payments.

GAO was asked to review DOE's internal control environment, as it relates to IPERA, to determine whether the department was at low risk for significant improper payments. This report examines the extent to which DOE assessed its programs' risks for improper payments in fiscal years 2011 through 2013.

GAO reviewed IPERA, analyzed all risk assessments and related information for this period, and interviewed DOE officials and six contractors selected to represent the types of contractor payments made.

GAO recommends that DOE take steps to improve its risk assessments including revising guidance on how programs are to address risk factors and providing examples of other risk factors likely to contribute to improper payments and directing programs to consider those factors. DOE concurred with GAO's recommendations.

For more information, contact David C. Trimble at (202) 512-3841 or trimbled@gao.gov.