In recent years, Members of Congress have requested that the Offices of Inspector General provide a list of top management challenges facing their agencies. The information below reflects the current challenges we have identified, as of December 8, 2000.
Correct longstanding financial management problems
The Department of Education (ED) must continue to address its longstanding financial management weaknesses. We and the General Accounting Office (GAO) have identified significant weaknesses with the Department's financial management and systems since 1990, when the Chief Financial Officers' Act became law. These weaknesses have prevented the Department from achieving the Government's goals of an unqualified opinion on financial statements and no material internal control weaknesses.
In order to address its financial management weaknesses, the Department reports it has taken a number of actions. For example, as of December 4, 2000, the Department reports that it has completed corrective action on 124 of 139 audit recommendations for the FY 1995 through the FY 1999 financial statement audits. It also reports that it has purchased and is in the process of implementing a new state-of-the-art financial system --Oracle Federal Financials -- and that it has hired new financial managers, brought in experts from the Treasury Department, and enlisted the support of private sector accounting firms. As the Oracle financial system is not fully implemented and the FY 2000 financial statement audit is not yet completed, it is premature to determine the impact these actions will have on the Department's overall financial management.
The audit of the Department's FY 1999 financial statements resulted in a qualified opinion, except for the Statement of Financing, because the Department lacked adequate documentation to support certain amounts reported in net position and to support that certain transactions were recorded in the proper period. This was an improvement over the disclaimer of opinion issued on the Department's FY 1998 Financial Statements. There was a disclaimed opinion on the combined statement of financing because the Department lacked adequate reconciliations and supporting documentation specific to this statement.
In addition, the 1999 Report on Internal Control documented eight weaknesses and the 1999 Report on Compliance with Laws and Regulations documented three instances of noncompliance. For the first time, the Department met the March 1st deadline for submitting the financial statement audit to the Office of Management and Budget (OMB). The Department has prepared consolidated financial statements for FY 2000 and also stand-alone FY 2000 consolidated financial statements for Student Financial Assistance (SFA). The SFA is a performance-based organization (PBO) and is directly responsible for administering the Title IV student financial assistance programs. In terms of dollars reported, SFA is the most significant component of the consolidated Department-wide financial statements. FY 2000 will be the second year that SFA stand-alone financial statements are audited.
The OIG is responsible for ensuring that both the Department's consolidated financial statement and SFA's financial statements are audited in accordance with applicable auditing standards. Both the Department-wide and SFA financial statements were provided to the auditors as scheduled on December 1, 2000. The Department is further along in the process this year primarily because it prepared interim statements as of March 31 and June 30 and set up a Financial Statement Steering Committee. The Department and the OIG are committed to meeting the March 1, 2001, deadline for both audits.
Fully implement the Clinger-Cohen Act
The Clinger-Cohen Act requires agencies to adopt specific practices to improve the management of information technology (IT), including the acquisition, use, and disposal of IT resources. While the Department has made progress since the arrival of the new Chief Information Officer in September 1999, it still has not yet fully implemented three key requirements of the Act relating to capital planning and investment control process, a sound and integrated IT architecture, and information resource management knowledge and skills of agency personnel.
In September 1999, the OIG and the Office of the Chief Information Officer (OCIO) agreed on a corrective action plan to address our 1998 audit recommendations. The OCIO has made progress in this area. For example, the Department established an Investment Review Board (IRB) to better plan and control IT capital investments. However, while the IRB is still in the early stages of implementing its IT investment management processes, the Department needs to ensure that top management will be sufficiently knowledgeable of SFA IT project decision-making, especially for projects that have an enterprise-wide impact. The OIG plans to conduct further reviews on the Department's efforts to implement Clinger-Cohen. We are also in the process of selecting a candidate for a Senior Executive position for an IT audit director to enhance OIG advisory and review efforts in this critical area.
Continue to improve its systems security
The Department reported security management as a material weakness in its 1999 Federal Managers' Financial Integrity Act report and plans to include it again for 2000. Systems security remains a challenge for the Department even though a number of recent changes have been implemented to improve security. The Department's CIO designated a Deputy CIO for Information Assurance and assigned three additional staff members to the IT security area. The Department also established the Information and Critical Infrastructure Assurance Steering Committee.
In February 2000, we issued a report on the security posture, policies, and plans for the Department's 14 mission-critical information technology systems and found significant control weaknesses, including the lack of required security plans, reviews, and awareness training. These weaknesses collectively constitute a significant threat to the security of the Department's IT systems and the data they possess. Since this audit, the Department CIO informed us that the Department expects to complete security reviews for 13 of 14 mission-critical systems by January 1, 2001; a security plan is scheduled to be in place for the 14th system -- EDNet -- by February 1, 2001. The Department CIO has developed and implemented a computer-based security awareness program; he reports that 97 percent of the Department's employees have taken the training and that it will be offered annually to all employees and new hires.
We also issued reports on the Department-wide network (EDNet) and Presidential Decision Directive (PDD) 63 on Critical Infrastructure Protection. Regarding EDNet, we found that the Department can strengthen controls to enhance overall accountability and security. For PDD 63, we found that the Department has not taken sufficient actions to implement this directive and needs to improve its planning and assessment activities for protecting its critical infrastructure. The Department has informed us that it has devoted resources to this effort and plans to submit a comprehensive Critical Infrastructure Protection Plan to the National Critical Infrastructure Office in December 2000. We will perform an annual evaluation of the Department's information security program and practices in FY 2001, as required by recently enacted legislation (P. L. 106-398).
Improve the Department's internal controls
The Department faces continued challenges to design and implement effective internal controls. Internal control is a central component in the management of an organization. It is the responsibility of management to design and implement a strong set of internal controls. As the GAO recently stated, "Internal control serves as the first line of defense in safeguarding assets and in helping detect and prevent waste, fraud and abuse" (GAO 01-104R, Education's FY 1999 Financial Management Weaknesses, October 16, 2000, page 9).
At the request of the Department, in October 2000 we completed an examination of the Department's internal control over its purchase card and third party draft programs. We found that the Department's established control activities for these programs were not always followed. The Office of the Chief Financial Officer (OCFO) needs to complete an effective reconciliation of the monthly Department-wide purchase card statement. In the third party draft program, we noted deficiencies in the Department's internal controls over the printing, signing, and monitoring of drafts, and supporting documentation for some transactions. We provided the Department with several recommendations, and the Department concurs with our findings and has provided us with a corrective action plan to address our recommendations.
We also conducted an audit of the Department's controls over cellular telephones. We found weaknesses in controls over cellular phone purchases and management, including inventory processes, vendor selection, and billing procedures. The Department concurred with our findings and recommendations and has planned actions to begin addressing the issues.
We will also conduct a review of the Contracting Officer's Technical Representative (COTR) operation. COTRs act as technical liaisons between the Department's contracting officers and individual contractors and augment the contracting officer's and contract administrator's roles. We will evaluate whether COTRs are receiving proper training and performing assigned responsibilities.
Our audit work is in addition to our investigative efforts. We have testified several times before House committees on the status of two investigations. One case involved Impact Aid funds fraudulently wired in March and April 2000 from the Federal Reserve to improper bank accounts. To date, the Department has recovered $1,718,696 of the $1.9 million that was fraudulently transferred. The second case involves the purchase of equipment with federal funds for non-business related purposes, hours charged to the Department for hours not worked, and the receipt of goods purchased with federal funds for personal use. To date, seven people have pled guilty. We expect further action on both cases. Department management has fully cooperated with both investigations.
Define the role of the Performance-Based Organization
The development of a performance-based organization (PBO) as a discrete management unit reporting to the Secretary, to manage the operations of the Student Financial Assistance programs, is a challenge. The Office of Student Financial Assistance, formally within the Office of Postsecondary Education (OPE), was designated as the PBO in December 1998 and renamed Student Financial Assistance (SFA). While the legislation creating the PBO implies independence, the degree of independence remains unclear. It is essential that the Department and the PBO work in cooperation to assure that roles and responsibilities in several key operational areas are established and followed. Some examples of coordination challenges include the following.
- Upon the creation of the PBO in December 1998, the responsibility for the promulgation of regulatory program policy remained in the PBO. Early in 1999, this responsibility was transferred to, and managed directly from the Office of the Deputy Secretary. In January 2000, however, this responsibility was reassigned to OPE although the staff that perform the technical regulatory drafting remain in the PBO. Public negotiated rulemaking (required by the Higher Education Amendments (HEA)) could be confusing because the Department's negotiators are from OPE, while the staff drafting the regulations remain in the PBO under the direction of OPE. It is also unclear when technical assistance by the PBO becomes policy interpretations under the purview of OPE.
- The PBO was provided with certain procurement flexibilities, but still must adhere to the Federal Acquisition Regulations (FAR). The PBO initially established an acquisition staff to work with the Department's Contracts and Purchasing Office on SFA procurement. Although the PBO continued to utilize this office to perform operational contracting activities, the PBO has now established an independent contracting function. However, the Department's General Counsel has pointed out that the FAR requires a delegation from the operating head -- the Secretary -- for contracting functions and that no such delegation has been made to the PBO. Accordingly, the PBO must coordinate with the office to which such a delegation has been made -- OCFO's Contracts and Purchasing Office. Discussions on this matter are ongoing.
- The PBO has established its own OCIO. It is important that the Department's OCIO and the PBO's OCIO work closely on addressing IT issues. For example, the PBO has established an Investment Review Board in addition to the Department's Investment Review Board. This area will need continued attention to ensure that coordination is successful, especially in the area of computer security, given their shared IT infrastructure. In addition to a memorandum of direction from the Deputy Secretary to the Chief Operating Officer (COO) of SFA and to the Department's CIO, the Department needs to ensure that top management will be sufficiently knowledgeable of SFA IT project decision-making.
- One of the four material weaknesses in the FY 1999 Financial Statement Audit for SFA is that SFA needs to improve communication and coordination efforts for financial management. This is important because the SFA CFO and the Department's CFO are dependent on each other to prepare and support financial statements. SFA relies on the Department's CFO systems and processes for compiling the financial statements and the Department's CFO relies on SFA to provide key data for inclusion in the financial statements. The Financial Statement Steering Committee, established for the audit of FY 2000 statements, is intended to address communication and coordination challenges. The OIG is responsible for performing the audits of both sets of financial statements.
Obtain Appropriate Performance Measurement and Quality Data for Government Performance and Results Act Reporting
Reporting requirements under the Government Performance and Results Act (GPRA) present two significant challenges to the Department: to ensure the correct measures were selected to appropriately focus on program performance, and to ensure the source of the data for the measures is of sufficient quality.
The OIG has made reviewing GPRA in the Department an ongoing priority. For each job in our work plan, we will determine whether there are established GPRA goals and indicators relevant to the objectives and scope of our work. If GPRA goals and indicators are present, we will evaluate them, as appropriate. We will also consider the absence of goals and indicators and, if appropriate, make recommendations for their inclusion. At the Department's request, we also recently reviewed the Department's process for preparing the performance report.
Both the Department and the GAO have identified the availability of quality data as a concern. The Department's annual plans have noted that the lack of integration of SFA systems and its heavy dependence on external systems hampers its ability to provide timely and accurate information. GAO included the lack of quality data in its January 1999 report on Department of Education challenges. In that report, GAO noted that the absence of information often results from the nature of the programs themselves. SFA reports it has made the improvement of data quality a major initiative, for example, in the National Student Loan Data System.
Implement Student Financial Assistance's Modernization Blueprint and Performance Plan
SFA is in the process of developing and implementing its systems Modernization Blueprint, which is intended to streamline and integrate its student financial aid systems. Managing the implementation of the Blueprint will be a significant challenge for SFA and will largely depend on its ability to re-engineer processes and modernize its systems. The Blueprint describes the future business requirements, business and technical architecture, and sequencing plan that SFA will use to transform the financial aid systems using leading edge technology. SFA is continually in the process of updating its Blueprint. On three occasions, we have reviewed and commented on the development of the SFA Modernization Blueprint, and we included additional work in this area in our current work plan.
Another challenge for SFA is to ensure that the implementation of the five-year performance plan meets SFA's responsibilities as required by the HEA in four key areas: improve services including making programs more understandable to students and their parents, reduce costs, improve and integrate support systems, and deliver accurate and timely information systems.
The legislation creating the PBO requires the Chief Operating Officer for the PBO and the Secretary to agree on, and make available to the public, a performance plan for the PBO for the succeeding five years that establishes measurable goals and objectives for the organization. Our comments on drafts of the performance plan have focused on whether the plan adequately addressed the following areas: statutory reporting requirements under the HEA and the GPRA, the unit cost calculation, the measures for both customer and employee satisfaction, and balance between customer service and program integrity. The text of the first-year plan was never finalized. The COO of SFA has a signed performance agreement with the Secretary with three goals relating to customer satisfaction, employee satisfaction, and cost reduction.
The HEA specifically requires the PBO to adhere to the GPRA. The PBO has taken the position that their five-year performance plan is sufficient for their reporting responsibilities under the GPRA. In response to our comments on the PBO plan, that it does not include goals or measures to ensure program integrity, SFA reports that for FY 2001, it has included program integrity as one of its basic goals.
Move to a paperless environment
The Department must implement the Government Paperwork Elimination Act (GPEA) which requires it to move to electronic government by October 21, 2003. The GPEA specifically requires agencies, when practicable, to provide individuals or entities the option to submit information or transact with the agency electronically and to maintain records electronically. It also encourages the use of a range of electronic signature alternatives. The purpose of GPEA is not simply to replace paper transactions with electronic ones. Agencies should use the GPEA planning process to undertake a re-engineering of its business processes and use IT to improve program operations and achieve cost savings. Implementation of GPEA should also ensure adequate controls to prevent waste, fraud, and abuse.
The challenge to the Department will be to provide resources for the GPEA effort necessary to achieve results. The Department will require specialized expertise to undertake business process re-engineering and IT system analysis, design and cost estimation. Program offices will also have to devote considerable resources to this effort, while maintaining current operations. The Department has not been provided with separate budgetary resources to fund the GPEA effort.
Agencies were required to develop and submit to the OMB by October 2000 a plan that provides for implementation of GPEA by October 2003. On October 31, 2000, the Department submitted to OMB an initial plan for GPEA implementation.
Balancing Compliance Monitoring and Technical Assistance in the Oversight of Education Programs
Balancing compliance monitoring and technical assistance in the oversight of federal education programs is a challenge for the Department as it strives to meet the needs for both accountability and flexibility. Compliance monitoring and technical assistance are two methods of providing oversight of federal education funds. Compliance monitoring entails reviewing the administration of elementary and secondary education programs, student financial assistance programs, and other programs to ensure compliance with federal laws and regulations. Technical assistance involves providing advice and guidance on the use of federal funds and making program improvements. Over the past few years, the Department has emphasized technical assistance as a means of providing oversight. The Department can enhance oversight and program integrity by strengthening compliance monitoring and balancing this component with technical assistance.
Elementary, Secondary, and Higher Education Programs
The challenge to balance compliance monitoring and technical assistance was addressed in our 1999 report entitled An OIG Perspective on the Reauthorization of the Elementary and Secondary Education Act (ESEA). In this report, we observed that the most common audit finding related to weaknesses in the oversight of elementary and secondary programs. Over half of the single audits we reviewed reported that state education agency oversight of local education agencies was unsatisfactory. We are performing an audit on the federal and state-level monitoring of formula grant programs and another audit on the monitoring of discretionary grant programs.
The Department recognized the need for compliance monitoring for reauthorizing ESEA. We have also been advised that the Office of Elementary and Secondary Education has developed a monitoring instrument that will be used during integrated reviews at states, that merges compliance monitoring and technical assistance.
As the result of compliance concerns in the Virgin Islands, our office recently worked with the Department as the Department placed a number of conditions on the Virgin Islands' fiscal year 2000 grants. Oversight over the Virgin Islands Department of Education's (VIDE) administration of Departmental funding has previously been minimal, the Single Audit reports have historically been late, and in 1996 and 1997 no single audits were performed. Currently, we are performing audit survey work on the Individuals with Disabilities Education Act, Parts B and C grants to the VIDE, and expect that this and other work will continue into future fiscal years due to the scope and severity of the problems identified.
Similar concerns exist for Puerto Rico. Their single audits have also been historically late; the 1997 single audit report was issued in February 2000 and the 1998 and 1999 single audit reports have not yet been submitted to the Department. Recent OIG audits of the Safe and Drug-Free School Governor's Program and the Even Start program found major deficiencies in the Puerto Rico Department of Education's (PRDE) cash management and contract administration. We found that the PRDE held funds for over one year before disbursing to sub-recipients and they severely delayed signing contracts with schools, resulting in teachers not being paid and schools ceasing programs.
Student Financial Assistance Programs
The SFA programs continue to be at high risk for fraud and abuse by outside parties perpetrating fraud on the Department. Therefore, program monitoring and enforcement continue to be vital to program integrity. The PBO has selected improving customer satisfaction as one of three goals to measure its performance as part of its five-year plan required by the HEA. An integral part of this goal is providing technical assistance to all customers. Case Management and Oversight (CMO), the PBO division responsible for oversight monitoring and enforcement of SFA laws and regulations when schools fail to comply, is also responsible for providing technical assistance to schools participating in the SFA programs. Therefore, establishing an acceptable balance between technical assistance and monitoring and enforcement is critical for the integrity and accountability of the SFA programs.
In our most recent Semiannual Report to Congress, we discussed three audit reports that cited significant deficiencies in CMO's oversight of schools. Deficiencies noted include a significant decrease in program reviews, lack of enforcement on schools for untimely submission of annual compliance audit reports, and an ineffective process for recertifying foreign schools eligibility in SFA programs. CMO has provided corrective action plans to these audits and states that it will improve its risk-based approach. CMO will continue to split its focus between compliance and technical assistance and has included in its performance goals increasing program reviews.
Obtain income verification from the Internal Revenue Service
Implementation of a match with the Internal Revenue Service (IRS) would provide assurance that applicants accurately reported income on the Free Application for Federal Student Aid (FAFSA). Based on results from an OIG audit and numerous investigations, we recommended that the Department be permitted to verify with the IRS the income information reported by students and their parents on the FAFSA. Income and dependency elements are critical in calculating the expected family contribution needed to compute eligibility for student aid.
The Congress provided the Department with the authority to confirm with the IRS the adjusted gross income, Federal income taxes paid, filing status and exemptions reported by applicants (including parents) on their Federal income tax returns for the purpose of verifying the information reported by applicants on FAFSA (Higher Education Act Amendments of 1998, P.L. 105-244).
While the Department has attempted to implement this authority, negotiations with the IRS have not been successful. The IRS is of the opinion that corresponding statutory changes must be made to the IRS Code (26 USC ??6103) before they can agree to the verification match. The IRS is concerned with protecting applicants' privacy of income data. We have noted this data must already be reported on the FAFSA to qualify for student aid. While the matter has been discussed between the Department, the IRS, and OMB, it appears that action by the Congress will be necessary to make this critical verification of income a reality.
In the interim, the Department has amended the FAFSA to include a warning on the FAFSA that the income information is subject to verification with the IRS and to require the parent's Social Security number for dependent students. Also, the Department negotiated and performed two sample matches with the IRS during 2000 to obtain statistical data to better target the current sample selection of FAFSAs for the verification process, which requires applicants to provide copies of tax returns to their schools. The Department also reports it now conducts data matches with the Social Security Administration and the Department of Veterans Affairs to ensure program integrity. However, the Department, the schools, and the OIG must continue to use resource intensive after-the-fact methods to identify improper payments of Pell Grants and to attempt recovery, rather than the more technologically efficient upfront prevention of improper payments the IRS match would provide.