This is the accessible text file for GAO report number GAO-02-406 entitled 'Education Financial Management: Weak Internal Controls Led to Instances of Fraud and Other Improper Payments' which was released on March 28, 2002. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States General Accounting Office: GAO: Report to Congressional Requesters: Education Financial Management: Weak Internal Controls Led to Instances of Fraud and Other Improper Payments: GAO-02-406: Contents: Letter: Results in Brief: Background: Objectives, Scope, and Methodology: Controls over Grants Disbursement Process Failed to Detect Certain Improper Payments: Controls Over Third Party Draft Process Were Ineffective: Poor Controls over Government Purchase Cards Resulted in Some Fraudulent, Improper, and Questionable Purchases: Poor Controls Contributed to Loss of Computer Equipment: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendixes: Appendix I: Description of Grant and Loan Programs Reviewed: Appendix II: Objectives, Scope, and Methodology: Appendix III: Comments from the Department of Education: Appendix IV: GAO Contact and Staff Acknowledgments: Tables: Table 1: Fiscal Year 2000 Disbursements by the Department of Education: Table 2: Amounts of Potentially Improper Payments Initially Identified and Disposition of Those Amounts after Review of Supporting Documentation: Table 3: Description of Programs and Amounts Disbursed: Abbreviations: COD: Common Origination and Disbursement: CPS: Central Processing System: ESL: English as a second language: FMSS: Financial Management System Software: FRB: Federal Reserve Bank: GAPS: Grant Administration and Payment System: GSA: General Services Administration: LOS: Loan Origination System: MCC: Merchant Category Code: OCFO: Office of the Chief Financial Officer: OCIO: Office of the Chief Information Officer: OIG: Office of Inspector General: RFMS: Recipient Financial Management System: SSA: Social Security Administration: SSN: social security number: Y2K: Year 2000: [End of section] United States General Accounting Office: Washington, D.C. 20548: March 28, 2002: The Honorable Pete Hoekstra: Chairman: Subcommittee on Select Education: Committee on Education and the Workforce: House of Representatives: The Honorable Charlie Norwood: House of Representatives: The Department of Education has a history of financial management problems, including serious internal control weaknesses, which have affected Education's ability to provide reliable financial information to decisionmakers both inside and outside the agency and to maintain the financial integrity of its operations. Because of this, we have designated Education's student financial assistance programs as a high- risk area for waste, fraud, abuse, and mismanagement.[Footnote 1] Given the billions of dollars in payments made by Education each year to recipients nationwide and abroad, these known deficiencies raise the risk that fraudulent or erroneous payments could make their way undetected through Education's processes. In January 2002, three employees pleaded guilty to a scheme in which they defrauded the department of more than $1 million during the 1990s, and, in 2000, the department reported that $1.9 million meant for two school districts in South Dakota was fraudulently wired to improper bank accounts. Given this risk, you requested that we audit selected disbursement processes at Education that are particularly susceptible to waste, fraud, and abuse. Specifically, you asked us to assess the adequacy of internal controls over (1) grant and loan disbursements, (2) third party drafts,[Footnote 2] and (3) government purchase cards, and to determine if any fraudulent or otherwise improper payments were made in these areas. You requested that we cover the period May 1998 through September 2000 during which time Education disbursed $181.5 billion through these processes—-$181.4 billion in grants and loans, $55 million in third party drafts, and $22 million in purchase card transactions. You also asked that we look at physical controls over computer equipment purchased with third party drafts and purchase cards. Our work built upon earlier work done by Education's Office of Inspector General (OIG) in which the OIG identified weaknesses in the department's third party draft and purchase card processes. Last year we testified twice[Footnote 3] and made several recommendations to address the key findings discussed in our testimonies. We also provided two interim briefings on the status of our ongoing work. This report provides the final results of our work. Results in Brief: Significant internal control weaknesses in Education's payment processes and poor physical control over its computer assets made the department vulnerable to and in some cases resulted in fraud, improper payments, and lost assets. We identified several instances of fraud in the grant and loan areas and pervasive control breakdowns and improper payments in other areas, particularly involving purchase cards. Further, because of the risks we identified in the third party draft process, Education eliminated their use. Controls over grant and loan disbursements did not include a key edit check or follow-up process that would help identify schools that were disbursing Pell Grants to ineligible students. Our tests and follow-up investigation identified 3 schools that fraudulently disbursed about $2 million of Pell Grants to ineligible students. Previously, we had investigated 2 of these schools for similar activity. We also identified 1 school that improperly disbursed $1.4 million of Pell Grants to ineligible students. We have formally referred the results of our investigation of these 4 schools to Education's Inspector General. In addition, we identified 31 other schools with disbursements totaling $1.6 million with similar characteristics that we referred to Education for follow-up. Further, we found other grant and loan payments totaling $12 million that were potentially fraudulent or otherwise improper. However, because Education did not provide adequate supporting documentation, we were unable to determine the validity of these transactions or conclude on the effectiveness of the related edit checks. While the amount of improper and potentially improper grant and loan payments we identified is relatively insignificant compared to the billions of dollars disbursed for these programs annually, it represents a control risk that could easily be exploited to a greater extent. Significant internal control weaknesses over Education's process for third party drafts markedly increased the department's vulnerability to improper payments. Although segregation of duties is one of the most fundamental internal control concepts, we found that some individuals at Education could control the entire payment process for third party drafts. We also found that Education employees circumvented a key computer system application control designed to prevent duplicate payments. We tested third party draft transactions and identified $8.9 million of potential improper payments, $1.7 million of which remain unresolved because Education was unable to provide us with adequate supporting documentation. Because of the risks we identified in the third party draft payment process, and in response to a letter from the Chairman and Vice-Chairman of the Subcommittee on Select Education, House Committee on Education and the Workforce, Education took action in May 2001 to eliminate the use of third party drafts. We found that Education's inconsistent and inadequate authorization and review processes for purchase cards, combined with a lack of monitoring, created an environment in which improper purchases could be made with little risk of detection. Inadequate control over these expenditures, combined with the inherent risk of fraud and abuse associated with purchase cards, resulted in fraudulent, improper, and questionable purchases totaling about $686,000 by some Education employees. For example, one employee made improper charges totaling $11,700 for herself and a coworker to attend college classes that were unrelated to their jobs at the department. In another example, we identified almost $287,000 in questionable purchases for new office furniture and renovation costs related to interim space that was to be vacated. Further, Education could not provide any support for $152,000 of additional purchases and does not know what was acquired with these funds. Education also lacked adequate internal controls over computers acquired with purchase cards and third party drafts, which contributed to 241 missing personal computers and computer equipment with an acquisition cost of about $261,500. After we completed our work in this area, we again visited the office where most of the computer equipment was missing because Education officials told us they had located some of the missing inventory. Although Education officials stated they found 73 pieces of equipment, we were able to locate only 62 pieces of the equipment with an acquisition value of about $49,800. Education officials have been unable to locate the remaining 179 pieces of missing computer equipment with an acquisition value of about $211,700. Segregation of duties, one of the most fundamental internal controls, was lacking in the office where most of the missing equipment was purchased. In addition, according to Education's Inspector General, the department had not taken a comprehensive physical inventory of all property, including computers, for at least 2 years. Further, Education did not record almost $400,000 of computer purchases in its property records. These weaknesses created an environment in which computer equipment could be easily lost or stolen without detection. Education's Inspector General is investigating the disappearance of these vulnerable assets. During our review, Education made several changes to policies and procedures over disbursements to improve internal controls and program integrity. While these changes are positive steps, in many cases they have not been effectively implemented. Therefore, many of the risks we identified continue to exist. For example, Education developed a new approval process for its purchase card program; however, our testing of 3 months of purchase card statements under the new process found that over 20 percent lacked proper support for the items purchased. Management commitment to improving internal controls is necessary to minimize Education's vulnerability to future improper payments and lost assets and to improve financial management in general. This report makes recommendations that, if fully implemented, will help the department improve its controls so that fraudulent and otherwise improper payments can be prevented or detected in the future and vulnerable assets can be better protected. In commenting on a draft of this report, the Deputy Secretary generally agreed with our findings and recommendations and said that Education is developing a formal corrective action plan to address each of our recommendations. Background: The Department of Education's mission is to ensure equal access to education and to promote educational excellence throughout the nation. Education does this, in part, by disbursing billions of dollars each year in grants and loans to school districts, state education agencies, organizations, and individuals. Appendix I describes the various grant and loan programs and the amounts disbursed for these programs during the period we reviewed. In supporting its mission, Education also paid close to a billion dollars in fiscal year 2000 to various contractors and vendors for goods and services, including computers and supplies. Education used various payment methods for these expenses, including third party drafts and government purchase cards. The following table shows the amounts disbursed in fiscal year 2000 for the various grant and loan programs and the amount of expenses paid by third party drafts and government purchase cards. Table 1: Fiscal Year 2000 Disbursements by the Department of Education: Disbursement type: Grants and loans; Amount disbursed in fiscal year 2000: $45.5 billion. Disbursement type: Third party drafts; Amount disbursed in fiscal year 2000: $23 million. Disbursement type: Purchase cards; Amount disbursed in fiscal year 2000: $8 million. [End of table] Payments for Grants and Loans: Education funds for various grants go directly to the recipients—state education agencies, schools, individuals, and school districts—and are to be used by the recipients for the stated purposes. Education disburses funds for Pell Grants and direct loans, which help finance the higher education of millions of students, directly to schools. [Footnote 4] The schools are responsible for determining student eligibility for these funds and for disbursing the grants and loans to students. The disbursement process for these grants and loans relies extensively on various computer information systems within Education and their related computer application controls.[Footnote 5] Each student applying for federal financial aid must complete an application form, either electronically or on a paper copy. This application includes information that is used to determine eligibility. The application information goes directly into Education's Central Processing System (CPS) if submitted electronically, or to a contractor for data entry into CPS if a paper copy is submitted. CPS matches the student data against several databases at other agencies, such as the Social Security Administration (SSA), the Immigration and Naturalization Service, the Selective Service System, and the Department of Veterans Affairs Errors can occur if the student submits wrong information or the information on the application was not entered correctly in CPS. If discrepancies are found, the application is rejected or identified for follow-up. Generally, the school to which the student applied must have correct data before it can disburse federal Education funds to the student. However, the school can disburse funds to the student without waiting for submitted corrections to be processed in the system. Third Party Drafts: Third party drafts are check-like instruments drawn on and paid by a financial institution or outside contractor. Agencies receive the drafts from the institution or contractor that maintains the agency account and may use them as an alternative to imprest funds. Education originally used third party drafts to pay field readers—non-Education employees who review grant applications. By May 1999, Education's policy allowed the use of third party drafts to pay for a wide variety of other expenses including employee local travel reimbursements, fuel and maintenance for government vehicles, and other "small purchases." The Executive Officer in each of Education's principal offices determined who had signature authority. Third party drafts could be issued for up to $10,000—a limitation that is printed on the face of each draft. Following our April 2001 testimony before the Subcommittee on Select Education, and in response to a letter from the Chairman and Vice-Chairman of the subcommittee, Education took action in May 2001 to eliminate the use of third party drafts. Purchase Cards: Government purchase cards, a type of credit card, are available to federal agencies under a General Services Administration (GSA) contract and are to be used to make small purchases with minimal paperwork. The Department of the Treasury requires agencies to establish approved uses and limitations on the types of purchases and dollar amounts. During the period of our review—May 1998 through September 2000—Education's purchase card program was operating under a policy dated March 1990. This policy stated that purchase cards could be used to buy various small items such as supplies not available from the GSA Customer Supply Center. The policy prohibited purchases for nonexpendable property, such as desks, chairs, tables, and personal computers. Education's purchase card policy stated that an approving official was to ensure that all credit card transactions were for authorized Education purchases and in accordance with departmental and other federal regulations. The approving official signified that a cardholder's purchases were appropriate by reviewing and signing monthly statements. Education's 1990 written policy did not establish specific dollar limits for either the cumulative purchases in a given month or the total for a single purchase, known as the monthly purchase limit and single purchase limit, respectively. As of January 2001, single purchase limits for individual cardholders, which were established by each principal office, ranged from $500 to $80,000, and their monthly limits ranged from $1,500 to $300,000.[Footnote 6] Currently, both single and monthly limits range from $500 to $30,000. Bank of America currently services the purchase card program at Education. Computer Purchases: During the time frame of our review, each individual principal office made its own purchases of computers and related equipment on a decentralized basis. There were no established policies that required approvals from the Office of the Chief Information Officer (OCIO). In July 2000, Education issued new written procedures for computer asset management. The procedures state that a new position, asset manager, will be established in OCIO. The procedures further state that principal offices are required to use only vendors approved by the department. Education is to request that these vendors bar code equipment before delivering it to the department with bar codes provided by the new asset manager. Vendors are to electronically submit a list of equipment with serial numbers and bar codes, which will be entered into the new Asset Management System before the equipment is delivered. The new procedures also modify procedures for controlling computer equipment that leaves any Education building. Security guards are to verify that anyone taking computer equipment from the building has been authorized to do so and has an appropriate property pass. Internal Control: Internal control is a major part of managing an organization. As mandated by the Federal Managers' Financial Integrity Act of 1982, the Comptroller General issues standards for internal control in the federal government.[Footnote 7] These standards provide the overall framework for establishing and maintaining internal control and for identifying and addressing major performance and management challenges and areas at greatest risk of fraud, waste, abuse, and mismanagement. According to these standards, internal control comprises the plans, methods, and procedures used to meet missions, goals, and objectives. Internal control is the first line of defense in safeguarding assets and preventing and detecting fraud and errors. Internal control, which is synonymous with management control, helps government program managers achieve desired results through effective stewardship of public resources. Control activities are the policies, procedures, techniques, and mechanisms that enforce management's directives and help ensure that actions are taken to address risks. Control activities are an integral part of an entity's planning, implementing, reviewing, and accountability for stewardship of government resources and achieving effective results. They include a wide range of diverse activities. Some examples of control activities include controls over information processing, physical control over vulnerable assets, segregation of duties, proper execution of transactions and events, and access restrictions to and accountability for resources and records. Management should design and implement internal control based on the related costs and benefits. No matter how well designed and operated, internal control cannot provide absolute assurance that all agency objectives will be met, and thus, once in place, internal control provides reasonable, not absolute, assurance of meeting agency objectives. Objectives, Scope, and Methodology: The objectives of our review were to assess internal controls in place from May 1998 through September 2000 and to identify any fraudulent or otherwise improper payments that may have resulted from control weaknesses in Education's processes for (1) disbursing grants and loans, (2) paying for purchases with third party drafts, and (3) use of government purchase cards. In addition, our objective was to assess Education's physical controls over its computer equipment from May 1998 through September 2000 and identify any effects of weak controls. Further, at your request, we assessed the effectiveness of recent changes to Education's process for purchase card purchases, which took effect in July 2001 following our testimony before the subcommittee. To identify and assess internal controls over Education's (1) disbursement process for grants and loans and (2) processes for paying for purchases with third party drafts and government purchase cards, we obtained an understanding of the processes, interviewed staff and officials in the Office of Chief Financial Officer (OCFO) and program offices, and performed walk-throughs of the processes. We also reviewed Education's policies and procedures and reviewed our own reports and those by Education's OIG and independent auditors. To identify potential improper payments, we requested and obtained payment data and other supporting data from Education[Footnote 8] and sources external to the department, including SSA, Rocky Mountain Bank, and Bank of America; contracted with forensic and information risk management experts; and used an automated approach, including database searches, file comparisons, and other detailed analyses, to identify unusual transactions and payment patterns that may be improper. For those payments that we identified as potentially improper, we requested and analyzed supporting documentation to assess their propriety. To assess Education's controls over computer equipment, we conducted an unannounced search for computers and their related components that were purchased with government purchase cards and third party drafts and were not included in Education's asset management system inventory To assess the effectiveness of recent changes in Education's process for approving purchase card purchases, we reviewed a statistical sample of cardholders' monthly statements for July, August, and September 2001. While we identified some fraudulent and improper payments, our work was not designed to identify all fraudulent or otherwise improper payments throughout the department. Appendix II provides further details on our scope and methodology. We conducted our work from August 2000 through February 2002, in accordance with generally accepted government auditing standards, as well as with investigative standards established by the President's Council on Integrity and Efficiency. We requested comments on a draft of this report from the Secretary of Education or his designee. Written comments were received from the Deputy Secretary and are reprinted in appendix III. Controls over Grants Disbursement Process Failed to Detect Certain Improper Payments: Education's grant and loan disbursement process relies on computer systems application controls, or edit checks, to help ensure the propriety of payments. We focused our review on these edit checks and related controls because they are key to helping prevent or detect improper payments in an automated process. In our testing of the effectiveness of Education's controls, we found that the department lacked a key edit check and follow-up process that would help identify schools that were disbursing Pell Grants to ineligible students. As a result of our tests and follow-up investigation, we identified 3 schools that fraudulently disbursed about $2 million of Pell Grants. These schools produced fraudulent documentation to support the grants. We also identified another school that improperly disbursed about $1.4 million of Pell Grants to ineligible students. In addition, we identified 31 other schools with similar characteristics that we referred to Education for follow-up.9 In testing whether existing edit checks were working effectively or whether additional edit checks were needed, we found other grant and loan payments that were potentially improper. However, because Education did not provide adequate supporting documentation, we were unable to determine the validity of these transactions or conclude on the effectiveness of the related edit checks. We also found that a system used in the loan origination process contained erroneous data on some students that could affect the ability of the department to collect those student loans. In April 2002, Education plans to implement a new grant and loan disbursement system designed to improve controls and reduce the risk of future improper grant payments. Education Lacked a Key Edit Check and Follow-up Procedures: Education's CPS for student aid applications lacked an edit that would identify students who were older than would typically be expected. In addition, the department lacked a formal, systematic process to follow up on unusual disbursement patterns identified by such an edit. To identify improper payments that may have resulted from the absence of these controls, we identified schools that disbursed Pell Grants over multiple years to students 70 years of age or older. We chose to test for students of this age because we did not expect large numbers of older students to be receiving Pell Grants.[Footnote 10] We identified 707 schools that had disbursed more than 4,500 Pell Grants totaling about $7 million to students 70 years of age and older during the period covered by our review. Based on the initial results of our test and because of the problems we had identified in the past,[Footnote 11] we decided to expand our review of 7 of the 707 schools that had disproportionately high numbers of older students to include recipients 50 years of age or older.[Footnote 12] Our Office of Special Investigations investigated 4 of these 7 schools and found that they disbursed approximately $3.4 million in Pell Grants to ineligible students during this period. [Footnote 13] These students were ineligible because their primary course of study was English as a second language (ESL), and they were not seeking degrees or certificates.[Footnote 14] Further, most of the students interviewed during the investigation said that they were not working and were studying English in order to improve their speaking abilities, not to obtain a degree or certificate. The investigation disclosed that 3 schools generated fraudulent student admissions documents to create the appearance that students who were not in fact seeking degrees were participating in degree programs. We investigated 2 of these 4 schools in 1993 and found similar activities, including the falsification of student records. The remaining 3 schools disbursed approximately $450,000 in Pell Grants and warranted additional review because they also had unusually high concentrations of older students who were potentially ineligible. We have formally referred the information on these 3 schools, as well as the results of our investigations of the 4 schools discussed above, to Education's OIG for appropriate follow-up. To determine whether the other 700 schools made improper Pell Grant payments to students 70 years of age and older, we asked Education to provide us with documentation supporting the students' eligibility. Education requested documentation from these schools. The department provided us with student transcripts and other data from less than half of the 700 schools. Based on our review of the documentation we received, we identified 19 additional schools that disbursed Pell Grants to large numbers of students who were 70 years of age or older and whose course of study was mainly ESL. These 19 schools made disbursements totaling about $573,000 to these students during the period of our review. We also identified 9 other schools, based solely on data from the Pell Grant system, that had similar disbursement patterns to those making the payments to ineligible students. These 9 schools did not provide supporting documentation for approximately $547,000 in Pell Grant disbursements. We provided information on these 28 schools to Education for follow-up. Education staff and officials told us that they have performed ad hoc reviews in the past to identify schools that disbursed Pell Grants to ineligible students and have recovered some improper payments as a result. However, Education did not have a formal, systematic process in place specifically designed to identify schools that may be improperly disbursing Pell Grants. In September 2001, we issued an interim report[Footnote 15] in which we recommended that the Secretary of Education (1) establish appropriate edit checks to identify unusual grant and loan disbursement patterns and (2) design and implement a formal, routine process to investigate unusual disbursement patterns identified by the edit checks. This type of process would serve not only to detect fraudulent and otherwise improper payments, but would also act as a deterrent to others who may be inclined toward these types of activities. In response to our work, Education told us an edit was implemented in January 2002 in CPS, the application processing system, that will identify applications that indicate a student is 75 years of age or older. If the student's date of birth indicates that he or she is 75 years of age or older, the system edit will reject the application and the school will not be authorized to give the student federal education funds until the student either submits a corrected date of birth or verifies that it is correct. However, without also looking for unusual patterns and following up, the edit may not be very effective, other than to correct data entry errors or confirm older students applying for aid. Education is also in the process of implementing a new system called Common Origination and Disbursement (COD) that is to be effective beginning in April 2002. Education officials told us that this integrated system will replace the separate systems Education has used for Pell Grants and direct loans and other systems containing information on student aid, and it will integrate with applicant data in CPS. The focus of COD is to improve program and data integrity. According to Education officials, they will be able to use COD to identify schools with characteristics like those we identified. However, until there is a mechanism in place to investigate schools once unusual patterns are identified, Education will continue to be vulnerable to the types of improper Pell Grant payments we identified during our review. Lack of Adequate Support to Determine Validity of Other Payments and Effectiveness of Edit Checks: We performed several additional tests of Education's disbursements to identify potentially improper grant and loan payments that may not have been detected because of missing or ineffective edit checks. In addition to Pell Grant payments to students 70 years of age and older, we identified $28.8 million of other potentially improper grant and loan payments made by more than 1,800 schools to students who (1) were much older or younger than would be expected, (2) had social security numbers (SSN) that were either not in SSA's database or were in SSA's death records, or (3) received Pell Grants in excess of statutory limits. Based on supporting documentation provided to us by Education, we determined that $20.3 million of these payments were proper. Education did not, however, provide adequate supporting documentation to enable us to determine the validity of $8.5 million of these payments made by these schools. In addition, Education did not provide adequate supporting documentation for us to determine the validity of $3.5 million of Pell Grants disbursed to students 70 years of age and older,[Footnote 16] for a total of $12 million of grant and loan payments for which we could not determine the validity. Table 2 shows the amounts of potentially improper grant and loan payments we initially identified and the disposition of those amounts after we reviewed supporting documentation. Although Education officials told us they requested supporting documentation from the approximately 1,800 schools that disbursed these funds, over 1,000 schools did not provide the documentation, and documentation provided by some of the schools was inadequate for independent verification of the validity of these payments. Table 2: Amounts of Potentially Improper Payments Initially Identified and Disposition of Those Amounts after Review of Supporting Documentation: Description: Pell Grants to students older than expected; Potential improper payments initially identified: $7.8 million; Payments determined to be proper: $0.9 million; Inadequately supported payments: $3.5 million; Improper payments: $3.4 million. Description: Grant and loan payments identified in additional tests; Potential improper payments initially identified: $28.8 million; Payments determined to be proper: $20.3 million; Inadequately supported payments: $8.5 million; Improper payments: 0. Description: Totals; Potential improper payments initially identified: $36.6 million; Payments determined to be proper: $21.2 million; Inadequately supported payments: $12.0 million; Improper payments: $3.4 million. [End of table] According to Education officials, if a school that did not provide support or provided inadequate support had only a small number of potential improper payments, the department did not follow up because it did not consider doing so a wise use of its resources. We agree that Education should weigh the costs of resources required to follow up on potential improper payments with the benefits that could be obtained when making such decisions. However, 20 of the schools that did not provide support or provided inadequate support had from 20 to 138 instances of these potential improper payments totaling $1.5 million.[Footnote 17] Without following up with the schools that exhibit such patterns, Education is missing an opportunity to identify problem schools, including those that may be improperly disbursing Pell Grant funds. Because of this, we reaffirm our previous recommendation that Education design and implement a formal, routine process to investigate unusual disbursement patterns identified by the edit checks. During our investigation of potentially improper transactions, we did find that direct loans and Pell Grants provided to two students were obtained fraudulently. The students, two brothers, submitted counterfeit Social Security cards and fraudulent birth certificates along with their applications for federal education aid. They received almost $55,000 in direct loans and Pell Grants. We have referred them to Education's OIG and SSA's OIG. The U.S. Attorney's Office is considering prosecuting these individuals. Erroneous Data Could Affect Loan Collections: During our tests to determine the effectiveness of Education's edit checks, we also found data errors, such as incorrect SSNs of borrowers, in the Loan Origination System (LOS). Such errors could negatively affect the collection of student loans because without correct identifying information, Education may not be able to locate and collect from borrowers when their loans become due. LOS processes all loan origination data received from schools and contains information on each loan and borrower. We reviewed data for more than 1,600 loans and determined that for almost 500 of these loans, the borrowers' SSNs or dates of birth were incorrect in LOS. It is likely that many of these errors occurred during the loan origination process. As described earlier, when students apply for federal Education grants and loans, the information from their applications goes into the application processing system, CPS, which matches the student data against several databases at other agencies, including SSA. If the SSA match results indicate that the student's SSN or date of birth is incorrect, the student is notified and asked to provide corrected data, which is input in CPS. However, these corrections are not made to data in LOS. Because Education's loan collection system relies on data from LOS, Education's ability to locate borrowers who have defaulted on their loans is negatively affected. The new COD system discussed earlier may alleviate this situation because it will replace separate systems, including LOS, and will interface with CPS. If this system works as intended, then student data will be consistent among all of the department's systems because it will automatically share corrected data. However, until the new system is fully implemented, errors in LOS could impede loan collection efforts. Controls Over Third Party Draft Process Were Ineffective: Significant internal control weaknesses over Education's process for third party drafts, which were used to pay expenses totaling $55 million from May 1998 through September 2000, increased the department's vulnerability to improper payments. In testing the third party draft process, we found that (1) Education employees circumvented a key computer system application control and (2) some individuals could control the entire payment process because accounting duties were not properly segregated. Because of these weaknesses, we tested third party draft transactions and identified potential improper payments, many of which remain unresolved because Education was unable to provide us with adequate supporting documentation. Education has since canceled its third party draft program. The circumvented computer system application control, which was designed to avoid duplicate payments, was an edit in Education's system indicating that an invoice number had already been entered into the system. Internal control standards require agencies to have adequate application controls such as automated edits that help ensure that transactions completed through computerized applications are valid, properly authorized, and completely and accurately processed and reported. Our review of one of Education's procedures manuals disclosed that the department had created a procedure that allowed employees to circumvent this control. The manual instructed Education employees to add a suffix to the invoice or voucher number when the system indicated that a number had already been used. For example, if invoice number 123 had already been entered into the system, an employee could add the letter "a" to this invoice number and issue another third party draft or other payment mechanism related to the invoice. Education officials told us this procedure was implemented as a way to allow users to issue replacement drafts in the event the draft had to be reissued. However, it also significantly increased Education's exposure to duplicate payments. We also found that it was common practice for Education employees to use multiple third party drafts to pay for purchases in excess of the $10,000 limit imprinted on the blank drafts. Education officials told us that they used multiple third party drafts to pay invoices greater than $10,000 primarily as a matter of convenience. For example, when it was necessary to research a transaction, Education officials told us that it was more convenient to have their own check numbers and copies of the checks on hand rather than having to review records of payments from Treasury. This process of using multiple third party drafts negated the control of limiting third party drafts to $10,000 and further exacerbated Education's vulnerability to making improper payments. Another weakness in the third party draft process was inadequate segregation of duties; that is, some individuals could control the entire payment process. Segregation of duties is one of the most fundamental internal control concepts. To reduce the risk of fraud and other improper payments, key duties and responsibilities associated with the payment process need to be divided or segregated among different people. This should include separating the responsibilities for authorizing transactions, processing and recording them, reviewing the transactions, and handling the related funds. We found that some individuals at Education could control the entire payment process for third party drafts. Forty-nine Education employees could request blank checks. Further, 21 of these 49 individuals could also access the system, generate a payment without prior obligation, print and sign the check, and submit it to the payee. Education officials told us this control was lacking because, as the department moved toward decentralization and flexibility, the responsibility for monitoring and enforcing the use of the third party drafts became inconsistent from one organization to another. Because these individuals had the capacity to control the entire payment process, the department was vulnerable to the possibility that third party drafts could be used to pay for personal expenses or other improper purchases. One of the primary risks Education was exposed to because of these internal control weaknesses was the risk of overpaying invoices. Based on our tests of third party draft transactions, we identified 268 instances, totaling approximately $8.9 million, in which multiple third party drafts were issued to the same payee with the same invoice number or on the same day. We reviewed the available supporting documents provided by Education for $7.2 million of these transactions and found no instances of overpayments. However, Education officials could not provide us with adequate supporting documentation to enable us to assess the validity of the remaining $1.7 million of these third party drafts. As a result, these remain potential improper payments. Because of the risks we identified in the third party draft payment process, and in response to a letter from the Chairman and Vice- Chairman of the Subcommittee on Select Education, Education took action in May 2001 to eliminate the use of third party drafts. Poor Controls over Government Purchase Cards Resulted in Some Fraudulent, Improper, and Questionable Purchases: Education lacked fundamental internal controls over its purchase card program that would have minimized the risk of improper purchases. We found that Education's inconsistent and inadequate authorization and review processes, combined with a lack of monitoring, created an environment in which improper purchases could be made with little risk of detection. Inadequate control over these expenditures, combined with the inherent risk of fraud and abuse associated with purchase cards, resulted in fraudulent, improper, and questionable purchases by some Education employees. Recently, the department has made changes to the way it administers its purchase card program to help reduce its vulnerability in this area. However, because the department has not effectively implemented its new policies, vulnerabilities remain. Outdated Policies and Inconsistent Authorization and Review Created an Environment Susceptible to Improper Purchases: Treasury guidance for purchase cards states that agencies are responsible for developing their own procedures for using purchase cards, including approved uses of the cards and limitations on the types of purchases and dollar amounts. During the time covered by our review, Education's purchase card program was operating under policies and procedures that were implemented in March 1990.[Footnote 18] Education officials told us that since this policy was drafted, the number of cards and frequency of their use expanded significantly. Education's policy provided very limited guidance on what types of purchases were appropriate. Although Education's policy required each cardholder and approving official to receive training on their respective responsibilities, we found several cardholders and at least one approving official who were not trained. This lack of detailed and timely policies and procedures, as well as the lack of training for all cardholders and approving officials, resulted in a lax control environment for this inherently risky program. Internal control standards state that transactions should be authorized and executed only by persons acting within the scope of their authority to ensure that only valid transactions are entered into. For purchase cards, specific procedures should include (1) authorizing purchases, (2) monitoring monthly reports of card usage, (3) blocking certain Merchant Category Codes (MCC) for vendors whose business is unrelated to Education's mission, and (4) reviewing and approving monthly purchase card statements. We found serious deficiencies in each of these four areas that made the department vulnerable to improper purchases. Only 4 out of 14 offices within Education required cardholders to obtain authorization prior to making some or all purchases, although Education's policy required that all requests to purchase items over $1,000 be made in writing to the applicable department Executive Officer. We also found that approving officials did not use monitoring reports that were available from Bank of America to identify unusual or unauthorized purchases. For instance, if a cardholder used a government purchase card to obtain a cash advance, which is prohibited by Education's policies, the MCC for this type of vendor (a financial institution) would appear on the report next to the cardholder's name. Additionally, Bank of America can block specific MCCs to prohibit certain types of transactions that are clearly not business related, such as purchases from snowmobile or boat dealers. However, prior to November 2001, Education only blocked four MCCs related to gambling and obtaining cash advances. As discussed later in this section, the department recently took action to block certain other MCCs. Education officials told us that they had not used this control extensively because the department relied on the approving official's review of the cardholder's monthly purchase card statements to ensure that all purchases made by employees were proper. In order to test the effectiveness of the approving officials' review of purchase card statements, we selected 5 months of cardholder statements to review for certain attributes, including the approving official's signature. We reviewed all 903 monthly statements that were issued during these months, totaling about $4 million, and found that 338, or 37 percent, which totaled about $1.8 million, were not approved by the appropriate authorizing official. The approval process was also less effective because some approving officials were not in a good position to know which purchases were appropriate. For example, we identified an employee who, in addition to regular job duties, had responsibility for reviewing the monthly purchases of 96 cardholders located throughout the country. In these situations, the approving official may not have had sufficient contact with cardholders to understand their duties and the types of purchases they would routinely make. Combined, the inconsistent review of purchases and the ineffective review process created an environment where improper purchases could be made with little risk of detection. Some Education Employees Made Fraudulent, Improper, and Questionable Purchases: Because of the extensive internal control weaknesses related to the department's purchase card program, we requested supporting documentation for the 338 monthly statements totaling $1.8 million we reviewed that were not properly approved, as well as for other transactions that appeared unusual. However, Education was unable to provide adequate supporting documentation to enable us to determine the validity of purchases totaling over $218,000. In our review of the available documentation, we identified some fraudulent, improper, and questionable purchases. We considered fraudulent purchases to be those that were unauthorized and intended for personal use. Improper purchases included those for government use that were not, or did not appear to be, for a purpose permitted by law or regulation. We also identified as improper purchases those made on the same day from the same vendor that appeared to circumvent cardholder single purchase limits.[Footnote 19] We defined questionable transactions as those that, while authorized, were for items purchased at an excessive cost, for a questionable government need, or both, as well as transactions for which Education could not provide adequate supporting documentation to enable us to determine whether the purchases were valid. We found one instance in which a cardholder made several fraudulent purchases from two Internet sites for pornographic services. Notwithstanding the relatively small amount of money involved, the name of at least one of the pornographic sites—-Slave Labor Productions.com--should have caused suspicion when it appeared on the employee's monthly credit card statement. To determine whether these purchases were approved, we obtained the monthly statements containing these charges. The statements contained handwritten notes next to the pornography charges indicating that these were charges for transparencies and other nondescript items. According to the approving official, he was not aware of the cardholder's day-to-day responsibilities and did not feel that he was in a position to review the monthly statements properly. The approving official stated that the primary focus of his review was to ensure there was enough money available in that particular appropriation to pay the bill. As a result of investigations related to these pornography purchases, Education management issued a termination letter, prompting the employee to resign. We also identified purchases totaling $4,427 from a restaurant in San Juan, Puerto Rico,[Footnote 20] that we determined to be improper. These restaurant charges were incurred during a Year 2000 (Y2K) focus group meeting, and included breakfasts and lunches for federal employees and nonfederal guests. The Statement of Work for the focus group notes that the travel expenses fell "under the invitational travel statute (5 U.S.C. 5703)." Appropriated funds may not be used to pay the costs of nonfederal individuals to attend meetings unless otherwise specifically authorized by law.[Footnote 21] Such authority exists in 5 U.S.C. 5703, which allows an agency to use invitational travel to pay the costs of nonfederal individuals to attend meetings if the attendees are providing direct services to the government. Education, however, could not provide us with any evidence that the nonfederal attendees provided direct services to the government. In fact, the Statement of Work for the focus group states that the purpose of the meeting was for attendees to "share their experiences with the Y2K issue and to assure that the education community's computers are compliant." Thus, rather than providing a direct service to the federal government, it appears that the attendees were receiving a benefit from the meeting. According to an Education official, there were eight additional Y2K focus group meetings, similar to the San Juan meeting, held in various cities throughout the United States. This official estimated that the agency paid approximately $45,000 in expenses for nonfederal individuals to attend the nine meetings. We have referred this matter to Education's OIG. We also found 28 improper purchases totaling $123,985 where Education employees made multiple purchases from a vendor on the same day. These purchases appear to violate the Federal Acquisition Regulation that prohibits splitting purchases into more than one segment to circumvent single purchase limits. For example, one cardholder purchased two computers from the same vendor at essentially the same time. Because the total cost of these computers exceeded the cardholder's $2,500 single purchase limit, the total of $4,184.90 was split into two purchases of $2,092.45 each. In some instances, Education officials sent memos to the offending cardholders reminding them of the prohibition against split purchases. We identified five additional instances, totaling about $17,000, in which multiple purchases were made from a single vendor on the same day. Although we were unable to determine whether these purchases were improper, based on the available supporting documentation, these transactions share similar characteristics with the 28 split purchases. For example, one cardholder purchased two printers, costing $1,711 each, from the same vendor on the same day. The combined cost of these purchases, $3,422, exceeded the cardholder's $2,500 single purchase limit. Education provided us with no explanation for why these two items were purchased separately. We identified questionable purchases totaling $286,894 where Education employees paid for new office furniture and construction costs to renovate office space that they were planning to vacate. Only a small amount of furniture, including chairs for employees with special needs, were moved to the new building when department employees relocated. Other purchases we questioned included numerous charges, totaling $35,760 over several years, made by an Education employee for herself and a coworker to attend college. Some of the classes the employees took were apparently prerequisites to obtain a liberal arts degree, but were unrelated to Education's mission. The classes included biology, music, and theology, and represent $11,700 of the $35,760. Because the Government Employees Training Act, 5 U.S.C. 4103 and 4107, requires that training be related to an employee's job and prohibits expenditures to obtain a college degree unless necessitated by retention or recruitment needs, which was not the case here, we consider these purchases improper. Moreover, most of the monthly charge statements were not reviewed by anyone but the employee who made the charges and received more than half of the financial benefit. After we questioned the charges for these tuition expenses, Education determined that the classes costing $11,700 were improperly charged. As of December 2001, one of the employees had received a bachelor's degree and left the department; no funds had been recovered from either employee. In addition, we identified as questionable purchases totaling more than $218,000 for which Education provided us with no support or inadequate support to assess the validity of these purchases. These inadequately supported or unsupported purchases included charges to various hotels for more than $3,000, purchases of computer equipment and software totaling more than $22,000, and charges for various college and other training courses totaling about $51,000. Numerous other purchases were made from home electronics and appliance stores as well as toy, book, and furniture stores. Education could not provide any support for more than $152,000 of these purchases, nor does the department know specifically what was purchased, why it was purchased, or whether these purchases were appropriate. For the remaining $66,000, Education was able to provide only limited supporting documentation. As a result, we were unable to assess the validity of these payments, and we consider these purchases to be potentially improper. Recent Changes to Purchase Card Program Have Helped Improve the Overall Control Environment, but Vulnerabilities Remain: Our interim report, issued in September 2001, described the poor internal controls over Education's cash disbursement processes, including purchase cards. In that report, we recommended that the department: * reiterate to all employees established policies regarding the appropriate use of government purchase cards; * strengthen the process of reviewing and approving purchase card transactions, focusing on identifying split purchases and other inappropriate transactions; and; * expand the use of MCCs to block transactions with certain vendors. Recently, Education has made some changes in the way it administers its purchase card program in an effort to address these three recommendations. For example, in December 2001, the department issued new policies and procedures that, among other things, (1) establish detailed responsibilities for the cardholder and the approving official, (2) prohibit personal use of the card and split purchases to circumvent the cardholder's single purchase limits, (3) require approving officials to review the appropriateness of each individual purchase, (4) establish mandatory training prior to receiving the card and refresher training every 2 years, and (5) establish a quarterly quality review of a sample of purchase card transactions to ensure compliance with key aspects of the department's policy. If appropriately implemented, these new policies and procedures are a good step toward reducing Education's vulnerability to future improper purchases. Further, in July 2001, the department implemented a new process to approve purchase card purchases. Instead of the approving official signing a monthly statement indicating that all transactions are proper, the approval is now done electronically for each individual transaction. According to Education officials, most approving officials and cardholders received training on this new process. In order to assess the effectiveness of this new approval process, we reviewed a statistical sample of the monthly statements of cardholders for July, August, and September 2001. Purchases during these months totaled $1,881,220. While we found evidence in the department's system that all of the 87 statistically sampled monthly statements had been reviewed by the cardholder's approving official, 20 of the statements had inadequate or no support for items purchased, totaling $23,151. [Footnote 22] Based on our work, we estimate[Footnote 23] the most likely amount of unsupported or inadequately supported purchases during these 3 months is $65,817. The effectiveness of the department's new approval process has been minimized because approving officials are not ensuring that adequate supporting documentation exists for all purchases. In addition, these procedures do not address the problem of an authorizing official who does not have personal knowledge of the cardholder's daily activities and therefore is not in a position to know what types of purchases are appropriate. In response to our recommendation regarding the use of MCCs to block transactions from certain vendors, in November 2001, the department implemented blocks on purchases from a wide variety of merchants that provide goods and services totally unrelated to the department's mission, including veterinary services, boat and snowmobile dealers, and cruise lines. In total, Education blocked more than 300 MCCs. By blocking these codes, Education has made use of a key preventive control to help reduce its exposure to future improper purchases. Earlier in 2001, Education took action to improve internal controls related to the use of government purchase cards by lowering the maximum monthly spending limit to $30,000, lowering other cardholders' single purchase and total monthly purchase limits, and revoking some purchase cards. This action was in response to a letter from the Subcommittee on Select Education dated April 19, 2001, which highlighted our April 2001 testimony, in which we stated that some individual cardholders had monthly purchase limits as high as $300,000. These and the other steps described above have helped reduce Education's exposure to improper purchase card activities. However, more needs to be done to improve the approval function, which is key to adequate control of these activities. Poor Controls Contributed to Loss of Computer Equipment: As part of following up on computer purchases made with third party drafts and purchase cards, we assessed the controls over these portable assets. We found that Education lacked adequate physical controls over its computers, which contributed to 241 missing personal computers and computer-related equipment with an acquisition cost of about $261,500. After we completed our work in this area, we again visited the office where most of the computer equipment was missing because Education officials told us they had located some of the missing inventory. Although Education officials stated they had located 73 pieces of equipment, we were able to locate only 62 pieces of the equipment with an acquisition value of about $49,800. Education officials have been unable to locate the remaining 179 pieces of missing computer equipment with an acquisition value of about $211,700. This matter is currently under investigation by Education's OIG. From May 1998 through September 2000, the period covered by our audit, Education made purchases totaling more than $2.9 million from personal computer and other computer-related equipment vendors using purchase cards and third party drafts—a violation of Education's policy, which prohibited the use of purchase cards for this purpose. These purchases included personal computers, scanners, color printers, software, and other computer accessories. According to Education, during this period, the department's computer purchases were decentralized so that individual principal offices were able to purchase the types of equipment from any vendors they chose. This provided considerable flexibility and rapid acquisition of equipment, but had several drawbacks. For example, unnecessary, duplicate orders were placed even within the same offices. Further, equipment that could not be supported by Education's networked environment was ordered. Other equipment was ordered and then left in closets only to be found sometimes a year later, when it was no longer needed. As a result of this decentralized ordering, virtually no volume discounts could be used because of the small amounts of equipment being purchased at any given time. According to the Education Inspector General, the department had not taken a comprehensive physical inventory for at least 2 years prior to October 2000, thus compounding the lack of accountability over this equipment. Education staff members who were involved with ordering and receiving this equipment described a process that included significant breakdowns in basic internal controls. Internal control standards state that key duties and responsibilities need to be divided or segregated among different people to reduce the risk of error or fraud. In the office where most of the missing equipment was purchased, two individuals had interchangeable responsibility for receiving more than $120,000 of computer equipment purchased by a single cardholder, from one particular vendor. In addition, these two individuals also had responsibility for bar coding the equipment, securing the equipment in a temporary storage area, and delivering the computers to the users.[Footnote 24] Furthermore, one of these two individuals was responsible for providing information on computer purchases to the person who entered the data into the department's asset management system. According to the cardholder who purchased the equipment, they did not routinely compare the purchase request with the receiving documents from the shipping company to ensure that all items purchased were received. In addition, our review of records obtained from the computer vendor from which Education made the largest number of purchase card and third party draft purchases showed that less than half of the $614,725 worth of computers had been properly entered in the department's property records. Combined, these weaknesses created an environment in which computer equipment could be easily lost or stolen without detection. In order to identify computers that were purchased with purchase cards and third party drafts that were not included in the department's asset management system, we obtained the serial numbers of all pieces of computer equipment purchased from the largest computer vendor the department used.[Footnote 25] We compared these serial numbers to those in the department's asset management system and found that 384 pieces of equipment, totaling $399,900, appeared to be missing, including desktop computers, scanners, and printers. We conducted an unannounced inventory to determine whether these computers were actually missing or were inadvertently omitted from the property records. We located 143 pieces of equipment[Footnote 26] that were not on the property records, valued at about $138,400, and determined that 241 pieces, valued at about $261,500, were missing. Education's Inspector General is in the process of investigating the disappearance of these vulnerable assets. After we completed our work in this area, we again visited the office where most of the computer equipment was missing because Education officials told us they had located some of the missing inventory. Officials in this office told us they hired a contractor to keep track of their computers when moving to their new space.[Footnote 27] According to the officials, as part of its work, the contractor recorded the serial numbers of all computers moved and identified 86 of the 241 pieces of computer equipment that we were unable to locate during our unannounced inventory in September 2001. However, when Education staff and officials tried to locate this equipment, they were only able to find 73 of the 86 pieces of equipment. When we visited the department, we located only 62 pieces of equipment with an acquisition value of about $49,800. Education officials have been unable to locate the remaining 179 pieces of missing computer equipment with an acquisition value of about $211,700. They surmised that some of these items may have been surplused; however, there is no paperwork to determine whether this assertion is valid. According to Education officials, new policies have been implemented that do not allow individual offices to purchase computer equipment without the consent of the OCIO. However, during our previously mentioned review of a statistical sample of purchase card transactions made from July 2001 through September 2001, we found three transactions totaling $2,231 for the purchase of computer equipment without any supporting documentation from the OCIO. Based on these results, the new policies are not being effectively implemented. This is another indication that the new purchase card approval function is not operating as an effective deterrent to improper purchases. Further, we found mixed results in a walk-through of the new computer ordering and receiving processes in the office where most of the missing equipment was purchased. These new policies are designed to maintain control over the procurement of computers and related equipment and include: * purchasing computers from preferred vendors that apply the department's inventory bar code label and record the serial number of each computer on a computer disk that is sent directly to the Education official in charge of the property records; * loading the computer disk containing the bar code, serial number, and description of the computer into the property records; and; * having an employee verify that the computers received from the vendor match the serial numbers and bar codes on the shipping documents and the approved purchase order. However, a continued lack of adequate physical control negates the effectiveness of these new procedures. For example, the doors to the two rooms used to store computer equipment waiting to be installed were both unlocked and unattended. The receptionist at the mail counter next to the first storage room we visited told us that he had the door open to regulate the room temperature. The Education official responsible for this process stated that he did not know that mailroom personnel had access to this room. Furthermore, he stated that he does not have a key to either storage room. Also, during our second search for this equipment, we visited four rooms where some of the computers were stored and found them all to be unsecured. This lack of physical security was pointed out to the department nearly 7 weeks earlier when we first found some of its temporary computer storage rooms unsecured. The department's new written procedures state that security guards in the Washington, D.C., facilities should inspect all bags, cases, and boxes leaving the buildings to determine if they contain computer equipment, and require property passes for all equipment removed from the building. However, Education officials acknowledged that the primary focus of the building security is people and packages entering the building. Education officials told us that individuals could likely leave the building with equipment without being questioned by security. Without enhanced physical security, Education will continue to be at risk to further computer equipment losses. Conclusions: The problems we found in grant and loan payments, purchase card use, and physical controls over computer equipment leave Education vulnerable to fraudulent or otherwise improper payments, questionable purchases, and loss or theft of assets. While Education has taken steps to develop new policies and procedures to address these problems, in many cases they are not being effectively implemented. Vulnerabilities remain in all areas we reviewed, except for third party drafts, which have been discontinued. Until Education takes further action to strengthen its internal controls over Pell Grants, purchase cards, and computer equipment, it will continue to be susceptible to fraud, waste, abuse, and mismanagement in these areas. Recommendations for Executive Action: To strengthen its internal controls over Pell Grants and loans, purchase cards, and computer equipment and to reduce Education's vulnerability to improper payments and lost assets, we recommend that the Secretary of Education take the following actions. In the area of Pell Grants and loans, we recommend that the Secretary direct the Chief Operating Officer of student financial assistance programs to: * conduct on-site investigations, including interviews of school personnel and students, at the 28 schools with characteristics similar to those we found that improperly disbursed Pell Grants to determine whether the grants were properly disbursed; * follow up with the schools that had high concentrations of the $12 million in potential improper payments for which the department did not provide adequate supporting documentation; and; * implement a process to verify borrowers' SSNs and dates of birth submitted by schools to LOS. In the third party drafts area, we recommend that the Secretary direct the Chief Financial Officer to follow up on the $1.7 million of third party draft payments for which the department did not provide adequate supporting documentation for us to use to determine their validity. For purchase cards, we recommend that the Secretary direct the Chief Financial Officer to: * implement an effective review and approval process that ensures all approving officials (1) conduct a thorough review of all purchases made, including the review of all supporting documentation, (2) are knowledgeable of the cardholders' daily responsibilities and therefore can effectively assess the appropriateness of each purchase, (3) are not reviewing a large volume of purchase card statements each month, and (4) are appropriately trained on how to perform their approving official responsibilities; * perform periodic tests of this new approval process and, where necessary, take action to ensure that approving officials comply with it; * take action to recover questioned tuition costs from the two employees; and; * follow up on the $218,000 of purchases for which the department did not provide adequate supporting documentation for us to use to determine the validity, to determine whether the purchases were proper. Regarding computer equipment, we recommend that the Secretary direct the Director, Office of Management, to: * conduct routine inventories of computer equipment, including reconciling computer purchases with property records; * enhance physical security over the computer storage rooms; * provide access to computer storage rooms only to authorized individuals; * ensure that security personnel in the Washington, D.C., facilities inspect all bags, cases, and boxes leaving the buildings to determine if they contain computer equipment and that property passes accompany all equipment removed from the buildings; and; * establish appropriate monitoring procedures to ensure that security personnel are actually inspecting items being removed from the buildings. Agency Comments and Our Evaluation: In written comments on a draft of this report, which are reprinted in appendix DI, the Deputy Secretary generally agreed with our findings and recommendations and stated that Education has made great strides to improve its internal controls and manage its payment processes to prevent and detect erroneous payments, and it is developing a formal corrective action plan to address each of our recommendations. Regarding grants and loans, the Deputy Secretary stated that, while there is room for improvement in Education's systems and processes, he believes the department's current controls are strong and provide reasonable assurance that its objectives can be met. He pointed out that the $3.4 million in Pell Grants we identified that was disbursed by four schools to ineligible students was less than five thousandths of a percent of the total disbursements we reviewed. We agree that the fraudulent and improper grant and loan payments we identified are a very small percentage of the total grants and loans disbursed every year. However, as we stated in our report, these improper payments represent an identified control risk that could easily be exploited to a greater extent. Although the Deputy Secretary stated that Education's controls were strong, he presented steps that the department is taking to strengthen the integrity of these payment processes. For example, he stated that, as an interim process, the department analyzed student data to identify high concentrations of students over 65 and eligible noncitizens at a single institution to determine if problems exist in the ESL programs that warrant further review. Also, he stated that, before we started our review, Education had already begun a matching process with SSA's death records. Further, as a result of our review, the Deputy Secretary stated that Education will implement an edit to identify all applicants whose dates of birth indicate they are 75 years of age or older beginning with the upcoming school year. He stated that the department is analyzing its data more systematically to establish baselines and indicators to focus its resources more effectively, and as we noted, the new COD system will assist Education in identifying unusual activity. We are encouraged by these actions, which, if properly implemented, should help improve internal controls over these vulnerable payments. With regards to our findings related to third party drafts, the Deputy Secretary stated that the department will refer the third party draft payments, for which we were unable to determine the validity, to the OIG for further investigation. In the purchase card area, the Deputy Secretary stated that Education issued an updated directive in January 2002, which strengthens the department's policies and practices regarding appropriate use of the purchase card and has trained cardholders and approving officials on these policies and procedures. According to the Deputy Secretary, the directive provides detailed instructions on cardholder and approving official responsibilities for reviewing and approving purchase card transactions. He stated the department will also provide monthly management reports containing information on purchase card transactions to each principal office for review and that the ()CFO will conduct quarterly internal control reviews and quality reviews of random sample purchase card transactions. This is an important action to determine whether cardholders and approving officials are following the directive and whether this training has effectively reduced unauthorized and improper purchases. The Deputy Secretary also stated that the department has blocked more than 300 MCCs, including those for wire transfer money orders, airline and car rentals, and banks. Regarding the improper charges for college tuition that we identified, the Deputy Secretary stated the department will follow established debt collection procedures to recover the questioned costs. To help it better account for its computer equipment, the Deputy Secretary stated that Education is developing a single comprehensive system that covers accountable assets from purchase to disposition. The Deputy Secretary also stated that the department hired contractors to perform an independent physical inventory, and upon completion, was able to locate 93 percent of the items sampled. The Deputy Secretary pointed out Education is in the process of documenting detailed property management procedures and centralizing the property management responsibility with its Office of Management. He also stated that, while the department has taken steps to enhance physical security over allocation, storage, and transit of equipment, and to ensure that only authorized individuals have access to storage areas, it will continue to work to improve in this area. We are encouraged by the department's efforts to account for and secure its computers. At the same time, based on our most recent search for missing computers, significant vulnerabilities remain unresolved. We urge the department to immediately focus on providing adequate physical security over these vulnerable assets. Overall, the actions the department has taken and plans to take to improve its controls over grant and loan payments, purchase card transactions, and computer and related equipment are encouraging and represent a positive tone at the top of the organization to improve internal control. As the department has recognized, it must continually review its processes to ensure that the improved controls are sustained and, therefore, will help to reduce the department's vulnerability to fraudulent and improper payments and lost assets and improve its financial management overall. As we arranged with your offices, unless you publicly announce its contents earlier, we plan no further distribution of this report until 30 days from its date. At that time, we will send copies to the Ranking Minority Member of the Subcommittee on Select Education, House Committee on Education and the Workforce; the Secretary of Education; and other interested parties. We will make copies available to others upon request. Please contact me at (202) 512-9508 or by e-mail at calboml@gao.gov if you or your staff have any questions concerning this report. An additional GAO contact and staff acknowledgments are provided in appendix IV. Signed by: Linda M. Calbom: Director, Financial Management and Assurance: Appendix I: Description of Grant and Loan Programs Reviewed: The Department of Education disburses billions of dollars each year to recipients for various grant and loan programs. The programs we reviewed include formula grants, Pell Grants, discretionary grants, direct loans, campus-based programs, and Impact Aid. Recipients include schools, state agencies, organizations, and individuals. Table 3 provides descriptions of the grant and loan programs we reviewed and the amounts disbursed for these programs during the period of our review. Table 3: Description of Programs and Amounts Disbursed: Program: Formula grants; Description: Grants to state education agencies based on populations of certain groups and per capita income; Amount disbursed, May 1998 through September 2000: $90.5 billion. Program: Direct loan program; Description: Includes Direct Subsidized and Unsubsidized Stafford/Ford Loans, Direct Parent Loans for Undergraduate Students, and Direct Consolidated Loans; Amount disbursed, May 1998 through September 2000: $57.2 billion. Program: Pell Grants; Description: Grants based on financial need to undergraduate students who have not earned bachelor's or professional degrees; Amount disbursed, May 1998 through September 2000: $17.1 billion. Program: Discretionary grants; Description: Grants awarded through a competitive process for programs established by Congress through authorizing legislation; Amount disbursed, May 1998 through September 2000: $10.7 billion. Program: Campus-based programs; Description: Financial assistance for students pursuing education beyond high school. Includes Federal Perkins Loan program (low- interest loans), Federal Work-Study Program, and Federal Supplemental Education Opportunity Grant Program. Amount disbursed, May 1998 through September 2000: $3.6. [End of table] [End of section] Appendix II: Objectives, Scope, and Methodology: The objectives of our review were to assess internal controls in place during the period from May 1998 through September 2000 and to identify any fraudulent or otherwise improper payments that may have resulted from control weaknesses in Education's processes for (1) disbursing grants and loans, (2) paying for purchases with third party drafts, and (3) using government purchase cards. In addition, our objective was to assess Education's physical controls over its computer equipment during the period from May 1998 to September 2000 and identify any effects of weak controls. Further, at the subcommittee's request, we assessed the effectiveness of recent changes to Education's process for purchase card purchases, which took effect in July 2001 following our testimony before the subcommittee. To obtain an understanding of the payment processes, identify related controls, and assess the effectiveness of their design, we interviewed staff members and officials in Education's ()CFO and program offices; performed walk-throughs of the payment processes; reviewed Education's policies and procedures; reviewed previous reports we prepared, as well as reports issued by Education's OIG and independent auditors; and identified vulnerabilities in the payment processes. To identify potential improper payments, we requested and obtained disbursement and related data from Education and various external sources, including SSA, Rocky Mountain Bank, and Bank of America. Education provided us with computer-generated records on more than 19 million disbursements totaling over $181 billion, made from May 1998 through September 2000 from the following systems: * Grant Administration and Payment System (GAPS), * Pell Grant Recipient Financial Management System (RFMS),[Footnote 28] * Loan Origination System (LOS), * National Student Loan Data System, * Impact Aid system, * Campus-based program system, * Postsecondary Education Participants System, and, * Financial Management System Software (FMSS). Because of the large volume of data involved (millions of records), and the fact that we initially received some data in an unusable format, our testing extended to only selected portions of the data for certain systems. The majority of our tests were focused on data received from the GAPS, RFMS, LOS, and FMSS systems. In order to identify unusual grant and loan transactions that may have been improper payments, we searched databases, compared files, identified unusual transactions and patterns, and performed other detailed analyses to identify: SSNs of grant and loan recipients that were either invalid or in SSA's death records, * grant and loan recipients who were much older or younger than would be expected, * individual SSNs associated with more than one name or date of birth, * grants disbursed to individuals in excess of statutory limits, * loan disbursements with no recorded loan number in the system, * payments for grants and loans to schools that were either closed or ineligible for federal education funds, * payment transactions that were returned by the Federal Reserve Bank (FRB), * payment transactions that did not have FRB confirmation schedule numbers, * transactions that were posted on weekends, * grantees with invalid grantee ID numbers or multiple ID numbers, * Education employees who may have received grant funds, and; * disbursement records that did not contain required information such as a grant award number. To assist in our analysis and identification of improper payments, we contracted with forensic and information risk management experts. For those grant and loan payments that our tests indicated were potentially improper, we requested from Education documentation supporting their validity. After analyzing the documentation we received, we did the following. * For those recipients identified as being older or younger than expected, we looked for proof of age generated by a source other than the school or the department, such as a birth certificate, driver's license, or some other government-issued identification showing the recipient's name and date of birth. For Pell Grants, if the support confirmed that the recipient was older or younger than would be expected, we looked for proof of enrollment in an eligible program. * For those recipients we identified whose SSN was either invalid or in SSA's death records, we looked for proof of the recipient's SSN, such as a birth certificate, driver's license, social security card, or other government-issued ID that showed the recipient's name and SSN. If the support confirmed the accuracy of the recipient's SSN, we reviewed transcripts, if available, to show the recipient's dates of enrollment or additional support that was not generated by the school indicating the recipient's date of death for those students who died while they were receiving aid. * For those recipients who received grants in excess of the statutory limit, we looked for financial aid disbursement information from each institution the student attended during the award year showing the amounts disbursed and the dates on which the money was disbursed. We also looked for documentation showing repayment information, if applicable, or documentation demonstrating why repayment was not required for the recipient. * For direct loan recipients, we reviewed information on loan payment status. * For the schools that Education's system showed to be either closed or ineligible to receive federal student financial aid, we reviewed documentation such as audit reports and disbursement information for these schools. Separately, for the four schools we investigated that we identified as disbursing Pell Grants to disproportionately high numbers of older students, we (1) interviewed Pell Grant recipients, school officials, and Education officials and (2) reviewed documents from the recipients, the schools, and Education. For third party drafts, we requested and obtained data from the third party draft systems administrator consisting of drafts that had been reconciled with downloaded information from Gelco[Footnote 29] and matched with data in FMSS. We used these data to test for third party drafts that had been used to pay for split purchases greater than $10,000. We also reviewed data provided by the third party draft systems administrator to identify unusual payees. Upon identifying payees that we thought would not normally be engaged in business with Education, we requested supporting documentation, such as purchase orders, invoices, and receipts, to determine the propriety of the purchases. For government purchase cards, we requested data on transactions from November 1998 through September 2000. Based on these data, we performed tests to identify the following types of potential improper purchase card transactions: * unauthorized statements, such as purchases that were not properly reviewed by an approving official; * split purchases for which Education employees either split transactions or made multiple transactions to the same vendor on the same day to circumvent their single purchase limit; * purchases from questionable vendors; and; * purchases by Education employees on weekends or holidays. To assess Education's controls over computer equipment, we obtained (1) invoices from the computer vendor with the largest volume of purchase card purchases and (2) information from Education's asset management system. Using information on the invoices, including the serial numbers of the computer equipment purchased, we identified computer equipment that was purchased but not included in the asset management system. We then conducted an unannounced physical inventory of the computer equipment purchases that were not found in Education's asset management system. To assess the effectiveness of recent changes to Education's process for purchase card purchases, we requested monthly statements and invoices for purchases made during July, August, and September 2001. We reviewed a statistical sample of the monthly statements to determine whether approvals were done in accordance with the new policy. In addition, to identify any computer equipment that may have been purchased without the involvement of the OCIO and to determine whether purchases were sufficiently supported, we reviewed supporting documentation for each transaction in the statistical sample of monthly statements. While we identified some fraudulent and improper payments, our work was not designed to identify all fraudulent or otherwise improper payments. We performed our work from August 2000 through February 2002 in accordance with generally accepted government auditing standards, as well as with investigative standards established by the President's Council on Integrity and Efficiency. We requested comments on a draft of this report from the Secretary of Education or his designee. Written comments were received from the Deputy Secretary and are reprinted in appendix III. [End of section] Appendix III: Comments from the Department of Education: United States Department Of Education: The Deputy Secretary: 400 Maryland Ave., S.W. Washington, D.C. 20202-0500: [hyperlink, http://www.ed.gov] Our mission is to ensure equal access to education and to promote educational excellence throughout the Nation. February 28, 2002: Ms. Linda M. Calbom: Director: Financial Management and Assurance: General Accounting Office: Washington, DC 20548: Dear Ms. Calbom: Thank you for the opportunity to respond to the General Accounting Office (GAO) draft report, "Education Financial Management: Weak Internal Controls Led to Instances of Fraud and Other Improper Payments" (GAO-02-406). We believe that the Department of Education has made great strides to improve our internal controls, and to manage our payment processes to prevent and detect erroneous payments. Outlined below are actions underway to address GAO's recommendations. We are developing a formal Corrective Action Plan to address each of GAO's recommendations. SFA Grants and Loans: On Pell Grants and Direct Loans, GAO referred 28 schools to the Department for further review due to abnormal disbursement patterns. Nineteen of these schools disbursed $573,000 to students who were 70 years of age and older and whose course of study was mainly English as a Second Language (ESL). The remaining nine schools had "similar disbursement patterns." We agree with GAO's concern that disbursements made to students aged 70 and over may be an indicator of potential ineligible disbursements when there is a higher than normal concentration of such disbursements. However, in analyzing the complete disbursement data for these 28 schools, we have found that only four of the 28 schools had concentrations of older students that exceeded a normal range. However, as an interim process to address this sensitive issue, we analyzed National Student Loan Data System (NSLDS) data to identify high concentrations of students over 65 and eligible non-citizens at a single institution to determine if problems with the ESL program existed. We determined what the norm is for concentrations of such students and have begun to determine what constitutes "abnormal" concentrations, which warrant further review. With GAO and the OIG's assistance, we will refine our methodology for analyzing this information and conducting reviews at institutions. If staff suspect any cases of fraud and abuse, we will refer those cases to the Office of the Inspector General. We will continue to use NSLDS data to find unusual disbursement patterns until we can use our Common Origination and Disbursement (COD) system to provide such analysis. (See discussion on COD below.) GAO's fraud findings state that four schools disbursed approximately $3.4 million in Pell Grants to ineligible students. We feel it is important to point out that GAO reviewed SFA loan and grant disbursements totaling $77.9 billion at thousands of schools. The fraud was concentrated at four schools and represents less than five thousandths of a percent (.0044%) of the SFA disbursements reviewed. While there is still room for improvement in our systems and processes, we believe that our current controls are already very strong, and provide us with reasonable assurance that our objectives are met. As your report noted in Table 2, GAO's initial testing identified $36.6 million as potentially improper. This is about two- hundredths of one-percent of the entire grant and loan transactions that GAO tested. Further, almost 58% of that amount, $21.2 million, was later determined to be proper. With respect to the $12 million GAO considers unsupported, SFA did not have sufficient time to collect the supporting documentation from such a large number of schools before the GAO submission deadline. We have taken several steps to strengthen the integrity of these payments. In fact, some of this work had begun before the GAO audit. For example, we began a matching process with the Social Security Administration's death records, and we implemented our new Recipient Financial Management System, increasing controls over grant payments. In addition, as a result of this review, we will implement an edit to identify all applicants whose date of birth indicates they are 75 years of age or older beginning in 2002-03. In such cases, the applicant must verify his or her date of birth before his or her Free Application for Federal Student Aid (FAFSA) is processed completely. Funds cannot be disbursed to an applicant until a FAFSA is completely processed by our Central Processing System and an estimated family contribution is calculated. In December 2001, we also implemented a new process to identify and review schools with abnormal concentrations of students with unique characteristics (such as age). We continue to work toward strengthening our controls further. We are analyzing our data in a more systematic manner to establish baselines and indicators to focus our resources more effectively and, as your report noted, we will implement a new COD system that will assist us in identifying unusual activity. COD will also assure that borrowers' SSNs and dates of birth submitted by schools to the Department for the loan programs are verified. Third Party Drafts: The Department abolished the use of third party drafts in May 2001. The $1 7 million in unresolved items where adequate supporting documentation was not provided will be referred to our Office of Inspector General (OIG) for further investigation. Purchase Cards: On January 23, 2002, the Department issued an updated Administrative Communication System Directive on Purchase Cards. The revised Directive strengthens the Department's policies and practices regarding appropriate use of the purchase card. Since January 2001, the Office of the Chief Financial Officer (OCFO) has trained the Department's cardholders and approving officials on purchase card policies and procedures. ()CFO provided copies of the Directive to all cardholders, approving officials, executive officers, and supervisors with a self-test to emphasize key policy changes OCFO continues to answer questions and provides on-going support to cardholders and other relevant participants, as the Agency program coordinator and as the procurement resource for the Department. In addition, an on-line site is now available for cardholders to take a self-administered test, to help them determine any points of weakness in their knowledge. Additionally, the revised Directive and Department procedures provide detailed instructions on cardholder and approving official responsibilities for reviewing and approving purchase card transactions. With the new EDCAPS electronic reconciliation and payment approval process, the cardholder is required to provide reports to the approving official documenting the cardholder's transaction activity for the billing period. This is in addition to the hard copy receipts submitted for the approving official's review. Further, OCFO distributes monthly management reports to each principal office to review their cardholder purchase card transaction activity. As the Department program coordinator, OCFO will conduct internal control reviews and quality reviews of random sample purchase card transactions on a quarterly basis to: a) ensure that purchases above the micro-purchase threshold of $2,500 are only being made by warranted officials, b) review the appropriateness of purchases, including determining that individual purchases are appropriate, that the goods and services were properly received and accepted, that payment was proper through the review of merchant category codes (MCC), and by examining the record, c) ensure appropriate separation of duties between the cardholder and the approving official, and d) ensure that requirements are not split into more than a single purchase to circumvent procurement rules that apply to purchases exceeding the micro-purchase threshold or to circumvent purchase card limits. The Department has blocked more than 300 MCCs. Examples of merchant categories include: wire transfer money orders, veterinary services, airlines and car rentals, taxis and limousines, airline carriers, and banks As discussed, OCFO will utilize MCC data to identify potential transactions subject to restrictions when using the purchase card, or to identify additional MCCs that may track to improper purchases. With regard to the unauthorized payment of tuition with a purchase card, the Department will follow established debt collection procedures to recover the questioned costs. The Department also will follow up on the $218,000 in questionable purchases to determine validity and propriety. In addition, the Department will continue to work on improving our ability to readily obtain supporting documentation. Our newly published Directive on purchase card use highlights this effort. Computer Equipment: The Department is developing a single comprehensive system that covers accountable assets from purchase to disposition. Assets will be tracked and managed by a single dedicated group. We have completed a physical inventory of our accountable asset inventory. This property consisted of the following: office machines; computers, including mini- computers, and personal computers; computer peripheral equipment; communications equipment; and Personal Digital Assistants. The Department hired KPMG and American Appraisal to perform an independent physical inventory. KPMG completed a physical inventory on a sample of 819 items (out of a total 31,304 assets) representing 25 separate locations. KPMG's initial efforts located 58% of the items. Based on past experience of American Appraisal, between 40% and 60% of items are usually located while doing this type of verification. Upon completion of the initial verification, the Department performed its own inventory verification and also referred the results to American Appraisal. At the end of these three reviews, 93%, or all but five of the items, were located. The Department has come a long way in properly accounting for its physical assets. We are in the process of documenting detailed property management procedures and centralizing the property management responsibility within our Office of Management. In addition, KPMG was able to provide the Department with some valuable recommendations to improve our processes and procedures, and the Department expects to have these recommendations implemented by June 2002. While we have taken steps to enhance physical security over allocation, storage and transit of equipment, and to ensure that only authorized individuals have access to storage areas, we will continue to work to improve in this area. We have strengthened guard security at our facilities to add additional oversight at the building level, and we are currently conducting a nationwide and comprehensive physical security assessment of all space where assets are housed. Thank you again for the opportunity to comment on your proposed report. We will use what we have learned during this audit to continue to improve our financial management processes. Sincerely, Signed by: William D. Hansen: [End of section] Appendix IV: GAO Contact and Staff Acknowledgments: GAO Contact: Dan Blair, (202) 512-9401: Acknowledgments: In addition to the contact named above, Lisa Crye, Anh Dang, Bonnie Derby, David Engstrom, Bill Hamel, Jeff Jacobson, Kelly Lehr, Sharon Loftin, Bridgette Lennon, Bonnie McEwan, Diane Morris, Andy O'Connell, Russell Rowe, Brooke Whittaker, and Doris Yanger made key contributions to this report. [End of section] Footnotes: [1] U.S. General Accounting Office, Major Management Challenges and Program Risks: Department of Education, [hyperlink, http://www.gao.gov/products/GAO-01-245] (Washington, D.C.: January 1, 2001), and High-Risk Series: An Update, GAO-01-263 (Washington, D.C.: January 1, 2001). [2] Third party drafts are check-like instruments drawn on and paid by a financial institution or outside contractor. [3] U.S. General Accounting Office, Financial Management: Internal Control Weaknesses Leave Department of Education Vulnerable to Improper Payments, [hyperlink, http://www.gao.gov/products/GAO-01-585T] (Washington, D.C.: April 3, 2001), and Financial Management: Poor Internal Control Exposes Department of Education to Improper Payments, [hyperlink, http://www.gao.gov/products/GAO-01-997T] (Washington, D.C.: July 24, 2001). [4] In this report, when discussing Pell Grants and loans, we use the term "schools" to refer to postsecondary institutions, including colleges and universities, proprietary (for-profit) institutions, and vocational schools. [5] Computer application controls are directly related to specific computer programs. They help ensure that transactions are valid, properly authorized, and completely and accurately processed and reported. [6] As discussed later in this report, the limits were reduced following our April 2001 testimony before the Subcommittee on Select Education, House Committee on Education and the Workforce. [7] U.S. General Accounting Office, Internal Control: Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). [8] Because Education's Pell Grant data are maintained by school year, the time frames for the Pell Grant disbursements we reviewed were for school years 1997-1998, 1998-1999, and 1999-2000. [9] As discussed later in this section, we referred 3 of these 31 schools to Education's OIG and the remaining 28 schools to Education's Student Financial Assistance office. [10] A Pell Grant is a form of financial aid that is awarded to undergraduate students who have not earned bachelor's or professional degrees, and who are enrolled in degree or certificate programs. [11] U.S. General Accounting Office, Student Financial Aid Programs: Pell Grant Program Abuse, [hyperlink, http://www.gao.gov/products/GAO/T-OSI-94-8] (Washington, D.C.: October 27, 1993). [12] The total amount of Pell Grants disbursed by the 707 schools increased to $7.8 million when we expanded our review. [13] Investigations at 2 of these schools were done in coordination with Education's OIG. [14] Under federal regulations, a Pell Grant can be obtained to study ESL but only if the student needs ESL to use existing knowledge, training, or skills, and if the student studies ESL as part of a degree program. [15] U.S. General Accounting Office, Financial Management: Poor Internal Controls Expose Department of Education to Improper Payments, [hyperlink, http://www.gao.gov/products/GAO-01-1151] (Washington, D.C.: September 9, 2001). [16] The $3.5 million includes the $1,120,000 of Pell Grant disbursements made by the 28 schools we previously discussed that we referred to Education for follow-up. [17] These 20 schools include the 9 schools that did not provide support for the $547,000 of Pell Grant disbursements that we discussed above. [18] In December 2001, Education updated its purchase card policies and procedures. [19] The Federal Acquisition Regulation prohibits splitting purchase card transactions into more than one segment to avoid the requirement to obtain competitive bids on purchases over the $2,500 micro-purchase threshold or to circumvent higher single purchase limits. [20] The Department of Education has a regional satellite office in Puerto Rico. [21] 31 U.S.C. 1345. [22] Subsequent to the completion of our work in this area, the department provided us with a copy of an invoice it had obtained to support one of the charges for training costing $525. According to Education officials, because the vendor does not routinely generate invoices for the training courses it provides, this invoice was not available at the time of our review. The approving official stated that she approved the charge based on a certificate of completion for the training course. This certificate was not in the file at the time of our review. [23] Our estimate is based on a 95-percent confidence level and used a test materiality of $94,061. Based on the sample results, the amount of improper purchases could be as much as $133,895. [24] One of these individuals was charged in connection with a theft ring that operated during the period covered by our audit. [25] We attempted to obtain the invoices from another vendor. However, it did not provide this information to us. [26] We did not attempt to find 1 piece of equipment because it was the only piece ordered by a particular office and the cardholder was not in when we did our unannounced inventory. [27] This office was in the process of moving to a new building while we were conducting our audit work. [28] Because the Pell Grant data are maintained by school year, the time frames for the Pell Grant disbursements we reviewed were for school years 1997-1998, 1998-1999, and 1999-2000. [29] Gelco was Education's contractor for third party drafts. Gelco paid the drafts and then was reimbursed by Education. [End of section] GAO’s Mission: The General Accounting Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO’s Web site [hyperlink, http://www.gao.gov] contains abstracts and full text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as “Today’s Reports,” on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to [hyperlink, http://www.gao.gov] and select “Subscribe to daily E-mail alert for newly released products” under the GAO Reports heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov: (202) 512-4800: U.S. General Accounting Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: