Signature

The EPA Complied with
the Payment Integrity
Information Act for Fiscal
Year 2023 but Needs to
Improve Its Oversight Efforts
for Improper
and Unknown Payment
Activities

BILL TO
xxxxxxxx

May 29, 2024 | Report No. 24-P-0041

payment stream DESCRIPTION

Commoames
Contracts

CWSRF

dwsrf

Grants
payroll

Purchase Card

Travel
WIFIA

Grartd Total

$19t,484,025-00
S1,254.895.459-91
S2.30B.914,696-31
SI .378.109.325.54
SI.895.957,326.51
$2,795,720-882.37
$29,281,832.53

$41,503,035.46
5299.420,390-29

,195,266.975.92

\tlSPEC

ITAL PR©1


-------
Report Contributors

Katelyn Bell
Ryan Dzakovic
LaTanya Furdge
Daljit Loh

Gloria Taylor-Upshaw
Selina Yu

Alexandra Zapata-Torres

Abbreviations

AFR	Agency Financial Report

EPA	U.S. Environmental Protection Agency

FY	Fiscal Year

OCFO	Office of the Chief Financial Officer

OGD	Office of Grants and Debarment

OIG	Office of Inspector General

OMB	Office of Management and Budget

PI IA	Payment Integrity Information Act of 2019

Key Definitions

Improper Payment
Proper Payment
Quantitative Risk Assessment

Qualitative Risk Assessment

Unknown Payment

A payment made in an incorrect amount or to the wrong recipient.
A payment made to the right recipient for the right amount.
A statistical or nonstatistical assessment to assess the probability of
improper payments.

A technique used to quantify the risk associated with improper
payments and unknown payments.

A payment that was made without sufficient documentation for the
agency to determine whether the payment falls into the proper or
improper category.

Cover Image

The EPA's payment streams or programs with annual outlays greater than $10 million for fiscal
year 2023. (EPA OIG image)

Are you aware of fraud, waste, or abuse in an
EPA program?

EPA Inspector General Hotline

1200 Pennsylvania Avenue, NW (2431T)
Washington, D.C. 20460
(888) 546-8740
(202) 566-2599 (fax)

OIG.Hotline@epa.qov

Learn more about our OIG Hotline.

EPA Office of Inspector General

1200 Pennsylvania Avenue, NW (2410T)
Washington, D.C. 20460
(202) 566-2391
www.epaoiq.gov

Subscribe to our Email Updates.

Follow us on X (formerly Twitter) @EPAoiq.
Send us your Project Suggestions.


-------
24-P-0041
May 29, 2024

At a Glance

The EPA Complied with the Payment Integrity Information Act for Fiscal Year 2023 but
Needs to Improve Its Oversight Efforts for Improper and Unknown Payment Activities

Why We Did This Audit

To accomplish this objective:

The U.S. Environmental Protection
Agency Office of Inspector General
conducted this audit to determine
whether the EPA complied with the
Payment Integrity Information Act of
2019 for fiscal year 2023 reporting and
to evaluate the EPA's corrective action
plans and efforts to prevent and reduce
improper payments from prior audit
recommendations.

The Payment Integrity Information Act
of 2019 requires inspectors general to
determine and report their agencies'
compliance with the Act every fiscal
year. The Act also requires the heads
of each agency to periodically review
and identify all programs and activities
with costs exceeding the $10 million
statutory threshold to determine
whether they are susceptible to
significant improper payments. The
Payment Integrity Information Act of
2019 and Office of Management and
Budget Circular A-123, Appendix C,
require each agency to publish
payment integrity information with its
annual financial statements. Agency
inspectors general are to review
payment integrity reporting for
compliance and issue an annual report.

To support this EPA mission-related
effort:

• Compliance with the law.

What We Found

The EPA complied with the requirements of the Payment Integrity Information Act of 2019, or
PIIA, and the applicable Office of Management and Budget guidance for its fiscal year 2023
reporting. Pursuant to the PIIA, the EPA is required to comply with three of the ten requirements
for its FY 2023 reporting:

•	Publish payment integrity information in its Agency financial statement.

•	Post the Agency financial statement on its website.

•	Conduct risk assessments at least once every three years for each program with
annual outlays greater than $10 million.

The EPA has made progress in resolving corrective action plans and efforts to prevent and
reduce improper payments from prior audit recommendations, but Agency corrective actions
are still in process. We will review the corrective actions in the FY 2024 PIIA compliance
audit.

The Agency satisfied these requirements for PIIA compliance for FY 2023 but has an
opportunity to improve internal controls to provide better oversight of its payment integrity
activities. Specifically, we found that the EPA lacked (1) documentation to support its
conclusions for determining payment stream susceptibility to improper payments and
(2) proper monitoring of the resolution of the unknown payments from the grant payment
stream and agencywide payment integrity performance. By not having documentation to
support conclusions and proper monitoring, the EPA's risk for ineffective management is
increased.

The EPA needs to improve its internal controls to better document and
monitor payment integrity activities; maximize the likelihood of
preventing, reducing, and recovering improper payments; and reduce its
risk of ineffectively managing payment integrity activities.

Recommendations and Planned Agency Corrective Actions

We recommend that the chief financial officer develop guidance for generating and
maintaining documentation to support risk assessment determinations of whether EPA
programs are susceptible to significant improper payments. Also, the EPA should develop
oversight guidance and mechanisms to monitor the resolution of unknown payments, as well
as develop processes and tools to periodically collect and analyze agencywide payment
integrity activities and related information for preventing and reducing improper and unknown
payments. The Office of the Chief Financial Officer agreed with our recommendations. We
agree with the Agency's planned corrective actions for all recommendations, and we will
evaluate the Agency's responses during our next fiscal year audit. We consider the
recommendations resolved with corrective actions pending.

Address inquiries to our public
affairs office at (202) 566-2391 or
OIG.PublicAffairs@epa.gov.

List of OIG reports.


-------
U.S. ENVIRONMENTAL PROTECTION AGENCY

OFFICE OF INSPECTOR GENERAL

May 29, 2024

MEMORANDUM

SUBJECT: The EPA Complied with the Payment Integrity Information Act for Fiscal Year 2023 but
Needs to Improve Its Oversight Efforts for Improper and Unknown Payment Activities
Report No. 24-P-0041

This is our report on the subject audit conducted by the U.S. Environmental Protection Agency Office of
Inspector General. The project number for this audit was QA-FY24-0021. This report contains findings
that describe the problems the OIG has identified and corrective actions the OIG recommends. Final
determinations on matters in this report will be made by EPA managers in accordance with established
audit resolution procedures.

The Office of the Chief Financial Officer is responsible for the issues discussed in this report.

In accordance with EPA Manual 2750, your office provided acceptable planned corrective actions and
estimated milestone dates in response to the OIG recommendations. All recommendations are resolved,
and no final response to this report is required. If you submit a response, however, it will be posted on
the OIG's website, along with our memorandum commenting on your response. Your response should
be provided as an Adobe PDF file that complies with the accessibility requirements of section 508 of the
Rehabilitation Act of 1973, as amended. The final response should not contain data that you do not want
to be released to the public; if your response contains such data, you should identify the data for
redaction or removal along with corresponding justification.

We will post this report to our website at www.epaoig.gov.

To report potential fraud, waste, abuse, misconduct, or mismanagement, contact the OIG Hotline at (888) 546-8740 or OIG.Hotline@epa.gov.

FROM:	Sean W. O'Donnell, Inspector General

TO:

Faisal Amin, Chief Financial Officer


-------
Table of Contents

1.	Introduction	1

Purpose	1

Background	1

Responsible Offices	4

Scope and Methodology	4

Prior Reports	5

2.	The EPA Complied with Payment Integrity Requirements for FY 2023, but Prior
Recommendations Are Unimplemented	7

The EPA Addressed a Concern and Is Compliant with OMB Payment Integrity

Improvement Requirements	7

The EPA Still Must Complete Corrective Actions to Address EPA OIG Prior

Recommendations from FY 2021 PI IA Compliance Audit	9

3.	The EPA Needs to Improve Its Oversight of Its Payment Integrity Activities	11

Qualitative Risk Assessments Lacked Documentation to Support Susceptibility

Conclusions	11

The EPA Is At Risk of Ineffectively Managing Payment Integrity Performance	13

Recommendations	13

Agency Response and OIG Assessment	14

Status of Recommendations	15

A Agency Response to Draft Report	16

B Distribution	19

i


-------
Chapter 1

Introduction

Purpose

The U.S. Environmental Protection Agency Office of Inspector General initiated this audit to determine
whether the EPA complied with the Payment Integrity Information Act of 2019, or PIIA, for fiscal
year 2023 reporting and to evaluate the EPA's corrective action plans and efforts to prevent and reduce
improper payments from prior audit recommendations.

Background

Congress enacted the PIIA on March 2, 2020, to improve efforts to identify and reduce governmentwide
improper payments. Appendix C, "Requirements for Payment Integrity Improvement/' of Office of
Management and Budget Circular A-123, dated March 5, 2021, sets forth requirements for agencies and
OIGs to comply with the PIIA. According to Appendix C, an agency must meet up to ten specific criteria
to comply with the Act depending on the agency's current stage of improper payments reporting.

Appendix C requires the Agency to conduct a risk assessment at least once every three years for any
programs or activities that exceed $10 million in annual outlays. The EPA divides its programs and
activities into payment streams for its improper payments reporting. Since the Agency conducted risk
assessments for eight payment streams exceeding $10 million in annual outlays in its FY 2021 reporting,
the EPA was not required to conduct risk assessments for those payment streams until its FY 2024
reporting.

The PIIA and Federal Guidance for Improper Payments

The PIIA directs the head of each executive branch agency to periodically review all programs and
activities with annual outlays greater than $10 million and to identify those that may be susceptible to
significant improper payments. Agency heads must conduct these periodic reviews, referred to as risk
assessments, at least once every three years. As described in Appendix C of OMB Circular A-123, these
risk assessments can be either qualitative or quantitative but must reasonably determine whether a
program is susceptible to significant improper payments.

According to the OMB's Appendix C guidance, all program payments fall into one of three payment
categories: proper, improper, or unknown. A proper payment is made to the right recipient for the right
amount; an improper payment is an incorrect amount or made to the wrong recipient; and an unknown
payment is made without sufficient documentation so the agency cannot determine, without further
information, whether the payment is proper or improper. Unknown payments "will eventually be
determined to be proper or improper," and an agency may be required to report those improper
payments in future years.

1


-------
Appendix C of OMB Circular A-123 states that a program is susceptible to significant improper payments
if the total annual improper and unknown payment amount exceeds the statutory threshold. The
statutory threshold for a program is either (1) 1.5 percent of program outlays and $10 million of all
program payments made during the fiscal year or (2) $100 million. Additionally, Appendix C states that
programs should consider causes of improper payments and unknown payments and "the likelihood of
their occurrence in their process of identifying and monitoring payment integrity risks to the program."
Examples of identifying payment integrity risks include identifying trends, patterns, and anomalies
within data.

The PI IA requires each agency's inspector general to annually determine the agency's compliance with
the PI IA and to issue a report on that determination. Furthermore, Appendix C of OMB Circular A-123
requires each inspector general to:

•	Evaluate the risk assessments to determine whether they adequately conclude whether the
programs are likely to make improper and unknown payments above or below the statutory
threshold.

•	Evaluate the agency's efforts to prevent and reduce improper and unknown payments.

•	Recommend changes to the agency's improper payment risk-assessment methodology if the
OIG determines that a risk assessment incorrectly identified whether a program or activity was
likely to make improper and unknown payments above or below the statutory threshold.

Appendix C requires that agencies proactively manage the payment integrity risk of their programs to
prevent improper and unknown payments. Appendix C further says that even if the OIG determines that
the agency program is in overall compliance with the PI I A, "[a] recommendation for improvement
should be considered any time an OIG identifies an action that if taken would improve the program as it
relates to a specific evaluation criterion."

Federal Guidance Requires Internal Controls

According to Appendix C of OMB Circular A-123, the main requirements to comply with the PI IA and to
prevent and reduce improper payments include the following:

•	Agencies are responsible for establishing and maintaining effective internal controls, such as
mechanisms, rules, policies, and procedures implemented by an agency to ensure the integrity
of financial information as well as the detection and prevention of improper payments and
unknown payments.

•	Programs, to be effective, should prioritize efforts toward preventing improper payments from
occurring.

•	Management must establish and conduct monitoring activities to assess the quality of
performance overtime.

2


-------
• Agencies are responsible for maintaining documentation of meeting the requirements set forth
in Appendix C.

EPA Policies and Procedures Regarding Grants Require Resolution in a
Timely Manner

The Office of the Chief Financial Officer's Standard Operating Procedure Grants Improper Payment
Review, dated October 2022, states that for improper payment reporting purposes, all questioned costs
under review must be resolved each year by June 30th. Costs that are not resolved by June 30th should
be reported as improper payments. Also, the Office of Grants and Debarment's, or OGD's, Policy Notice
No. PN-2013-G03, Improper Payments Elimination and Recovery Improvement Act of 2012 Reporting,
holds grants management officers responsible for ensuring the resolution of questioned costs in a timely
manner and the OGD's National Policy, Training, and Compliance Division responsible for reminding
grants management officers to complete reviews and update the Grantee Compliance and Recipient
Activity database or grantee compliance database entries. The OCFO's Standard Operating Procedure
Grants Improper Payment Review states that the timeline to reconcile all identified improper payments
and to report improper payments in the Agency Financial Report, or AFR, is from August through
September of each reporting year.

The EPA's FY 2023 Reporting and Risk Assessments

To facilitate its payment integrity assessment process for determining improper payments risks, the
OCFO stated that it obtains information from the EPA's Compass Business Objects Reporting database
and questionnaires completed by the payment streams leads who oversee payment activities
throughout the Agency.

According to Appendix C of OMB Circular A-123, when conducting a qualitative assessment for risk of
improper payments and unknown payments, "the agency should ensure that proper consideration has
been given to relevant factors." The OCFO uses 13 risk factors, which include the 11 risk factor examples
listed in Appendix C of OMB Circular A-123 for its qualitative risk assessments and risk factor categories
for PI IA audit results and other risks not covered. Appendix C of OMB Circular A-123 example risk factors
include whether the program is new to the agency; the complexity of the program reviewed; recent
major changes in program funding, authorities, practices, or procedures and the accuracy and reliability
of improper payment and unknown payment estimates previously reported for the program; or other
indicators of potential susceptibility to improper payments and unknown payments identified.

According to the EPA's AFR for FY 2023 reporting, the qualitative risk assessments determined that
eight of the nine payment streams with outlays exceeding $10 million were not likely to be susceptible
to significant improper payments. The risk assessment for the grants payment stream determined that
the stream is susceptible to significant improper payments. As a result, the EPA will perform statistical
sampling as part of the quantitative risk assessment in FY 2024. Table 1 outlines the susceptibility of the
EPA's FY 2023 qualitative risk assessments performed on its nine payment streams.

3


-------
Table 1: Summary of the EPA's FY 2023 assessment of improper payment susceptibility

Payment stream

Likely to be susceptible to
significant improper
payments

1

Commodities

No

2

Contracts

No

3

Clean Water State Revolving Fund

No

4

Drinking Water State Revolving Fund

No

5

Grants

Yes

6

Payroll

No

7

Purchase Cards

No

8

T ravel

No

9

Water Infrastructure Finance and Innovation Act

No

Source: EPA FY 2023 AFR. (EPA OIG table)

Responsible Offices

The OCFO formulates the EPA's annual budget and performance plan; coordinates the EPA's strategic
planning efforts; develops guidance to support reporting requirements in the EPA's AFR; provides
financial services for the EPA; and makes payments to grant recipients, contractors, and other vendors.
The OCFO is responsible for creating policies for, issuing reports on and overseeing the EPA's financial
operations. The Office of the Controller, which is located within the OCFO, is responsible for overseeing
the Agency's payment integrity program. The Office of the Controller develops, manages, and supports
the Agency's financial management program by interpreting fiscal legislation, maintaining fiscal
operations, and implementing governmentwide external reporting reforms. Within the Office of the
Controller, the Policy, Training and Accountability Division oversees the EPA's efforts at preventing,
identifying, and recovering improper payments.

Scope and Methodology

We conducted this performance audit from November 2023 to May 2024 in accordance with generally
accepted government auditing standards. Those standards require that we plan and perform the audit
to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions
based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for
our findings and conclusions based on our audit objectives.

We assessed the internal controls necessary to satisfy our audit objectives.1 In particular, we assessed
the internal control components—as outlined in the U.S. Government Accountability Office's Standards
for Internal Control in the Federal Government— significant to our audit objectives. Any internal control
deficiencies we found are discussed in this report. Because our audit was limited to the internal control

1 An entity designs, implements, and operates internal controls to achieve its objectives related to operations,
reporting, and compliance. The U.S. Government Accountability Office sets internal control standards for federal
entities in GAO-14-704G, Standards for Internal Control in the Federal Government, issued September 10, 2014.

4


-------
components deemed significant to our audit objectives, it may not have disclosed all internal control
deficiencies that may have existed at the time of the audit.

To answer our objectives, we assessed the Agency's payment integrity activities against Appendix C of
OMB Circular A-123, which sets forth requirements for agencies and the OIGs to comply with the PI I A. In
this audit of the EPA's FY 2023 reporting, we reviewed three of the ten requirements for overall
compliance and did not review the other seven requirements because they were not applicable to
include because the EPA is not required to conduct risk assessments until its FY 2024 reporting. We
verified that the EPA (1) published payment integrity information with the annual financial statement,

(2)	posted the annual financial statement and accompanying materials on the Agency's website, and

(3)	conducted improper payment risk assessments for each program with annual outlays greater than
$10 million at least once in the last three years. We detail the ten requirements as set forth in
Appendix C and the EPA's compliance in Table 2.

We also reviewed the EPA's grant policies and procedures relating to improper and unknown payments.
Additionally, we assessed the EPA's implementation of corrective actions and efforts in response to prior
audit recommendations by obtaining and analyzing the supporting documentation for these actions.

We also sought to understand the procedures, oversight, and controls that management put in place to
report improper and unknown payments, as well as the controls surrounding the risk assessment
compilation. To accomplish this, we reviewed the EPA's FY 2023 AFR and its accompanying materials,
and we verified that the EPA posted the report on its website. We also interviewed the OCFO staff to
obtain an understanding of the processes, procedures, and controls used for improper payment
reporting across the EPA.

We evaluated the OCFO's qualitative risk assessments and supporting documentation. We also analyzed
payment activity data for each payment stream that the EPA reported for its FY 2023 reporting.
Additionally, we reviewed the Agency's Enterprise Audit Management System to determine the status of
our prior PI IA audit recommendations and to examine the EPA's results of its grants payment stream
unknown payments totaling about $10.3 million, which we identified in the EPA's FY 2021 improper
payments risk assessment. We also retrieved grant information from the EPA's grantee compliance
database and the Compass Data Warehouse database to verify the results of the grant unknown
payments that we identified in our audit of FY 2021 reporting.

Prior Reports

In EPA OIG Report No. 22-P-0050. The EPA Was Not Compliant with the Payment Integrity Information
Act for Fiscal Year 2021, issued June 27, 2022, we found that the EPA was not compliant with the PI IA for
its FY 2021 reporting and needed to improve risk assessments to adequately conclude whether the
program's improper and unknown payments exceeded the compliance threshold. We issued
four recommendations, and the EPA recorded all the recommendations as complete in its Enterprise
Audit Management System.

5


-------
In EPA OIG Report No. 23-P-0017. The EPA Complied with the Payment Integrity Information Act for
Fiscal Year 2022, issued May 16, 2023, we found that the EPA was compliant with the PIIA and related
OMB guidance for its FY 2022 reporting. We made no recommendations in the report.

Chapter 2 contains a discussion of the status of the recommendations from the FY 2021 PI IA compliance
report.

6


-------
Chapter 2

The EPA Complied with Payment Integrity
Requirements for FY 2023, but Prior Recommendations
	Are Unimplemented	

The EPA is compliant with the PIIA and related OMB guidance for its FY 2023 improper payments
reporting. For FY 2023 reporting, the EPA needed to satisfy three of the ten requirements outlined in
Appendix C of OMB Circular A-123. The EPA published its payment integrity information with the annual
financial statements and submitted its AFR to the OMB. The Agency posted its annual financial
statements and accompanying materials on its website on November 15, 2023. Additionally, the EPA
conducted improper payment risk assessments at least once in the last three years for each payment
stream with annual outlays that exceeded the $10 million threshold. While reviewing for compliance, we
noted a potential OMB compliance concern that was resolved immediately. Additionally, the EPA is still
in the process of resolving recommendations from the FY 2021 PI IA compliance report.

The EPA Addressed a Concern and Is Compliant with OMB Payment
Integrity Improvement Requirements

As shown in Table 2, the EPA is compliant with the PI IA and related OMB guidance for its FY 2023
improper payments reporting. However, during our audit we found a potential compliance concern, and
the EPA resolved it immediately. When the EPA initially published its FY 2023 AFR, the report was
missing a link to PaymentAccuracy.gov, which provides the Agency's accompanying materials to the
financial statements. Appendix C to OMB Circular A-123 requires agencies to include a link to
PaymentAccuracy.gov within its AFR and post it on the agency's website. When we identified that the
link was missing, the OCFO acknowledged that the omission was because of an editorial oversight and
immediately revised its FY 2023 AFR to include the link. We determined that the OCFO's actions satisfied
the OMB compliance requirement. In response to the omission, the OCFO created a checklist to ensure
that required information will be included in the Agency's AFR. The checklist includes areas that note the
required contents of the AFR, analysis of systems, controls and legal compliance, summary of the
financial statement audit with management assurances, and PI IA reporting. The OCFO finalized the
checklist during our fieldwork to use in FY 2024 reporting.

7


-------
Table 2: PIIA compliance reporting for EPA payment streams

No.

Compliance requirement

Commodities

Contracts

Clean Water SRF

Drinking Water SRF

Grants

Payroll

Purchase Cards

T ravel

WIFIA

1

Published payment integrity information with the annual
financial statement

~

~

~

~

~

~

~

~

~

2

Posted the annual financial statement and accompanying
materials on the agency website

V

~

~

V

~

V

~

y

~

3

Conducted improper payment risk assessments for each
program with annual outlays greater than $10 million at least
once in the last three years

V

~

~

V

~

V

~

y

~

4

Adequately concluded whether the program is likely to make
improper and unknown payments above or below the
statutory threshold

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

5

Published improper and unknown payment estimates for
programs susceptible to significant improper payments in the
accompanying materials to the annual financial statement

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

5

Published corrective action plans for each program for which
an estimate above the statutory threshold was published in
the accompanying materials to the annual financial
statement

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

7

Published improper and unknown payment reduction target
for each program for which an estimate above the statutory
threshold was published in the accompanying materials to
the annual financial statement

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

8

Demonstrated improvements to payment integrity or reached
a tolerable improper and unknown payment rate

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

9

Developed a plan to meet the improper and unknown
payment reduction target

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

10

Reported an improper and unknown payment estimate of
less than 10% for each program for which an estimate was
published in the accompanying materials to the annual
financial statement

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

n/a

Notes: V = Compliant; n/a = not applicable; SRF = state revolving fund; WIFIA = Water Infrastructure Finance and
Innovation Act.

Source: OIG analysis of the EPA's FY 2023 AFR payment integrity data and accompanying financial materials. (EPA
OIG table)

8


-------
The EPA Still Must Complete Corrective Actions to Address EPA OIG
Prior Recommendations from FY 2021 PIIA Compliance Audit

According to the EPA, it completed all four recommendations for EPA OIG Report No. 22-P-0050. The
recommendations are outlined in Table 3. During our review of the FY 2022 reporting, we found that the
corrective actions for Recommendations 1 and 4 met the intent of our recommendations. The planned
corrective actions for Recommendation 2 were not due to be completed until November 2023. In
response to Recommendation 2, the EPA performed off-cycle qualitative risk assessments for its nine
payment streams exceeding $10 million in annual outlays in FY 2023 and included its payment integrity
reporting for fiscal year 2023 in its FY 2023 AFR.

Table 3: EPA OIG Report No. 22-P-0050 recommendations

No.

Recommendation

1

Review the OIG-identified questioned costs for the grants payment stream, determine the payment
allowability, recover costs as appropriate, and recalculate the error rate.

2

Conduct an off-cycle risk assessment, applying the Standard Operating Procedure Grants Improper Payment
Review, dated September 2021, and include the risk assessments in the Agency's Fiscal Year 2023 Agency
Financial Report, ensuring that the risk assessments contain:

a.	An assessment of all programs and activities with outlays greater than $10 million.

b.	An identification of which programs and activities with annual outlays exceeding the statutory threshold are
included in each risk assessment.

c.	A mechanism for identifying, accounting for, estimating, and reporting improper and unknown payments
and for detailing efforts taken to prevent and reduce such payments.

3

For payment streams other than the grants payment stream, update standard operating procedures so that
they establish a sufficient methodology for programs and activities with outlays of more than $10 million to
adequately conclude whether they are susceptible to significant improper payments. The standard operating
procedure should identify which programs or activities are included.

4

Periodically train Agency personnel on and provide completed course training certificates for:

a.	The Standard Operating Procedure Grants Improper Payment Review, dated September 2021, which
includes the Payment Integrity Information Act Review Checklist. Such training should include any updates to
these documents and emphasize the application of the cost-allowance principles and the adherence to the
terms and conditions of federal awards.

b.	All standard operating procedures, as well as any updates to them, implemented for other payment
streams.

Source: EPA OIG Report No. 22-P-0050. (EPA OIG table)

During this audit, we reviewed the EPA's corrective actions for Recommendation 2 from EPA OIG Report
No. 23-P-0017 and found that the Agency conducted qualitative risk assessments for nine payment
streams using its standard operating procedure titled Payment Integrity Qualitative Risk Assessments,
dated June 2023,2 for all payment streams that exceed $10 million in annual outlays which addresses
Recommendation 2a. Using this procedure, the EPA determined that the grants payment stream is likely

2 In EPA OIG Report No. 23-P-0017, in which we audited the EPA's PIIA FY 2022 reporting, we previously reported
that the Agency planned to conduct qualitative risk assessments for FY 2023 reporting by administering
questionnaires and not use the September 2021 operating procedure to meet the intent of Recommendation 2
from EPA OIG Report No. 22-P-0050.

9


-------
to be susceptible to significant improper payments. Beginning in FY 2024, the OCFO advised us that it
plans to conduct a quantitative risk assessment to determine whether the grants payment stream
exceeds the threshold for susceptibility of significant improper payments, which will address
Recommendations 2b and 2c. We will review the Agency's quantitative risk assessment in our audit of
its FY 2024 reporting and determine whether Recommendation 2 is completed.

We found that the Agency's corrective actions for Recommendation 3 did not meet the intent of our
recommendation as stated in our FY 2022 PIIA compliance report. In Recommendation 3, we proposed
updates to the EPA's standard operating procedure for payment streams other than grants, which
should identify which programs or activities are included. In our FY 2022 PI IA compliance report, we
noted that the procedure was missing program-specific risk methodologies to adequately determine
whether a specific payment stream is susceptible to significant improper payments. In October 2022,
the EPA reported completing Recommendation 3 in its Enterprise Audit Management System. The
Agency updated its qualitative risk assessment standard operating procedure in June 2023. We will
review the EPA's implementation of corrective actions for Recommendation 3 after the Agency
completes its risk assessments for payments streams in its FY 2024 reporting.

10


-------
Chapter 3

The EPA Needs to Improve Its Oversight of Its Payment
	Integrity Activities	

The EPA needs effective internal controls to improve its oversight of its payment integrity activities to
ensure compliance with PI IA and Appendix C of OMB Circular A-123. The EPA needs to improve
(1) documenting its risk assessment conclusions to support its determinations for payment stream
susceptibility resolution and (2) proper monitoring of the resolution of unknown payments from the
grant payment stream and agencywide payment integrity performance. Specifically, the OCFO did not
have sufficient documentation that would enable us to evaluate the Agency's conclusions for its
qualitative risk assessment determinations. Also, as the overseer of the EPA's payment integrity
program, the OCFO needs to improve its oversight of the grant unknown payments to ensure that they
are resolved and accurately reported. In addition, the OCFO needs to monitor the Agency's payment
integrity performance to ensure its efforts in preventing improper payments and unknown payments
are effective. By increasing agencywide payment integrity performance monitoring, the OCFO could
assist the Agency in obtaining information to support its efforts to prevent and reduce improper
payments.

Qualitative Risk Assessments Lacked Documentation to Support
Susceptibility Conclusions

The OCFO's supporting documentation for its qualitative risk assessments did not enable us to evaluate
the methodology used to determine whether payment streams are likely to make improper payments
and unknown payments above or below the statutory threshold.

The EPA's 13 risk factors in the risk assessment questionnaire includes yes or no questions followed by
related multiple-choice questions. The questionnaire includes space for a justification after each risk
factor. We found that some questionnaire responses did not include a justification or that the
justification did not include enough information for the selected response in the questionnaire. The risk
assessment is then scored and reported by the OCFO.

Appendix C to the OMB Circular A-123 states that the OIG's compliance report must also include an
evaluation of agency efforts to prevent and reduce improper payments and unknown payments. The
OCFO did not have documentation to support how it considers payment stream risk assessment
justifications or whether the characteristics of the activities included in each payment stream were
incorporated or considered in the OCFO's conclusions regarding a payment stream's susceptibility. As a
result, we could not evaluate the methodology that the OCFO used for its qualitative risk assessment
determinations.

11


-------
The OCFO lacks sufficient controls for documenting management conclusions related to the improper
payment qualitative risk assessment determinations and monitoring the resolution of grant unknown
payments and agencywide payment integrity performance of the EPA's effectiveness in preventing and
reducing improper payments. The OCFO has not implemented guidance requiring staff to document
qualitative risk assessment conclusions or determinations of improper payment susceptibility.

Delayed Resolution of Grant Unknown Payments Needs Monitoring

The OCFO needs to develop and implement guidance and mechanisms to monitor the OGD's review of
grant unknown payments because of the delay in resolving unknown payments. The EPA questions the
costs of a grant claim when the required documentation to support the claimed costs is missing or
inaccurate. While the OGD's grants management officers are responsible for resolving questioned costs
in a timely manner, the OCFO oversees the Agency's payment integrity program including monitoring
program performance.

The OGD and the OCFO are still working to resolve costs questioned in the OIG's FY 2021 PI IA
compliance report. As of this audit, the OGD is still working to resolve the OIG's FY 2021 questioned
costs totaling about $10.3 million. The OCFO indicated that the EPA disallowed $384,410 and recovered
about $265,129. The OGD noted in March 2023 that it will issue a cost disallowance letter totaling about
$119,281 the week of March 6; however, emails noted that as of November 2023, the grants
management officer still had not sent the disallowance letter. On March 6, 2024, an OGD official stated
that Region 9 would notify the recipient of the FY 2021 improper payment within the next 15 days. We
accessed the EPA's financial management system and was able to verify that the Agency documented
$265,129 as improper and for recovery.

The OCFO does not have a policy specific for monitoring the management and resolutions of unknown
payments. Pursuant to Appendix C, establishing and maintaining effective internal controls to prevent
and detect improper payments and unknown payments should be a priority. The EPA's improper
payment reporting requirements document states that the OCFO oversees the EPA's payment integrity
program and several offices within the Agency must implement and monitor internal control activities
for their associated payment streams, with the goal of preventing, identifying, and recovering improper
payments. The OCFO has the oversight responsibility for monitoring program performance and
developing agencywide guidance in support of ongoing annual payment integrity activities and reporting
requirements.

The OCFO Needs to Monitor Agencywide Payment Integrity Performance

The OCFO does not monitor agencywide payment integrity performance. While the OCFO performed
the activities necessary to comply with PI IA reporting requirements, it did not perform any monitoring
activities. The OCFO stated that it had not formally reviewed agencywide improper payment and
unknown payment trend information from 2019 through 2023 because of the high recovery rate for
improper payments. The OCFO also stated that it uses qualitative risk assessments of the programs and
payment streams to assess the effectiveness of its efforts to prevent and reduce improper payments.

12


-------
EPA OIG Report No. 22-P-0050 states that in FY 2021, the Agency conducted improper payment risk
assessments, which the PIIA requires to be done at least every three years. The EPA also conducted
off-cycle risk assessments for its FY 2023 reporting in response to Recommendation 2 in EPA OIG Report
No. 22-P-0050. However, the risk assessments use the same criteria for each payment stream and does
not consider new and changing risks, which should be considered as part of prevention according to
Appendix C of OMB Circular A-123. The circular also states that "[a] 11 programs should have a structured
and systematic approach to recognizing where the potential for [improper and unknown payments] can
arise."

The OCFO recognized that more agencywide oversight is necessary because of the increase in EPA
funding from the Infrastructure Investment and Jobs Act and the Inflation Reduction Act, which provide
approximately $100 billion to fund EPA programs, the majority of which will be distributed in the form of
grants. During the audit, the OCFO informed us that it is in the process of planning and designing
internal procedures and developing mechanisms to improve its oversight of the EPA's payment integrity
efforts to prevent and reduce improper payments.

The EPA Is At Risk of Ineffectively Managing Payment Integrity
Performance

The EPA increases its risks of ineffectively managing payment integrity if the Agency does not make
internal control improvements. By not ensuring sufficient documentation of its conclusions, the OCFO
hinders its ability to demonstrate that its qualitative risk assessments address the susceptibility of its
payment streams or programs. Also, if the OCFO provides more monitoring of the OGD's grant unknown
payment review and results, the Agency may improve the time it takes to resolve unknown payments
and increase the likelihood of recovering any improper payments. Lastly, if the OCFO is monitoring
agencywide payment integrity performance, improved controls would assist the Agency in its oversight
of preventing and reducing improper payments and unknown payments. During our audit, the OCFO
stated that it was beginning to develop mechanisms to monitor agencywide payment integrity
performance, such as meeting with payment streams individually to discuss payment integrity efforts
and developing a payment integrity checklist.

Recommendations

We recommend that the chief financial officer:

1.	Develop guidance for generating and maintaining documentation to support risk assessment
determinations of whether EPA programs or payment streams are identified to be susceptible to
significant improper payments.

2.	Develop oversight guidance and mechanisms to monitor the resolution of unknown payments to
make sure they are resolved in a timely manner.

13


-------
3. Develop processes and tools to periodically collect and analyze agencywide payment integrity
activities and related information for preventing and reducing improper and unknown
payments.

Agency Response and OIG Assessment

The OCFO agreed with our recommendations, provided planned corrective actions, and established
milestone dates. The OCFO stated that "ensuring for payment integrity that proper controls are in place
to safeguard the agency's resources is critical to preventing fraud, waste, and abuse and reflects the
agency's historical commitment." Appendix A includes the Agency's response to our draft report.

For Recommendation 1, the Office of the Controller plans to update standard operating procedures for
performing qualitative risk assessments. We agree with the Agency's planned corrective actions for
Recommendation 1 and will review implementation of these planned actions in our FY 2024 EPA PI IA
compliance audit.

For Recommendation 2, the Office of the Controller updated its guidance document for improper
payments and unknown payments. We reviewed the updated guidance, which detailed monthly
reporting requirements for all payment streams related to payments reviewed, payments with
questioned costs or with identified improper payments, prior year overpayment recovery status, and
transaction testing results. We agree with the Agency's planned corrective actions for
Recommendation 2, and we will further evaluate the Agency's corrective action for this
recommendation in the FY 2024 EPA PI IA compliance audit.

For Recommendation 3, the Office of the Controller said that it developed a standard reporting template
to gather improper and unknown payment data elements across the Agency's payment streams on a
monthly basis. The Agency also said that information collected will include the cause for the improper
payment or unknown payment and the status for recapturing these funds. We agree with the Agency's
planned corrective actions for Recommendation 3 and will review implementation of these planned
actions in our FY 2024 EPA PI IA compliance audit.

14


-------
Status of Recommendations

Rec.
No.

Page
No.

Recommendation

Status*

Action Official

Planned
Completion
Date

1

13

Develop guidance for generating and maintaining documentation
to support risk assessment determinations of whether EPA
programs or payment streams are identified to be susceptible to
significant improper payments.

R

Chief Financial Officer

6/30/24

2

13

Develop oversight guidance and mechanisms to monitor the
resolution of unknown payments to make sure they are resolved
in a timely manner.

R

Chief Financial Officer

5/13/24

3

14

Develop processes and tools to periodically collect and analyze
agencywide payment integrity activities and related information
for preventing and reducing improper and unknown payments.

R

Chief Financial Officer

5/31/24

* C = Corrective action completed.

R = Recommendation resolved with corrective action pending.
U = Recommendation unresolved with resolution efforts in progress.

15


-------
Appendix A

Agency Response to Draft Report

i *

"< PRO^

THE CHIEF FINANCIAL OFFICER

WASHINGTON, D.C. 20460

May 20, 2024

MEMORANDUM

SUBJECT: Response to the Office of Inspector General Draft Report, Project No. OA-FY24-0021,
"The EPA Complied With the Payment Integrity Information Act for FY 2023, but Needs
to Improve Its Oversight Efforts for Improper and Unknown Payment Activities," dated
May 10, 2024

FROM:	for Faisal Amin, Chief Financial Officer

Office of the Chief Financial Officer

GREGG
TREML

Digitally signed by
GREGG TREML
Date: 2024.05.20
12:15:06 -04W

TO:

Gloria Taylor-Upshaw, Director
Business Operations Directorate
Office of Audit

Thank you for the opportunity to respond to the issues and recommendations in the subject draft
report. The following is a summary of the U.S. Environmental Protection Agency's overall position,
along with its position on the report's recommendations.

AGENCY'S OVERALL POSITION

The draft report contains three recommendations for the Office of the Chief Financial Officer. The EPA
agrees with the Office of Inspector General's recommendations. Ensuring for payment integrity that
proper controls are in place to safeguard the agency's resources is critical to preventing fraud, waste,
and abuse and reflects the agency's historical commitment.

OCFO Payment Integrity Oversight

Prior to the OIG beginning this audit, the OCFO was developing and implementing measures to
enhance payment integrity oversight, operations, and stakeholder engagement. These efforts
include providing training to the responsible payment stream offices on the requirements outlined in
the Payment Integrity Information Act and the Office of Management and Budget's Circular A-123,
Appendix C, Requirements for Payment Integrity Improvement. In March 2024, the OCFO developed
a Payment Integrity Checklist to assist offices with identifying and documenting controls and
mechanisms in place to detect, prevent, and recapture improper payments.

16


-------
The OCFO also established quarterly stakeholder meetings to discuss the EPA's ongoing payment
integrity efforts, discuss best practices used throughout the federal government, and to provide a
forum for payment streams to engage on various topics and approaches to prevent improper
payments. For newer payment streams, such as the Clean School Bus Rebate Program, and the
Greenhouse Gas Reduction Fund Grants Program, the OCFO developed additional payment integrity
resources, such as a reporting requirements overview document, to assist in preparing these
payment streams to effectively prevent, monitor, and report improper and unknown payments, and
coordinates frequent engagement and coordination to ensure the proper measures are in place to
prevent improper payments. The increased engagement and additional resources are examples of
the OCFO's commitment to create additional monitoring of the controls in place to prevent and
detect improper payments.

FY 2021 OIG PIIA Compliance Report - Recommendation No. 3

Regarding the OIG's position on the agency's corrective action provided for Recommendation 3 from
the OIG's Fiscal Year 2021 PI IA Compliance Audit (Report No. 22-P-0050), the OCFO interpreted the
OIG's position to be that the corrective action the OCFO provided did not meet the intent of the
OIG's recommendation. As the OCFO provided agreed-upon corrective actions to close this
recommendation in FY 2023, we also recognize the OIG's prudent work to ensure the enhancements
to the payment integrity standard operating procedures for qualitative risk assessments has the
intended impact on the results of future qualitative risk assessments. However, after further
discussion between my staff and your office, it is EPA's understanding the OIG agrees the agency
provided the agreed-upon corrective action and the OIG will assess the adequacy of the corrective
action meeting the intent of the recommendation during your FY 2024 PI IA compliance audit. Thus,
no further action is required from the OCFO at this time. I look forward to the OIG's review during
the FY 2024 PI IA compliance audit.

AGENCY RESPONSE TO DRAFT REPORT RECOMMENDATIONS

Recommendation

Office

High-Level Intended Corrective
Action(s)

Planned
Date

1. Develop guidance for
generating and maintaining
documentation to support risk
assessment determinations of
whether EPA programs or
payment streams are identified
to be susceptible to significant
improper payments.

OCFO

Concur. The OCFO's Office of the
Controller will update the Standard
Operating Procedures for performing
qualitative risk assessments to include
detailed instructions on generating and
maintaining documentation to support
risk assessment determinations for
susceptibility to significant improper
payments.

6/30/2024

17


-------
2. Develop oversight guidance
and mechanisms to monitor the
resolution of unknown
payments to make sure they are
resolved in a timely manner.

OCFO

Concur. The OCFO's Office of the
Controller has updated it's "Improper
Payment Reporting Guidance" document
to include a requirement for monthly
updates on improper payments and
unknown payments.

Completed
5/13/2024

3. Develop processes and tools
to periodically collect and
analyze agencywide payment
integrity activities and related
information for preventing and
reducing improper and
unknown payments.

OCFO

Concur. The OCFO's Office of the
Controller has developed a standard
reporting template to gather improper
payment and unknown payment data
elements across the agency's payment
streams on a monthly basis. Information
collected will also include the cause for
the IP or UP and the status for
recapturing these funds.

5/31/2024

CONTACT INFORMATION

If you have any questions regarding this response, please contact the OCFO's Audit Follow-up

Coordinator, Andrew LeBlanc, at leblanc.andrew@epa.gov or (202) 564-1761.

cc: Gregg Treml
Lek Kadeli

Meshell Jones-Peller
Adil Gulamli
OCFO-OC-MANAGERS
Katelyn Bell
Ryan Dzakovic
Brian Webb
Nikki Wood
Jovandra Sanderlin
Mark T. Howard
Eric Fox
Susan Perkins
Andrew LeBlanc
Jose Kercado

18


-------
Appendix B

Distribution

The Administrator

Deputy Administrator

Chief of Staff, Office of the Administrator

Deputy Chief of Staff for Management, Office of the Administrator
Chief Financial Officer
Agency Follow-Up Coordinator
General Counsel

Associate Administrator for Congressional and Intergovernmental Relations

Associate Administrator for Public Affairs

Audit Follow-Up Coordinator, Office of the Administrator

Deputy Chief Financial Officer

Associate Chief Financial Officer

Senior Advisor, Office of the Chief Financial Officer

Controller

Deputy Controller

Director, Office of Continuous Improvement, Office of the Chief Financial Officer
Director, Policy, Training, and Accountability Division, Office of the Controller

Chief, Management, Integrity and Accountability Branch; Policy, Training, and Accountability Division,

Office of the Controller
Office of Policy OIG Liaison
Office of Policy GAO Liaison

Audit Follow-Up Coordinators, Office of the Controller

19


-------
Whistleblower Protection

U.S. Environmental Protection Agency

The whistleblower protection coordinator's role
is to educate Agency employees about
prohibitions against retaliation for protected
disclosures and the rights and remedies against
retaliation. For more information\, please visit
the OlG's whistleblower protection webpage.

Contact us:

Congressional Inquiries: OIG.CongressionalAffairs(5>epa.gov

Media Inquiries: OIG.PublicAffairs@epa.gov
line EPA OIG Hotline: OIG.Hotlline(5>epa gov

-pnr Web: epaoig.gov

Follow us:

X (formerly Twitter): ffiepaoig

Linkedln: linkedin.com/company/epa-oig
YouluDe: voutube.com/epaoig
[01 Instagram: (S)epa.ig.on.ig


-------