Desarrollo y crecimiento competitivo local y regional: importancia de la FPT

Complex financial relationships

The duties of a U.S. government internal auditor are greatly affected by the diverse and complex financial relationships that obtain between the government and other parties. In principle, the internal audit unit is responsible for examining all aspects of an agency’s operations and the resources entrusted to it.

Relatively few of the goods and services for which the government pays are actually produced or delivered by government employees. For example, the government finances a considerable share of the nation’s health care services but only a small part of these services is delivered by federal employees. Most people receive their services from independent health care providers. The federal share of the fees charged by these providers is paid through intermediaries. In some cases these are private insurance companies. In others, it is a state government, who may then use an insurance company as its own intermediary in dealing with the health care providers.

Similarly, virtually all of the facilities and equipment used by government personnel are actually produced under contract by companies in the private sector. Government office buildings, for example, are built (and often routinely maintained) by private contractors. More importantly, the weapons employed by

the military services and the space exploration equipment used by the National Aeronautics and Space Administration (NASA) are all produced by private companies under contracts with the government.

Auditing management controls in health care

These complex financial relationships broaden enormously the potential responsibilities of an agency’s internal auditor because, in principle, the auditor should examine the entire stream of federal funds to the eventual recipient. The Medicare programme, which finances health benefits for the elderly, for example, is managed by the Health Care Financing Administration (HCFA) in the Department of Health and Human Services (HHS). An HHS auditor who seeks to assess the management controls in that programme is only beginning the process when he looks at controls within HCFA. He must also examine the management controls of the insurance companies that act as intermediaries, of which there is one in each of the 50 states.

Audit objectives

In the intermediaries, the auditor needs to assess the reliability of the safeguards against the charging of improper fees by the independent health care providers, such as fraudulent fees for services not provided or provided to a patient needlessly, fees that exceed established limits, or fees for services provided to one patient and charged to another. If those safeguards are judged insufficient, a complete audit would, in theory, require the auditor to examine the management controls of the actual health care providers, of which there are thousands.

Audit strategy

Resource limitations preclude audits along these lines. HHS has only a few hundred internal auditors, who are responsible for overseeing hundreds of billions of dollars of expenses. Medicare is only one of many programmes they oversee, and assessment of management controls is only one of many assignments given to the staff that covers health care financing. An audit of the Medicare programme must take a much more focused approach.

Based on past experience, the design of the programme, and the financial incentives created by that design, the auditor is likely to begin with the assumption that if weaknesses exist, they are most likely to be found in the controls of intermediaries and health care providers. Therefore, he may decide to look at only a few of the controls within HCFA, such as those in the billing and payments systems. However, he will discuss with the HCFA managers their informal assessment of the controls in the intermediaries and in some of the major health care providers, such as the largest hospitals. The auditor will then select a few of the intermediaries, probably no more than five or so out of the 80 or more contractors who are responsible for processing, payment, and review of Medicare claims, for a relatively detailed examination of controls.

Pursuing evidence

If the auditor finds weaknesses in the management controls of the intermediaries, this only demonstrates that federal funds might have been spent improperly without being detected. There is no proof that such abuse has actually occurred. To convince his audience that the problem is real and warrants

corrective action, the auditor needs evidence of actual fraud or waste of money. To gather this evidence, he must examine the activity of the health care providers (doctors, hospitals, pharmacies, etc.) and the fees for which they obtained reimbursement from the intermediary.

The auditor will look at the records of a few of the providers, searching for a variety of ways in which (on the basis of previous experience) he believes it possible that federal money was used inappropriately. Many Medicare reimbursements are based on the doctor’s diagnosis of the illness. Thus, the auditor might look for cases where a more severe diagnosis (entailing higher reimbursement) was recorded than was justified by the available information and would examine the procedures used by a hospital to ensure the accuracy of the diagnosis in borderline cases. The auditor will also look for evidence of fraud, which usually takes the form of charging fees for services not rendered or for serving patients who were never seen.

Proposing solutions

Once the auditor has gathered the evidence of weak controls and, if possible, evidence of actual losses resulting from those weak controls, he is also expected to suggest ways to correct the problem. Sometimes this can be a relatively simple procedural change. For example, the intermediaries who handle Medicare payments use sophisticated computers to record the data on automated systems. They can thus perform a variety of tests, which can often reveal indications of possibly inappropriate payments. Using statistical tests, they can identify doctors who consistently depart from the norm in terms of the number of patients treated and the severity of the diagnosis. Such anomalies suggest the possibility of abuse. This approach allows the limited resources available for detailed examination of providers to be applied to the cases where abuse or fraud are most likely to be found.

Management controls and programme design

Sometimes, however, the problem is too fundamental to be readily solved by procedural changes. The structure of the U.S. health care system, in which a myriad of independent health care providers receive their income primarily in the form of fees for services delivered, paid not by the individual patient but by many third parties (chiefly insurance companies), makes the system vulnerable to abuse. The same is true of the Medicare programme. Statistical tests can help reveal the most flagrant abuses, but they will not reliably reveal the doctor who only occasionally supplements his income by charging for "phantom" patients or elevating a diagnosis.

Installing management controls adequate to detect this type of abuse reliably is likely to cost more than the abuse the controls would be intended to prevent. In addition, the controls might be so intrusive as to impede medical staff who are carrying out their legitimate duties.

Limitations of controls

This is not to say that management controls are ineffective in a programme such as Medicare, but only that they have limitations. At some point, it is necessary to rely on the basic honesty of most of the people who participate in the system, on the threat of severe penalties for those who are found abusing it, and on a set of management controls (including such techniques as statistical tests and unannounced random examinations of the records of health care providers) that provides reasonable assurance that flagrant violations will be detected. In those circumstances, abuse would no doubt continue, but it would be reduced to "acceptable" levels.

Current situation

Unfortunately, the Medicare programme today is far from achieving such an acceptable level. The following remarks appear in a recent GAO report:

In 1992, we reported that Medicare was one of several government programs considered highly vulnerable to waste, fraud, abuse, and mismanagement. Problems we noted included inadequate funding of Medicare claims processing contractors’ activities to control fraud and abuse, weaknesses in the HCFA management of Medicare contractors, flawed payment policies, and weak billing controls. Since then, HCFA has made various regulatory and administrative changes aimed at correcting these problems. However, these worthwhile improvements still are not sufficient to protect Medicare against continued losses.13

The report goes on to note that, "today Medicare pays more claims with less scrutiny than at any other time in the last five years" and that "inadequate funding has stunted the development of new controls to protect Medicare benefit dollars". It seems evident that Medicare, a programme for which the federal government spent $162 billion in 1994, is a long way from having adequate management controls.

Medicare represents one of the most difficult situations facing an internal auditor. There are many participants, they have complex financial relationships, and their financial incentives are not such as to induce them voluntarily to institute effective management controls. Unfortunately, similar situations are found in most of the social programmes operated by the federal government.

Auditing management controls in defence contracts Cost-based contracts

Different, but comparably severe problems face the internal auditor working on programmes involving the procurement of goods for government use. This is particularly the case in the Department of Defense (DOD). As noted earlier, virtually all weapons are bought from private companies, who supply them under contracts. In most cases, these contracts are negotiated with little, if any, competition. Typically, the contract provides that payment to the contractor will be set in one of two ways. In some cases, the price is negotiated on the basis of the contractor’s estimate of the costs of production. In other cases, the contract provides that the company will be paid primarily on the basis of the costs it actually incurs in producing the item. (Efforts to shift to the practice of buying complex weapons systems on the basis of competitive bidding and fixed prices have largely failed.)

Dependence on contractor data

These contractual arrangements leave the government dependent on information from the company when judging how much to pay it, so that it is essential that the company’s costs (or estimated costs) are accurately reported. As a general matter, however, it is in the company’s interest to inflate the reports of estimated and actual costs. Thus, as in the Medicare programme, an auditor’s scepticism concerning data supplied by the company is justified.

DOD has wrestled with this problem for many years. It has created a separate auditing organisation, the Defense Contract Audit Agency (DCAA), with a staff of about 4 000 whose specific mission is to audit defence contracts totalling well over $100 billion per year.14

Auditing cost estimates

With respect to contracts for which the price is negotiated on the basis of estimated costs, DCAA examines the reliability of the company’s cost estimates. When the contract is being negotiated, the company is unlikely, for example, to have established a definite price for components purchased from another firm (a subcontractor). That price will be set in separate negotiations between the two companies after the prime contract has been approved. The prospective prime contractor may base his estimate on previous purchases of similar components or on list prices published by the anticipated subcontractor. However, the prime contractor may be able to negotiate a substantial discount from the subcontractor’s list price, thereby potentially adding considerably to the profits anticipated in the initial negotiations.

When DCAA auditors examine these contracts, they must judge whether or not the estimated costs submitted by the prime contractor as a basis for contract negotiations were "reasonable". If the contractor could reasonably have anticipated obtaining discounts from the subcontractor and did not disclose this during the contract negotiations, the price set in the contract would be "defective" and the government would be entitled to a lower price.

Examining individual contracts for defective prices is necessary, if only as a deterrent to abuse, but it is a very labour-intensive way to attack the problem. A better approach is to ensure that contractors use a reasonable method of estimating costs. Most major government contractors have cost-estimating systems. DCAA resources can appropriately be used to examine whether these systems have reasonable estimating techniques and controls to prevent the problem of defective pricing from arising. These would include, for example, a factor reflecting the likelihood (based on previous experience) that subcontractors will agree to substantial discounts from list prices.

DCAA has invested considerable resources in assessing such cost-estimating systems and seeking to improve them. The results of these efforts have been encouraging but uneven. In 1995, GAO reported:

We recently reviewed the 30 DOD contractors that DCAA assessed as having high-risk cost estimating systems. According to DCAA, these contractors had a total of 117 significant deficiencies in their cost estimating systems. We found that contractors’ performance in correcting these deficiencies has been mixed. Although 19 of the 30 contractors had corrected ... all their significant deficiencies, the remaining 11 contractors had significant uncorrected deficiencies that had been outstanding an average of 3.8 years. The failure to correct these deficiencies in a timely manner creates a variety of problems for the Defense Department, including increased costs and delays in contract awards.15

Auditing actual costs

Contracts in which the government reimburses the contractor for costs actually incurred present a different set of management control and audit issues. Again, the government is dependent on the contractor and his cost accounting system for the data on which to base payments under the contract.

The amounts reflected in contractor cost reports should include only costs authorised under the contract. Two types of errors are often found. One is the attribution of costs to a DOD project that were actually incurred for another purpose. For example, salaries and wages of workers may be charged to the project for periods of time when they were not working on the project. To guard against these errors, DCAA auditors typically examine the company’s cost accounting system and, especially, the management controls that are intended to ensure that all costs are allocated to the proper project.

Another frequent error in the cost reports is the inclusion of amounts that are not authorised for reimbursement under the contract. Most cost-based contracts permit the contractor to charge the government not only for the direct costs of the project but also for a portion of the company’s overhead costs. This has proven to be a problem, because not all overhead costs are authorised for reimbursement. Federal laws and regulations specifically prohibit certain types of spending, such as lobbying and entertainment, from inclusion in the "pool" of overhead costs that may be allocated to government projects. Other overhead costs may be excluded if they are not necessary for conducting business. Federal regulations require that government contractors establish systems to identify and exclude unallowable costs from their overhead cost submissions. However, contractors have a financial incentive not to pursue this matter aggressively. The results can be seen in the following remarks from a recent GAO report:

Unfortunately, these systems do not work as well as they should. Over the years, we and DCAA have questioned the allowability of billions of dollars of costs included in contractor overhead submissions.

Our past work has shown that the inclusion of unallowable costs in contractor overhead submissions resulted in large measure from weaknesses in contractor procedures for screening for unallowable costs.16

These examples show that the responsibilities of a government internal auditor do not necessarily end at the boundaries of the agency where he or she is working. If money flows from that agency to another party, such as a contractor or another level of government, and the amounts paid depend on the reported performance of the other party, the internal auditor may be required to examine the other party as well. Protection against abuse, waste, and fraud may depend far more on the management controls maintained by the other party than on those operating within the agency itself.