M-21-19 Memorandum for Heads of Executive Departments and Agencies

M-21-19 Memorandum for Heads of Executive Departments and Agencies (2021)
by Robert F. Fairweather

Published 2021-03-05, links in the original.

3498769M-21-19 Memorandum for Heads of Executive Departments and Agencies2021Robert F. Fairweather

March 5, 2021

M-21-19

MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

FROM: Robert Fairweather
⁠⁠Acting Director

SUBJECT: Transmittal of Appendix C to OMB Circular A-123, Requirements for Payment Integrity Improvement

This Administration will continue to make payment integrity a top priority, focusing on reducing improper payments and protecting taxpayer money a top priority. This includes balancing payment integrity risks and controls to ensure funding is serving its intended purpose. By focusing on taking appropriate actions at the front end to prevent improper payments from being made while also acknowledging the need to balance payment integrity risk and controls, this guidance presents a payment integrity framework that will transform the way agencies improve payment integrity.

One of the priorities in this guidance is reducing administrative burden to allow agencies to focus on preventing improper payments and ensuring taxpayer money is serving its intended purpose. Requirements for payment integrity should not negatively affect program mission, agency efforts to advance equity, efficiency, customer experience, or the overall operations of the agency; therefore, this guidance aims to ensure that federal agencies focus on identifying, assessing, prioritizing, and responding to payment integrity risks to prevent improper payments in the most appropriate manner.

The goal of this revised version of OMB Circular A-123's Appendix C is to transform the payment integrity compliance framework and create a more comprehensive and meaningful set of requirements to allow agencies to spend less time complying with low-value activities and more time researching the underlying causes of improper payments, balancing payment integrity risks and controls, and building the capacity to help prevent future improper payments.

Appendix C to OMB Circular A-123 (which was last updated in June 2018 as OMB Memorandum M-18-20) is hereby modified. Unless otherwise noted in the guidance, the requirements found in Appendix C are effective starting in Fiscal Year 2021.

Please contact Heather Pajak (hpajak@omb.eop.gov) in OMB's Office of Federal Financial Management with any questions regarding this guidance.

Attachment

APPENDIX C
Requirements for Payment Integrity Improvement

Page:M-21-19 Memorandum for Heads of Executive Departments and Agencies.pdf/3 Page:M-21-19 Memorandum for Heads of Executive Departments and Agencies.pdf/4 Page:M-21-19 Memorandum for Heads of Executive Departments and Agencies.pdf/5 Page:M-21-19 Memorandum for Heads of Executive Departments and Agencies.pdf/6 Introduction
Appendix C to OMB Circular A-123 (which was last updated in June 2018 as OMB Memorandum M-18-20, Requirements for Payment Integrity Improvement) is hereby modified. Unless otherwise noted, the requirements found in this guidance are effective for Fiscal Year (FY) 2021. This guidance implements the requirements from the Payment Integrity Information Act of 2019 (PIIA).

Throughout the Appendix, the terms “Must” and “Will” denote a requirement that management will comply in all cases. “Should” indicates a presumptively mandatory requirement except in circumstances where the requirement is not relevant for the Agency. “May” or “Could” indicate best practices that may be adopted at the discretion of management. The appendix to this circular contains important terms and definitions. The Agency should consult the terms and definitions in the appendix in conjunction with the main body of this circular for a full understanding of the guidance. Members of the Executive Branch of the Federal Government should consult the Payment Integrity Question and Answer Collection forum if they have questions about this guidance.

Overview
The following paragraphs of this section provide a cursory overview of some of the key Appendix C concepts and requirements. The agency is responsible for consulting the statute, this guidance, and other guidance to both determine applicability of requirements and execute/apply them accordingly. In addition, the agency is responsible for maintaining documentation of fulfilling requirements in this guidance.

Definitions and Abbreviations– Terminology used in Appendix C to Circular A-123 is defined in Appendix 1A and should be consulted in conjunction with the main body of this circular for full understanding and implementation of the guidance. Use of abbreviations is defined in Appendix 1B. (See Sections VIII and IX of this guidance)

Phase 1 and Phase 2 – All programs with annual outlays over $10,000,000 will fall into one of two possible classifications: Phase 1 or Phase 2. Programs that are not likely have an annual amount of improper payments (IP) plus an annual unknown payments (UP) above the statutory threshold (which is either (1) both 1.5 percent of program outlays and $10,000,000 of all program payments made during the FY or (2) $100,000,000) are referred to as being in ‘Phase 1’. If a program in Phase 1 determines that it is likely to annually make IPs plus UPs above the statutory threshold then the program will move into ‘Phase 2’ the following year. Once in Phase 2 a program will have additional requirements such as reporting an annual IP and UP estimate. (See Section II of this guidance)

Types of Payments – All program outlays will fall in one of three possible categories: proper payment; IP; or UP. If a program is in Phase 2 it will need to identify whether the IP is a monetary loss type IP or whether the IP is a non-monetary loss type IP. Programs reporting in Phase 2 will also need to identify their UPs. (See Section I of this guidance)

Improper Payment Risk Assessments – Each program with annual outlays over $10,000,000 must conduct an IP risk assessment at least once every three years to determine whether the program is likely to have IPs above the statutory threshold. Programs that are not likely to have IPs above the statutory threshold are referred to as being in ‘Phase 1’. (See Section II.A of this guidance)

Reporting an Improper Payment Estimate – If the results of a program’s IP Risk assessment determine that the total annual IPs PLUS the unknown payments (UP) for the program are likely to be above the statutory threshold, the program will report an IP estimate and a UP estimate in the FY following the FY in which the determination was made. Programs that report IP and UP estimates are referred to as being in ‘Phase 2’. (See Section II.B of this guidance)

Causes –Determining the point in the payment process where the payment turned from ‘proper’ to ‘improper’ is important when identifying the root cause of the IP and the UP. All programs reporting in Phase 2 will be required to determine the root cause of each IP and each UP and report accordingly. (See Section III of this guidance)

Prevention - To be effective, programs should prioritize efforts toward preventing IPs and UPs from occurring so that they can avoid operating in a “pay-and-chase” environment. All programs should have a structured and systematic approach to recognizing where the potential for IPs and UPs can arise and subsequently addressing the risk, as appropriate. (See Section IV of this guidance)

Payment Integrity Risk Management: The Enterprise Risk Management framework can be used to assist in the identification and management of payment integrity risks for the agency. A significant risk in managing IP risk is the potential that agencies may make investments in risk controls that negatively affect program mission, efficiency, customer experience or the overall operations of the agency. By including an evaluation of payment integrity risk in the Agency Risk Profile, agencies will identify, assess, prioritize, and respond to payment integrity risks and implement control activities to mitigate identified material payment integrity risks. (See Section IV.A of this guidance)

Corrective Action Plan – All programs in Phase 2 that are reporting estimates above the statutory threshold must have a Corrective Action Plan. The Corrective Action Plan is a combination of both mitigation strategies and corrective actions aimed at reducing the likelihood of an IP and/or a UP occurring during the payment process. (See Section IV.B of this guidance)

Tolerable Rate - All programs in Phase 2 should be mindful of the extent to which applying further payment controls would undercut the program’s mission or resource management. The tolerable rate of a program should be established by the Agency's senior management, taking into consideration thresholds in PIIA that are used to help identify programs that are likely to be susceptible to IPs. (See Section IV.F of this guidance)

Overpayment Identification – Examples of overpayment identification methods Agencies use include but are not limited to reviews, audits, data analytics, reports, and reconciliations. Each agency must determine the most cost-effective method for their particular circumstance. (See Section V.A of this guidance)

Overpayment Recovery – All programs with overpayments must have a Recovery Audits and Activities Program regardless of which Phase they are operating in. However, a recovery audit should only be a part of the Recovery Audits and Activities Program if it is cost-effective. (See Section V.B of this guidance)

Compliance – Every year, each agency Inspector General (IG) reviews relevant IP and UP reporting and records pertaining to the programs within an agency to determine whether the agency complies with PIIA and OMB guidance. (See Section VI of this guidance)

Non-Compliance Actions – Each year than an IG determines a program is non-compliant, the agency has specific actions that must be taken. The agency actions required will depend on the number of consecutive years the program has been non-compliant. (See Section VI.D of this guidance) Reporting - At a minimum, there are reporting requirements that apply to all agencies with programs in Phase 1 as well as those with programs in Phase 2. (See Section VII of this guidance)

High-Priority Programs - To be a High-Priority program, a program must be reporting in Phase 2 AND report IPs resulting in monetary loss in excess of $100,000,000 annually. In addition to the reporting that all programs in Phase 2 must complete, High-Priority programs must provide quarterly Payment Integrity Scorecard reporting on www.paymentaccuracy.gov. (See Section VII.B of this guidance) Page:M-21-19 Memorandum for Heads of Executive Departments and Agencies.pdf/10 Page:M-21-19 Memorandum for Heads of Executive Departments and Agencies.pdf/11 Page:M-21-19 Memorandum for Heads of Executive Departments and Agencies.pdf/12 B. Unknown Payments
If a program cannot discern whether a payment is proper or improper, the payment is considered an UP. If a program is still conducting research or going through the review of a payment at the time that the program must finish their sampling and report its results, the payment will be considered an UP for reporting purposes that year. This is done so that the program would not unintentionally over or under report the payment type results. An UP will eventually be determined to be proper or improper but because the program does not know whether it is proper or improper at the time of their review, they must call it an UP for purposes of this guidance. Programs may be required to report the review results of their UPs in future reporting years as the results become available. Agencies should not cushion their reporting timeframe specifically for the purpose of allowing the agency additional time to verify whether an UP is proper or improper.

1. Treatment of different types of payments in Phase 1 vs Phase 2
When a program is in phase 1 and assessing whether the program is likely to have IPs above the statutory threshold, UPs and IPs are both considered types of payments that contribute to the likelihood that a program could have IPs above the statutory threshold. Therefore, in phase 1, the program is considered likely to make IPs above the statutory threshold when the sum of the UPs and the IPs exceeds the statutory threshold. When a program is in phase 2, the UPs will be accounted for but should be reported separately from the estimate of the monetary loss and nonmonetary loss IPs. The UP estimate will be considered and added to the IP estimate for purposes of compliance and for purposes of determining whether the program is above the statutory threshold.

C. Identifying the Correct Type of Payment
To efficiently prevent IPs and UPs, it is first important to properly understand the payment type. There are three main types of payments which collectively degrade the payment integrity of the agency: Monetary Loss IPs, Non-Monetary Loss IPs, and UPs. Correctly identifying the type of payment will aide in being able to effectively prevent that type of payment from occurring in the future. The decision tree below is meant to provide a cursory overview for determining the payment type. Page:M-21-19 Memorandum for Heads of Executive Departments and Agencies.pdf/14 II. Phases of Assessments
The following ‘Phases’ require varying degrees of effort; each program is responsible for determining which of the ‘Phases’ it falls into. All programs with annual outlays greater than $10,000,000 will fall into either phase 1 or phase 2.

A. Phase 1: Identify Susceptible Programs and Activities with an IP Risk Assessment
Agencies should assess all programs with annual outlays greater than $10,000,000 for IP risk at least once every three years. The purpose of an IP risk assessment is to determine whether the total annual IPs PLUS the UPs for a program are collectively likely to be above or below the statutory threshold for the given year.

If the assessment determines that it is likely that the program’s IPs plus the program’s UPs are above the statutory threshold then, the following year the program should produce a statistically valid estimate of the programs IPs and UPs. If the IP risk assessment demonstrates that the program is not likely to make IPs and UPs above the statutory threshold, then the program will not produce a statistically valid estimate in the following year and instead will conduct another IP risk assessment in three years.

1. Structure of an IP Risk Assessment
IP risk assessments may be qualitative or quantitative in nature. The agency should develop an IP risk assessment methodology that is appropriate to ensure that the result of the IP risk assessment reasonably supports whether the program is or is not susceptible to significant IPs (i.e. likely to have IPs plus Ups that are above or below the statutory threshold).

Additionally, agencies should be mindful that, when evaluating compliance, the Inspector General (IG) will evaluate and take into account the adequacy of the IP risk assessment and the IP risk assessment methodology used. Their compliance evaluation will include whether the audits, examinations, and legal actions of the OIG indicate a higher risk of IPs or actual IPs that were not included in the IP risk assessments. With that in mind, when developing an IP risk assessment methodology, agencies are encouraged to review the results of audits, examinations and legal actions of the OIG and take into account whether they impact the risk of IPs in the program. OMB does not need to approve a program’s IP risk assessment methodology prior to implementation, however, the agency should be able to make the methodology available upon request in the case that OMB wishes to conduct a review.

a) Factors that may impact the level of IPs and UPs within a program and could be considered (if applicable) when conducting a qualitative IP risk assessment.
When conducting a qualitative assessment for risk of IPs and UPs, the agency should ensure that proper consideration has been given to relevant factors that would help prove that the program is likely to be above or below the statutory threshold. Examples of factors that could be considered when conducting a qualitative IP risk assessment include but are not limited to:

whether the program reviewed is new to the agency;
the complexity of the program reviewed;
the volume of payments made through the program reviewed;
whether payments or payment eligibility decisions are made outside of the agency, such as by a State or local government;
recent major changes in program funding, authorities, practices, or procedures;
the level, experience, and quality of training for personnel responsible for making program eligibility determinations or certifying that payments are accurate;
significant deficiencies in the audit report or other relevant management findings of the agency that might hinder accurate payment certification;
similarities (a combination of outlays, mission, payment process, etc.) to other programs that have reported IP and UP estimates or been deemed susceptible to significant IPs;
the accuracy and reliability of IP and UP estimates previously reported for the program, or other indicator of potential susceptibility to IPs and UPs identified by the OIG of the executive agency, the Government Accountability Office, other audits performed by or on behalf of the Federal, State, or local government, disclosures by the executive agency, or any other means;
whether the program lacks information or data systems to confirm eligibility or provide for other payment integrity needs; and
the risk of fraud as assessed by the agency under the Standards for Internal Control in the Federal Government published by the Government Accountability Office (commonly known as the ‘Green Book’).

The risk factors above are provided as examples only, it is the agency’s responsibility to determine the risk factors and the associated scoring or risk factor weighting methodology that should be considered for each individual program and risk.

2. Frequency of an IP Risk Assessment
Programs with annual outlays above $10,000,000, must conduct an IP risk assessment at least once every three years UNLESS the program moves to Phase 2 and is reporting IPs plus UPs above the statutory threshold. A program should not operate in both Phases at once, meaning, if a program is operating in Phase 2, and reporting an annual IP estimate, the program should not also be spending resources to conduct an IP risk assessment during that same year. To the extent possible, data used for conducting an IP risk assessment in a given program should coincide with the FY being reported (for example, the IP risk assessment reported in the FY 2021 Annual Data Call would be based on data from FY 2021 (October 2020 through September 2021).

a) Conducting an off-cycle IP risk assessment
If a program that is on a three-year IP risk assessment cycle experiences a significant change in legislation and/or a significant increase in its funding level, agencies may need to reassess the program’s risk susceptibility during the next annual cycle, even if it is less than three years from the last IP risk assessment. Examples of events that may trigger an off-cycle risk assessment include but are not limited to, national disasters, national emergencies, or a change to program structure that increases payment integrity risk. The agency will determine whether the factor is significant enough to cause the program to become likely to make IPs and UPs that would collectively be above the statutory threshold.

Page:M-21-19 Memorandum for Heads of Executive Departments and Agencies.pdf/17 3. Programs Deemed Susceptible to Significant IPs Outside of the Normal IP Risk Assessment Process
OMB may determine on a case-by-case basis that certain programs may still be subject to the annual IP reporting requirements. If this occurs, OMB will notify the program.

B. Phase 2: Report IP Estimates for Identified Susceptible Programs with a Statistically Valid Sampling and Estimation Methodology Plan
Programs reporting IPs for the first time and programs revising their current IP Sampling and Estimation Methodology Plan (S&EMP) should conform to the process and content described in this guidance.

1. Purpose of an IP Estimate
The main purpose of an IP estimate is to reflect the annual estimated known IPs made by the program. When developing the S&EMP, errors identified for one payment should never exceed the amount of the payment. It is important to note that the S&EMP should have a mechanism for identifying, accounting for, and estimating the annual UPs and the annual IPs separately.

2. Suggested Content of a Sampling and Estimation Methodology Plan
The head of each agency is ultimately responsible for producing a statistically valid estimate of the IPs and UPs made under the program that is in Phase 2. Each agency has the responsibility of designing and documenting a program’s S&EMP with the mindfulness that during their annual compliance review, their OIG will take into account the accuracy of the IP and UP estimates and whether the S&EMP used is adequate and appropriate given program characteristics. The program will be responsible for producing an IP and UP estimate that is accurate and appropriate given program characteristics and it will be the OIG’s responsibility to evaluate whether the explanation provided by the program and the S&EMP without point estimates and confidence intervals around those estimates warrants compliance during the annual OIG compliance review. For purposes of this guidance, S&EMPs will be considered statistically valid if they produce point estimates and confidence intervals around those estimates. Agencies must work with their statistician to determine the appropriate confidence interval given program characteristics, available resources, and whether the estimate is reliable. If a program is unable to develop a S&EMP that produces a point estimate and confidence interval around the estimate then it must include in their S&EMP a detailed explanation as to why it is not possible.

3. Reporting Timeframe
To the extent possible, data used for estimating IPs and UPs in a given program should coincide with the FY being reported (for example, the estimate reported in the FY 2021 Annual Data Call would be based on data from FY 2021 (October 2020 through September 2021). The 12-month timeframe represented in the reported estimate should be documented in the S&EMP submission. For consistency purposes, the agency should continue using the same timeframe (i.e. October through September) for subsequent reporting years, unless a different timeframe needs to be used. If the timeframe needs to change for subsequent reporting years then the agency should resubmit their S&EMP and accompanying checklist with certification with the updated 12-month timeframe.

4. Sampling and Estimation Methodology Plan Checklist
A S&EMP checklist must accompany all S&EMPs submitted to OMB. The most current version of the S&EMP checklist is located on the Payment Integrity Information Act Required Submissions to OMB Max Page.

Each submitted S&EMP checklist must be signed by an agency official stating that the S&EMP will produce a statistically valid estimate. The certification should be signed by an agency official of the agency’s choosing (e.g., this could be the Chief Financial Officer, his/her Deputy, a program official, etc.). The signed S&EMP checklist will serve as evidence that the agency believes the S&EMP is statistically valid. Agencies are encouraged to provide their secure Max link to their OIG so the OIG is able to review this documentation during their annual compliance review.

5. Sampling and Estimation Methodology Plan Submission to OMB
When an agency has completed their S&EMP, it must submit the S&EMP and a completed S&EMP checklist in pdf format to OMB by uploading one package containing both the S&EMP and the S&EMP checklist via the Sampling and Estimation Methodologies folder located within the agency secure Max page under the Payment Integrity Information Act Required Submissions to OMB Max Page. The package must be received no later than June 30 of the FY for which the estimate is being produced (e.g., the sampling methodology to be used for the FY 2021 reporting cycle must be submitted by June 30, 2021).

6. Frequency of Submitting a Sampling and Estimation Methodology Plan and Reporting an Estimate
Programs in Phase 2 will report a statistically valid estimate of IPs and UPs on an annual basis. Once a program has submitted a S&EMP to OMB, under this guidance or under a previous version of Circular A-123, Appendix C, the program does not need to resubmit a S&EMP unless an update to the plan is warranted. Programs choosing to continue to utilize a S&EMP prepared under a previous version of Circular A-123, Appendix C must ensure that the S&EMP has been uploaded via the Sampling and Estimation Methodologies folder located within the agency secure Max page under the Payment Integrity Information Act Required Submissions to OMB Max Page.

a) When to Update a Sampling and Estimation Methodology Plan
Programs using a S&EMP submitted under this guidance or under a previous version of Circular A-123, Appendix C should consider updating their S&EMP if the program is impacted by any significant legislative, funding, structural, or guidance changes. A S&EMP that is being updated should include some language explaining why the S&EMP is changing and how the S&EMP is different from the one previously submitted.

7. OMB Receipt of S&EMP
It is important to note that OMB will not be issuing a formal approval to the agency for the statistically valid S&EMP as it is the agency’s responsibility to produce a statistically valid S&EMP and load it to the appropriate Max site. The time stamp on the Max site will serve as documentation and evidence of the submission date. Once the agency has loaded the statistically valid S&EMP and accompanying checklist package to their Max site the agency may begin to execute the S&EMP.

This work is in the public domain in the United States because it is a work of the United States federal government (see 17 U.S.C. 105).

Public domainPublic domainfalsefalse

M-21-19 Memorandum for Heads of Executive Departments and Agencies

Navigation menu

Search