Dear Secretary Sebelius:

As Chairman of the House Committee on Ways and Means Subcommittee on Oversight and Ranking Member of the Senate Permanent Subcommittee on Investigations, we write to express our concerns regarding the findings of Ernst & Young’s recent independent audit of the Department of Health and Human Services (HHS or Department) FY 2010 financial statements. This audit, contracted through the HHS Office of Inspector General, revealed significant and worrying shortcomings throughout your Department. We are deeply troubled by shortcomings that point to apparent mishandling of taxpayer dollars and seek to better understand what the Department is doing to correct the identified problems.

At a time of unprecedented departmental spending and additional responsibilities under the Stimulus and Democrats’ controversial health care overhaul, the audit suggests that the Department’s internal financial controls are in disarray. Despite federal laws requiring HHS to establish an integrated financial management system, the Department’s “accounting systems lack integration and do not conform to the requirements” of the Federal Financial Management Improvement Act, according to Ernst & Young. To remedy this lack of compliance, the Department has reportedly purchased a “commercial web-based off-the-shelf product,” though it is not expected to be fully integrated until as late as 2013.

The specific areas in need of improvement are too numerous to list here, but the following illustrative examples are particularly concerning:

• Nearly $2 Billion Taxpayer Dollars in Limbo: As of September 30, 2010, the audit found approximately 102,500 transactions representing “travel, grants, and contracts awaiting close-out,” totaling $1.8 billion that were open without any activity for more than two years. These represent transactions where the Department is owed or owes money but no action has taken place to close the transaction since the end of 2008. The audit also noted 1,750 grants totaling $165 million that have remained open since FY 2004.

• $794 Million in Mystery Money: Accurate budgetary monitoring is essential to the identification of cost overruns and material budgetary misstatements. As the auditors compared balances in HHS Budget Accounts to their related proprietary accounts, the audit found differences of $794 million “that could not be explained.”

• An Additional $400 Million in Mystery Money: Federal entities are required to reconcile their financial records with the Department of the Treasury (Treasury) on a monthly basis. Failing to do so can lead to inaccurate financial reports and undetected fraud. Because of a failure to comply with Treasury regulations, and a backlog of financial records dating back to 2004, HHS’s records differed with Treasury’s by an initial amount of $3 billion. Through additional work performed during the audit timeframe, this backlog was reduced to $400 million, which remains a very concerning amount.

• HHS Processes Date Back to 1980’s, Calling Into Question HHS’s Ability to Effectively Implement Current Law: A number of policies and procedures, including accounting practices, have “not been updated since the mid-1980s.” The audit noted that “the implementation of the [health care overhaul]… will have significant impacts with financial activity totaling in the billions to the Department over the next several years,” and additional financial systems training and procedure updating will be necessary to ensure correct accounting of these programs.

• Centers for Medicare & Medicaid Services (CMS) Data Vulnerable to Improper Access: Auditors identified a number of vulnerabilities that could result in inappropriate access to Medicare information and networks. At one contractor site, auditors observed unauthorized wireless access to the Medicare networks. To make matters worse, CMS did not require all Medicare contractors to review user access to sensitive Medicare data.

These are just a sample of a long list of troubling findings. The Ernst & Young audit, which was completed at the end of FY 2010, also included a number of recommendations that would move the Department into fuller compliance with its obligations. By Thursday, March 31, 2011, please provide the Department’s detailed corrective action plan and an update of any corrective actions that have taken place since the audit was issued.

In addition, in reference to the “Nearly $2 Billion Taxpayer Dollars in Limbo” described above, please provide details for any transactions that have remained open without activity for more than two years, including information detailing the parties to the transaction, the amount of the transaction, and a description of the subject of the transaction.

Finally, please detail the actions the Department will take to update CMS’ mainframe systems and software used to process Medicare and Medicaid data that the audit noted “will become more difficult to maintain and modify when integrating future changes in the Medicare program.”

We know you share our determination to better protect taxpayer dollars, ensure the efficient management of government, and prevent the unauthorized access of Medicare beneficiary information. We look forward to receiving your response and thank you in advance for your assistance as we fulfill our Constitutional oversight responsibilities. If your staff should have any questions, they should contact Chris Armstrong with the Ways and Means Subcommittee on Oversight at (202) 225-5522, or Josh Trent with the Senate Permanent Subcommittee on Investigations at (202) 224-5754.

Sincerely,

Charles Boustany, MD

Tom Coburn, MD

PDF version of the letter here.