What GAO Found
Agencies compiled a variety of data on time and attendance misconduct and fraud. Specifically, 22 of the 24 agencies covered by the Chief Financial Officers Act of 1990 (CFO Act) had some data on instances of time and attendance misconduct—including potential fraud—from fiscal years 2015 through 2019. However, because agencies tracked data differently, the data could not be aggregated across the 22 agencies (see table). The remaining two agencies reported that they did not compile misconduct data agency-wide but began using systems to collect this data in fiscal year 2020.
Scope of Agency Data on Time and Attendance Misconduct for Fiscal Years 2015–2019
Level of data compiled; number of years included
Number of agencies
Agency-wide data; all 5 years included
Agency-wide data; less than 5 years of data
Component-level data; all 5 years included
Data not compiled
Source: GAO analysis of agency data. | GAO-20-640
Most (19 of 24) agency Inspectors General (IG) reported that they substantiated five or fewer allegations of time and attendance misconduct or fraud over the 5-year period. In total, these IGs substantiated 100 allegations, ranging from zero substantiated allegations at six agencies to more than 10 at four agencies. IGs stated that they might not investigate allegations for several reasons, including resource constraints and limited financial impact. In addition, 20 of 24 agencies reported that they considered fraud risks in payroll or time and attendance, either through assessments of these functions, or as part of a broader agency risk management process, including their annual agency financial reports. Also, 14 of 15 agencies that reported a risk level determined that time and attendance fraud risk was low once they accounted for existing controls.
Agencies reported using various internal controls, including technologies, to monitor time and attendance, which can also prevent and detect misconduct. According to agencies and IGs, first-line supervisors have primary responsibility for monitoring employee time and attendance. Additional internal controls include policies, procedures, guidance, and training. Agencies also reported using controls built into their timekeeping system to provide reasonable assurance that time and attendance information is recorded completely and accurately. These controls include requiring supervisory approval of timecards, and using time and attendance system reports to review abnormal reporting. According to agencies and stakeholders GAO spoke with, technology for monitoring time and attendance can help prevent and detect fraud, but may not help when an employee is intent on circumventing controls. Technology alone, they said, cannot prevent fraud. Agencies and IGs also reported using a mix of other technologies to assess allegations of time and attendance misconduct, such as badge-in and -out data, video surveillance, network login information, and government-issued routers. However, agency and IG officials also stated that these technologies have limitations. For example, many of the technologies may not account for when an employee is in training or at an off-site meeting.
Why GAO Did This Study
The federal government is the nation’s biggest employer, with about 2.1 million non-postal civilian employees. Misconduct is generally considered an action by an employee that impedes the efficiency of the agency’s service or mission. Fraud involves obtaining something of value through willful misrepresentation. In 2018, GAO reported that, on average, less than 1 percent of the federal workforce each year is formally disciplined for misconduct—of which time and attendance misconduct is a subcomponent. Misconduct can hinder an agency’s efforts to achieve its mission, and fraud poses a significant risk to the integrity of federal programs and erodes public trust in government.
GAO was asked to review agencies’ efforts to prevent and address time and attendance misconduct, including fraud. This report describes 1) what is known about the extent of time and attendance misconduct and potential fraud across the 24 CFO Act agencies, and 2) controls and technologies these agencies reported using to monitor employee time and attendance.
GAO collected misconduct data from the 24 CFO Act agencies and their IGs. GAO also collected information on fraud risk reporting but did not independently assess agencies’ fraud risk. Using a semi-structured questionnaire, GAO obtained information on controls and technologies that agencies reported using to monitor time and attendance and any challenges associated with their use.
For more information, contact Chelsa Kenney Gurkin at (202) 512-2964 or email@example.com, or Vijay A. D’Souza at (202) 512-6240 or firstname.lastname@example.org.