[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]


 
                   GAO'S HIGH-RISK REPORT: 25 YEARS OF 
                          PROBLEMATIC PRACTICES

=======================================================================

                                HEARING

                               BEFORE THE

                         COMMITTEE ON OVERSIGHT
                         AND GOVERNMENT REFORM
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             FIRST SESSION

                               __________

                           FEBRUARY 11, 2015

                               __________

                           Serial No. 114-12

                               __________

Printed for the use of the Committee on Oversight and Government Reform


[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]


         Available via the World Wide Web: http://www.fdsys.gov
                      http://www.house.gov/reform
                      
                                ___________
                                
                                
                                
                        U.S. GOVERNMENT PUBLISHING OFFICE
94-537 PDF                  WASHINGTON : 2015                        
                                
___________________________________________________________________________________                      
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, 
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected].  
                      
                      
                      
                      
              COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM

                     JASON CHAFFETZ, Utah, Chairman
JOHN L. MICA, Florida                ELIJAH E. CUMMINGS, Maryland, 
MICHAEL R. TURNER, Ohio                  Ranking Minority Member
JOHN J. DUNCAN, Jr., Tennessee       CAROLYN B. MALONEY, New York
JIM JORDAN, Ohio                     ELEANOR HOLMES NORTON, District of 
TIM WALBERG, Michigan                    Columbia
JUSTIN AMASH, Michigan               WM. LACY CLAY, Missouri
PAUL A. GOSAR, Arizona               STEPHEN F. LYNCH, Massachusetts
SCOTT DesJARLAIS, Tennessee          JIM COOPER, Tennessee
TREY GOWDY, South Carolina           GERALD E. CONNOLLY, Virginia
BLAKE FARENTHOLD, Texas              MATT CARTWRIGHT, Pennsylvania
CYNTHIA M. LUMMIS, Wyoming           TAMMY DUCKWORTH, Illinois
THOMAS MASSIE, Kentucky              ROBIN L. KELLY, Illinois
MARK MEADOWS, North Carolina         BRENDA L. LAWRENCE, Michigan
RON DeSANTIS, Florida                TED LIEU, California
MICK MULVANEY, South Carolina        BONNIE WATSON COLEMAN, New Jersey
KEN BUCK, Colorado                   STACEY E. PLASKETT, Virgin Islands
MARK WALKER, North Carolina          MARK DeSAULNIER, California
ROD BLUM, Iowa                       BRENDAN F. BOYLE, Pennsylvania
JODY B. HICE, Georgia                PETER WELCH, Vermont
STEVE RUSSELL, Oklahoma              MICHELLE LUJAN GRISHAM, New Mexico
EARL L. ``BUDDY'' CARTER, Georgia
GLENN GROTHMAN, Wisconsin
WILL HURD, Texas
GARY J. PALMER, Alabama

                    Sean McLaughlin, Staff Director
                 David Rapallo, Minority Staff Director
                          Katy Rother, Counsel
            Christopher D'Angelo, Professional Staff Member
                           Sarah Vance, Clerk
                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on February 11, 2015................................     1

                               WITNESSES

The Hon. Gene L. Dodaro, Comptroller General, US. Government 
  Accountability Office
    Oral Statement...............................................     2
    Written Statement............................................     5
The Hon. John Koskinen, Commissioner, Internal Revenue Service
    Oral Statement...............................................    61
    Written Statement............................................    63
The Hon. Alan F. Estevez, Principal Deputy Under Secretary of 
  Defense for Acquisition, Technology and Logistics, U.S. 
  Department of Defense
    Oral Statement...............................................    71
    Written Statement............................................    73
Mr. John J. MacWilliams, Senior Advisor to the Secretary, U.S. 
  Department of Energy
    Oral Statement...............................................    81
    Written Statement............................................    83
Shantanu Agrawal, M.D. Deputy Administrator and Director, Center 
  for Program Integrity, Centers for Medicare and Medicaid 
  Services
    Oral Statement...............................................    89
    Written Statement............................................    91
Mr. Robert M. Lightfoot, Jr., Associate Administrator, National 
  Aeronautics and Space Administration
    Oral Statement...............................................   106
    Written Statement............................................   108

                                APPENDIX

QFR's to Hon. Gene L. Dodaro from Chairman Jason Chaffetz........   140
Additional QFR's to Dr. Agrawal from Chairman Jason Chaffetz and 
  Rep. Duckworth.................................................   144


       GAO'S HIGH-RISK REPORT: 25 YEARS OF PROBLEMATIC PRACTICES

                              ----------                              


                      Wednesday, February 11, 2015

                  House of Representatives,
      Committee on Oversight and Government Reform,
                                            Washington, DC.
    The committee met, pursuant to notice, at 3:25 p.m., in 
room 2154, Rayburn House Office Building, Hon. Jason Chaffetz 
(chairman of the committee) presiding.
    Present: Representatives Chaffetz, Mica, Duncan, Jordan, 
Walberg, Amash, Gowdy, Massie, Meadows, DeSantis, Mulvaney, 
Cooper, Blum, Hice, Carter, Hurd, Palmer, Cummings, Maloney, 
Norton, Connolly, Lieu, Watson Coleman, Plaskett, and Lujan 
Grisham.
    Chairman Chaffetz. Committee on Oversight and Government 
Reform will come to order.
    Without objection, the chair is authorized to declare a 
recess at any time.
    We have an important hearing today. We appreciate the many 
people that are here to participate in that. We also appreciate 
the patience with votes on the floor that got called a little 
bit later. That always serves as the primary thing that we do 
in the afternoon around here. So we appreciate your patience. 
But, nevertheless, we do have a very important hearing 
highlighting the ``General Accountability Office's High-Risk 
Report: 25 Years of Problematic Practices.'' This year marks 
the 25th anniversary of the GAO's high-risk list.
    I have a full Statement, but in the essence of time, I am 
going to insert those comments into the record and would invite 
other Members to do the same.
    But I would now like to recognize the ranking member, Mr. 
Cummings, if he has any opening Statements.
    Mr. Cummings. Thank you very much, Mr. Chairman.
    I Am going to do the same. I want to thank all our 
witnesses. And I will submit my Statement for the record.
    And I want to always as usual thank you, Mr. Dodaro, and 
all of the GAO employees, who do a great job and help us so 
much.
    With that, I yield back.
    Chairman Chaffetz. Thank you.
    Chairman Chaffetz. I will hold the record open for 5 
legislative days for any Member who would like to submit a 
written Statement.
    And we would now like to recognize our first witness. I am 
pleased to welcome the Honorable Gene Dodaro, Comptroller of 
the U.S. Government Accountability Office. He is accompanied by 
a panel of experts from the GAO.
    And, on behalf of both of us and this whole body, we thank 
the thousands of men and women who serve in the GAO who really 
work hard to create a work product and present it here today.
    So welcome to all.
    Pursuant to committee rules, the witness will be sworn in 
before he testifies.
    We will also swear in the panel behind him should their 
input be needed during their questioning.
    So if you could all rise, please.
    Thank you. If you will rise and please raise your right 
hands. Do you solemnly swear or affirm that the testimony you 
are about to give will be the truth, the whole truth, and 
nothing but the truth?
    Thank you. Let the record reflect that all the witnesses 
answered in the affirmative.
    Mr. Dodaro, you have testified before our committee several 
times. We will give you great latitude here, but we would 
appreciate your summarizing your comments, and then your entire 
written Statement will obviously be made part of the record. 
You are now recognized.

                       WITNESS STATEMENTS

                STATEMENT OF HON. GENE L. DODARO

    Mr. Dodaro. Thank you very much, Mr. Chairman. Good 
afternoon to you, Ranking Member Cummings, all the members of 
the committee. I'm very pleased to be here today to discuss 
GAO's latest high-risk update. We do this with the beginning of 
each new Congress to identify areas we believe are at highest 
risk of fraud, waste, abuse, and mismanagement in the Federal 
Government or in need of broad-based transformation.
    Our report today discusses solid, steady progress in most 
of the 30 high-risk areas that we've had on the list since our 
last update in 2013. Of the--all the areas we rate according to 
five criteria to get off the high-risk list. You have to have 
leadership commitment; top level attention; you have to have 
the capacity, the resources and the people with the right 
skills to be able to fix the problem; you have to have a good 
corrective action plan that addresses root cause; a good 
monitoring effort with interim milestones and metrics that 
gauge progress; and you have to demonstrate that you're 
actually fixing the problem. You don't have to be 100 percent 
fixed, but we have to be convinced that we're on the right path 
to rectifying the problem and reducing the risk and eliminating 
waste and improving government services.
    Of the 30 areas, 18 have at least partially met all five 
criteria, and 11 of those 18 have at least fully met one or 
more of the criteria and partially met the others. In two 
areas, we're recognizing progress so that we're narrowing the 
scope of the high-risk area. First is on FDA's oversight of 
medical devices. We are pleased with their efforts to get the 
recall process under better control and discipline, and also to 
have a good process to review the applications for new devices 
in a more risk-based approach. We're still concerned about 
their need to oversee the global marketplace for medical 
products and drugs. 80 percent of the ingredients of active 
drugs come from other countries, about 40 percent of finished 
drugs, about half of medical devices, so they need to do more 
there and also to address drug shortage issues.
    Second area is contract management. We believe the 
Department of Defense has focused more attention at top 
leadership on contracting tools and techniques and reducing the 
risk associated with undefinitized contracts where they start 
contract work without having a clear agreement with the 
contractor or they're using time and materials, which is a 
risky contract approach, rather than having deliverables. They 
still have to improve their areas in their acquisition work 
force, service acquisitions, and improve their use of 
contracting in the operational environments to support military 
operations in theater.
    We are adding two new areas to the high-risk list this 
year: First is VA's provision of healthcare service for 
veterans. We're very concerned about this area. There are five 
fundamental problems that we've identified: ambiguous policies, 
inconsistent processes, inadequate oversight and monitoring of 
the activities, IT challenges, inadequate training of staff, 
and unclear resource needs and allocations. Congress has passed 
legislation recently to give them additional $15 billion to 
help address this problem. That legislation has to be 
implemented properly. We have over 100 recommendations that 
we've made to VA that have yet to have been fully implemented, 
so this is an area that needs congressional oversight and 
continued attention.
    Second are IT acquisitions and operations across the 
Federal Government. Too often the Federal Government, and we 
enumerate this in our report, there's a litany of efforts that 
have failed after spending hundreds of millions of dollars or 
in cases of billions of dollars and many years. They're 
terminated. There's a longer list of problems where there are 
cost overruns, schedule slippages, or they fail to deliver the 
promised functionality and make improvements in the programs 
that they're supposed to in delivery of services. Here again, 
the Congress has passed legislation late last year.
    This committee was instrumental in passing the legislation 
of the Federal Information Technology Reform Act to give CIO's 
additional authority, put in place better practices to have 
more disciplined approaches to IT management. Here again, just 
in the last 5 years alone, we've made 737 recommendations. Only 
23 percent have been fully implemented. So we believe this is a 
critical area.
    We're also expanding two areas. In the administration of 
tax area, we have been focused on a tax gap, which at last 
count was $385 billion. We're expanding that to include 
identity theft. And the IRS was able last year to stop about 
$24 billion in fraudulent returns potentially, but they missed, 
by their own estimates, about $5.8 billion. We've got some 
fixes to this we can talk about in the Q&A.
    We're also expanding cybersecurity and critical 
infrastructure protection to include privacy issues. Initially 
we designated computer security across the entire Federal 
Government, the first time we ever did that, in 1997. We added 
critical infrastructure protection, because most of the 
computer assets were in the private sector hands in 2003. Now 
there's a lot more incidents involving personally identifiable 
information. The number of incidents have doubled over the last 
5 years. A privacy law was passed in 1994. It's sorely in need 
of updating. And we have a number of other recommendations to 
protect this sensitive information. The American people deserve 
for their information to be protected properly while we're 
addressing the cybersecurity issues.
    I thank you for the opportunity to be here today and look 
forward to answering your questions.
    Chairman Chaffetz. Thank you. I appreciate that.
    [Prepared Statement of Mr. Dodaro follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] 
    
    Chairman Chaffetz. We'll now recognize the gentleman from 
Georgia, Mr. Hice, for 5 minutes.
    Mr. Hice. Thank you, Chairman.
    Just one quick question for you, and thank you for joining 
us this afternoon. Since the enactment of the Veteran's Access, 
Choice and Accountability Act, I have a number of veterans in 
my district who, because of their location where they live, 
they've not been able to utilize the VA Medical Centers, and so 
they have opted to use non-VA doctors and so forth. And one of 
the issues they're facing are significant delays from the VA in 
paying those medical providers.
    Is there anything that you--that the GAO plans to do in the 
future to evaluate this issue and to report on it in the 
future?
    Mr. Dodaro. Actually, we've already addressed that issue, 
and the issue to report, talking about the problems they were 
having in paying providers in a timely manner. We're also 
concerned about the fact that the VA doesn't always have 
information enough to make sure that they're making the right 
decisions in terms of whether they should be providing the care 
or going on non-healthcare provider, both for access purposes 
and for making sure that it's a cost-effective approach.
    Debbie Draper's our expert in this area. I'll have her talk 
about the recommendations we've made, but we've already 
addressed this issue and we plan to followup, sir.
    Mr. Hice. OK.
    Ms. Draper. Yes. We actually conducted work about a year or 
so ago, and we made a number of recommendations around the 
infrastructure surrounding the non-VA care. And a lot of the 
issues were not paying claims promptly, and so we do have 
concerns about non-VA care and, you know, we have concerns that 
it may not be the panacea that people envision it could be, 
because there is not really the infrastructure in place, or it 
wasn't in place, you know, when we took a look at the work. So, 
you know, you're talking about putting people--the VA system is 
a very difficult system to navigate, so now you're also asking 
them to navigate another system that's outside of the VA. So 
there's just a lot of issues around non-VA care. And the other 
issue is that wait times for non-VA care is not really tracked, 
so no one really knows how long people are waiting to get care 
in the community. So there's just a lot of issues, and it is 
something we'll be looking at. And the Choice Act does have 
several mandates for GAO to look at the non-VA care.
    Mr. Hice. Well, thank you. Obviously the concern is if 
these payments are slow in being received, at some point I'm 
fearful that our veterans will receive diminished health care 
across the board, and that is the concern. I thank you.
    And I yield my time.
    Mr. Dodaro. Yes, I'm concerned too, Congressman. We'll stay 
on top of it.
    Mr. Hice. Thank you, sir.
    Chairman Chaffetz. The gentleman yields back. We'll now 
recognize the ranking member, Mr. Cummings from Maryland, for 5 
minutes.
    Mr. Cummings. Thank you very much, Mr. Chairman.
    Mr. Dodaro, one of my major concerns have been drug 
shortage. Whether the Members of Congress know it, but 99 
percent of all hospitals in this country have drug shortages. 
And there are people, Mr. Dodaro, as you know, who are, 
unbeknownst to them, getting second-, third-rate drugs. And 
even in my own district, with one of the No. 1 hospitals in the 
world, Johns Hopkins, they have told us that they have those 
problems.
    Can you comment briefly on that, where we are on that and 
what can we do about that?
    Mr. Dodaro. Yes. This is a very important issue, 
Congressman. One of the things that we've already suggested to 
the Congress and they've acted on, before drug manufacturers 
didn't have to notify FDA if they were going to have potential 
shortages, and now they have to provide adequate notice ahead 
of time. So that was one step in the right direction.
    Marcia Crosse, our expert in that area, will talk about 
other work we've done and recommendations we've made to address 
this issue. It's one of the reasons FDA's on the high-risk 
list.
    Ms. Crosse. Yes. Congressman, we agree that it's a big 
concern, and drug shortages is one of the areas that's keeping 
FDA on the high-risk list. As the Comptroller General 
mentioned, Congress did take action to require advance 
notification to FDA if a manufacturer was going to cease 
producing a drug. Congress, just over a year ago, also enacted 
the Drug Quality and Security Act that we believe can help 
particularly with this issue of substandard drugs, because it's 
enacted requirements for tracking of drugs through the system 
that can help reduce the possibility of the gray market drugs 
that I know you had been concerned about, and also counterfeit 
drugs getting into the system, because there'll be a system of 
tracking. It's still not implemented. It will take a number of 
years for that to go into effect, but that Act, we think, also 
has potential to address that.
    We are continuing to track drug shortages and we have 
ongoing work looking at it. We know the number of shortages is 
coming down, but there are still some that are persisting for 
long periods of time for multiple years for certain drugs.
    Mr. Cummings. I am glad, because our committee a few 
minutes ago, the greatest part of our plan to look at generic 
drugs. Again, every single Member of Congress has this problem, 
and they don't--probably many of them don't even know it, that 
generic drugs are going up sometimes as much as 800 times in a 
matter of a day, which is ridiculous. And it's about greed. A 
lot of it is about greed.
    But let me go into another thing--issue, the whole issue of 
cyber. You know, I just want to read from your report, Mr. 
Dodaro, and you--you all say this, ``The increasing 
sophistication of hackers and others with malicious intent and 
the extent to which both Federal agencies and private companies 
collect sensitive information about individuals have increased 
the risk of personally identifiable information being exposed 
and compromised.''
    That's an accurate Statement. Is that right?
    Mr. Dodaro. Yes.
    Mr. Cummings. Your report goes on to say, ``The number of 
reported security incidents involving PII at Federal agencies 
has increased significantly in recent years and a number of 
high profile breaches of PII have occurred at commercial 
entities. For these reasons, we added protecting the privacy of 
PII to the high-risk area.''
    So your report highlights attacks against both public and 
private sector entities. And one thing these attacks seem to 
have in common is the hackers want to access--want access to 
personal information of as many Americans as possible. That's a 
major problem. Is that right?
    Mr. Dodaro. That's exactly right, and that's why we're 
adding it to the list. And, Congressman, there's projections by 
informed parties that the amount of information that's 
collected, stored and disseminated is going to double and 
triple every 2 or 3 years, so this problem is on a trajectory 
to get a lot worse before it gets under control.
    Mr. Cummings. So the sources of these hackers could be 
anywhere in the world. Is that right?
    Mr. Dodaro. Yes.
    Mr. Cummings. And they could be State-sponsored, they could 
be international criminals, they could be domestic hackers, or 
any of the above. Is that right?
    Mr. Dodaro. Yes.
    Mr. Cummings. And so I see you have your fellow----
    Mr. Dodaro. My cyber expert----
    Mr. Cummings. OK.
    Mr. Dodaro [continuing]. Right hand here.
    Mr. Cummings. And what can we do about that? If you can 
identify yourself, please, sir.
    Mr. Wilshusen. Sure. My name is Greg Wilshusen. And I think 
there's a number of actions that both the Congress can do as 
well as Federal agencies who collect this type of information. 
First, with the Federal agencies, agencies need to implement 
effective information security programs that adequately protect 
the confidentiality and integrity of their information to 
include not only personally identifiable information, but other 
sensitive information. We have found over the years that 
agencies have not done a very good job of this. For example, in 
Fiscal Year 2014, 17 out of the 24 agencies that are covered by 
the Chief Financial Officers Act reported either a material 
weakness or significant deficiency in their information 
security controls for financial reporting purposes. IG's at 22 
of the 24 agencies identified cybersecurity or information 
security as a major management challenge for their agency.
    Mr. Cummings. All right. Thank you very much, Chairman.
    Chairman Chaffetz. Thank you. The gentleman yields back. 
We'll now recognize the gentleman from Texas, Mr. Hurd, for 5 
minutes.
    Mr. Hurd. Thank you, Mr. Chairman.
    And thank you, sir, for being here today. I enjoyed reading 
your report for the outrageousness of some of the things that 
are listed in there. And one of the questions that I have, 
about 80 percent of the administration's IT spending goes to 
maintain legacy systems. Many of those systems most Americans 
would think would be incredibly out of date. What's a more 
appropriate, you know, investment-to-maintenance ratio?
    Mr. Dodaro. Well, we've said--and I'll--this is Dave 
Powner, our expert in the IT area. What we've said is that this 
should be under operational re-evaluation every year. There are 
ways to drive down technology costs, and a lot of areas the 
costs are decreasing if you're making the proper investments 
and reinvestments. We find a lot of duplication where the 
systems are being duplicated because of a lack of oversight and 
a portfolio assessment. The Congress has underscored the need 
to be able to do this in the agencies, but unfortunately, the 
trends are going in the wrong direction, or there's additional 
spending in the O&M area, operations and maintenance area, 
rather than coming down as it should be in that area. And Dave 
can talk about more specific recommendations that we've made.
    Mr. Powner. Yes. Congressman Hurd, to highlight the trends, 
we are spending--$80 billion spent right now. We're only 
spending about $15 billion on new development. The remainder is 
going toward operation and maintenance. That's why in our high-
risk report, there's many areas where we have inefficiencies. 
Data center consolidation, there's about $7 to $10 billion on 
the table if we consolidate data centers appropriately. There's 
also----
    Mr. Hurd. On that question, the report highlights shy of 
10,000 data centers. What should be--where should that number 
be?
    Mr. Powner. Well, I think the plan is to close about 4,000 
of those 10,000, roughly. That's the game plan for all the 
major Federal agencies right now. And the game plan is to save 
at least seven and a half billion dollars through 2017. So 
that's right around the corner.
    You know, in addition to data centers, we have a lot of 
duplication that this committee has focused on over the past 
couple of years. There's probably another, you know, $5 billion 
in savings looking at duplicative systems too. So you can 
easily get to over $10 billion in savings. Move that 
inefficient spending out of the O&M spend and into the 
development where we're modernizing the government more 
appropriately.
    Mr. Hurd. Thank you. And my question, along the same lines, 
CIOs play an important role in oversight and governance of 
these projects. Are Federal agencies, CIO's effective, and what 
tools do they need to become more effective?
    Mr. Powner. I think with the Federal CIO, it's a mixed bag. 
We see some CIOs that are quite successful and others that 
aren't, and that's why I think the legislation that this 
committee was instrumental in passing, FITARA, which 
strengthened the CIO authorities, is going to be really 
instrumental going forward so that we can manage this $80 
billion more appropriately.
    Mr. Dodaro. The CIOs need to be more involved and they need 
to be held accountable for these efforts and it needs to be 
more uniform across the government, and if this legislation's 
successfully implemented, we should achieve those goals.
    Mr. Hurd. On the area of accountability, Mr. Dodaro, how 
long have you been with GAO?
    Mr. Dodaro. This June, it'll be 42 years.
    Mr. Hurd. Have you seen anybody in the Federal Government 
fired for cost or time overruns?
    Mr. Dodaro. I'm trying to think. I'm sure there have been 
people have been in big trouble as a result of it. I could tell 
you that. I know about that. I can't think of any specific 
personnel actions offhand, but there have been people who have 
been under a lot of scrutiny and have--and have, you know, 
suddenly retired in that process. So, yes, there have been 
people that have been moved out.
    Mr. Hurd. Good copy. Thank you.
    I yield back my time.
    Mr. Connolly. Would my colleague yield just for a second?
    Mr. Hurd. Yes.
    Mr. Connolly. I thank my colleague. You brought up two very 
important points on CIOs and on legacy systems and--and data 
center consolidation. The FITARA bill, also known as Issa-
Connolly, our preferred name, does address all three things and 
mandates status and a consolidation, also requires--there are 
250 people with the title CIO spread out over 24 Federal 
agencies. Imagine that. So our bill says there ought to be one 
primary CIO for every agency who's accountable and has 
authority.
    So that's what Mr. Dodaro's talking about, about hopefully 
with the implementation of that bill, we're going to see some 
real progress. And it's something I hope we will monitor. I 
know Mr. Meadows and I intend to do that in the subcommittee. 
Thank you.
    Chairman Chaffetz. Thank you. The gentleman yields back. I 
now recognize the gentlewoman from the District of Columbia, 
Ms. Norton, for 5 minutes.
    Ms. Norton. Thank you very much, Mr. Chairman.
    My colleague asked about cost overruns. If people get fired 
for cost overruns, half the Defense Department would be gone, 
because that's where you have most of the cost overruns in our 
country. I'm very interested in this high-risk list, because 
I've been obediently listening to this list for a long time, 
and I never knew much about how you get on it and how you get 
off it, so I'd like to drill down a little bit about it, 
particularly considering that GAO must look at what must be 
hundreds, thousands of agencies in order to draw its list.
    And I must say, whenever there's good news, it seems to me 
this committee ought to be the first to note it, but I did note 
that highlighted, I think almost in your first page, it says 
solid, steady progress has been made in the vast majority of 
high-risk areas. I don't believe I've seen that kind of 
language before in your reports.
    You say that more than one-third of the areas previously 
designated as high-risk have been removed. So I'd like to know, 
you know, how do you get on it and how do you get removed?
    Mr. Dodaro. Sure. First of all, we have published criteria 
that we vetted with the executive branch years ago about how 
you get on and how you come off.
    How you get on is we look at the significance of the risk, 
both in quantitative terms, in other words, there has to be at 
least a billion dollars in risk; there has to be issues, it's 
either a public safety issue, like oversight of medical 
products and food safety, we have on the list; has to be 
important to national security, economic security for the 
country; it has risk of program failures, programs actually not 
achieving their objectives because they're on the high-risk 
list. And there--so there's a long list of factors that we 
consider. And we also look as to whether or not the agencies 
have corrective action plans in place. If they do have a plan 
and it looks like it's going to be a good plan and they may be 
successful, we may hold off on putting them on the list, and 
give them an opportunity to fix it.
    Now, you come off by five criteria: Top leadership 
commitment. There has to be a commitment by the top leaders in 
the agencies sustained; they have to have the capacity, the 
people and the--and the number of people and the right skills 
and the right numbers and resources to be able to fix the 
problem; they have to have a good plan, a corrective action 
plan that addresses the root causes of the problems; you have 
to have a monitoring effort to--with interim milestones and 
metrics; and you have to actually then demonstrate that you are 
fixing the problem. If you meet those five criteria, you come 
off the list. If you do that in part of the high-risk area, we 
narrow the high-risk area to those areas that you haven't, like 
we mentioned this year we did in two areas. So that's--that's 
how you do that. Now, the----
    Ms. Norton. Now, I noticed the second, I think the second 
criteria you mentioned the word ``resources.'' Wouldn't it 
would be fair to say that a significant challenge for getting 
off the list would be the scarcity of funding these days----
    Mr. Dodaro. Well----
    Ms. Norton [continuing]. Since it's one of your criteria.
    Mr. Dodaro. Yes. Well, by ``resources,'' we mean the skills 
necessary, the right people.
    Ms. Norton. So it doesn't mean funding at all. Let me ask--
--
    Mr. Dodaro. No. Well, it can mean----
    Ms. Norton [continuing]. Is funding a significant challenge 
for agents implementing your recommendations and getting off 
the list?
    Mr. Dodaro. It could be, but it could be that they're not 
using the funding that they have very well. It's not 
necessarily mean they need more funding.
    Ms. Norton. Accepted. Could I ask you what Congress can do, 
you know, assuming that Congress is not going to do much about 
resources? I'll take an area of specific interest to me, real 
eState. That is the area, the Federal Government's handling of 
its real eState portfolio has been under constant criticism 
from the GAO. Could you tell me how, considering the billions 
of dollars involved in leasing and construction, how real 
eState portfolio is doing?
    Mr. Dodaro. Yes. First I would say, on the high-risk list, 
we have asterisk areas where the Congress needs to take action 
in order to help address the area. So there's a substantial 
number of the 32 areas that we've already designated for 
Congress. Postal Service reform's one, cybersecurity's another, 
and the need to finance the Nation's transportation 
infrastructure system's another one. So we've designated major 
areas where Congress needs to be part of the solution to the 
problem.
    In the real property area, what Congress can do, one of the 
areas that we--that's on the list is the overreliance on 
leasing. And we've tried to convince the agencies, particularly 
GSA, to put forward a case to the Congress that says, look, we 
would be--it would be cheaper to own this particular property 
rather than lease these properties, but they've been reluctant 
to do so. So we think the Congress ought to mandate that they 
do that in that area. There are also, you know, underutilized 
properties, that the Congress could give additional authority 
in pilot areas to try to provide these things. There's a lot of 
barriers that we've identified that the Congress could help 
alleviate for the agencies to do this, but they need a good 
strategic plan. They have not yet presented the Congress with a 
good strategic plan on how to address this area. We've 
recommended it, they're working on the plan right now for the 
first time, and so we're hopeful to see it this year, and 
hopefully it will provide a good roadmap for them and for the 
Congress.
    Ms. Norton. Thank you. Very useful.
    Chairman Chaffetz. Thank you. I thank the gentlewoman. Now 
recognize the gentleman from Texas, Mr. Mica, for 5 minutes.
    Mr. Mica. Texas. The State----
    Chairman Chaffetz. Sorry. How about the State of Florida?
    Mr. Mica. Texas, Texas.
    Chairman Chaffetz. Florida. Florida.
    Mr. Mica. Where it's warm.
    Mr.----
    Unidentified Speaker. Don't mess with Texas.
    Mr. Mica. Mr.----
    It's a great State, but I'd rather be from Florida right 
now. Mr. Dodaro, have you ever seen the movie ``Groundhog 
Day?''
    Mr. Dodaro. Yes. Over and over.
    Mr. Mica. Yes. Well, I'm sitting here, and I swear a lot of 
the recommendations are the same recommendations you've brought 
us before. I segue from Ms. Norton's and your comments. In 
fact, I just read--the chairman, myself, Mr. Denham, we have 
been interested in excess property, and you can't get people to 
move on dealing with excess property. I think we've found 
14,000 at GSA. And we did the first hearing at the Old Post 
Office, and I put an X through and I put 13,999. We've done 
about six more in vacant properties, some of them moving, but, 
you know, I'm only going to be here so long. Even this guy's 
young. He can't--we can't do a hearing on every property.
    What concerns me, and you just said it in your report, is 
OMB, in conjunction with landholding agencies, could improve 
its capacity and action by implementing, this is dealing with 
excess--or underutilized properties, to develop a strategic 
plan. They have not done that. OMB has not done that.
    Mr. Dodaro. That's correct.
    Mr. Mica. One of the things too, and I've discussed this, 
Mr. Chairman, briefly with Mr. Denham, in the bill that--there 
were two bills offered, Mr. Chaffetz offered one, I worked with 
Mr. Denham, and he authored another, but we need a requirement 
that they have a plan and then there be some annual action on 
the plan and the recommendation, some triggering mechanism. 
Wouldn't you agree?
    Mr. Dodaro. Yes.
    Mr. Mica. And none of them will make a decision. The stuff 
just sits there. It sits there, it sits there. So I come back 
again and we're having a Groundhog Day on excess property.
    Finally, on the administration, this is on--the 
administration released the results of a freeze on footprint 
policy, which they indicated a freeze reduced the government's 
office and warehouse space. They gave you that report, you 
analyzed that report, and they claim they reduced the Federal 
warehouse space by 1.--I'm sorry--10.2 million square feet, but 
then you said they didn't.
    Mr. Dodaro. That's correct.
    Mr. Mica. Can you elaborate?
    Mr. Dodaro. Yes, Phil Herr is our leader on that report.
    Mr. Herr. Hi, Mr. Mica. Yes. One of the things we like to 
do is go behind some of those kind of estimates, take them 
apart, try to see where some of the flaws are, and in looking 
at the freeze and footprint data, we saw some things that were 
miscounted, also things that were vacant, but then they were 
counted separately in GSA's data base.
    One of the things that really underscores and is something 
that we have testified before your subcommittees previously is 
the real problem with the data on the property.
    Mr. Mica. That is right. We found in fact, one, they didn't 
know what property they had.
    Mr. Herr. Right.
    Mr. Mica. They didn't know the condition of the property 
that they had.
    Mr. Herr. Correct.
    Mr. Mica. They didn't know the status of it for being 
eligible for either future utilization or current or keep an 
inventory. I mean, right down the line they did not know. 
They--in fact, they gave us lists that we checked and you 
checked that showed that--that what they were giving us was 
totally incorrect. Is that not correct?
    Mr. Herr. That is correct.
    Mr. Mica. OK. Well, this is something else we have got to 
get is some requirement for these agencies, and if OMB won't do 
it, we can do it statutorily. I know Mr. Chaffetz is committed 
to get a bill through the House and the Senate that will get a 
handle on this, but we have to have triggers. We have to have 
milestones. We have to have some measure of them achieving a 
goal or performance. Am I wrong?
    Mr. Dodaro. I agree, and any major management reform that 
has been successful over time has a statutory underpinning, and 
that will transcend in administrations and Congress----
    Mr. Mica. Coming soon. Thank you.
    Chairman Chaffetz. The gentleman now yields back.
    Now recognize the gentleman from Virginia, Mr. Connolly, 
for 5 minutes.
    Mr. Connolly. Thank you, Mr. Chairman, and thank you, Mr. 
Dodaro, for being here. This is--maybe it says what a wonk I 
am, but I actually really look forward to this hearing every 
year, and I congratulate you for the intellectual underpinning 
of identifying these risk categories. I think it is an 
incredible, helpful public policy document, and I hope a useful 
management tool. It also guides us, and especially this 
committee. So much of what you are talking about is all about 
our agenda. So hopefully we will also take it to heart and 
respond accordingly.
    Mr. Dodaro, you actually endorsed our bill, FITARA, also 
known preferably as Issa-Connolly. How important is it to you 
that that get implemented?
    Mr. Dodaro. It is very important. I mean, that is a 
critical--that is one of the reasons, actually, that we put IT 
acquisitions and operations on the list, is in order to elevate 
attention to make sure that FITARA, Issa-Connolly, bill is 
implemented effectively.
    Mr. Connolly. I am sorry. What was that last part?
    Mr. Dodaro. But if it doesn't have attention, and I am also 
concerned, because, you know, we are coming to the last 2 years 
of this administration, it has got to be sustained in the next 
administration, having a statutory underpinning is critically 
important, and it gives us and the Congress means to hold 
people accountable over time. So it is absolutely critical to 
rectifying this problem that we have identified.
    Mr. Connolly. And there are real potential savings if we 
can make this work. Is that not correct?
    Mr. Dodaro. Oh, yes. Absolutely. Absolutely. In the 
billions.
    Mr. Connolly. In the billions, Mr. Chairman.
    So I know we are going to work on a bipartisan basis to 
actually have oversight hearings on implementation to go and 
exhort and encourage, and I think that is really good.
    Mr. Dodaro, with respect to this whole subject, you are 
familiar with the 25-Point Implementation Plan to Reform 
Federal Technology Management that was issued December 9, 2010 
by Vivek Kundra.
    Mr. Dodaro. Yes. Yes. I am familiar with it, and I am 
joined by Dave Powner, who is our IT expert.
    Mr. Connolly. And I assume that you both--well, let me not 
assume. Was that a helpful document in terms of laying out 
goals and objectives?
    Mr. Dodaro. Yes.
    Mr. Connor. Yes, it was extremely helpful. It set the 
foundation----
    Mr. Connolly. Sets the foundation.
    Mr. Connor [continuing]. For a lot of the key initiatives 
going forward.
    Mr. Connolly. And, for example, when it talks about we 
ought to approve funding of major IT programs only when it 
meets three basic criteria, right: Have a dedicated program 
manager and a fully staffed integrated program team; use a 
modular approach with useable functionality delivered every 6 
months, I think they mean by that break up huge multi-year 
complex systems integration contracts so that they are easier 
to manage; and, third, use specialized IT acquisition 
professionals. Are those--do you think those are three helpful 
criteria when we are looking at issuing a major procurement?
    Mr. Connor. Absolutely.
    Mr. Connolly. And did we follow that advice from the White 
House itself when the Website for the healthcare rollout was 
occurring?
    Mr. Connor. No. We did not.
    Mr. Connolly. We did not. So, hopefully, our bill, but also 
even the guidance that Vivek Kundra issued from the White House 
going 4 years ago-plus might have spared us some of the grief 
and embarrassment that, in fact, occurred.
    Mr. Dodaro. Yes, they have--we have issued nine factors 
that are critical to successful efforts that have been put in 
place. There is Vivek's guidance. There is GAO guidance. There 
is best practice. The basic problem that I have seen over the 
years is there is a lack of discipline to follow good 
practices.
    Mr. Connolly. Yes.
    Mr. Dodaro. We get off the rails and nobody is held 
accountable during that period of time. Modular development, 
incremental development, CIOs, was one of the basic tenants in 
the 1996 legislation that I helped Congress work on passing. It 
just hasn't been implemented. So I commend this committee for 
your recent legislation. I look forward to working with you to 
make sure it is successfully implemented, but it will require 
congressional oversight, and I look forward to that.
    Mr. Connolly. And I will point out, as the chairman knows 
and the ranking member knows, when we put together this bill, 
it was a bipartisan bill, and we--a lot of what we did was 
codify recommendations that came out of the White House itself. 
It was not a hostile bill, and so hopefully it will be seen 
that way, as a useful management tool, and we look forward to 
working with you as we follow and monitor, and, as I said, 
exhort the implementation, because there are enormous savings 
to be had and some very significant efficiencies. So----
    Mr. Dodaro. Yes, and better services to the public.
    Mr. Connolly. Yep. Thank you, Mr. Chairman.
    Chairman Chaffetz. Gentleman yields back.
    Now recognize the gentleman from Tennessee, Mr. Duncan, for 
5 minutes.
    Mr. Duncan. Well, thank you, Mr. Chairman, and I don't--I 
will take just a moment. I just want to say, Mr. Dodaro, I 
think you do a very good job, and I appreciate the work the GAO 
does. You have been very helpful to me on this committee. I 
have been here 26 years. When I tell these newer members this, 
they look at me like I am from outer space. May main committee 
has always been the Transportation and Infrastructure 
Committee, and I have heard Dr. Dillingham testify more 
probably than any other witness, and he seems like a good man.
    Mr. Dodaro. He is.
    Mr. Duncan. But I just want to say that I think the GAO 
does a great job, and I appreciate what you all do, and that is 
all I wanted. Thank you, Mr. Chairman.
    Mr. Dodaro. Thank you very much, Mr. Duncan.
    Chairman Chaffetz. Gentleman yields back.
    We will now recognize the gentlewoman----
    Mr. Connolly. Mr. Chairman, I know that there are other 
witnesses who want to know Mr. Dodaro's magic is that he got 
that kind of----
    Chairman Chaffetz. We will now recognize the gentlewoman 
from the Virgin Islands, Ms. Plaskett, for 5 minutes.
    Ms. Plaskett. Yes. Thank you, Mr. Chairman. Good afternoon, 
sir.
    Mr. Dodaro. Good afternoon.
    Ms. Plaskett. I really wanted to thank you for all of the 
work that your agency does and to talk to you about one of the 
primary things that you all do is uncovering waste and fraud 
and abuse and identification of the risk of integrity of the 
Federal programs. We know, however, that there is also best 
practices that your agency tries to identify, not only for the 
private--for the public sector, but for the private as well, 
and we understand now that the cyber attacks are not just on 
the Federal agencies, but also on private. We know--we have 
heard about Home Depot and the compromise of about 56 million 
companies and the credit card and debit card information, as 
well as Anthem, the Nation's second largest health insurance 
company with more than 80 million records that may have been 
compromised. I see that your--one of your colleagues are coming 
over to assist you.
    Mr. Dodaro. This is our cyber expert, Greg Wilshusen.
    Ms. Plaskett. Great.
    Mr. Dodaro. We sense a cyber question.
    Ms. Plaskett. You sense very well. One of the things I 
wanted to talk with you about is this notion of segregating 
duties. If you could briefly explain for us what that concept 
is and how that works.
    Mr. Dodaro. Yes. Now, that has been one of the major 
problems that we have identified over the years. Greg can 
explain the importance of it.
    Mr. Wilshusen. It is vitally important to assure that 
systems and information are adequately protected from 
unauthorized modification alteration. And it basically relates 
that the activities of one individual or group are countered by 
the activities or overseen, if you will, by the activities of 
another group. So one group does not have full control of a 
transaction or of a process in which it can then perform 
unauthorized activities without detection. Within the cyber 
realm, that often relates to having, for example, software 
developers being able to operate in the production environment 
where real live actual data is being processed because they 
could potentially make undetected changes to the software 
process and that data, and you don't want that to happen. So 
software developers, in this case, should be confined to a 
development and PRO-ART environment.
    Ms. Plaskett. OK. So my understanding, and, you know, I am 
not--my children will tell you I have no--I am a Luddite. I 
have to technological knowledge, but kind of like a submarine 
where when there is a leak in one area you can close off that 
section and then another area where the leak occurs doesn't 
infect the other areas with the segregation of duties. Is that 
occurring now in the Federal agencies with the IT?
    Mr. Wilshusen. Yes. In several agencies there are instances 
where they have weaknesses, and I think it is about 14 agencies 
that have weaknesses and segregation of duty controls, and the 
example you highlighted actually also speaks to defense in 
depth, and that is another security defense principle that 
agencies should put layer upon layer of security controls so in 
the event that one layer may be circumvented or penetrated, 
that other controls help to protect the data and systems at 
hand.
    Ms. Plaskett. So now one of the reasons that I mentioned 
Home Depot and Anthem, we know that this has occurred in other 
private sector areas, is what is the relationship that you all 
have with trying to assist those private sector individuals in 
best practices, because at the end of the day, all of these 
systems connect with one another.
    Mr. Wilshusen. Yes. Actually, it is the Department of 
Homeland Security that has an overriding role within the 
Federal Government for helping in assisting with critical 
infrastructure industries in protecting their information and 
their systems. In addition, for certain retail companies like 
this, it may also be the Federal Trade Commission that would 
also provide assistance and guidance to those entities.
    Mr. Dodaro. We have been encouraging and exhorting for 
years more dialog and information sharing between the public 
sector and the private sector. Both have been reticent for 
different reasons to share information, but that is really the 
only way that this problem is eventually going to be solved. 
Congress has made some overtures in this area and legislation. 
We believe more legislation could be helpful in this regard.
    Ms. Plaskett. Well, I am hopeful that this body will 
continue to assist you in making sure that that happens, and I 
yield the balance of my time.
    Chairman Chaffetz. Thank the gentlewoman.
    We will now recognize the gentleman from Massachusetts, Mr. 
Lynch, for 5 minutes.
    Mr. Lynch. Thank you, Mr. Chairman, and ranking member, 
and, Mr. Dodaro, good to see you again, and all your cohorts. I 
agree with Mr. Connolly's remarks that this may not be the most 
sexy hearing of the year, but----
    Chairman Chaffetz. Objection.
    Mr. Lynch. Well, I think it may reflect best the core 
mission of this committee, however. I do notice in your list of 
areas of concern, you have got a list of--that 2015 high-risk 
list, that the VA Health is on that list for the first time, 
and I know it is one of the two new areas, and this designation 
comes in light of the longstanding and systemic weaknesses in 
accessibility and quality of care. We saw the problems that we 
had down at the Phoenix VA, a terrible situation there. And we 
also have, quite frankly, a huge increase in the number of 
veterans that are now, for the first time in their lives, 
relying on the VA for their healthcare. We went from 6.8 
million veterans in 2002 to 9.4 million enrollees in 2015. So 
it has put a huge amount of pressure on the system, including 
1.4 veterans form Operation Iraqi Freedom and Enduring Freedom 
in Afghanistan, and mindful that most of those folks did 
multiple tours.
    And I was in Kandahar Province not long ago, and I asked 
how many folks were on their first tour, their second tour. I 
got all the way up to seven tours of duty before I ran out of 
Marines. Most of them had been there three or four tours of 
duty. So that repeated cycle of deployments does a lot of 
damage, I think, to the, you know, the psychiatry of serving 
among our young men and women, and I think that we are going to 
see reverberations in the healthcare system as a result of 
those multiple deployments, but I am looking forward.
    That is--I am actually the ranking Democrat on the National 
Security Subcommittee that is going to address those, and I 
look forward to your good work continuing in that area, 
especially with some of the new implementations that we have 
had allowing veterans to be treated at non-VA facilities if we 
do have a backup in appointment time, and that has been a 
constant problem for us not just in the Northeast but all 
across America, and I know Florida is all backed up because of 
the number of retirees down there. They have had a very long 
backlog there. Some of the areas in Texas as well. Virginia, my 
friend, Mr. Connolly, a huge number of veterans in his district 
as well, and also we have got another provision that allows 
them to go to non-VA facilities where their travel to a VA 
facility is more than 40 miles. So it all builds up to a 
greater reliance on our ability to conduct oversight on the VA 
healthcare system. I look forward to working with you. You have 
got a great staff. You have got a good cohort of people behind 
you that have worked tirelessly over the years. I am looking 
forward--we have got no shortage of issues to work on, and I 
just appreciate the work that you do every single day. Thank 
you.
    Now I yield back.
    Mr. Connolly. I would ask my friend to yield.
    Mr. Lynch. Oh, yes. Sure.
    Mr. Connolly. For a question. Mr. Lynch, how many times 
have you been to Afghanistan or Iraq?
    Mr. Lynch. I would say Iraq about 14 times, and I would say 
Afghanistan about 12 times, oftentimes with folks from--that 
Mr. Dodaro works with, a special inspector of--Special 
Inspector Generals of Iraq Construction or Afghanistan 
Reconstruction as well.
    Mr. Connolly. Well, I just want to say, for me, you have 
been a model of oversight commitment to the work in both 
countries at personal risk and peril to yourself, and I honor 
you for that. Thank you.
    Mr. Lynch. Well, thank you.
    Mr. Dodaro. I would just say in terms of the picture that 
you paint, not only have we had more veterans coming back with 
multiple tours, but they are going to be living longer thanks 
to modern medicine, but this problem will occur over decades, 
and we need to get a handle on it right now. There will be more 
veterans even coming back. So this is really a very significant 
long-term issue, and that is one of the reasons that we put it 
on the high-risk list.
    Mr. Lynch. Thank you.
    Chairman Chaffetz. Thank you. The gentleman yields back. I 
now recognize the gentlewoman from New York, Ms. Maloney, for 5 
minutes.
    Mrs. Maloney. I want to thank you for your work, and I 
apologize to my colleagues. I am late to the committee because 
I was at a meeting on a cyber security, which is really one of 
the biggest challenges we face as a Nation, and I believe it is 
an area that we will in a bipartisan way work together to 
address. So I want to mention the assessments that you have 
found for dealing well cyber attacks. And your report found 
that many agencies had ``Inconsistently implemented policies 
and procedures for responding to a data breach involving PII.''
    Can you explain for the committee those areas in which GAO 
found that agencies were inconsistent in their implementation 
of policies for responding to data breaches, and what do we do 
about it?
    Mr. Dodaro. Yes. Greg Wilshusen will address that. He is 
our expert in the area.
    Ms. Maloney. OK. Great.
    Mr. Wilshusen. Yes. We conducted a review at several 
Federal agencies over their procedures and policies for 
responding to security incidents involving personally 
identifiable information, and one of the things we identified 
is that agencies did not consistently identify the risk to the 
affected individuals and the harm that could occur or the 
impact that it could occur to those individuals.
    In addition, they were inconsistent at what point do they 
provide additional services to those individuals. For example, 
whether or not to provide credit monitoring services or other 
types of services in order to help those that have been--whose 
information has been compromised.
    Mrs. Maloney. OK. And to the point, what can Congress do to 
assist you, GAO, in advocating that Federal agencies are being 
consistent in carrying out policies that respond to these 
breaches?
    Mr. Dodaro. We believe that the Privacy Act which was 
originally passed in 1974 needs to be updated, and Congress 
should take that upon their responsibilities. The agencies are 
collecting more information than was contemplated in the 
Privacy Act because the Privacy Act deals with records of 
information but not through social media and other means. More 
information is being collected that wasn't contemplated when 
the Act was passed. The definitions in the Act are very broad, 
which leads to inconsistent applications that can be done. 
There is not enough notice that is made to the public. 
Typically in those days, it was through the Federal Register, 
but there are more available tools now to notify the public and 
make things available. So the Congress needs to update the 
Privacy Act, and we would be happy to work with this committee 
or other committees to do so.
    Mrs. Maloney. OK. And, finally, you State, and I quote 
GAO's report. ``Agencies may not be consistently taking action 
to limit the risk to individuals from PII-related data 
breaches.'' So in GAO's assessment, what are specific actions 
agencies can take right now to improve their ability to respond 
to data breaches on top of rewriting the Privacy Act?
    Mr. Wilshusen. Sure. Yes, one of the actions that they can 
take is making sure that they have appropriate policies and 
procedures in place before incidents occur so they know how to 
act once an incident will occur. And, indeed, our work has 
shown that the number of incidents involving PII at Federal 
agencies is climbing, and every agency is affected by that, and 
that could include having a dedicated team available that has 
the roles and responsibilities previously identified and 
trained in those roles and responsibilities in order to act 
appropriately and timely when incidents occur.
    Mrs. Maloney. And, finally, how can Congress be most useful 
in ensuring that this is fulfilled, that agencies consistently 
take all the necessary actions needed?
    Mr. Wilshusen. Well, one is, as the comptroller general 
mentioned, is to update the Federal laws protecting personal--
the privacy of personally identifiable information. Another is 
holding oversight hearings and holding agencies to account for 
their incidents that occur and assuring that they appropriately 
implement proper protections of the personally identifiable 
information that may be compromised.
    Mrs. Maloney. Thank you so very much.
    Chairman Chaffetz. Thank you. If no other member has a 
question for this first panel, we would like to again thank the 
GAO, specifically Mr. Dodaro, and the great work that so many 
of you and your staff do. I would ask that the clerk change the 
table, and I would actually like to mention something as we do 
in this in the essence of time. So again, Mr. Dodaro, thank 
you. You are excused, and go ahead and make the change. I want 
to talk about the artwork that you see in here, and I would 
like to make a bit of a Statement, and, again, there will be a 
little commotion here as we change out the names, and please, 
if you are on the second panel, please come take a seat.
    When I became the chairman, we made some alterations to the 
artwork here, and part of what I was trying to do was I felt it 
would be best to highlight the people that we serve rather than 
the past committee chairmen. I feel strongly that we should be 
inspired by those who--by the American people, and that is who 
we serve. They have done great things over generations of time, 
and those are the types of people that we should be inspired 
by.
    So I would like to introduce these pieces of art as, again, 
we get this next panel ready, and I will tell you that they are 
all real photography and real photos. I would like to start 
here with this one. It is of the Ben Franklin Bridge and the 
Philadelphia skyline. It was taken by a photographer by the 
name of Charlie Lansche. It is the Ben Franklin Bridge. It 
spans the Delaware River connecting Philadelphia with Camden, 
New Jersey.
    Contrasting the urban setting, we have this new photo that 
was taken, actually, in my congressional district in Utah. It 
does look like a painting, but it is actual photograph that was 
taken in January. It was taken along the Provo River with the 
Mount Timpanogos there in the distance, and we live in a very 
beautiful setting, and I think the contrast between the urban 
setting and a more rural setting is part of what I wanted to 
highlight.
    Going here on this side, this is a photo that was taken--it 
was first published in March 1966. Warren Leffler was a 
photographer for U.S. News and World Report, and the image is 
of postal workers loading mail bags into trucks for delivery, 
and a good number of people for decades, generations, have been 
doing good work in the postal service, and one of our couriers 
of responsibility.
    This next photo back over here is of Utah copper miners. We 
have had people who have been in the mining industry across 
this Nation, whether it is coal or copper or whatnot. This was 
first published back in 1942. They are using a rock-drill 
machine at the Bingham Mine in the Bingham Canyon in Utah.
    This next photo was taken in Afghanistan. The American flag 
capturing the morning's first rays of sunlight as it is hoisted 
from one of the peaks of the Kowtal-e Paymor Mountain on the 
outskirts of Kabul, Afghanistan, in honor of Veterans Day. It 
was shot on November 11, 2010. Not a professional photographer, 
but that is one of the most beautiful patriotic shots I have 
ever seen, and really appreciate the service that Paul Bingham 
offered this country and the photo that he took that day 
honoring Veterans Day above the hills there in the mountains 
outside Kabul. We have had thousands and thousands of Americans 
serve overseas and in Afghanistan, and we honor them and should 
be thinking of them regularly.
    This next photo at the back of the room is actually civil 
rights protesters on one of three marches from Selma to 
Montgomery, Alabama. This photo was first published in 1965, 
they tell me, and is a good reminder that people have gone 
through a lot of hardship, but also made a lot of progress. And 
I love the patriotic nature of the carrying of the flags in 
that photo and appreciate the Library of Congress for providing 
that to us as well.
    The next one is of the Golden Spike. The Golden Spike 
actually happened in Utah. It was taken on May 10, 1869. By 
joining the Central Pacific and Union Pacific lines at 
Promontory Point in Utah on May 10, 1860. The Golden Spike was 
the ceremonial last spike driven in by Lelant Stanford to join 
these rails to form the first Transcontinental Railroad across 
the United States bridging the east and the west together.
    The next photo is really the only portrait that I would 
consider here, but interestingly enough, this was first 
published in 2006. It was from the Library of Congress. The 
Lincoln Memorial is obviously one of the best sites we have in 
this country and certainly in the United States, but when he 
was Congressman Lincoln, he served on the Post Office and Post 
Roads Committee, and the Expenditures and the Department of War 
Committee, two committees that preceded the modern day 
Oversight and Government Reform Committee. So interesting to me 
that Abraham Lincoln, when he served in the House of 
Representatives, served on what is now known as the Oversight 
and Government Reform Committee, an inspiration to a lot of 
people.
    Moving over here, we have got two more. This photo was 
taken--it comes from the Library of Congress. We are not sure 
who the photographer was. It was published sometime between 
1914 and 1918. It is of women making and crimping fiber powder 
containers for 3-inch Stokes guns during World War I. It was 
taken at the W.C. Ritchie & Company facility in Chicago, 
Illinois. And, again, a great deal of sacrifice that was going 
on in this country, and I actually like--I love the patriotic 
nature that one as well.
    And, finally, I want you to look closely at this photo if 
you have a chance. This is a steel worker on the framework of 
the Empire State Building high above the city with the Chrysler 
Building prominently displayed in the back.
    Mr. Lynch. Ironworker.
    Chairman Chaffetz. Ironworker. Ironworker. My apologies. 
The photographer was Lewis Hine, and it was first published in 
1930, and comes to us from the National Archives. Not exactly 
OSHA compliant back then. That gentleman is sitting on the 
precipice of death, working hard to build this country without 
a safety harness, without the types of things that our workers 
have now, but a good deal of people have made these kind of 
dedications and sacrifices, and I am glad that they captured a 
photo of it.
    These are the types of people I think should be inspired in 
this committee rather than just the committee chairmen of past, 
and so we made those changes. I hope the committee appreciates 
that, and I am honored to have these photos in here, and I 
thank the members for my indulgence.
    We would now like to recognize our second panel of 
witnesses.
    Oh, pardon me. I would like to yield to our ranking member, 
Mr. Cummings, for 5 minutes.
    Mr. Cummings. Mr. Chairman, when you told me that you were 
going to select some photographs, I was--I didn't know what you 
were going to do, but I must tell you and all of those who had 
anything to do with selecting these photographs, that they are 
absolutely beautiful.
    You know, I used to say that my father who only had a 
second grade education, but who educated all seven of his kids, 
I used to say that I was inspired by his aspirations, and when 
we look at these pictures, the ones of hard-working Americans 
in the pursuit of happiness and building our country, I believe 
that their stories, I mean, just looking at them, should 
inspire all of us to be the very best that we can and to lift 
up their lives and people--the people like them, their lives, 
and then, you know, you look at the other ones that show our 
environment. I think it should be a reminder that we do have a 
sacred duty to pass on to our children an environment which is 
just as good as or better than the one that we inherited.
    You know, it is said that we do not inherit our environment 
from our ancestors, but we borrow it from our children, and I 
would say the same thing about our democracy, and so--and last 
but not least, Mr. Chairman, you, you know, you really did a 
hell of a job when you put the Selma one right there because it 
just reminds me every time I look at it, 4 years before that in 
Baltimore, it reminded me of us marching, little kids, we were 
marching trying to integrate a pool called Riverside Pool, and 
it was all-white pool. We were beaten, but yet still we marched 
in the pursuit of happiness, and so I am--I still like to say 
that I am hoping that this will be--these photos will be an 
aspiration--will be an inspiration because of the aspirations 
of these folks who made America what it is.
    Thank you very much.
    Chairman Chaffetz. Thank you. I appreciate those comments.
    And now back to the business before us. I thank the five 
gentleman who have joined us, and I would like to recognize 
this panel of witnesses. I am pleased to recognize the 
Honorable John Koskinen, who is the Commissioner of the 
Internal Revenue Service; the Honorable Alan F. Estevez, 
Principal Deputy Under Secretary of Defense for Acquisition, 
Technology and Logistics at the United States Department of 
Defense; Mr. John MacWilliams, Senior Advisor at the United 
States Department of Energy; and then Shantanu Agrawal. Did I 
pronounce that properly? I know you have testified previously.
    Mr. Agrawal. You nailed it.
    Chairman Chaffetz. Yes. He is the Deputy Administrator and 
Director of the Center of Program Integrity at the Centers for 
Medicare and Medicaid Services; and Mr. Robert M. Lightfoot 
Jr., Associate Administrator at the National Aeronautics and 
Space Administration.
    We thank you for your patience. It has been a while to get 
to this panel, but we do appreciate you here.
    Pursuant to committee rules, all witness be sworn before 
they testify. So if you could rise please and raise your right 
hand.
    Do you solemnly swear or affirm that the testimony you are 
about to give will be the truth, the whole truth, and nothing 
but the truth?
    Thank you. Let the record reflect that all witnesses 
answered in the affirmative. You may be seated.
    Mr. Koskinen, we will start with you. Your full Statement 
will be introduced into the record, but we would ask that you 
please limit your testimony to 5 minutes, and we will go from 
there, Mr. Koskinen.

                 STATEMENT OF HON. JOHN KOSKINEN

    Mr. Koskinen. Thank you. Thank you, Chairman Chaffetz, 
Ranking Member Cummings, and members of the committee. Thank 
you for the opportunity to discuss the Government 
Accountability Office's high-risk list as it pertains to IRS 
operations. I am delighted to note that one of our programs, 
Business Systems Modernization, was removed from the list in 
2013 after being on the list since 1995. Its removal came about 
because of the advances the IRS has made over many years in 
addressing weaknesses in information technology and financial 
management capabilities. Turning now to tax enforcement, the 
GAO has identified this as a high-risk area because of the size 
of the tax gap and the difficulty over time in narrowing that 
gap. The most recent IRS study of the tax gap released in 2012 
found that the tax gap was $385 billion for tax year 2006. The 
IRS is preparing a new study of the tax gap that covers tax 
year 2010, and will be based on audits done between 2008 and 
2010. We expect this report to be released in the first quarter 
of 2016.
    One of the key findings from our ongoing research on the 
tax gap has been that the compliance rate is very high for 
income that is subject to information reporting. Income subject 
to third party reporting is underreported only about 8 percent 
of the time. That number jumps to 56 percent for income that is 
not subject to any third party reporting or withholding.
    Another thing we've learned from our research is that the 
biggest portion of the tax gap involves the underreporting of 
business income by individual taxpayers which totaled $122 
billion in 2006. The evidence is clear that the lack of 
reliable and comprehensive reporting and withholding on this 
type of income is the main reason for such a high level of 
underreporting. A good example of our recent efforts to improve 
compliance in this area involves the legislative requirement 
for electronic payment processors, credit card companies, to 
send us information from business credit card receipts on a new 
form 1099-K. The first 1099-Ks were filed in 2012 for 
transactions in 2011, and I am pleased to report we are 
beginning to see positive impacts on compliance from this new 
program provided by the Congress.
    Programs such as 1099-K reporting are useful not only 
because they help the IRS to collect the correct amount of tax, 
but also because they encourage voluntary compliance, and the 
importance of voluntary compliance cannot be overStated. A 1-
percent increase in the level of voluntary compliance brings in 
about $30 billion annually in tax receipts.
    Even with these and other efforts, I would note that it is 
not possible to eliminate the tax gap completely. Getting to 
100 percent tax compliance would require a huge increase in 
audits and significantly greater third party reporting and 
withholding than we have now. Realistically, that wouldn't work 
because the burden on taxpayers and the strain on IRS resources 
would be far too great. Our budget situation represents a very 
serious challenge to our ability to keep making progress on 
this front. In order to absorb required reductions this year, 
the IRS has taken a number of difficult steps, including the 
loss through attrition of about 1,800 key enforcement 
personnel. That translates into fewer audits and collection 
cases, and we estimate the government will lose at least $2 
billion in revenue that otherwise would have been collected. 
Additionally, the reductions in our funding have forced us to 
make cuts in taxpayer service. This is also troublesome because 
if we can't provide the services taxpayers need to fulfill 
their tax obligations, voluntary compliance will suffer.
    This concludes my Statements, and I would be happy to take 
your questions.
    Chairman Chaffetz. Thank you.
    [Prepared Statement of Mr. Koskinen follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]     
        
    Chairman Chaffetz. Mr. Estevez.

                STATEMENT OF HON. ALAN F. ESTEVEZ

    Mr. Estevez. Thank you, Chairman Chaffetz, Ranking Member 
Cummings, members of the committee. Appreciate the opportunity 
to appear before you to discuss a couple of the areas of high 
risk identified by GAO, specifically supply chain management 
and weapons acquisition.
    The Department of Defense has made measurable progress in 
addressing these areas as well as in the areas of contract 
management, as Mr. Dodaro mentioned, and infrastructure. The 
Department is dedicated toward improving our supply chain and 
acquisition processes to ensure effective support for our 
warfighters and value to the American taxpayer.
    Supply chain management and weapon system acquisition are 
complex areas that, by their nature, entail some level of risk. 
We develop and field the best weapon systems in the world, and 
our logistics capability is unparalleled, as demonstrated in 
the last 13 years of war. However, due to the scale and 
complexity of these functions inside the Department of Defense, 
even at six Sigma levels of tolerance, there will be some 
deficiencies. Therefore, we must continually strive to improve.
    Today the DOD supply chain is simultaneously sustaining 
forces in Afghanistan, supporting the war on ISIL, and 
completing the mission to control Ebola. At the height of 
operations in Afghanistan, we provided 1.1 million gallons of 
fuel and 435,000 meals a day, delivered medical supplies, 
construction materials, and spare parts to sustain our combat 
power at record levels of readiness. DOD manages over 5 million 
items valued at over $90 billion. Our actions to improve 
inventory performance while maintaining overarching focus of 
reducing risks to our warfighters have produced substantial 
results that have been acknowledged by GAO. For example, since 
2010, DOD has been implementing our comprehensive inventory 
management improvement plan. Since 2012, we've reduced 
government-managed inventory by $14.4 billion, the first 
reduction in government inventory since the 1990's. DOD is 
implementing a new forecasting methodology, which is producing 
improved material availability, decreased back orders, and 
reduced procurements. With that said, there is more work to be 
done on improving our supply chain performance and we remain 
focused on doing so.
    Second area of high risk that I want to address is weapon 
system acquisition. It is important to recognize that the 
weapon system acquisition process has provided the United 
States with dominant military capabilities. The rise of foreign 
capability, coupled with our ongoing combat operations, global 
commitments and our reduced budgets is jeopardizing our 
technological superiority. Our weapon system acquisition 
process must deliver needed combat capability to our 
warfighters as effectively as possible. Our program for 
continuous process improvement in this area that we call better 
buying power, or BBP, is focused on that goal.
    GAO's and our own main concern in the acquisition area is 
cost and schedule of growth. Under BBP, the Department sets and 
enforces affordability caps on all major weapon systems. We are 
tracking performance against established caps to ensure 
compliance. Affordability caps tied to requirements. BBP drives 
active engagement between the acquisition and requirements 
leadership, that would be the operator who uses the weapon 
system, during weapon system development to ensure that 
requirements associated with the program address the warfighter 
needs in a cost effective, affordable way.
    We revised our principal acquisition policy, DOD 
Instruction 5002, which formally institutionalizes BBP and the 
improvements resulting from the Weapon System Acquisition 
Reform Act, including emphasis on systems engineering, cost 
analysis, and testing. In addition to the actions already 
mentioned, we are formally measuring our own performance. The 
first two annual reports on the performance of the defense 
acquisition issue--acquisition system have provided data that 
the Department is using to increase the performance of the 
acquisition process, and GAO is also using those reports.
    In summary, DOD will continue to work with the GAO to 
address the underlying root causes that have resulted in our 
high-risk designation. We are and continue to be focused on 
removing ourselves from this list by correcting our 
deficiencies for the benefit of our warfighters and the 
taxpayer.
    Thank you for the opportunity, and I look forward to your 
questions.
    Chairman Chaffetz. Thank you.
    [Prepared Statement of Mr. Estevez follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]     
    
    
    Chairman Chaffetz. Mr. MacWilliams.

                  STATEMENT OF JOHN MACWILLIAMS

    Mr. MacWilliams. Thank you, Chairman Chaffetz, and Ranking 
Member Cummings, members of the committee. I appreciate the 
opportunity to appear before you today to discuss the 
Department of Energy's efforts at improving our management of 
our capital asset projects. This is a topic of great importance 
to Secretary Moniz and our Deputy Secretary Sherwood-Randall.
    DOE manages some of the largest most complex and 
technically challenging projects in either the public or the 
private sector due to its diverse mission. The portfolio of 
large projects undertaken by DOE is unique not only from other 
projects in the public and private sectors but also each DOE 
project is unique from other DOE projects. These projects are 
truly one of a kind with uncommon challenges, such as handling 
radioactive conditions or producing extremely bright X-rays for 
nano science. In light of these challenges, DOE has 
historically struggled with project and contract management, 
and we have been on the GAO's high-risk list since the list's 
inception in 1990.
    We have made some important progress, however, that has 
been recognized by GAO and others. In 2009, we were removed--
the GAO removed the Office of Science from the high-risk list, 
and in 2013, GAO again narrowed its DOE focus to projects over 
$750 million in the Department's Office of Environmental 
Management and the National Nuclear Security Administration. 
The Department remains very focused on getting off this list 
entirely. To meet this challenge, the secretary is instituting 
changes to improve departmental performance on major projects, 
and one of the first actions he took when he became Secretary 
was to create an Under Secretary for management and performance 
to focus specifically on improving project management and 
providing direct supervision of many of DOE's most challenging 
projects.
    In August 2013, the Secretary also established a working 
group which he asked me to lead to conduct an in-depth analysis 
of project management. This working group was comprised of 
DOE's senior-most project management experts, and we took a 
very comprehensive look at the challenges that DOE faces, and 
the group provided opinions as to why projects either fail or 
succeed in the DOE environment. The working group's findings 
were issued in a report which was released in December, and 
that report you can find on our Website at the Department of 
Energy.
    The report led to several recent--implementation of several 
efforts to improve project management. First, we strengthened 
the Energy Systems Acquisition Advisory Board. We will now 
review all projects with an estimated cost of $100 million and 
up. Used to be we only looked at 750 million and up, and the 
board, which is chaired by the Deputy Secretary and comprised 
of the senior-most departmental officials, will now meet at 
least quarterly and will focus on projects that are deemed to 
be at risk of not meeting their performance baselines.
    Second, we have established a new committee, the Project 
Management Risk Committee. This is comprised of the senior 
project managers who are the same folks that wrote the report 
that I just referenced, and that is providing risk assessment 
and advice to the Department's senior leadership, reviewing and 
analyzing projects before all critical decisions and baseline 
change proposals, and providing peer reviews and in-house 
consulting to projects across the Department.
    Finally, the Secretary has taken a series of actions aimed 
at improving lines of responsibility and improving our peer 
review process. The Department is improving accountability by 
ensuring that for each project, the appropriate Under Secretary 
must now designate a clear owner who has budgetary and 
programmatic responsibility. There must also be a clear line of 
responsibility that extends from the Under Secretary to the 
project owner to the Federal project director. In addition, 
where it doesn't exist already, each Under Secretary is now 
establishing a project assessment office.
    The reforms and processes that we are instituting at DOE 
with respect to project management are critical steps to meet 
our solemn responsibility to be responsible stewards of 
taxpayer dollars. We are encouraged by the work that has been 
done over the last year which has been focused on effecting 
permanent, structural and cultural change in the way that the 
Department manages its projects.
    Thank you. I would be pleased to answer your questions.
    Chairman Chaffetz. Thank you.
    [Prepared Statement of Mr. MacWilliams follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] 
               
    Chairman Chaffetz. Members should be advised that there is 
a vote on the floor. We have three votes. The intention is to 
have the next two gentlemen give their opening Statements, but 
we will not get to questions until after votes. So we 
anticipate that that will happen no sooner than 5:15. Each of 
you two gentlemen have up to 5 minutes, but please be swift, 
and your full Statements will be entered into the record. 
Doctor.

               STATEMENT OF SHANTANU AGRAWAL, M.D.

    Dr. Agrawal. Thank you. Chairman Chaffetz, Ranking Member 
Cummings, and members of the committee, thank you for the 
invitation to discuss the Centers for Medicare and Medicaid 
Services' operation of these programs.
    We share this committee's commitment to protecting 
beneficiaries' and taxpayers' dollars and to preserving these 
program for generations to come. CMS appreciates the work of 
the GAO. Medicare is a large and complex program serving 54 
million beneficiaries and working with over 1.5 million 
providers. We pay over one $billion claims per year from these 
providers. While the GAO continues to classify Medicare as a 
high-risk program, there is good news to report. The last 2 
years saw the slowest growth in real per capita national 
healthcare expenditures on record. The 2014 Medicare trustee's 
report projects that the trust fund which finances Medicare's 
hospital insurance coverage will remain solvent until 2030, 4 
years beyond what was projected just last year. They are also 
promising improvements in the quality of care furnished the 
beneficiaries. CMS initiatives have contributed to an estimated 
50,000 fewer patient deaths in hospitals, and 1.3 million fewer 
hospital-acquired conditions, saving $12 billion over 3 years. 
Medical review strategies have resulted in over $5 billion of 
savings in just last fiscal year.
    CMS is working to transform Medicare into a high-value 
payer with payment policies based on quality not just volume, 
and we remain focused on preventing waste, abuse, and fraud 
before it occurs. These issues are not merely about cost. They 
threaten beneficiary health through unnecessary services, 
substandard care, dangerous prescribing, and a host of other 
problems. Since 2011, CMS has been using its fraud prevention 
system to apply advanced analytics on all Medicare fee-for-
service claims. The system also incorporates beneficiary 
complaints made through 1-800-MEDICARE, and works with numerous 
other inputs to generate and prioritize leads for further 
review and investigation. CMS then swiftly takes administrative 
action to stop problematic behaviors through the suspension of 
payments, medical review of claims, and removal from the 
program. As we recently reported to Congress, our advanced 
analytic system has already generated a 5 to 1 return on 
investment.
    Another component of our efforts is to strengthen provider 
enrollment by verifying the legitimacy of new or existing 
Medicare providers through a risk-based approach. We are 
screening those that pose the highest risk to the program using 
routine data checks over licensure and criminal records, 
scheduled and unscheduled site visits, and fingerprinting. As a 
result, we have removed over 450,000 Medicare enrollments since 
2010, and importantly denied thousands of enrollment 
applications, which means that these providers never gained the 
ability or lose the ability to build a Medicare program. These 
unprecedented examples of success have been positively 
acknowledged by GAO.
    Additionally, we are engaging with the private sector in 
new ways to better share information and transform insights 
into action. The Healthcare Fraud Prevention Partnership is 
currently made up of 38 private, Federal, and State members, 
and continues to gain membership. The partnership has completed 
studies that led partners to take substantive actions, and is 
developing additional studies based on these results. The 
President's FY-16 budget includes a proposal to allow both 
public and private partners to support this partnership by 
providing funds. Beyond the partnership, CMS has made important 
progress in integrating proven private sector tools in our 
operations, including advanced predictive analytics, prior 
authorization, and the use of automated prepayment claims 
edits. These initiatives net million--hundreds of millions of 
dollars in savings every year.
    Finally, CMS is focused on moving the Medicare program away 
from the misaligned incentives of fee-for-service 
reimbursement, like paying the number of tests performed 
instead of paying for quality and outcomes. CMS is testing 
different payment models where providers are held accountable 
for the quality and cost of their care, and providers have a 
financial incentive to coordinate care for their patients. For 
the first time, HHS has also set explicit goals for this work. 
CMS has a goal of tying 30 percent of traditional fee-for-
service Medicare payments to quality through alternative 
payment models by the end of 2016, and tying 50 percent by the 
end of 2018. As a physician myself, I ultimately care most 
about the health of patients, which I am reminded of daily as I 
work with CMS colleagues to improve the delivery of healthcare 
services. Our healthcare system should offer the highest 
quality and most appropriate care possible to ensure the 
wellbeing of individuals and populations.
    I look forward to answering this committee's questions, and 
I thank for the time.
    Chairman Chaffetz. Thank you.
    [Prepared Statement of Dr. Agrawal follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] 
    
    Chairman Chaffetz. Mr. Lightfoot, you are recognized for 5 
minutes.

                  STATEMENT OF ROBERT LIGHTFOOT

    Mr. Lightfoot. Thank you, Chairman Chaffetz, Ranking Member 
Cummings, other members of the committee. Appreciate the 
opportunity to appear today to discuss NASA's efforts to 
improve acquisition management. NASA develops missions and 
capabilities to expand the frontiers of knowledge, capability 
and opportunities in space and here on Earth. By the very 
nature of our mission, NASA's activities are inherently high 
risk. At the same time, we recognize the critical importance of 
managing our projects as effective stewards of taxpayers' 
dollars. This means managing our projects to deliver them on 
cost, on schedule, and identifying risks as quickly as possible 
so we can implement appropriate corrective action.
    We've made significant improvements both in managing our 
projects and preparing our managers. These improvements are 
already yielding results, particularly with our small and 
medium class missions. We have seen a significant reduction in 
the number of projects that exceed their baselines, and, in 
fact, several projects have recently launched within their 
baselines, including Juno, Landsat 8, the Mars Atmosphere and 
Volatile Evolution, and just 2 weeks ago, the Soil Moisture 
Active Passive Mission, or SMAP.
    Our larger, more complex projects typically involve 
technical--typically involve the development of significant 
number of new technologies, which present greater technical 
risk, but even the James Webb Space Telescope, the next great 
observatory in space, which was originally confirmed on an old 
cost policy that we used and had exceeded its original 
baseline, has benefited from our improved process. The James 
Webb Space Telescope has remained on track to meet the new cost 
and schedule baseline we established in accordance with the new 
policy 3 years ago.
    NASA cost policies have evolved over time toward a 
probabilistic joint cost and schedule confidence level 
analysis. This joint confidence level analysis enables NASA to 
estimate the probability of completing a project within a 
certain life cycle cost and schedule based on the individual 
project's unique technical and programmatic characteristics. A 
key benefit to the joint confidence level policy is the added 
rigor it brings to the analysis process, driving an integrated 
analysis of the cost schedule and technical risk.
    NASA has also taken steps to enhance the agency's earned 
value management capabilities. Earned value management guidance 
is provided to the NASA community through the recently released 
project management handbook, as well as through the EBM 
handbook. NASA routinely reviews earned value management data 
at formal regular recurring meetings at the projects at the 
center, at the mission, and at the agency level, as well as in 
ad hoc meetings should issues arrive. NASA relies on the 
knowledge we gain with each new project in order to improve our 
project management practices, and introduces new tools to 
assess whether our projects are on track to meet their cost and 
schedule commitments.
    I would like to thank the GAO for their hard work and their 
valuable insights. We appreciate the open dialog we've had with 
them over the last few years, as we've both improved--as we've 
worked to improve and refine our project management 
capabilities. As a result, I think what--and while I think 
there's still a lot of work to be done, I am confident that we 
are on the right track to improving project management at NASA.
    Thank you for the opportunity to be here, and I look 
forward to your questions.
    [Prepared Statement of Robert Lightfoot follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]     
        
    Chairman Chaffetz. I thank the gentlemen. With the vote on 
the floor, the committee will stand in recess. When votes 
conclude, we will continue, and we thank you again all for your 
patience.
    [Recess.]
    Chairman Chaffetz. Committee will come to order. I thank 
you all for your patience with votes on the floor. We obviously 
got delayed.
    I'd actually like to start by recognizing the gentleman 
from North Carolina, who's the chairman of one of our 
subcommittees on government--the Subcommittee on Government 
Operations. The gentleman from North Carolina, Mr. Meadows, for 
5 minutes.
    Mr. Meadows. Thank you, Mr. Chairman. And thank each of you 
for being incredibly flexible today.
    Really, I guess the underlying concern that I have is as we 
have--are celebrating the 25th anniversary, is we've got to 
figure out a way to get off of the high-risk list. It's not a 
very high benchmark. You know, really if you look at the 
components of that, it is just making a real concerted effort. 
And so I'm looking forward to each one of you putting together 
a plan to make sure that we can do that.
    Doctor, let me come to you. I sent you a text, and I want 
to compliment you--I actually sent you an email. I want to 
compliment you on the fact that on a weekend, you responded via 
email, which was shockingly surprisingly--surprising, and I 
want to just say thank you.
    Do you have the automatic re-enrollment numbers that I've 
been requesting from CMS? Have they given those to you?
    Dr. Agrawal. Yes. Mr. Meadows, thanks for the question and 
I'm happy to be accessible whenever you need. So the answer is 
I think we're still working on it. You know, that is part of 
the agency obviously that I don't have direct oversight over. 
My understanding is that you've had numerous conversations with 
the CEO of the marketplace, Kevin Counihan, and that they are 
working on assembling those numbers. I think obviously, as you 
know, our focus is certainly on getting the numbers out to you 
and the public, but making sure that they are accurate when we 
do.
    Mr. Meadows. All right. So what you are saying is that you 
have not seen the numbers for the automatic re-enrollment. 
You've never seen any totals?
    Dr. Agrawal. I have not, correct.
    Mr. Meadows. OK. It's my understanding that we have those 
numbers, and we've been trying for 60 days to get it. Any 
reason why it would take that long to verify numbers?
    Dr. Agrawal. I think it's just confirming that the numbers 
are numbers we can stand behind, making sure that they're good 
numbers that ought to be released. Again, I believe staff at 
CMS are in touch with your staff, and obviously, you've been in 
touch with----
    Mr. Meadows. Well, they--we've been in touch. They have not 
really been in touch----
    Dr. Agrawal. Gotcha.
    Mr. Meadows [continuing]. From a followup. It's amazing to 
me that we can have the response time for those that get 
recorded messages or wait times for Spanish-speaking operators, 
and we know that down to the second, or actually tenth of a 
second, and yet we can't get automatic re-enrollment numbers 
from CMS. When can we expect those?
    Dr. Agrawal. I don't have a particular timeline.
    Mr. Meadows. All right. Well, let me go on further, because 
I've got limited time. Let's look at Medicare. You're going 
from 14,000 lines of code to 68,000 codes in terms of Medicare 
reimbursement. Is that correct?
    Dr. Agrawal. Are you talking about ICD-10?
    Mr. Meadows. Yes. ICD-9, 10. ICD-10.
    Dr. Agrawal. Sure.
    Mr. Meadows. So we're going to different codes.
    Dr. Agrawal. Yes.
    Mr. Meadows. And so doctors and hospitals putting in the 
wrong code will come out as an improper payment or fraud. Is 
that correct?
    Dr. Agrawal. Not necessarily. So it really----
    Mr. Meadows. Or improper payment?
    Dr. Agrawal. It may. You know, obviously the importance 
of----
    Mr. Meadows. Why would we go from 14,000 codes to 68,000 
codes? How could that make it more efficient?
    Dr. Agrawal. Well, first let me say the agency is adopting 
these codes that are actually established outside of agency 
processes and with the input of the provider community. In 
fact, it was really the provider community searching for 
specificity and the ability to really define exactly what they 
were seeing in the----
    Mr. Meadows. So they were getting the payments they wanted?
    Dr. Agrawal. So they could get appropriately reimbursed.
    Mr. Meadows. Let me ask you. I mean, I went through and 
looked at your codes. We've got codes now that one in 
particular says if you unexpectedly are missing your big toe. 
Unexpectedly missing a big toe gets a code. There are six 
different codes for squirrels, I mean, so if a squirrel bites 
you, if it's the first time or second time, if it scratches 
you. Do you not see that we've got unbelievable lines of code, 
that more codes will not make it more efficient? There's one 
code in here for spending too much time in a freezer. I mean, 
it's incredibly ridiculous. And let me tell you, the physicians 
that I talk to and the hospitals I talk to are spending 
millions of dollars in compliance trying to figure out your 
codes, and yet we're going to increase those by four-fold? Why 
would you do that?
    Dr. Agrawal. Well, again, I'd be just careful. And let me 
just say, I believe there's a code for an Orca attack as well.
    Mr. Meadows. There--there is.
    Dr. Agrawal. There are numerous different kinds of codes. I 
don't imagine in my own practice to be using that one or many 
of the others. However----
    Mr. Meadows. Well, let me ask you----
    Dr. Agrawal [continuing]. I would like to say----
    Mr. Meadows [continuing]. Is a mouse a rodent?
    Dr. Agrawal. Pardon me?
    Mr. Meadows. Is a mouse a rodent?
    Dr. Agrawal. I assume it is.
    Mr. Meadows. Well, but you've got a different code for a 
rodent than a mouse, and, I mean--what I'm saying is it's so 
complicated, you make it so complicated, that nobody can 
comply.
    Dr. Agrawal. I think to be clear, though, the agency is a 
recipient of ICD-10, just as other agencies are. We did not 
intend----
    Mr. Meadows. But you're in control of that, are you not, on 
implementing that, your Program Integrity?
    Dr. Agrawal. No. There are actually numerous parts of the 
agency. I mean, we are actually required to implement ICD-10. I 
realize that Congress has delayed implementation of that 
requirement, but at some point we are required to implement 
ICD-10, and that's meant to--you know, the code design itself 
is not something that CMS is engaged in. It is really designed 
to improve both epidemiologic understanding of administrative 
data to make sure administrative data really reflects what's 
going on in the real world clinically, and that providers have 
had extensive input into these code sets.
    I don't necessarily disagree with your point, but I think 
we are as much a recipient of ICD-10 as other agencies that are 
implementing it across the world.
    Mr. Meadows. Well, my time's expired. I'll yield back, Mr. 
Chairman.
    Chairman Chaffetz. Thank the gentleman. Recognize the 
ranking member, Mr. Cummings, for 5 minutes.
    Mr. Cummings. Yes. Dr. Agrawal, I want to thank you for 
appearing before our committee today. CMS has undertaken a 
number of initiatives to reduce fraud and improper payments in 
the Medicare program. I just--I'm just concerned about how they 
work and how effective they are and what you see for the 
future. I'd like to ask you about these today. The ACA requires 
increased scrutiny of providers and suppliers who have 
historically posed a higher risk of fraud or abuse. This 
heightened screening process applies to providers and suppliers 
that are attempting to either newly enroll in the Medicare 
program or re-validate their participation.
    Can you describe the different risk-based screening level 
designations and the various requirements that providers and 
suppliers in each category are subject to?
    Dr. Agrawal. Sure. So provider categories by provider type 
essentially are subdivided among three risk categories: 
Limited, medium and high. And as you go up the chain of risk, 
more screening strategies and approaches are implemented to 
screen those types of providers, again, whether they're newly 
enrolling or revalidating. At the highest level of risk, say, a 
newly enrolling DME company or home health agency, there are 
automated background checks that would be performed that really 
are performed for all provider types to ensure adequate 
licensure, lack of a criminal--relevant criminal background or 
felony record that would keep a provider out of the program. 
But in addition, high risk--the highest risk providers face 
site visits, they face fingerprint-based background checks. So 
a multitude of different screening approaches for the highest 
risk providers, and that also includes providers who are 
attempting to re-enroll after having a Program Integrity action 
taken against them in the past.
    The result of all of this work, and to--you know, to date, 
we have revalidated over a million of the million and a half 
providers and suppliers enrolled in Medicare, and the totality 
of all this work on both newly enrolling and revalidation is 
that we have removed the billing privileges of over 450,000 
enrollments in Medicare to date. And I can tell you that these 
new enrollment requirements are also allowing us to deny more 
applications at the front end, so providers actually never make 
it into the program because they do not qualify.
    Mr. Cummings. Well, that's what I was about to ask you. So 
as opposed to chasing money, you do some preventive things. Is 
that right?
    Dr. Agrawal. I think a lot of our provider enrollment work 
really solidly lands in the preventive category, because it 
really is designed to keep folks out of the program that 
don't--that don't belong. So if we conduct a site visit and 
determine that you are a non-operational provider, then you 
never make it into the program, or if we check your criminal 
background record or check your licensure and determine that 
you're not appropriately licensed or you have a relevant felony 
conviction that would keep you out of the program, then indeed 
we deny your enrollment application.
    Mr. Cummings. OK. Let me ask you about the agency's 
demonstration program on power mobility devices. How does the 
agency's prior authorization demonstration for power mobility 
devices complement CMS's Program Integrity efforts?
    Dr. Agrawal. Sure. Thank you for the question. So one of 
the central challenges in the improper payment rate is that 
there is a disconnect between the medical record documentation 
that underlies a medical service or, you know, indicates what 
happened over the course of that medical interaction, and then 
the claim that comes in to CMS, essentially the bill for that 
interaction. What prior authorization does is allows us to 
ensure that medical necessity requirements and documentation 
requirements are being met on the front end before the service 
is even offered to the beneficiary. The demonstration, and 
generally the way we've approached prior authorization is, 
again, to take a very risk-based approach. The demonstration 
was implemented around power mobility devices first. We are 
actually--we put out a proposed rule that would look to expand 
that to other high-cost DME supplies, and then there are 
elements in the President's budget that look to expand it to 
things like hyperbaric oxygen and scheduled ambulance 
transportations. But all of it is the same principle which the 
private sector uses every day of evaluating the service before 
it's even provided, determining that it's OK, and then the 
beneficiary gets the service and the provider gets paid.
    Mr. Cummings. Now, is the beneficiary adversely affected?
    Dr. Agrawal. I think that's a really important aspect of 
this. So by checking on the front end before the service is 
even provided that the documentation's appropriate and that 
medical appropriateness and necessity are there, it prevents 
the beneficiary from unnecessarily or potentially being on the 
hook for a denied claim. So the service was never provided, 
right? That way neither the provider is on the hook for a 
service that they provided but then are not getting paid for, 
and the beneficiary is not on the hook for having received a 
service that the provider's not going to then get paid for.
    Mr. Cummings. Thank you, Mr. Chairman.
    Chairman Chaffetz. Thank you. The gentleman yields back. I 
now recognize the gentleman from Tennessee, Mr. Duncan, for 5 
minutes.
    Mr. Duncan. Well, thank you, Mr. Chairman.
    Mr. Estevez, just today, The Hill newspaper says in an 
article, before signing on to increased Pentagon spending to 
its highest level ever, Congress should insist on a serious 
effort to identify and address wasteful spending by the 
Pentagon. Among major Federal agencies, the Pentagon is the 
only one never to submit, let alone pass, a full audit.
    Another article said, Pentagon leaders have requested the 
step-up production of the F-35, the beleaguered jet fighter 
that has proven to be a massive drain on resources with no end 
in sight, $7.5 billion sunk into the F-35 in Fiscal Year 2014 
alone, with massive cost overruns and egregious acquisition 
failures.
    Over the years, I've read so many articles about waste at 
the Pentagon, and I sometimes wonder if there are any fiscal 
conservatives at the Pentagon.
    What do you say--how much--do you have any estimate as to 
how much we've spent on the F-35 so far, and are you--are you 
concerned about this article that's in The Hill today that 
talks about the wasteful spending by the Pentagon?
    Mr. Estevez. Thank you for the question, Congressman. 
First, we're always concerned about any wasteful spending at 
the Pentagon. And we have a number of processes in place to 
address spending in general, including looking at our overhead 
and functions and looking at our acquisition processes.
    Let me address the F-35. I don't have the number total 
spent to date. F-35 costs per plane have gone down below our 
estimation since it was re-baselined in 2010. It's actually 
producing a pretty good airplane. And I think----
    Mr. Duncan. You have----
    Mr. Estevez [continuing]. The F-35 is stuck on old news.
    Mr. Duncan. You're the principal deputy for acquisition. 
And do you have any rough guess as to how much we've spent on 
the F-35 thus far, a wild rough guess?
    Mr. Estevez. I'm going to have to get you that for the 
record.
    Mr. Duncan. You don't know.
    Mr. Estevez. It goes back to 2004, Congressman.
    Mr. Duncan. Right. All right.
    Dr. Agrawal, I met last week with hospitals from east 
Tennessee, and they told me that many hospitals in Tennessee 
are either going to have to close or are about to go under or 
probably end up being sold to some big out-of-State 
corporations because of the unfairness in their Medicare wage 
index. And they said that the system that CMS has now rewards 
very expensive, inefficient hospitals and penalizes hospitals 
that have held their costs down or that have continually 
lowered their costs. Have you looked into this? I mean, it's--
the difference between what hospitals are being paid, say, in 
San Francisco or--in comparison to Tennessee or Mississippi or 
places like that, it's just almost unbelievable. These 
hospitals are being paid twice as much for some of--mostly the 
same type of work. What can you tell me about that? Are you--is 
CMS looking into this or concerned about these huge 
discrepancies at all?
    Dr. Agrawal. Yes. I appreciate the question. We do have 
processes for hospitals and other providers to engage us in 
terms of wage discrepancies like that. I can tell you that we 
have a very proactive approach to, say, the misvalued codes 
that we know exist and reevaluating those codes, ensuring that 
our coding approach and reimbursement approach is really paying 
for valuable services that, you know, taxpayers expect that we 
all want the program to provide.
    So there is a--I think the core message is there is a 
process for doing that, and we're happy to engage with 
hospitals and other providers on these kinds of questions.
    Mr. Duncan. Well, I'll tell you this: I don't have much 
time left, but years ago a hospital administrator in a small 
town in Tennessee, he told me, he said--he said if you don't 
have hospitals, you don't get doctors, and if you don't get 
doctors, you don't get people. And there are many rural 
hospitals that are really struggling in this country today 
because of these discrepancies between what they're getting in 
comparison to some of the very wasteful, very inefficient big 
city hospitals. And I think that's something that you really 
need to take a look at, because it's very unfair. And I could 
give you all kinds of statistics about that that I won't bother 
you with today, but it's getting to be a very serious problem 
in my State.
    Thank you very much, Mr. Chairman.
    Chairman Chaffetz. Thank the gentleman. We're recognizing 
members based on seniority when we gaveled in, so the gentleman 
that's up next is actually from South Carolina, Mr. Mulvaney. 
The gentleman's recognized for 5 minutes.
    Mr. Mulvaney. Thanks, Mr. Chairman.
    Mr. Koskinen, when I sat down--this is my first hearing, 
and when I sat down to do the research on the GAO report, which 
is the subject of today's hearing, I sort of got sidetracked. 
And I want to talk to you about some other things, because one 
of the things I found in doing the research was a report that I 
think just came out today, in fact, it's being reported today, 
that your agency is reporting that the tax refund fraud will be 
$21 billion this year. That's up about 300 percent from just a 
couple years ago. And that number stunned me.
    Just out of curiosity, I think it's more than we spent on 
the entire Department of Agriculture. You could run the 
Treasury, the judiciary, the SEC, the SBA, and your IRS with 
that money and still have a couple billion dollars left over. 
Mr. Estevez, just out of curiosity, for your interest, I could 
buy you 140 F-35s on just on what we're going to lose this year 
in tax refund fraud. You could run my State, South Carolina, 
for 3 years on that money. And that's not all the fraud 
occurring in the IRS, it's just the tax refund fraud.
    Anyway, that research led to the research that I wanted to 
ask you about, which is your testimony last week before the 
Senate where Mr. Grassley, Senator Grassley asked you some 
questions about the impact within the Internal Revenue Code and 
within your department of what the President has done on 
executive amnesty. And I think you went back and forth with 
Senator Grassley, and he asked you about people who are 
benefiting from the amnesty claiming the Earned Income Tax 
Credit in arrears for up to 3 years. Are you familiar--you 
remember that testimony with Senator Grassley?
    Mr. Koskinen. I do.
    Mr. Mulvaney. And I don't know if we established what that 
would cost. Have you had a chance to figure out what the total 
cost of that program would be?
    Mr. Koskinen. I have not, but before I get there, I don't 
know where the $31 billion in refund fraud came from.
    Mr. Mulvaney. $21 billion.
    Mr. Koskinen. $21 billion came from. As GAO testified, we 
stopped last year about $16 billion worth of refund fraud and 
only $5 billion is our estimate. What went through, which is 
still a big number and we're worried about, but it isn't $21 or 
$31 billion that's going out the door.
    Now, with regard to the question you asked earlier----
    Mr. Mulvaney. Yes.
    Mr. Koskinen [continuing]. To be eligible for the Earned 
Income Tax Credit, you have to work. It's in the Earned Income 
Tax Credit.
    Mr. Mulvaney. Correct.
    Mr. Koskinen. To be able to apply for it, you have to have 
a Social Security number.
    Mr. Mulvaney. OK.
    Mr. Koskinen. So if you are--there are--we have about 
700,000 ITINs out there by illegal immigrants who are paying 
taxes----
    Mr. Mulvaney. Correct.
    Mr. Koskinen [continuing]. But they're not eligible to 
apply, because they don't have a Social Security number.
    Mr. Mulvaney. But several million of them well get Social 
Security numbers under the new program, right?
    Mr. Koskinen. And under the new program, if you get a 
Social Security number and you work, you'll be eligible to 
apply for the Earned Income Tax Credit. You will get an amount 
depending on your situation. If you're an individual working 
and applying for the individual tax, the maximum you can get 
will depend--it's been in the range of about $500 or $600.
    Mr. Mulvaney. Right. Let's slow down a little bit, Mr. 
Koskinen, because there was some apparent lack of clarity in 
the interpretation of what you said in the Senate. I want to 
clear this up.
    Is the Earned Income Tax Credit only going to be available 
to illegal immigrants who filed taxes previously or is it going 
to be available to all of them who receive Social Security 
numbers under the new program?
    Mr. Koskinen. It turns out there was a lack of clarity 
about that. If you get a Social Security number, you can then 
file for this year if you're working; and if you earned income 
in the 3 years before that and filed, you'll be eligible; if 
you did not file, you'll have to file a return and you'll have 
to file to demonstrate with the same information you would--
anybody else would that you actually earned income and 
therefore were eligible.
    Mr. Mulvaney. So if you----
    Mr. Koskinen. There's some assumption that you would get 
the Earned Income Tax Credit automatically whether you were 
working or not.
    Mr. Mulvaney. So it will be available to everyone who was 
working, even if they didn't file the previous 3 years?
    Mr. Koskinen. That is my understanding, yes.
    Mr. Mulvaney. And you have no idea how much this is going 
to cost?
    Mr. Koskinen. I don't now how many people are going to be--
get Social Security numbers, how many will be single----
    Mr. Mulvaney. Sure. But we do this all the time. Did the 
White House not ask you to estimate that?
    Mr. Koskinen. I haven't talked to the White House about 
this at all.
    Mr. Mulvaney. Did anyone at the White House ever consult 
with your office before they issued the executive orders that 
gave rise to the executive amnesty?
    Mr. Koskinen. They didn't consult with me and, to my 
knowledge, they didn't consult with anyone else. I'm not aware 
of any consultation.
    Mr. Mulvaney. Are you aware that if we were to do what the 
President did by legislation that he did by executive order, 
that we would have to go and get an estimate of exactly what 
you and I are talking about here today?
    Mr. Koskinen. From the Joint Committee on Taxation?
    Mr. Mulvaney. Or CBO, yes.
    Mr. Koskinen. Or CBO. Yes, sir.
    Mr. Mulvaney. So if we did the same thing the President 
did, by law, we would have to know the answer to that question, 
but the President doesn't have to know the answer to that 
question before he did what he did.
    Mr. Koskinen. The President may know the answer to that we. 
He wouldn't come to us necessarily to get the answer; he would 
go to OMB.
    Mr. Mulvaney. But by the same token, he didn't ask you for 
any input. Did he ask you, for example, about any increase in 
the risk of fraud?
    Mr. Koskinen. No. We had no conversations with the White 
House that I'm aware of. I certainly personally have not 
talked--I've never talked to the White House about any of this.
    Mr. Mulvaney. All right. Thank you, Mr. Koskinen. I 
appreciate that.
    Chairman Chaffetz. Thank the gentleman. Now recognize the 
gentleman from Ohio, Mr. Jordan----
    Mr. Jordan. I thank the----
    Chairman Chaffetz [continuing]. For 5 minutes.
    Mr. Jordan. I thank the chairman. And I wanted to talk 
about the IRS targeting of conservative groups and, frankly, 
the pattern of deception and delay that we've seen from this 
administration. And I would just remind you, you don't take my 
word for it. Just yesterday in The Hill, front page, Feds won't 
release IRS targeting documents. So don't take my word, take 
Bob Cusak, editor of The Hill, respected mainstream journalist, 
talking about the deception and delay from this administration.
    I think it's important we remember the whole saga here. 
February 2012, Lois Lerner told this committee staff that there 
was no targeting going on. Turned out to be a lie, of course. 
March 23d, 2012, Doug Shulman, then-Commissioner, told the Ways 
and Means Committee he could give assurances that there's no 
targeting going on; also, a false Statement. May 2013, that day 
when Lois Lerner went in front of a bar association here in 
D.C. with a planted question, again, unprecedented, to get in 
front of the story; went before the inspector general released 
a report and talked about the targeting by the IRS of 
conservative groups. And I quote from--remember, she talked to 
Treasury and the White House about this. From Mr. Cusak's 
article yesterday, and I quote, Then-chief of staff Mark 
Patterson at Treasury informed the White House about the plan 
to disclose the targeting, 'so that the White House wouldn't be 
surprised by the news.'
    So think about this: planted question before the inspector 
general's report comes out, she discloses that, and the White 
House and the Treasury already knew it was going on. And then, 
of course, we have Ms. Lerner talking about Cincinnati was the 
problem and not Washington. That was false. And the White House 
says it's a phony scandal, no corruption, not even a smidgeon, 
which brings me to Mr. Koskinen, the current Commissioner.
    February 14th of last year, we subpoenaed you for all of 
Lois Lerner's emails. Put up slide No. 1. Just a few weeks 
later, March 26 in this committee room, the chairman of the 
committee, Mr. Chaffetz, asked you a question: Are you going to 
provide all of Lois Lerner's emails? And your response was, 
yes, we will do that.
    Do you remember that conversation, Mr. Koskinen?
    Mr. Koskinen. I remember that conversation. You've reminded 
me of it a couple of times.
    Mr. Jordan. Yes. And I'm going to keep doing that, because 
the American people are frustrated and mad about what the IRS 
did to them regarding their First Amendment free speech rights.
    June 13, you sent a letter to Senate Finance saying, we 
lost Lois Lerner's emails and destroyed--the hard drive's been 
destroyed and the tapes are destroyed. You remember that letter 
you sent to Senate Finance, Mr. Koskinen?
    Mr. Koskinen. I do remember.
    Mr. Jordan. 10 days after that letter was sent, you came 
back to this committee room and we asked you some questions. 
Put up the second slide. I asked you specifically, what date 
did you learn you couldn't get all her emails? Remember that 
conversation, Mr. Koskinen?
    Mr. Koskinen. I remember that conversation.
    Mr. Jordan. And your response was, I learned in April.
    So my question to you is, today will you admit that you 
misled this committee, the U.S. Congress, and more importantly, 
the American people just like Ms. Lerner was doing, just like 
Mr. Shulman was doing? Will you admit that you misled the 
Congress and the American people?
    Mr. Koskinen. No. Absolutely not.
    Mr. Jordan. You don't think you misled them?
    Mr. Koskinen. No.
    Mr. Jordan. So you told Mr. Chaffetz, yes, we'll give us 
all--give you all her emails. A few days later, you learned in 
April--that was March. In April, you learned you can't, and you 
wait 2 months to tell us, and you don't think that's misleading 
the American people?
    Mr. Koskinen. I do not. And we waited 6 weeks to tell you, 
and we waited those times to find as many of the emails as we 
could. And as we reported----
    Mr. Jordan. Have you sent----
    Mr. Koskinen. Let me complete.
    Mr. Jordan. Let me ask you this.
    Mr. Koskinen. I----
    Mr. Jordan. Have you sent the chairman a letter saying what 
you told him on March 26, yes, we will get you all of Lois 
Lerner's emails, have you sent Chairman Chaffetz a letter 
saying, you know what, what you told you on March 26 isn't 
true?
    Mr. Koskinen. As I noted in the hearing, we've had several 
hearings, I--and I still tell you, we said we would give you 
all the Lois Lerner emails. We gave all the Lois Lerner emails 
we had. As I told you once before, we couldn't make up Lois 
Lerner emails. We didn't have them to produce them. We gave you 
all the emails that we had and we continue----
    Mr. Jordan. What you said, you said I'll give them----
    Mr. Koskinen [continuing]. To give you those.
    Mr. Jordan [continuing]. All to you, and then you--then you 
write a letter to the Senate Finance saying you lost them, you 
destroyed them. Have you done anything to correct the record?
    Mr. Koskinen. Actually, we didn't lose them and destroy 
them. They were lost in that period of time in 2012. And then 
when we testified, testified in June, I testified that we 
waited the 6 weeks while we tried to provide you as much emails 
as we could, and there were 24,000.
    Mr. Jordan. Let's put up--put up--put up slide 4. Put up 
slide 4.
    This is the letter you sent, and you said, you can confirm 
that no backup tapes existed. So you confirmed that you 
couldn't get us all her emails, and you've done nothing to 
correct the record when you told Mr. Chaffetz you were going to 
give all them to us. And you waited 2 months before you ever 
told us that you lost them.
    Mr. Koskinen. I waited 6 weeks so we could provide you all 
the emails we could find. We've provided you 24,000 emails from 
the time of her hard drive crash, and we said and the backup 
tapes did not exist because they had been re-recorded over.
    Mr. Jordan. Mr. Chairman, I----
    Mr. Koskinen. So we at that time gave you all the emails we 
had.
    Mr. Jordan. I got one more question, Mr. Chairman, just in 
the last 10 seconds, if I could.
    Have you withdrawn the letter--understanding that now TIGTA 
has told us that her emails are recoverable on the backup 
tapes, have you withdrawn the letter that you sent to Senate 
Finance where you confirmed that those tapes weren't there?
    And I bring this up, Mr. Chairman, because this committee 
has some experience with letters being withdrawn. In 2011, the 
Justice Department, after making inaccurate Statements 
regarding Fast and Furious, sent a letter to then-Chairman Issa 
and they said this: Facts have come to light during the course 
of this investigation that indicate the letter, the February 4 
letter, contains inaccuracies. Because of this, the department 
now formally withdraws the February 4 letter.
    So what I want to know, Mr. Koskinen, is when are you going 
to be square with the American people and withdraw false and 
misleading Statements you've sent this committee, and more 
importantly, the letter you sent to Senate Finance? Are you 
going to withdraw that letter?
    Mr. Koskinen. Absolutely not. We can have that argument for 
a long time. TIGTA, by the way, has spent 6 months and untold 
amounts of money trying to extract those emails from those 
backup tapes. So the idea that we could somehow----
    Mr. Jordan. You said you could confirm they didn't even 
exist.
    Chairman Chaffetz. The gentleman----
    Mr. Koskinen. I said the backup tapes--if you go through my 
records, you will find I've said the backup tapes----
    Mr. Jordan. Will you withdraw the letter that had 
falsehoods in it? That's what I'm asking.
    Mr. Koskinen. There is no reason. There are no falsehoods 
and there's no reason to withdraw that letter. I stand by that 
letter.
    Chairman Chaffetz. The gentleman's time has expired. I now 
recognize the gentleman from Michigan, Mr. Walberg, for 5 
minutes.
    Mr. Walberg. Thank you, Mr. Chairman.
    Mr. Koskinen, Monday and Tuesday of this week, I did two 
live town halls back in my district and one tele town hall, and 
at two of those events, the issue that was brought up, the same 
story that came out in The Washington Post with the headlines, 
IRS Rehired Hundreds of Ex-Employees With Troubled Records, 
came up. And it basically came up from my constituents saying, 
you know, why can we not get away with the same things that 
were recorded there?
    In the article, it indicated that between 2010 January and 
September 2013, the IRS rehired 7,000 employees. A great jobs 
program, and we're always delighted when people are employed, 
but the question comes from my people as to why over 800 of 
those 7,000 rehired IRS employees were rehired with prior 
substantial employment issues, including 11 individuals who 
engaged in unauthorized access to taxpayer information. And 
that really discourages and frustrates my citizens that these 
people, 11 of them who engaged in unauthorized access to 
taxpayer information, which is a crime, as we understand it, 
were rehired. Why?
    Mr. Koskinen. Those are--the bulk of those employees are 
temporaries or seasonals who are hired for 4 to 6, 8 months a 
year depending on the time. They should not be rehired.
    Mr. Walberg. Even though they committed a crime, you're 
saying they should not--why were they rehired?
    Mr. Koskinen. They shouldn't. Because the process at that 
point in time in 2009 or 2011 into 2012 followed, as the IG 
said, the OPM rules and regulations, which, in fact, would have 
allowed those people to be applied.
    We consolidated in 2012 all of those hiring issues into our 
personal security division, and I have made sure that if you 
have violated the alls under a section called 1203(b), if you 
have worked for the IRS and violated Section 1203(b), you will 
not be rehired.
    Mr. Walberg. Well, according to TIGTA, they said, it still 
remains a concern, because in 2012 and 2013, IRS hired 
individuals with prior significant IRS substantiated conduct 
and performance issues.
    What are you doing--I mean, this was subsequent to that.
    Mr. Koskinen. Yes. And what the IG recommended, the IG, 
again, in that report said that was all pursuant and we 
followed--pursuant to when we followed the OPM rules. What the 
IG said is we should make sure that we make sure before we hire 
someone, we've actually reviewed all of this. And as I said, we 
now do that. We took the IG's recommendation. And I have talked 
with our personnel people since the IG started raising this 
issue, which I think is an important issue, in December, and to 
make sure that--and this consolidation with our personal 
security people, if you have violated 1203(b), which is willful 
violations of taxes or access to taxpayer information, you 
won't be hired.
    Mr. Walberg. Let me proceed further, then. And I hope this 
is a general trend. The audit identified 141 individuals that 
were rehired that had a prior tax issue, with five of them 
having been found by IRS management to have willfully not filed 
their taxes.
    How many of these employees are still working?
    Mr. Koskinen. They're all seasonal employees, so I don't 
know. A lot of them don't come back the next year, so I don't 
know how many of those there were. I would note that the 141--
we take the requirement of IRS employees to be tax compliant 
very seriously. Our compliance rate is over 99 percent. We hold 
people accountable. Even if their mistakes are inadvertent, 
even if they make modest mistakes, we count that as not-
compliant. The--what we are concerned about is the five 
employees you mentioned that have willfully--have been found to 
willfully not pay their taxes and violate the tax laws, and 
those people are subject to termination.
    Mr. Walberg. Could you get us information for this 
committee of people we're referring to here that are still 
employed?
    Mr. Koskinen. I can find the information. The 141, if you 
had a minor attempt--minor mistake, those you would get cited 
for, but those aren't basis for termination. The five you 
mentioned that had a willful violation finding, I will find out 
the information and get it back to you.
    Mr. Walberg. I appreciate that. What about--what about 
those, not the tax issue, but had substantial prior employment 
issues, attendance issues, misrepresentation of what they were 
doing if they were on the job?
    Mr. Koskinen. There's again--again, as I say, the 
consolidation now, we have a personal security department that 
reviews every offer before it is made to make sure that we've 
gone over all of that. Some--again, some personal activities 
are you didn't show up to work, you know, for 2 days, others 
are you had a significant problem. And we distinguish between 
those. And the OPM rules are very clear about that, that if 
you've--just because you've had a performance issue in your 
file doesn't mean you can never work again for the IRS. It 
depends on the nature and the duration of the affair. But it is 
important for people to be confident even though 80 percent--as 
the TIGTA report said, 80 percent of these people are 
temporaries and seasonals who don't necessarily work even for 
half the year, it is important for us to make sure----
    Mr. Walberg. Very important.
    Mr. Koskinen [continuing]. That we have the appropriate 
people working, and so I take the TIGTA report--I'm a big 
supporter of IGs, because they continue to review these issues. 
And we take it seriously. We have implemented their 
recommendations. We are--we have a personal security group now 
that ensures before an offer goes out, if you have violated 
1203(b), which is the two most serious issues, you don't get 
hired. And if there are other conduct issues, not only are we 
going to follow the OPM rules, we're going to review those for 
appropriateness for work at the IRS. And I think it's important 
for people to be comfortable that we do take it seriously and 
that people working for the IRS ought to be tax compliant. If 
we're collecting your taxes, we ought to be paying ours.
    Mr. Walberg. Well, I appreciate that. And I would like the 
information on those that are still employed that came under 
these 824.
    Mr. Koskinen. Well, the 824 covers a large range----
    Mr. Walberg. A lot of lot.
    Chairman Chaffetz. I thank the gentleman.
    Mr. Walberg. Thank you.
    Chairman Chaffetz. The gentleman's time has expired. We now 
recognize the gentleman from Alabama, Mr. Palmer, for 5 
minutes.
    Mr. Palmer. Thank you, Mr. Chairman. Thank you, Mr. 
Chairman.
    I want to give Mr. Koskinen a break here for a minute and 
talk with Mr. Lightfoot, if that's OK.
    Mr. Koskinen. I don't want you to think that's not 
appreciated.
    Mr. Palmer. Well, that doesn't mean I won't come back to 
you.
    Mr. Lightfoot, NASA's done a good job in making progress on 
getting off the high-risk list, but there are still some 
issues. I'm obviously from Alabama. NASA's a major presence in 
our State, but there have been some issues with re-baselining 
costs and schedule on--in light of management and technical 
issues, can you address that, on some of your projects?
    Mr. Lightfoot. Yes, sir. We have--the process we go through 
where we review these projects on a routine basis. We have 
some--while we've had some that have done really well, we 
continue to make good progress on those, eight out of the last 
nine that have a launched that came in under the baseline. Once 
we issue--once we go through confirmation, what we call 
confirmation of a project, which moves it from formulation to 
development, that's when we make a commitment for a certain 
cost and schedule that we're going to try to live to.
    The process we have where we review those all monthly. 
Occasionally we have one that pops up and is--it gives us an 
issue. We've had two of those. The space ground sustainment 
system that we have, and then the ICESat-2 project, which are 
two--two issues we have going where we were required to then go 
back and baseline. When you re-baseline, you go through a 
process of analysis of alternatives, is there another way you 
can get that particular mission accomplished, can you de-scope 
the existing mission so that you can still stay within that 
cap. So that's the process we go through. Each one of those has 
lessons. Those lessons--one of the things that we've been 
really working on is the--factoring those back in and 
continuing to improve our process as we go forward for the rest 
of those projects.
    Mr. Palmer. At a prior time in my life, I worked for a 
couple of major engineering companies, and one of the things 
that drives a client crazy, particularly one paying the bill, 
is change orders. You've got some projects that I don't know if 
it's a result of design changes or poor design to begin with 
that are running some substantial overruns on change orders. 
Could you address that?
    Mr. Lightfoot. Yes, sir. I think the one you're talking 
about in particular is the ground systems project that we had. 
This was the first time that we've actually applied the same 
project management methodology that we had for the spacecraft 
that we've been flying to a ground system. And one of the 
things--that's an upgrade to our ground networks that actually 
communicate with all the satellites we have on orbit. That 
system is basically becoming obsolete. So what we did is we 
went out and we tried--we knew we had a pretty large job in 
front of us, and we tried those program project techniques that 
we've been--that we've been doing for spacecraft, one of a kind 
things, to a ground system.
    We've learned a few lessons in that process. The No. 1 one 
is that--or the first one is that we have to be very clear on 
our requirements, much to what--much to what you're talking 
about, and understand what the--and make sure we understand 
that the contractor that's doing that work understands those 
requirements as well. So we've gone back and forth with this in 
terms of trying to define better the--what the expectations we 
have for the contractor and then managing that contractor.
    In this particular case, we've--we've changed out the 
entire contract management team and the team that we have in 
terms of our--our managing it. And since we've done that, 
we've--it's--we have managed to stay--from an earned value 
perspective, we stayed at the levels that we expected.
    Mr. Palmer. So this is--would you say this is the result of 
a design that--that a--of a project that the schedule dictated 
the design, or is this something where you're entering a new 
area and--and you're--and you're designing as you go?
    Mr. Lightfoot. No. I think this is a case where we 
underestimated the type of work we needed to do to deal with 
the obsolescence issues that we had in front of us in terms of 
designing the software system that we were putting in place 
with the new equipment.
    Mr. Palmer. All right. I believe that's all I have. I'll 
yield the balance of my time.
    Chairman Chaffetz. The gentleman yields. I now recognize 
the gentleman from Georgia, Mr. Hice, for 5 minutes.
    Mr. Hice. Thank you, Chairman.
    And Mr. Koskinen, since you had a break, I thought it only 
appropriate to come back to you and ask you a couple questions 
that were on my mind in particular.
    Based on the previous testimony, you've made it clear that 
the ability of the IRS to make progress in the areas that have 
been outlined by the GAO have been largely hindered due to 
reductions in funding. And I--this is kind of a personal 
question to me because of my involvement with non-profit 
organizations. And the IRS has spent millions of dollars to 
basically rewrite the governing rules for 501(c)(4)'s or what--
what have you, different non-profit organizations, specifically 
potentially removing tax-exempt status if those organizations 
are involved in political activity.
    My question is multiple. It's rather amazing personally 
that there would be an issue of trying to hinder speech of 
Americans. My specific question really comes down to, how much 
money--can you tell me how much money the IRS has spent on 
writing and the attempt to rewrite that specific section of the 
501(c)(4) ruling? I know it was withdrawn, but my understanding 
is that there is an attempt now to rewrite that. I'm curious 
how much money has been spent to that end.
    Mr. Koskinen. I don't know. The only money that's being 
spent is the lawyers that have been working on the drafting of 
that, and that's not--they haven't been spending full-time, so 
it is not a large amount, but I could try to get an estimate of 
how many people worked on it. Some of it--the work on the first 
version was done before I got there, but if you'd like, we can 
try to figure out on a rough estimate as the man-hours, but the 
only time spent was, as I say, a relatively small number of 
lawyers who were working on it.
    But I would note that the goal here is not to hinder. As 
said when I started and kind of inherited all of this, the goal 
is, in fact, to try to make clear what the rules are in a way 
that is fair to everybody, all of the organizations, it's clear 
and easy to administer. Right now, the rule that's been there a 
long time is you judge both the determination as to whether 
you're eligible to be a 501(c)(4) and then whether you're 
performing under the statute by facts and circumstances. So 
that means anybody running an organization is running the risk, 
looking over their shoulder saying, is somebody going to have a 
different view of the facts and circumstances. So my sense is 
we ought not to be hindering political speech, we ought not to 
be changing the way people act, but what we ought to have is a 
much--and the IG, in his recommendation, said the Treasury 
Department and the IRS should clear up what the standard is for 
what amount, how much, and what the definition is of the 
political activity you can engage in. And my sense is that it 
ought to be possible to have a rule that would be clearer, 
easier for people in those organizations running them to 
understand, and fair to everyone, and that would not be 
hindering political speech. So it's not my intention, anyway, 
in looking at that to do that.
    My sense and concern is that the present system has, over 
the last several years, by the IG's analysis, turned out to be 
unworkable, and I think it would be in everybody's interest if, 
again, it could be clearer what the rules are without hindering 
people, and they would be able to run organizations confident 
that somebody isn't going to come in and second-guess them on 
the facts and circumstances that they've been operating under.
    Mr. Hice. Well, I would agree we certainly need 
clarification in that, but I would also strongly urge a very 
clear understanding of the freedoms of Americans, that just 
because someone is a part of a non-profit organization, they 
have not waived their First Amendment rights. And that is a 
tremendous threat that the IRS has, in my opinion, no business 
interfering with, and that is a deep concern.
    Mr. Koskinen. I agree with you. And, in fact, my sense is 
that the rules if they're fair and clear to everyone will, in 
fact, create less of a constraint on people's right to free 
speech than the present rules, which are muddy and hard to 
interpret.
    Mr. Hice. OK. One other question, and I will yield my time. 
Again, going back to the issue that the main problem has been 
lack of funding. The issues from the GAO have come up with the 
IRS for some 25 years or close to it. It's been a long time 
that we've had issues, and yet a few years ago, in 2010, the 
IRS had more funding than they've ever had, and these problems, 
these issues have still not been addressed.
    Mr. Koskinen. Well, that's not quite true, because we did 
have more money in 2010 by a long shot. And as I noted in my 
testimony, in 2013, as a result of some of that spending on 
information technology, the information technology business 
system modernization problem for the IRS was taken off the 
high-risk list after having been there for 14 years. So it has 
been true and proven that in--certainly in the IT area, that if 
we have the funding, we can make significant progress.
    Mr. Hice. And that's great for the IT area, but there's 
many other areas that need to addressed, and 25 years is far 
too long. It's time to put some teeth to it, sir. Thank you.
    Chairman Chaffetz. Thank the gentleman. I now recognize the 
gentleman from Florida, Mr. DeSantis, for 5 minutes.
    Mr. DeSantis. Commissioner Koskinen, it was a year ago 
where the senior IRS leadership learned that Lois Lerner's hard 
drive had crashed, there was an issue about getting her emails 
off backup tapes. You wrote a letter to Senate Finance in June 
2014 saying that there were problems with Lerner's emails and 
that the backup tapes have been--had been destroyed. And then 
on June 20, you testified before the Ways and Means Committee 
that the IRS went to ``great lengths'' and made ``extraordinary 
efforts'' to recover Lerner's emails.
    So let me ask you this: After the IRS became aware that 
Lerner's hard drives had crashed, what specific steps did the 
IRS take to locate any backup tapes or disaster recovery tapes?
    Mr. Koskinen. The disaster recovery tapes that the IRS are 
recorded over when they're used until they're no longer 
useable, so there is no technique or capacity in the IRS to 
actually retrieve emails off of those tapes. What we did do was 
go to everybody in the what so-called custodial list at that 
point of about 80 different people that Ms. Lerner would have 
been communicating with, because we were looking for all 
emails. We'd already produced all the emails that were relevant 
to the determination process. We were then trying to respond to 
``all.'' So we looked at all of those 82 and took every email 
that was to or from Lois Lerner, compared them against emails 
already produced----
    Mr. DeSantis. But that would not have been backup tapes. 
That was from their hard drives or their account.
    Mr. Koskinen. That was their hard drives we produced----
    Mr. DeSantis. So the hard--so the backup tapes, you had 
made the judgment that they simply were not going to be 
recoverable, or did you actually have somebody investigate 
whether you could have backup tapes or you could find some 
backup tapes?
    Mr. Koskinen. Our expert said we had no way, that they were 
not recoverable. It's taken the IG 6 months, the last 2 or 3 
months working, he tells us, around the clock, and he still 
hasn't gotten them produced and we still don't know how many 
there are. But my position all along has been with the IG, 
because we helped him find what the backup tapes were that had 
been recorded over from that time, is if we could find more 
emails, that would be terrific. And I actually mean that 
seriously, because it would lend even more light than the 
24,000 we already produced into what were in those emails in 
that timeframe. So we----
    Mr. DeSantis. Why would the IG be able to find it if you 
guys couldn't find it? You said you went through extraordinary 
lengths.
    Mr. Koskinen. Well, because the IG--when we discovered this 
in the spring and then we reported it in June 6 weeks later, 
within a couple weeks thereafter, the IG started his 
investigation, so we had no more time. And I will tell you 
today, if we started today, it's taken the IG--and I don't know 
how much money they're spending. It's taken them over 6 months 
to, in fact, recover whatever they're going to report, and that 
was----
    Mr. DeSantis. So let me ask you this: Did the IRS----
    Mr. Koskinen. We don't have that capacity.
    Mr. DeSantis. Did the IRS ever collect any tapes or send 
any backup tapes to any forensic lab in your investigation, the 
people you detailed to do this? Was that--any tapes recovered, 
any tapes ever sent to a lab by the IRS?
    Mr. Koskinen. No.
    Mr. DeSantis. OK. Now, who told you that the backup tapes 
would not yield any emails from Lois Lerner's crashed hard 
drive?
    Mr. Koskinen. I was told that by our information technology 
department.
    Mr. DeSantis. And what was--do you know the basis for that 
Statement? Did you inquire as to how they could be sure of 
that?
    Mr. Koskinen. Basically what they described to me was they 
have these disaster recovery tapes, they are actual tapes, and 
then when the 6 months--they keep them for 6 months, and when 
the 6 months is done, they simply reuse them and record over 
them. And as you know if you ever had tapes, when you record 
over them, then in the normal process, they're--data underneath 
them is gone. And, in fact, I was told that we had no capacity 
and no way that you could actually recover those. And, in fact, 
they were not sure that there was any way you could recover 
them.
    Mr. DeSantis. Has the IRS communicated with Lois Lerner, 
her attorneys about recovering the emails from any of her 
crashed hard drives?
    Mr. Koskinen. No. I've had no communication with Lois 
Lerner about this at all. I've never met her.
    Mr. DeSantis. Let me ask you this: In the course of the 
IRS's response to this committee's investigation, has the IRS 
withheld any information or documents from Congress on any 
other basis other than 6103?
    Mr. Koskinen. No. We've had some that we've asked the staff 
to review in camera because there are basically personal 
matters that have nothing to do with the investigation, but 
we've exercised no privilege, we aren't trying to keep anything 
from you. In fact, we've continued to respond to requests and 
continue to provide any information we can find.
    Mr. DeSantis. And you would say that your responses to the 
requests from this committee have been above and beyond what is 
required in this situation?
    Mr. Koskinen. No, I don't think they were above and beyond. 
We have--when you want information in escrow, we've have an 
obligation to do our best to provide it, and we've done that. I 
don't think that's above and beyond. Any time you want----
    Mr. DeSantis. Extraordinary efforts aren't above and 
beyond?
    Mr. Koskinen. Extraordinary efforts were, in fact, when we 
discovered the crash, then it was my decision and thought that 
we needed to do whatever we could to fill in that gap, and we 
did find 24,000 emails we provided. My understanding from news 
reports, because the IG doesn't tell us a lot of stuff about 
this, is that the IG may be able to find another 9-or 10,000 
Lois Lerner emails.
    Mr. DeSantis. So you've just--final question is, you've 
made the effort. You were not cavalier about this. You made the 
effort to find what the committee wanted. Is that your 
testimony?
    Mr. Koskinen. That's my testimony.
    Mr. DeSantis. Thanks. I yield back.
    Chairman Chaffetz. Thank the gentleman. We'll now recognize 
the distinguished gentleman from South Carolina, Mr. Gowdy, for 
5 minutes.
    Mr. Gowdy. Thank you, Mr. Chairman. The book of 
Ecclesiastes teaches us there's a time and a season for 
everything, and you convinced me earlier this evening that this 
is not the time to question Mr. Koskinen. He was here for GAO-
related testimony and not IRS. And I don't know whether he's 
prepared for the questions or not, but we'll not find out, 
because I believe that you have agreed at some point he's going 
to come back before the committee. And I was wondering if the 
chairman might engage in a colloquy with me to make sure that 
my chronology is correct.
    I thought the last time that Commissioner Koskinen was in 
front of us, there was a robust discussion about the time 
period within which he was going to produce emails, and he had 
asked us to narrow the scope so that he could prioritize and 
get us those emails that we had asked for. And, of course, as 
the chairman will recall, we need those emails, because the 
emails we do have from Lois Lerner contain such jewels as 
lamenting GOP wins, celebrating Democrat wins, forecasting 
gloom and doom if the GOP, God forbid, ever controlled the 
Senate, saying that we needed a plan to overcome Citizens 
United.
    Those were just some of the emails that I recall, Mr. 
Chairman. And if my chronology holds, after Commissioner 
Koskinen told us that he would prioritize the production of 
those emails, of course, they--they magically disappeared. And 
then the IRS, of course, Mr. Chairman, employed Herculean 
efforts to recover those emails. They were not successful, but 
then talismanically after the election, or just talismanically, 
they did appear at some point, and now we are reading that 500 
of those emails will not be made available due to the 
invocation of a privilege.
    Does the chairman know what privilege the White House is 
relying upon to not produce those documents to Congress?
    Chairman Chaffetz. I do not.
    Mr. Gowdy. Do you think--do you know whether the President 
has had an opportunity to review those 500 documents?
    Chairman Chaffetz. That's a good question.
    Mr. Gowdy. Do you think there is a chance that his 
conclusion that not a smidgeon of corruption exists in this 
investigation might be altered if he did have an opportunity to 
review what's in those documents?
    Chairman Chaffetz. Certainly.
    Mr. Gowdy. Will you consider inviting Mr. Koskinen back to 
update us on this--on this chronology?
    Chairman Chaffetz. Yes, indeed.
    Mr. Gowdy. All right. Well, Mr. Koskinen, Commissioner, I'm 
not going to question you today, because I think the hearing 
title was something else, but I hope at some point we can go 
back to where we left off, which was an assurance from you that 
you were going to prioritize email productions.
    And I hope at some point, Mr. Chairman, we can evaluate the 
refusal to turn over certain documents to Congress, the 
invocation of privilege. And I hasten to add, as the chairman 
remembers because of his service on Judiciary and Oversight, 
this administration has invoked executive privilege before only 
for us to then learn that that privilege was invoked to protect 
an email that the Attorney General sent to his wife. Under what 
theory of executive privilege is that email protected?
    So I hope that I live long enough to see the production of 
those emails, and I'll certainly hope I live long enough to see 
the Commissioner come back before us. And with that----
    Mr. Cummings. Would the gentleman yield?
    Mr. Koskinen. Could I just make one clarification? During 
the course of all of the document production, Treasury 
Department turned over all of its Lois Lerner emails and the 
White House made a representation that they had no Lois Lerner 
emails. So in terms of that process, and, in fact, this 
committee issued a report in December noting that, in fact, 
there was no evidence that anyone outside of the IRS, whether 
at the White House or Treasury, had any impact or influence 
over the, as the IG said, improper use of criteria for the 
determination process for (c)(4)'s. So I don't know what the 
documents over there are. There's been litigation around the 
inspector general investigating communications, but that's not 
a case between us and--the IRS is not a party to that----
    Mr. Gowdy. No.
    Mr. Koskinen [continuing]. And I don't----
    Mr. Gowdy. No, it's not, which is in part why I directed my 
questions to the chairman and not to you----
    Mr. Koskinen. Good.
    Mr. Gowdy [continuing]. But if you would like us to have 
this conversation, I will ask you, do you understand why 
Congress wants those emails? Can you understand, as a trained 
attorney, why we might want access to all the documents?
    Mr. Koskinen. I can understand that. My understanding was 
that the White House some time ago certified there were no Lois 
Lerner emails and Treasury gave you all of their Lois Lerner 
emails.
    Mr. Gowdy. Well, then what are they claiming----
    Mr. Koskinen. But I look forward to coming back and we'll--
we'll have more occasions. I think this is my sixth appearance 
before this committee. I look forward to the seventh, and we'll 
talk about--and we'll be delighted to give you an update. And I 
will be delighted if the inspector general can ever complete 
his work, it's now going after 6 months, to produce those 
emails, because then all of us will learn what was in them. And 
I am--have been totally supportive of the IG. And my view 
really is, if there are emails that can be done, and the IG 
apparently--in the public press it's been said has been able to 
find them, I think that will be a major step forward, and I 
look forward to discussing that with you.
    Mr. Gowdy. Well, I know I'm out of time, but you can 
appreciate our cynicism and our skepticism, because it appears 
as if sometimes the strategy is just to delay and obfuscate and 
wait and wait and wait until either the public loses interest 
or until there's a new administration. So I know you can 
appreciate our desire to have those documents sooner rather 
than later.
    Mr. Koskinen. I can. I thoroughly understand that.
    Chairman Chaffetz. I thank the gentleman.
    Mr. Gowdy. Thank you.
    Chairman Chaffetz. Gentleman's time is expired.
    I will now recognize myself for 5 minutes. I haven't had a 
chance to ask questions, and I would like to remind my 
colleagues why we are here. The five of you are very 
presentable. You put a happy face on the difficult situation, 
but here is the reality. Twenty-five years in a row your 
agencies, these problems, have come before Congress, 25 years 
in a row. This is the all-star team of problems. That's the 
reality. You can try to put lipstick on this pig, but the 
reality is it is ugly. To get on this list, you have to be 
engaged in waste, fraud, and abuse in excess of $1 billion a 
year.
    Now, to get off the list, granted it is not easy, but here 
are the criteria for getting off the list: Leadership 
commitment, agency capacity; you have to have an action plan; 
you have got to be monitoring efforts and show progress. That 
seems like a reasonable five sets of criteria that you can 
accomplish. I have the scorecard according to GAO. Twenty-five 
years in a row you failed to meet those--hit the criteria on 
those five, and consequently that is why we are highlighting 
this. I think you are all well-intentioned. I think you are all 
very talented individuals, but the massive bureaucracy within 
the organizations that you represent here today, it is failing 
to meet these modest goals, and that's what's so frustrating. 
Things are going to pop up, challenges are going to rise, but 
25 years in a row is just not good enough.
    I heard you were making measurable progress. You know, six 
Sigma levels. Good news to report. I'm sorry. You don't have 
good news to report. The bad news is you're back again. We 
don't want to keep having these hearings. We want to show the 
progress, and I really do appreciate the good men and women who 
spend untold hours and literally years going through the 
details of what's happening within these departments and 
agencies. As a followup, I don't expect you to do this off the 
top of the your head, one of my concerns is who's held 
accountable? Like, who actually is held accountable? We asked, 
I think at the very beginning, one of our members asked a good 
question: Has anybody ever been fired? I think it was Mr. Hurd 
who asked. Has anybody been fired? Anybody dismissed? Anybody 
transferred by not meeting these goals?
    We have thousands of good quality people who work for the 
Federal Government. These are employees that wake up, they're 
patriotic, they work hard, they're trying to do their best, but 
somehow, someway in these five areas, it's totally fallen down. 
We're not achieving the goals.
    Again, the criteria put forward by the GAO doesn't say that 
you have solve this. It seems to say that you're on the 
trajectory to actually getting it solved. So part of the 
followup that we would appreciate is who's held accountable? 
What happens if you don't meet these goals? Because some of 
these are astronomically large. I mean, we're talking hundreds 
of billions of dollars. If you just take--you want to wipe out 
the Federal deficit? You just look at the uncollected taxes and 
the problems that we have in waste, fraud, and abuse going out 
the door through HHS. That more than wipes out all the deficit 
right just there. Just those two things. It's not very easily 
done, but the waste, the fraud, the abuse, and you look at the 
people who work hard and pay their taxes and they're doing 
everything that they can and then they hear hundreds of 
billions of dollars going out that's either not collected or 
going out erroneously, and the waste, and the fraud, and the 
abuse, they throw up their hands. You know, their 2,500 bucks 
means something in their lives, and yet the numbers here are so 
big.
    I do not understand why the five that are highlighted here, 
there's six programs, two at the Department of Defense, why you 
can't hit those five goals. And according to the GAO, like the 
Medicare program, they've only met one of the five goals, four 
partially. On the two DOD's--DOD programs, met one of the five 
criteria. Four are partially met. At the Department of Energy, 
one partially met, one fully met, three not met at all. So 25 
years in a row. I don't want to come back and have this same 
hearing at the beginning of the next Congress. I want you all 
to solve it.
    The committee would like to know and hear from you how are 
you going to do that? How are you going to do that? And, again, 
difficult for you to answer, but I'm telling you, you all are 
giving a--painted a pretty picture. It ain't so pretty, but we 
want to see what it is you're actually doing. What is the 
action plan to create an action plan? That's the hope and goal, 
and that's--that's my concern, and with that I want to yield 
back. I think--are there any members who wish to ask a second 
round of questions?
    Gentlemen from Ohio.
    Mr. Jordan. I appreciate the chair's indulgence. If we 
could put up these two slides again, Mr. Koskinen, I just want 
to----
    Mr. Koskinen. I think it was noted by--agreed by 
Congressman Gowdy and the chairman that I'll come back and 
we'll have a full hearing about this, that we would not----
    Mr. Jordan. No, we--I fully expect that.
    Mr. Koskinen. But I'm happy to answer more questions. 
That's fine.
    Mr. Jordan. Yes. That's the way it works. We call you here 
and we're allowed to ask questions because the American people 
want to know why the Internal Revenue Service violated their 
fundamental rights. So we appreciate your willingness to answer 
our questions on behalf of the American people. That's awful 
big of you, Mr. Koskinen.
    Mr. Koskinen. Well, I'm just noting that we're going to 
have another hearing on this, and I've had five hearings on it 
already, but I'm happy to answer the questions.
    Mr. Jordan. And we still haven't got the truth, as 
evidenced by the headline yesterday, Mr. Koskinen. The press, 
the mainstream press can't even get the documents they're 
requesting.
    Mr. Koskinen. Those aren't documents that they're 
requesting from us.
    Mr. Jordan. But they derive from your unlawful activity. 
That's the point, and that's something you've got to 
understand. As the guy who heads the agency with as much power 
as you do, to have that kind of attitude, that's what 
frustrates not just members of this committee, but all kinds of 
Americans. That, Mr. Chairman, that is the problem.
    Let's go back to this, because I want to know something. 
This is what you told me when I asked you: When did you learn 
you could not get all of her emails, you learned in April. All 
right? Then you learned in April, and then let's put up the 
next slide. This is the letter you sent to Senate Finance 
telling them--in June, you sent this letter telling them--and 
you used the word ``confirmed'' that no backup tapes--that 
backup tapes no longer exist. So I want to know between April, 
when you learned, and June when you told the Congress and the 
American people what you did to confirm that those tapes didn't 
exist, which we now know do exist. So what did you do to 
confirm that the tapes didn't exist, Mr. Koskinen?
    Mr. Koskinen. What I did was talk to our IT people who told 
me that when the tapes were finished with their 6 months, they 
were reused and then destroyed, and that as far as they were 
concerned, there was no way--we had no capacity even if we knew 
where they were to extract emails from them, and it's taken the 
IG 6 months and they still haven't completed the process.
    Mr. Jordan. That's all you did? You asked your IT people?
    Mr. Koskinen. Right.
    Mr. Jordan. Was it a long conversation? Did you ask them 
one question? How did----
    Mr. Koskinen. I asked them questions about how the backup 
disaster recovery process worked. What happened to the tapes.
    Mr. Jordan. So the word ``confirmed'' is based on one 
conversation you had with IT people. Is that what you're 
saying?
    Mr. Koskinen. Yes. Those are the experts. They told me that 
there was no way that those tapes could be found or would be 
used because if they--they were reused----
    Mr. Jordan. That's all you did?
    Mr. Koskinen. That's all I did.
    Mr. Jordan. Really? An issue where repeated lies from Lois 
Lerner, false Statements given by Doug Shulman, the 
unprecedented fashion in where you released the data ahead of 
the inspector general's report with the plan in question that 
you've already tipped off the Treasury and the White House 
about, and all you do to confirm you lost the most important 
documents from the most important person at the center of the 
scandal, all you do is ask a question of the IT people?
    Mr. Koskinen. We spent----
    Mr. Jordan. That's it?
    Mr. Koskinen. We spent 6 weeks looking at the hard drives 
and the documents for 82 people that----
    Mr. Jordan. No, no, no, no.
    Mr. Koskinen [continuing]. To produce for you 24,000 more 
Lois Lerner emails. That was what we did was----
    Mr. Jordan. Who was this person? This one conversation you 
had to confirm you lost valuable documents from the central 
figure in this entire scandal, who was this one person you 
asked that question to? Can you give us a name?
    Mr. Koskinen. That would have been Steve Manning, who's the 
senior IT guy, and I asked him could we find--were those tapes 
available, and he said no, and then we decided what we could do 
is what we did do was we looked at all of the emails to and 
from Lois Lerner from 80 people and produced for you 24,000 
emails.
    Mr. Jordan. No, I'm focusing on the words you used. 
``Confirmed.''
    Mr. Koskinen. ``Confirmed.'' I told you, yes----
    Mr. Jordan. ``Confirmed'' was one conversation with one IT 
guy that turned out not to be true, and here's the big picture, 
your chief counselor, Kate Duvall, knew in February you had 
problems with Lois Lerner's emails. You learned in April, and 
you didn't tell us until June. So from February to June, you 
learned there's big problems, and the only thing you do to 
confirm that there are big problems is one question to your IT 
guy.
    Mr. Koskinen. I knew in April we----
    Mr. Jordan. About something where people's fundamental 
rights were violated.
    Mr. Koskinen. Lot of time to get 24,000 emails for you, 
which was, at that time, we thought the most we could do, the 
best we could do, we thought. In fact, it was an extraordinary 
effort to go back through all of that to get you the additional 
24,000 emails, which, by the way, you apparently don't have 
much interest in them because they've been----
    Mr. Jordan. One conversation, Mr. Chairman. One 
conversation with an IT guy, and he writes the U.S. Congress 
and tells the American people: We've lost Lois Lerner's emails, 
and then one last question if I could, Mr. Koskinen. When did 
you learn from TIGTA that they had actually found these tapes 
and could recover her emails?
    Mr. Koskinen. I haven't learned yet that they could 
recover. I learned that we helped them find--they went through 
the system and our people helped them find by the early part--
late July, early August they said they thought they had found 
the tapes from that time----
    Mr. Jordan. Wait, wait, let me--this is an important point, 
Mr. Chairman.
    So literally a month after you--in July and early August, a 
month after you said ``we confirmed that backup tapes no longer 
exist,'' TIGTA had the backup tapes?
    Mr. Koskinen. TIGTA with our people----
    Mr. Jordan. Within a month they got the tapes that you 
confirmed didn't exist?
    Mr. Koskinen. That's exactly right.
    Mr. Jordan. Oh, my goodness.
    Chairman Chaffetz. Thank the gentleman.
    Mr. Cummings. Thank you very much, Mr. Chairman. I yield.
    Chairman Chaffetz. Recognize the ranking member.
    Mr. Cummings. You know, we can--you know sitting here and 
listening to all of this, I'm just trying to figure out how do 
we move forward. You know, you all been on the list for 25 
years. It's a long time. Administration after administration, 
and at some point, we need to get off this merry-go-round, and, 
you know, one of the things that I've noticed after being here 
for 18 years now is that there's a tendency for--I think it was 
Mr. Gowdy who said it, or somebody up there, that folks wait 
for another administration or another Congress, and then we 
just recycle the same problems.
    And I guess my question is very simple to each of you: If 
you were--if you had a magic wand and you could get this done, 
what would you do to get yourselves off the list? I mean, I'm 
serious. I mean, what does it take, and what--if you were us, 
what would you do to get you off the list, or to have a kind of 
accountability that the chairman talked about? Because I got to 
agree with him. We're better than this. And we're just going 
round and round and round. We're losing hundreds of billions of 
dollars. We're wasting a lot of time, and it's very 
frustrating, and I just believe--I mean, is it that we are too 
big to have accountability? Is it that we are too big to be 
able to say, OK. This is how it's supposed to be done and we're 
going to do it this way and we're going to do it an effective 
and efficient manner?
    I mean, you all may feel that the questions are--been 
unfair and tough. So I'm going to turn the table, and why don't 
you all tell us what you would--what we--if you were us, what 
would we have you do so that you can get off the list so that 
we can hold you accountable. We're going to start with you, Mr. 
MacWilliams, since you have such a wonderful smile.
    Mr. MacWilliams. Thank you for your question. First of all, 
the point that I would make with respect to the Department of 
Energy and to the chairman's comments, is we have made 
progress, but the GAO is essentially focusing on half a dozen 
large capital projects where we have had repeated problems, and 
we still do have problems, and so there's no effort on our part 
to claim success on that, and we welcome your oversight and the 
oversight of GAO.
    What success we have had is in projects below the 750. I 
won't dwell on those, but I will point out that in the 
Department--in NSA, for example, the last 3 years, we're 7 
percent below budget and on time. We've had other large 
projects recently such as the national Synchrotron project come 
in on budget.
    The problems that we have, which are systemic, are in our 
large capital projects which tend to be the nuclear projects 
which are among the most complex projects in the world. 
Therefore, what we're trying to focus on are structural changes 
so that they last past someone like me. I've been testifying 
before you for a couple of years, and that's why we've tried to 
create a much improved ISEB, a new project risk management 
committee, because that committee is meant to create 
enterprise-wide dialog and challenge by all the project members 
from across the programs so that we can avoid future problems 
like this and hopefully get to the bottom of the problems that 
we have.
    The last thing I would just mention, sir, is both of you 
talked accountability. That has been a significant issue at the 
Department of Energy. When everybody's in charge of a project, 
nobody's in charge. And so that's why, as I mentioned earlier, 
we--the Secretary has mandated that for every project, we have 
to have a defined owner, to the chairman's question, so that 
that is the person that is accountable when things don't go 
correctly.
    Mr. Cummings. Mr. Chairman, I'm going to yield to you. I 
think we have a solution to this issue, and I--and I yield----
    Chairman Chaffetz. Thank you. The ranking member and I--Mr. 
Cummings and I have chatted, and I think what we would like to 
do is to send each of you a letter. We would request that you 
would respond within a 30-day period what is your plan? Show us 
your game plan and what you need to do to accomplish that plan. 
Is that--does anybody have an objection to that? Is that fair?
    Mr. MacWilliams. No, sir.
    Chairman Chaffetz. Does anybody have an objection to that?
    Mr. Koskinen. No.
    Chairman Chaffetz. Will you meet that 30-day timeline if we 
send you a letter this week? Fair enough. This is--this has 
been a long hearing. You've been very patient taking your time 
here, but that's what we'll do. We will send a bipartisan 
letter. We would ask you to respond within 30 days, show us 
your game plan, and then that way I think we can go from here. 
We do appreciate your commitment. We appreciate your agencies. 
Again, most of the people there, they're good hard-working 
patriotic people, but we're failing them, and if we don't 
address it and put a plan in place, we will be back here again, 
and we don't ever want to do that. So with that, this committee 
will stand adjourned. Thank you.
    [Whereupon, at 6:40 p.m., the committee was adjourned.]

 
                                APPENDIX

                              ----------                              


               Material Submitted for the Hearing Record
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT] 

                                 [all]