District of Columbia: The District Has Not Adequately Planned for and
Managed Its New Personnel and Payroll System (Letter Report, 12/17/1999,
GAO/AIMD-00-19).

Pursuant to a congressional request, GAO reviewed the District of
Columbia's management of the development of the Comprehensive Automated
Personnel and Payroll System (CAPPS), focusing on whether the District
has effectively planned and managed CAPPS.

GAO noted that: (1) the District did not effectively plan for CAPPS; (2)
since beginning the CAPPS initiative in 1991, the District did not
develop a project management plan and a risk management plan; (3) it did
not redesign personnel and payroll business processes; (4) it did not
obtain agreement from the acquisition team, system users, and the
contractor on detailed requirements for CAPPS; (5) it did not establish
a configuration control process to control the changes that were made to
data tables connected to the software package that the District acquired
for CAPPS; (6) by not implementing these critical management processes,
the District lacked the means to establish realistic timeframes for
CAPPS, track development along these timeframes, and ensure that changes
being made to CAPPS were consistent and in line with business
requirements; (7) in fact, the District has had to continually revise
its CAPPS implementation deadline and, in view of these delays, has had
to perform year 2000 renovations on its legacy personnel and payroll
system as a contingency measure; (8) furthermore, the District has not
been able to prevent individual District agencies from requesting that
the contractor modify the system without knowledge of the CAPPS program
office, to meet their own unique requirements; (9) the District also
does not have the tools essential for maintaining, operating, and
protecting CAPPS after its implementation; (10) in particular, the
District has not estimated the cost of maintaining CAPPS or even decided
how the system will be maintained; (11) it also does not have a
centralized file for contract-related documents or a documented history
of CAPPS-related decisions-both of which are needed to maintain and
modify the system and provide information for reviews and
investigations; and (12) furthermore, the District has not developed a
security plan for CAPPS even though the system will contain sensitive
privacy data.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  AIMD-00-19
     TITLE:  District of Columbia: The District Has Not Adequately
	     Planned for and Managed Its New Personnel and Payroll
	     System
      DATE:  12/17/1999
   SUBJECT:  Computer security
	     Management information systems
	     Requirements definition
	     Information resources management
	     Internal controls
	     Confidential communication
	     Risk management
	     Contract oversight
	     Schedule slippages
	     Systems design
IDENTIFIER:  District of Columbia Comprehensive Automated Personnel and
	     Payroll System
	     District Unified Personnel and Payroll System
	     District Financial Management System

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************

Report to the Chairman of the Subcommittee on the District of Columbia,
Committee on Appropriations, House of Representatives

December 1999

DISTRICT OF COLUMBIA

The District Has Not Adequately Planned for and Managed Its New Personnel
and Payroll System
*****************

*****************

GAO/AIMD-00-19

                                                 Accounting and Information
                                                        Management Division

B-283549

December 17, 1999

The Honorable Ernest J. Istook, Jr.
Chairman, Subcommittee on the District of Columbia
Committee on Appropriations
House of Representatives

Dear Mr. Chairman:

This report responds to your request that we review the District of
Columbia's management of the development of the Comprehensive Automated
Personnel and Payroll System (CAPPS). The District is acquiring and
developing CAPPS (which is based on a commercial, 
off-the-shelf software [COTS] product) in order to improve the quality of
its personnel and payroll information, modernize its personnel and payroll
business processes, and replace an aging legacy system. As noted in our
earlier testimony,/Footnote1/ information on the District's 40,000
employees has long been error-prone and inconsistent. CAPPS has been
estimated to cost about $13 million to develop and was expected to be
deployed by December 1999. As discussed with your office, we assessed
whether the District has effectively planned and managed CAPPS. 

Results in Brief

The District did not effectively plan for CAPPS. Since beginning the CAPPS
initiative in 1991, the District did not develop a project management plan
and a risk management plan; it did not redesign personnel and payroll
business processes; it did not obtain agreement from the acquisition team,
system users, and the contractor on detailed requirements for CAPPS; and
it did not establish a configuration control process to control the
changes that were made to data tables connected to the software package
that the District acquired for CAPPS. By not implementing these critical
management processes, the District lacked the means to establish realistic
time frames for CAPPS, track development along those time frames, and
ensure that changes being made to CAPPS were consistent and in line with
business requirements. In fact, the District has had to continually revise
its CAPPS implementation deadline and, in view of these delays, has had to
perform Year 2000 renovations on its legacy personnel and payroll system
as a contingency measure. Furthermore, the District has not been able to
prevent individual District agencies from requesting that the contractor
modify the system without knowledge of the CAPPS program office, in order
to meet their own unique requirements.

The District also does not have the tools essential for maintaining,
operating, and protecting CAPPS after its implementation. In particular,
the District has not estimated the cost of maintaining CAPPS or even
decided how the system will be maintained. It also does not have a
centralized file for contract-related documents or a documented history of
CAPPS-related decisions--both of which are needed to maintain and modify
the system as well as to provide information for reviews and
investigations. Furthermore, the District has not developed a security
plan for CAPPS even though the system will contain sensitive privacy data.

We are making recommendations to the District that are focused on the need
to implement effective management controls and processes for maintaining,
operating, and protecting CAPPS. In commenting on a draft of this report,
the District agreed with our observations and identified actions being
taken to address our recommendations.

Background

Information on employees in the District's personnel, payroll, and budget
systems has long been error-prone and inconsistent. Specifically, as we
testified in June 1995,/Footnote2/ personnel records lacked up-do-date
position descriptions and current data on pay and grade, contained service
computation date errors, and did not agree with payroll and budget
records. Payroll records included numerous errors in social security
numbers, addresses, and other data. For example, at the time of our 
1995 review, the payroll system data indicated that District employees
resided in 25 different states, including Texas and Florida. Further
checking of a sample of these errors showed that the employees actually
lived in the Washington metropolitan area. These and other data problems
have hampered the District's effort to manage programs and to make
difficult decisions to address its fiscal crisis.

CAPPS is being implemented to correct long-standing data problems with
personnel and payroll records as well as to modernize personnel and
payroll business processes and introduce a technology information
infrastructure to agencies that are not presently computerized. CAPPS will
replace the current personnel and payroll system, known as the Unified
Personnel and Payroll System (UPPS), which has been in operation since
1969. UPPS is a mainframe-based system with hardwired terminals located in
some, but not all District agencies. UPPS is outdated and limited in
capability. 

As the basis of CAPPS, the District purchased a COTS/Footnote3/ product
that was a commercially successful, mainframe-based, computerized
personnel system. To implement CAPPS, the District contracted with a firm
experienced in human resources and personnel systems. This contractor was
given responsibility for incorporating District agency's personnel and
payroll rules in the construction of systems tables as well as entry of
personnel records./Footnote4/

Although most of the processing in the CAPPS system will be performed on a
mainframe computer, users will be able to access relevant data via
personal computers located in all of the District's agency offices. CAPPS
will perform a wider range of personnel and payroll functions than UPPS,
including time and attendance reporting, tracking of personnel costs, and
position description and classification management. CAPPS will also
process pay for a broader range of District activities than did UPPS,
including the District of Columbia public school system. Unlike UPPS,
CAPPS will provide the District with on-line funding data at the agency
level, budgetary and spending controls at the position level, and accurate
accounting of costs of expenses, such as overtime.

The District's Office of the Chief Financial Officer, which has
responsibility for acquiring and developing CAPPS, expected to spend
approximately 
$13 million to acquire and develop the system. The District's contract
data made available to us show that as of July 9, 1999, $7.9 million had
been spent. As discussed later in this report, however, the District has
not yet estimated what it will cost to maintain CAPPS over its life cycle.
Table 1 highlights some of the major milestones/events during the CAPPS
effort.

Table****Helvetica:x11****1:    CAPPS Timeline

------------------------------------------------------------------------
| Date        : Event                                                  |
|----------------------------------------------------------------------|
| 1991        : In response to Congressional concerns about the lack   |
|             : of accurate personnel records, the District creates    |
|             : an action plan to acquire an automated human           |
|             : resources management information system.               |
|----------------------------------------------------------------------|
| 1994        : The District procures a standard human resources       |
|             : mainframe software package.                            |
|----------------------------------------------------------------------|
| 1997        : The District solicits proposals to implement the       |
|             : COTS package. Following an initial request for         |
|             : proposals that did not generate a response, the        |
|             : District modifies the contract targeting six           |
|             : potential contractors, two of which were developing    |
|             : the District's new Financial Management System. The    |
|             : two contractors decide to "team" on a response and     |
|             : are awarded the contract.                              |
|----------------------------------------------------------------------|
| Spring 1998 : The District's Office of the Chief Financial Officer   |
|             : commissions a study of CAPPS development and on the    |
|             : basis of the results of the study assigns a full-      |
|             : time program manager.                                  |
|----------------------------------------------------------------------|
| Fall 1998   : The District conducts a risk assessment for CAPPS      |
|             : that identified 15 specific areas of risk, including   |
|             : the lack of plans for support and maintenance of       |
|             : CAPPS and the lack of historical documentation on      |
|             : CAPPS.                                                 |
|----------------------------------------------------------------------|
| January 1999: The District decides to implement the entire system    |
|             : agency-by-agency rather than follow its previous       |
|             : plan to implement the system module-by-module across   |
|             : all agencies. As a result, system implementation may   |
|             : be delayed.                                            |
------------------------------------------------------------------------

Objectives, Scope, and Methodology

Our objective was to determine whether the District has effectively
planned and managed the acquisition of CAPPS. To do so, we reviewed and
analyzed CAPPS program management and contractor documentation and the
1998 CAPPS risk assessment. We discussed the CAPPS effort with officials
representing the prime contractor; the Office of the Chief Financial
Officer, including CAPPS program management staff;/Footnote5/ and the
District of Columbia Inspector General's Office. We compared the
District's efforts to plan and manage CAPPS with

o legislative requirements governing information technology for federal
  agencies, including the Clinger-Cohen Act of 1996 and the Privacy Act
  of 1974;

o federal policy governing acquisition efforts, including Office of
  Management and Budget guidance/Footnote6/ and the National Institute of
  Standards and Technology Federal Information Processing
  Standards;/Footnote7/ and those standards applying to computer security
  and paperwork reduction;/Footnote8/ and

o best practice literature, including guidance we and the Software
  Engineering Institute/Footnote9/ issued on evaluating information
  technology investment./Footnote10/

We also relied on a review/Footnote11/ that we conducted in 1998 to
determine whether the District of Columbia had implemented disciplined
software acquisition processes for its new financial management system,
which is also being managed by the Chief Financial Officer. 

We conducted our review from March 1999 through July 1999 in accordance
with generally accepted government auditing standards. We requested
comments on a draft of this report from the District's Chief Financial
Officer. These comments and our response are discussed in the "Comments
and Our Evaluation" section and are reprinted in appendix I.

Planning for CAPPS Was Inadequate

Before undertaking its CAPPS effort, the District did not develop and
implement basic management processes that are designed to help ensure that
the system can be implemented within realistic time frames and will meet
the District's personnel needs. As a result, the District has encountered
major delays and has been unable to ensure that the implementation of the
COTS package it acquired for CAPPS is consistent and in line with its
personnel business needs. In particular, the District did not do the
following.

o Develop and implement a project management plan. Documented project
  plans help organizations to define realistic time frames for system
  acquisition and development and identify responsibilities for key
  tasks, deliverables, resources, performance measures, etc. Without
  them, organizations lack a yardstick by which to measure the progress
  of the acquisition and development effort.

o Develop and implement a risk management plan. In developing risk
  management plans, organizations identify, assess, and document the
  risks associated with the cost, resource, schedule, and technical
  aspects of the project and determine the procedures that will be used
  to manage those risks. Without such a plan, organizations do not have a
  disciplined means to predict and mitigate risks, such as the risk that
  the system will not (1) meet performance and business requirements, (2)
  work with other systems belonging to the organization, and/or (3) be
  delivered on schedule and within budget. 

o Redesign personnel and payroll business processes. To maximize the
  success of a new system acquisition, organizations should redesign 
  long-standing and ineffective business processes. As we recently
  noted in our executive guide on financial management,/Footnote12/
  leading finance organizations have found that productivity gains
  typically result from more efficient processes, not from simply
  automating old processes.

o Develop an approved requirements baseline for CAPPS. To help ensure the
  success of a system acquisition and development effort, organizations
  should establish and maintain a common and unambiguous definition of
  requirements (e.g., function, performance, help desk operations, data
  characteristics, security) among the acquisition team, the system
  users, and the contractor. These requirements should be consistent with
  one another, verifiable, and traceable to higher level business or
  functional requirements. Poorly defined, vague, or conflicting
  requirements can result in a system that does not meet business needs
  or that cannot be delivered on schedule and within budget. 

o Establish a configuration control process for the modification of
  CAPPS. Software configuration management involves establishing product
  baselines and systematically controlling changes made to those
  baselines. As noted in our executive guide on financial management, it
  also ensures that product changes are clearly documented and tested
  before being placed into production. Having this process enables
  organizations to establish and maintain the integrity of the system
  throughout its lifecycle. Without a mature effective configuration
  management process, organizations can lose control of the software
  product baseline, potentially producing and using inconsistent product
  versions, and creating operational problems.

These planning weaknesses mirror those we identified in 1998 during our
review of the District's software acquisition processes for its new
Financial Management System (FMS). Among other things, this review found
that the District did not have a written policy for software acquisition
planning, did not have a policy for establishing and managing software-
related requirements, did not have a risk management plan to track project
risk, and did not have a documented policy for contract tracking and
oversight activities. In light of these and other weaknesses, we made 
35 recommendations to the Chief Financial Officer designed to strengthen
acquisition processes as they related to the FMS project and other
acquisitions, such as CAPPS.

Some project and risk management measures were undertaken after the CAPPS
acquisition and development effort began; however, these still fell short
of what was necessary to ensure that CAPPS could be delivered on time and
that the system would meet the District's personnel needs. For example,
instead of a project plan, the District developed a series of
implementation schedules for CAPPS and is currently working with a
spreadsheet generated from project planning software to manage CAPPS.
These documents, however, were not sufficiently detailed to allow
effective control and visibility over basic critical aspects of the
development effort. For example, they did not detail tasks to be
performed, assign responsibilities, and, set realistic deadlines for CAPPS
implementation. As a result, the District has consistently underestimated
the amount of effort needed to implement CAPPS and, as shown in figure 1,
deadlines have been greatly extended.

Figure****Helvetica:x11****1:    Estimated CAPPS Implementation
                                 Dates
*****************

*****************

Source: CAPPS program office.

Also, while it did not develop a risk management plan, the District
performed a risk assessment in the fall of 1998 to identify major risks
associated with CAPPS. The assessment identified 15 problem areas and
recommended mitigation strategies for each. Included were areas we
identified in 1998 and in this review, such as the lack of a requirements
baseline, the lack of support and maintenance plans, and the lack of
historical records. However, the risk assessment was incomplete because it
did not address information security-a critical area of risk for a
personnel management information system. In addition, the District did not
follow up on the assessment by establishing a risk management committee or
a formal risk management process. Instead, the District conducted another
independent assessment of CAPPS in the spring of 1999, which merely
confirmed the previously identified problems, such as the lack of a
requirements baseline and the lack of support and maintenance plans.

Further, instead of developing a requirements baseline, the District
relied on the vendor to develop a list of 449 detailed requirements that
CAPPS needed to address. Examples of requirements included "Calculate
position turnover by job classification (and maintain historical turnover
data)," "Flag positions being filled by a temporary, detailed (acting or
on loan) employee," and "Calculate position grade/step salary averages and
midpoints." During implementation of CAPPS, the District asked the
contractor to prioritize the requirements and reduce them to "mandatory"
capabilities. However, the District did not take steps to ensure that the
system users agreed to these requirements or to link the requirements to
the five core modules of the system (i.e., payroll, position control,
employee processing, benefits and compensation, and time and attendance).
Moreover, because the District has not established a configuration control
process, the CAPPS program office has been unable to stop District
agencies from individually requesting the contractor to modify the system
to accommodate their own unique requirements. As a result, it does not
have assurance that changes being made to the system are (1) consistent
with one another, (2) in line with higher level business requirements, and
(3) documented and communicated to other users.

The District Does Not Have Tools for Maintaining and Protecting CAPPS

Even though the District currently expects to implement CAPPS by December
1999, it has not taken steps necessary to ensure that CAPPS is effectively
maintained and operated and that sensitive data within CAPPS will be
protected. This has created the risk that, once implemented, CAPPS will
not be effectively managed and protected from unauthorized users.
Specifically, the District has not done the following.

o Estimated the cost of maintaining CAPPS. After the CAPPS system is
  implemented, the District will need to periodically make changes to the
  system to correct coding errors, design errors, and/or to accommodate
  new requirements. According to information technology
  experts,/Footnote13/ maintenance costs are typically the greatest costs
  in the lifecycle of the system and can end up being as much as twice to
  four times the development costs. As such, they need to be estimated
  and planned for as soon in the development stage as possible. 

o Decided how the system will be maintained. It is just as necessary to
  have a configuration control process in place for maintaining a system
  as it is for developing one. Yet the District has not yet established
  such a process. In addition, it has not decided who will operate and
  maintain the system. While the District has a maintenance agreement
  with the vendor, this agreement only covers the COTS product itself and
  not the modifications that were made to the system in implementation.

o Organized files essential to maintaining CAPPS. To effectively maintain
  and modify systems and to be able to provide information for reviews
  and investigations, organizations need to maintain contract
  documentation as well as a history of decisions leading up to
  implementation of the system. The District does not have a complete,
  centralized contracting file or a documented history of CAPPS-related
  decisions. Instead, contract documentation is scattered and takes a
  long time to assemble. For example, there is no central file for the
  task orders that instruct the contractor to make specific changes to
  CAPPS, and, as a result, there is no systematic way of knowing if
  anyone in the program office approved specific tasks or if the tasks
  requested repeated something that had already been requested and
  completed. 

o Developed a security plan. Because personnel systems contain sensitive
  privacy data, they need to be protected from internal and external
  unauthorized users. Thus, it is good business practice to establish
  appropriate administrative, technical, and physical safeguards to
  ensure the security and confidentiality of records. Normally, security
  requirements are defined and built into a system during the development
  process along with other functional requirements. The District,
  however, has not yet formally considered its security needs for CAPPS.

Conclusions

Because the District did not develop and implement effective management
processes for CAPPS, it was unable to prevent or mitigate major
development delays or ensure that the system would fully meet its
personnel needs. To mitigate future problems, it will be important for the
District to implement effective controls and processes for managing,
maintaining, and protecting the system. 

Recommendations

So that the District implements effective processes and controls for
maintaining, operating, and protecting CAPPS, we recommend that the Chief
Financial Officer direct the CAPPS program office to do the following:

o Develop and maintain a risk management plan.

o Develop a requirements baseline and obtain agreement between the
  program office and the system users.

o Implement a configuration control process to control and document
  further modifications being made to CAPPS. The process should 
  (1) clearly define and assess the effects of modifications on future
  product upgrades before the modification is approved, (2) clearly
  document the software products that are placed under configuration
  management, and (3) maintain the integrity and traceability of the
  configuration throughout the system life cycle.

o Develop and implement a life cycle support plan, assign responsibility
  for life cycle maintenance, and develop an estimate of maintenance and
  operation costs for CAPPS.

o Develop and implement a security plan based on a realistic risk
  assessment of CAPPS security vulnerabilities.

o Develop a centralized file for contract task orders and other contract
  documentation related to CAPPS.

Comments and Our Evaluation

The District of Columbia provided written comments on a draft of this
report. The Chief Financial Officer (CFO) agreed in principle with the
observations about needed improvements in project management for CAPPS.
She pointed out that the District has begun to implement changes to
project management, including the appointment of a new project manager. In
addition, the CFO stated that the District plans to improve schedule
compliance and budget control over the project, to create better
documentation of user needs and system configuration, and to implement
necessary security measures. The program manager is to develop a project
plan which will include provision for implementing CAPPS in the remaining
DC agencies, and which will provide for resources to maintain CAPPS once
it is fully implemented. 

While the District's actions are encouraging, implementing needed CAPPS
changes will be challenging, given the poor track record of the District
in making improvements to its management of information systems. As noted
in our report, many of the same problems we found with CAPPS were
identified more than a year ago in our April 1998 review of the District's
new financial management system. For example, the District did not have a
risk management plan, a policy for establishing and managing software-
related requirements, or a policy for contract tracking and oversight
activities. At the time of our review, the Office of the Chief Financial
Officer assured us that corrective actions were underway to address our 
35 recommendations. Nevertheless, such fundamental management controls are
still lacking with CAPPS.

The Chief Financial Officer also responded to our original concerns about
the lack of progress in determining CAPPS Year 2000 compliance. In a draft
we sent to the District for comment, we reported that the District did not
yet have adequate assurance that CAPPS was Year 2000 compliant and that it
had not yet completed a written business continuity plan for personnel and
payroll operations that went beyond immediate contingency actions and
anticipated possible failures in business partner systems or public
infrastructure systems, such as power and telecommunications. In her
comments, the Chief Financial Officer described the District's recent
progress in assuring Year 2000 compliance for CAPPS and in preparing
continuity plans. After reviewing additional documentation provided by the
District on its Year 2000 progress, we determined that the District has
taken steps needed to ensure the continuity of payroll and personnel
operations into 2000 and have modified our final report accordingly. 

We are sending this report to the Honorable Anthony A. Williams, Mayor of
the District of Columbia; Valerie Holt, the Chief Financial Officer of the
District of Columbia; Henry Debman, Program Manager of the Comprehensive
Automated Personnel and Payroll System; Suzanne Peck, Chief Technology
Officer of the District of Columbia; and Mary Ellen Hanley, Year 2000
Program Director of the District of Columbia. Copies will also be made
available to others upon request.

If you have questions regarding this report, please contact me or Carl M.
Urie, Assistant Director at (202) 512- 6240. Other key contributors to
this report are listed in appendix II.

Sincerely yours,
*****************

*****************

Jack L. Brock, Jr.
Director, Government and Defense Information Systems

--------------------------------------
/Footnote1/-^District of Columbia: Weaknesses in Personnel Records and
  Public Schools' Management Information and Controls (GAO/T-AIMD-95-170,
  June 14, 1995).
/Footnote2/-^GAO/T-AIMD-95-170, June 14, 1995.
/Footnote3/-^The provider of COTS is called the "vendor" in this report.
/Footnote4/-^The provider of the services is called the "contractor" in
  this report.
/Footnote5/-^CAPPS has had three different program managers since our
  audit began.
/Footnote6/-^Management of Federal Information Resources, OMB Circular A-
  130, December 12, 1985.
/Footnote7/-^Guidelines for Security of Computer Applications, FIPS PUB
  73, June 30, 1980.
/Footnote8/-^Computer Security Guidelines for Implementing the Privacy Act
  of 1974, FIPS PUB 41, May 30, 1975.
/Footnote9/-^Capability Maturity Model for Software, Carnegie Mellon
  University, Software Engineering Institute, version 1.1, February 1993.
/Footnote10/-^Assessing Risks and Returns: A Guide for Evaluating Federal
  Agencies' IT Investment Decision-making (GAO/AIMD-10.1.13, February
  1997) and Executive Guide: Creating Value Through World-class Financial
  Management (GAO/AIMD-99-45, Exposure Draft, August 1999).
/Footnote11/-^District of Columbia: Software Acquisition Processes for a
  New Financial Management System (GAO/AIMD-98-88, April 30, 1998).
/Footnote12/-^Executive Guide: Creating Value Through World-class
  Financial Management (GAO/AIMD-99-45, Exposure Draft, August 1999).
/Footnote13/-^Such as those at the Defense Systems Management College.

COMMENTS FROM THE DISTRICT OF COLUMBIA
======================================

*****************

*****************

*****************

*****************

GAO CONTACT AND STAFF ACKNOWLEDGEMENTS
======================================

GAO Contacts

Jack Brock, (202) 512-6240
Carl Urie, (202) 512-6231

Acknowledgements

In addition to the above contacts, Cristina Chaplain, Robert Crocker, Greg
Donnellon, and Brian Spencer, made key contributions to this report.

(511667)

*** End of document. ***