DOD's Reengineered Travel System Efforts (Correspondence, 03/08/96,
GAO/AIMD-96-62R).

GAO discussed the Department of Defense's (DOD) reengineered travel
system, focusing on: (1) a previously sanctioned pilot test of an Air
Force automated travel system; (2) whether the Corps of Engineers
electronic signature system can generate signatures that can be used at
other sites; (3) whether disbursing officers should review and retain
paper copies of travel documents; and (4) the Fortezza security system's
ability to generate electronic signatures. GAO noted that: (1) in order
for DOD to begin implementing system enhancements to its travel system,
it should expand its pilot test for one more year; (2) the Corps of
Engineers can establish a paperless travel system, as long as it can
verify electronic signatures as it does handwritten signatures; (3)
disbursing officer's should retain official records pertaining to travel
authorizations and vouchers, and travelers should retain only those
records supporting his or her claims; and (4) it is unable to determine
whether adequate data integrity can be maintained at 7 additional DOD
sites, since these sites' computer systems are not designed to interface
with Fortezza and cannot use its security devices.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  AIMD-96-62R
     TITLE:  DOD's Reengineered Travel System Efforts
      DATE:  03/08/96
   SUBJECT:  Electronic forms
             Travel
             Financial management systems
             Federal records management
             Records retention
             Internal controls
             Systems compatibility
             Computerized information systems
             Computer software verification and validation
             Reengineering (management)
IDENTIFIER:  Air Force Automated Travel System
             Army Corps of Engineers Electronic Signature System
             DOD Fortezza Security System
             Army Corps of Engineers Financial Management System
             DOD Multilevel Information Systems Security Initiative
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER



March 1996


GAO/AIMD-96-62R

DOD's Reengineered Travel System Efforts

(511513)


Abbreviations
=============================================================== ABBREV

  DFAS - Defense Finance and Accounting Service
  DOD - Department of Defense
  NIST - National Institute of Standards and Technology

Letter
=============================================================== LETTER


B-271371

March 8, 1996

The Honorable John J.  Hamre
Comptroller
Department of Defense

Dear Dr.  Hamre: 

This letter responds to your, staff's January 17, 1996, and February
16, 1996, letters that requested our views on whether (1) the pilot
test of an Air Force automated travel system we sanctioned in
February 1995\1 could be expanded from 2 to 18 sites, (2) the
electronic signatures generated by the Corps of Engineers electronic
signature system can be used for travel claims at another site, (3)
for 12 additional sites, disbursing officers need to review and
retain the paper copies of travel documents, and (4) the Fortezza\2

system can be used to generate adequate electronic signatures. 

We support the Department of Defense's (DOD) efforts to evaluate the
costs and risks of different signature techniques and encourage such
an analysis.  We believe that the results will not only help DOD but
other agencies as well.  In making your final determination, DOD
should have external parties, such as the National Institute of
Standards and Technology (NIST), which has computer security
responsibilities, and the Department of Justice, which has the
responsibility for prosecuting travel fraud, concur with your final
recommendations.  This should help ensure widespread acceptance. 

We reviewed the material attached to the requests and other
information provided by your staff and, as discussed below,

  -- sanction the expanded use of an Air Force automated travel
     system to the 18 sites listed in enclosure I,

  -- sanction the proposed operation of another automated travel
     system at the Waterways Experiment Station (Vicksburg,
     Mississippi) which will use the Corps of Engineers's electronic
     signature system previously sanctioned by GAO,\3 and

  -- approve the concept of disbursing officers relying on a system
     of internal controls, rather than on the review of paper
     documents, to fulfill their responsibilities at the 12 sites
     listed in enclosure II. 

Further, we will continue monitoring DOD efforts to use Fortezza to
provide the necessary data integrity at seven of the sites listed in
enclosure II. 

We did not test your current or proposed systems, and, consequently,
our response only addresses your proposal conceptually.  The
following discusses our views on these issues in more detail. 


--------------------
\1 Air Force Automated Travel System (GAO/AIMD-95-74R, February 14,
1995). 

\2 A key component in DOD's Multi-level Information System Security
Initiative is the Fortezza security system.  Fortezza is envisioned
to provide both data integrity and confidentiality services for a
variety of applications. 

\3 Corps of Engineers Electronic Signatures and Travel Receipts
(GAO/AIMD-95-236R, September 20, 1995). 


   PILOT TEST SANCTIONED IN
   FEBRUARY 1995 CAN BE EXPANDED
------------------------------------------------------------ Letter :1

Your proposal would use electronic signature techniques to provide
data integrity over electronic travel data for 18 sites.  In our
February 1995 letter to the Air Force and a November 1994 letter to
the Defense Finance and Accounting Service\4 (DFAS), we noted that
any system, regardless of the technology used, must incorporate
adequate controls to ensure data integrity.  Since our February 1995
letter, in which we discussed weaknesses significant enough to
prevent this system from meeting the electronic signature criteria
contained in 71 Comp.  Gen.  109 (1991), some minor improvements have
been made. 

Although the basic weaknesses of signature generation and validation
continue and cannot be adequately addressed until a companion system
development effort discussed below is completed, we believe the
benefits of expanding the test at 18 sites should outweigh the risks
associated with the electronic signature weaknesses identified. 
Therefore, we believe an expansion of your test is warranted for a
1-year period so that DOD can develop and begin implementing the
necessary system enhancements while gaining the necessary knowledge
of how a reengineered travel process should work in DOD. 

Since our February 1995 letter, DOD and the Department of Energy have
entered into an agreement with NIST to develop the necessary system
specifications for a standardized system to generate and validate
electronic signatures.  The resulting system that will be developed
from these specifications is expected to address our concerns with
the signature generation and validation process.  It is our
understanding that DOD will incorporate these specifications in the
necessary procurement documents to ensure that future systems will
utilize electronic signature techniques that meet the GAO criteria. 
We also understand that the systems used at the test sites will
incorporate these necessary improvements as well as the other
controls implemented by the Air Force, such as the sampling
methodologies. 


--------------------
\4 Electronic Imaging (GAO/AIMD-95-26R, November 10, 1994). 


   ONE SITE USING THE CORPS OF
   ENGINEERS ELECTRONIC SIGNATURE
   SYSTEM CAN BE SANCTIONED
------------------------------------------------------------ Letter :2

The Waterways Experiment Station plans to use the electronic
signature system developed by the Corps of Engineers to ensure the
integrity of the travel data.\5 As noted in our September 1995 letter
to the Corps, we believe that the electronic signature system used in
the Corps of Engineers Financial Management System should generate
electronic signatures that provide at least the same quality of
evidence as the handwritten signatures they are designed to replace. 
Since this system is used to maintain the data integrity of the
travel records, we believe that your proposed concept should provide
the necessary controls to allow a "paperless" travel process. 


--------------------
\5 It is our understanding that in cases where the electronic
signature system cannot be used by the traveler, the current process
of requiring the traveler to sign a paper voucher will be retained. 
Electronic signatures will be used by all approving officials. 


   A DISBURSING OFFICER CAN RELY
   ON ELECTRONIC RECORDS WHEN
   ADEQUATE CONTROLS HAVE BEEN
   IMPLEMENTED
------------------------------------------------------------ Letter :3

The pilot implementations at 12 sites envision transmitting the
travel data electronically to a disbursing officer while retaining
the paper travel order and voucher at the traveler's location.  One
question that has been raised is whether the disbursing officer will
have sufficient evidence to establish the validity of the claim.  As
noted in our February 1995 letter to the Air Force and a subsequent
letter to DOD\6 in June 1995, GAO has recognized that disbursing
officers can rely on a system of internal controls to fulfill their
responsibilities.  GAO's Title 7\7 discusses this concept and the
disbursing officer's responsibilities to ensure that an adequate
internal control system is used and the system is properly
implemented.  In addition, our February 1995 report to the Air Force
outlined our understanding of how the Air Force's approach would help
disbursing officers to properly discharge their responsibilities. 

Although we did not review the system of controls that you plan to
use at these sites, we were requested by your staff to provide our
views on whether the internal control system could allow the traveler
to retain the original travel voucher.  As we understand this
concept, the traveler would retain the travel voucher and all
supporting documentation, using procedures similar to those we have
previously reviewed for DOD and Air Force that allow travelers to
retain their receipts.  For the reasons stated below, we do not
believe that DOD should allow the traveler to retain all official
travel records. 

A key concept in internal control systems is the separation of
critical duties.\8 For example, the authorizing, processing,
recording, and reviewing of transactions should be separated among
individuals.  Since these sites do not yet use techniques that ensure
the integrity of the electronic data, the travel order and voucher
are part or the agency's official records.  Allowing the traveler to
retain the official travel voucher would not provide an adequate
separation of duties since the traveler would have sole control over
all documents and systems that would be used to resolve any disputes
or claims.  For example, if a traveler's automated claim was
questioned, the traveler would be the individual who would be in a
position to provide the official records and could easily claim that
the automated system did not reflect the actual records.  As noted
above in this letter, system improvements are underway that should
improve travel information data integrity and, if properly
implemented, eliminate the need for paper documents such as travel
orders and vouchers. 

As we noted in the DOD and Air Force letters, we support the concept
of a traveler retaining the receipts necessary to support the
voucher.  We can support this concept because (1) a federal agency
retains the official records that represent the travel authorization
and voucher and (2) the traveler only retains records that support
the claims shown on his or her voucher. 


--------------------
\6 Employees' Travel Claims (DOD) (GAO/AIMD-95-171R, June 26, 1995). 

\7 "Fiscal Guidance," GAO's Policy and Procedures Manual for Guidance
of Federal Agencies. 

\8 Standards for Internal Controls in the Federal Government (GAO,
1983). 


   SEVEN SITES NOT YET USING
   FORTEZZA WILL BE MONITORED
------------------------------------------------------------ Letter :4

Based on information provided by your staff and discussions with your
staff, our original understanding was that seven pilot sites would
use Fortezza to provide the necessary data integrity.  However, in a
March 4, 1996, meeting with your staff and the Fortezza program
officials from the National Security Agency, it was determined that
the travel applications at these seven sites have not been designed
to properly interface with Fortezza and cannot use its security
services.  Therefore, we are unable to determine whether adequate
data integrity can be maintained.  We have agreed to monitor the
efforts to implement Fortezza into these pilot systems and determine
at a later date whether it provides the necessary data integrity.  It
is our understanding that, until that time, these seven sites will
use the procedures outlined earlier in this letter for transmitting
travel data electronically to disbursing officers and retaining
travel documentation at the traveler's location. 


---------------------------------------------------------- Letter :4.1

We have been assured that the controls discussed in this letter,
those outlined in the February 1995 letter to the Air Force, and
those described to us will be implemented properly.  We also
understand that additional control improvements will be incorporated
as experience is gained.  This letter does not constitute GAO
approval of your financial management system, as defined by 31 U.S.C. 
3512(f)(2). 

We recognize the challenges that your agency faces in automating its
administrative systems and appreciate the opportunity to comment on
your travel system.  We hope that our comments will assist your
efforts.  Should you have any questions, please contact Mr.  Chris
Martin, Assistant Director, at (202) 512-9481. 

Sincerely yours,

Dr.  Rona B.  Stillman
Chief Scientist for Computers
 and Telecommunications

Enclosures


SITES PLANNING TO USE AN AIR FORCE
AUTOMATED TRAVEL SYSTEM
=========================================================== Appendix I

Location                                               Test population
11th Support Wing, Headquarters, U.S. Air Force                  5,500
 (Pentagon)
11th Support Wing, Bolling Air Force Base                        2,375
 (Washington, D.C.)
Langley Air Force Base (Langley Air Force Base,                  9,500
 Virginia)
Army Europe, Headquarters 6th Area Support Group                   159
 (Stuttgart, Germany)
Army Training and Doctrine Command (Ft.                          2,200
 Leavenworth, Kansas)
Naval Command, Control, and Ocean Surveillance                     150
 Center;
 Research, Development, Test and Evaluation
 Division
 (San Diego, California)
Naval Undersea Warfare Center (Newport, Rhode                      251
 Island)
Headquarters, Commander In Chief, Pacific Fleet                     61
 (Pearl Harbor, Hawaii)
Naval Post Graduate School (Monterey, California)                  175
Commander In Chief, Atlantic Fleet (Norfolk,                       150
 Virginia)
Personnel Support Activity (Norfolk, Virginia)                      80
USS Eisenhower, (Norfolk, Virginia)                                300
Marine Forces Reserve (New Orleans, Louisiana)                     700
Marine Corps Air Station (Beaufort, South                          532
 Carolina)
Defense Mapping Agency (various locations)                       1,140
The Joint Staff (Pentagon)                                       1,500
Defense Finance and Accounting Service (Kansas                      73
 City, Missouri)
Headquarters, Naval Air Systems Command,                           265
 (Arlington, Virginia)
----------------------------------------------------------------------
Source:  Department of Defense. 


SITES TO RELY ON A SYSTEM OF
INTERNAL CONTROLS RATHER THAN A
DISBURSING OFFICER'S REVIEW OF
PAPER DOCUMENTS
========================================================== Appendix II

Location                                               Test population
Corps of Engineers, Ohio River Division                          4,340
 (Cincinnati, Ohio)
Headquarters, Army Forces Command (Ft. McPherson,                1,300
 Georgia)
Headquarters, Army Audit Agency (Alexandria,                       157
 Virginia)
Army Missile Command (Redstone Arsenal, Alabama)                   875
Defense Commissary Agency (Alexandria, Virginia)                   810
Randolph Air Force Base\a (Randolph Air Force                      438
 Base, Texas)
Dover Air Force Base\a (Dover Air Force Base,                    1,024
 Delaware)
Defense Logistics Agency\a (Ft. Belvoir, Virginia)               3,671
Washington Headquarter Services\a (Pentagon)                     5,562
National Security Agency\a (Ft. Meade, Maryland)                 9,500
Peterson Air Force Base\a (Peterson Air Force                       96
 Base, Colorado)
Defense Nuclear Agency\a (Alexandria, Virginia)                    170
----------------------------------------------------------------------
\a Location plans to use Fortezza, when available, to help ensure
data integrity. 

Source:  Department of Defense. 

*** End of document. ***