High Risk Series: An Update (Letter Report, 01/01/2001, GAO/GAO-01-263).

This report, part of GAO's high-risk series, updates the status of
high-risk federal programs and operations. Several high-risk areas have
improved enough to be removed from GAO's high-risk list. They include
the year 2000 computer challenge, the 2000 census, Department of
Agriculture's farm loan programs, the Superfund program, and the
National Weather Service's information technology modernization. At the
same time, GAO added one new area of concern to the 2001 high-risk list,
human capital management. GAO is also continuing to monitor 21 other
areas previously designated as high risk.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  GAO-01-263
     TITLE:  High Risk Series: An Update
      DATE:  01/01/2001
   SUBJECT:  Risk management
	     Accountability
	     Internal controls
	     Financial management
	     Information resources management
IDENTIFIER:  High Risk Series 2001
	     GAO High Risk Program

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-01-263

January 2001 High- Risk Series

An Update

GAO- 01- 263

Letter 3 Executive

5 Summary

Substantial 54 Progress Made to Resolve

Several High- Risk Areas

Strategic 71

Human Capital Management: A Governmentwide

High- Risk Area

Resolving 97

Serious Information Security Weaknesses

Ensuring 107

Major Technology Investments Improve Services

Providing 120

Basic Financial Accountability

Reducing 140 Inordinate Program

Management Risks

Managing 182

Large Procurement Operations More Efficiently

Lett er

January 2001 The President of the Senate The Speaker of the House of
Representatives

Since 1990, GAO has periodically reported on government operations that it
identifies as “high risk.” This effort, which was supported by
the Senate Committee on Governmental Affairs and the House Committee on
Government Reform, brought a muchneeded focus to problems that are impeding
effective government and costing the government billions of dollars. To
help, GAO has made hundreds of recommendations to improve these high- risk
operations.

Moreover, GAO's focus on historical high- risk problems contributed to the
Congress enacting a series of governmentwide reforms to strengthen financial

management, improve information technology practices, and instill a more
results- oriented government during the past decade. GAO's high- risk status
reports are provided at the start of each new Congress. This update should
help the Congress and the new Administration in carrying out their
responsibilities while improving government for the benefit of the American
people. It summarizes progress made in correcting high- risk problems,
actions underway, and further actions that GAO believes are needed.

Historically, GAO has designated federal programs and operations as high
risk because of their greater vulnerabilities to fraud, waste, abuse, and
mismanagement. This has served to identify and help resolve serious
weaknesses in areas that involve substantial resources and provide critical
service to the public. We will continue to give consideration to these

traditional vulnerabilities but also give added emphasis to identifying as
high risk those major programs and operations that need urgent attention in
order to ensure our national government functions in the most economical,
efficient, and effective manner possible. In this regard, we are designating
strategic human capital management as a governmentwide high- risk area in
this update.

Copies of this series are being sent to the President, the congressional
leadership, other Members of the Congress, the Director of the Office of
Management and Budget, and the heads of major departments and agencies.

David M. Walker Comptroller General of the United States

Executive Summary Since our last status report in January 1999 agencies have
taken additional steps and the Congress has addressed several areas we
designated as being high risk. Additionally, we have continued to work
constructively to assess progress and make recommendations necessary to
resolve these risks. We also have looked across government to identify
emerging high- risk areas that need attention.

Subsequent to the 1999 high- risk update report, we completed an assessment
of the methodologies and criteria used to determine which federal government
programs and functions should be designated as high risk. We considered
comments provided on a publicly available exposure draft, and published our
final

guidance document, Determining Performance and Accountability Challenges and
High Risks (GAO- 01- 159SP), in November 2000. The final criteria consider
qualitative and quantitative factors and agencies'

corrective measures. The final document also includes criteria for
determining governmentwide high risks and for removing high- risk
designations. In this current update, we discuss (1) five areas for which
the high- risk designation is being removed,

(2) one area- strategic human capital management across government- that is
being added to our list, (3) three program areas for which the high- risk
focus is being modified, and (4) the important progress being made to
further resolve the remaining high- risk areas and challenges that are yet
to be addressed in resolving them.

Overall, agencies are taking these problems seriously and making progress in
trying to correct them. The Congress also has acted to address several
individual high- risk areas through hearings and legislation. Continued
perseverance in addressing high- risk areas will ultimately yield
significant benefits. Lasting

solutions to high- risk problems offers the potential to save billions of
dollars, dramatically improve service to the American public, strengthen
public confidence and trust in the performance and accountability of our
national government, and ensure the ability of government to deliver on its
promises.

Over time, as high- risk operations have been corrected and other risks have
emerged, we have removed areas from the list and added new ones to keep the
Congress current on areas needing attention. Information on the total
additions to, and removals from, our high- risk list over the past 11 years
is shown in table 1.

Table 1: Overall Changes in GAO's High- Risk List, 1990 to 2001 Changes
19902001 Number of Areas

Original high- risk list in 1990 14 High- risk areas added since 1990 19
High- risk areas removed since 1990 11 Current high- risk list in 2001 22

Changes 1999 2001 High- risk list in1999 26

High- risk areas added in 2001 a 1 High- risk areas removed in 2001 b 5
Current high- risk list in 2001 22 a In 2001, the focus of a previously
designated IRS- related high- risk area was expanded (see page 21).

b In 2001, the focus of a previously designated HUD- related high- risk area
was reduced, and another IRS- related area was narrowed (see page 21).

For this 2001 high- risk update, we have determined that five high- risk
areas warrant removal from the list. They include the Year 2000 Computing
Challenge and the 2000 Census, which were both dependent on time- related

events that have elapsed. Also, legislative and agency actions, including
those in response to our recommendations, were significant enough to remove
the high- risk designations for the farm loan programs managed by the
Department of Agriculture (USDA) and for the Superfund program, which are
programs we have monitored as high- risk for the past 11 years.
Additionally, the National Weather Service (NWS) has

acted to implement our recommendations to better manage its information
technology modernization, which we designated high risk in 1995. NWS'
modernization is critical to weather forecasting to enhance public safety.

Since our high- risk program began in 1990, we have removed the high- risk
designations from 11 areas, which are listed in table 2. Six of these areas
were among the 14 programs and operations we determined to be highrisk at
the outset of our efforts to monitor such programs. These results
demonstrate that the sustained attention and commitment by the Congress and
agencies to resolve serious, long- standing high- risk problems has paid
off, as the root causes of the government's exposure for almost half of our
original high- risk list have been successfully addressed.

Table 2: High- Risk Designations Removed High- Risk Area Year Added Year
Removed

Pension Benefit Guaranty Corporation 1990 1995 State Department Management
of Overseas Real Property 1990 1995 Federal Transit Administration Grant
Management 1990 1995 Bank Insurance Fund 1991 1995 Resolution Trust
Corporation 1990 1995 Customs Service Financial Management a 1991 1999 The
Year 2000 Computing Challenge 1997 2001 The 2000 Census 1997 2001 Superfund
Program 1990 2001 Farm Loan Programs 1990 2001 National Weather Service
Modernization 1995 2001

a Originally part of a broader high- risk area designated as Managing the
Customs Service.

Also, we have determined that one new area- strategic human capital
management- merits designation as a governmentwide high- risk. While
legislation and other actions have been put in place since 1990 to address
most major management areas, the government's approach to managing its
people- its human capital- is the critical missing link in reforming and
modernizing the federal government's management practices. Many agencies are
experiencing serious human capital challenges, such as skills imbalances,
succession planning challenges, outdated performance

management systems, and understaffing. The combined effect of these
challenges serves to place at risk the ability of agencies to efficiently,
economically, and effectively accomplish their missions, manage critical
programs, and adequately serve the American people

both now and in the future. To a significant extent, serious management
challenges across a wide range of federal agencies, covering programs that
involve billions of federal expenditures, can be attributed to

shortcomings in how agencies manage their human capital.

We are also continuing to monitor 21 other areas we previously designated as
high risk. For three of these areas, the focus of our high- risk work has
been modified. In the case of the Department of Housing and Urban
Development (HUD), we are reducing the number of HUD program areas deemed to
be “high risk” due to

progress made by the agency. Also, the focus of the previously designated
IRS Tax Filing Fraud high- risk area is being narrowed to better define the
scope of our concern, which is Earned Income Credit noncompliance. For
another IRS program, previously designated IRS receivables, we are expanding
our focus

to now cover the collection of unpaid taxes. We are redefining this area
because some key collection actions have declined since 1997, and IRS lacks
a measure of voluntary compliance to help assess the impact of such declines
on compliance.

The 22 areas that comprise our current high- risk list are identified in
table 3. These areas cover a range of key government operations and
functions including governmentwide information security; several major
technology investments; basic financial accountability at large departments
and agencies; and the management of major benefit, lending, procurement, and
other

important programs across government.

Table 3: GAO's 2001 High- Risk List Year Designated 2001 High- Risk Areas
High Risk

Addressing Governmentwide High- Risk Areas

Strategic Human Capital Management 2001 ? Information Security 1997

Ensuring Major Technology Investments Improve Services

? FAA Air Traffic Control Modernization 1995 ? IRS Tax Systems Modernization
1995 ? DOD Systems Modernization 1995

Providing Basic Financial Accountability

? DOD Financial Management 1995 ? Forest Service Financial Management 1999 ?
FAA Financial Management 1999 ? IRS Financial Management 1995

Reducing Inordinate Program Management Risks

? Medicare Program 1990 ? Supplemental Security Income 1997 ? Earned Income
Credit Noncompliance 1995 ? Collection of Unpaid Taxes 1990 ? DOD
Infrastructure Management 1997 ? DOD Inventory Management 1990 ? HUD
SingleFamily Mortgage Insurance and Rental Housing Assistance

1994 Program Areas ? Student Financial Aid Programs 1990

? Asset Forfeiture Programs 1990

Managing Large Procurement Operations More Efficiently

? DOD Weapon Systems Acquisition 1990 ? DOD Contract Management 1992 ?
Department of Energy Contract Management 1990 ? NASA Contract Management
1990

The following sections summarize the progress made in resolving the problems
in areas for which high- risk designations are being removed and in
correcting the

problems in the remaining high- risk areas, as well as actions underway to
address these risks and further actions that GAO believes are needed. High-
Risk

We remove the high- risk designation when legislative Designations

and agency actions, including those in response to our Removed
recommendations, result in significant progress toward resolving a high-
risk problem, or when other factors

affect a high- risk area, such as the occurrence of a timerelated event. For
this update, we are removing five areas. We will, however, continue to
monitor these programs, as appropriate, to ensure that the

improvements we have noted are sustained. The following areas are being
removed from our highrisk list.

The Year 2000 (Y2K) In 1997, when we designated the Year 2000 computing
Computing Challenge

challenge as a high- risk area, we wanted to stimulate greater attention to
assessing the government's exposure to Year 2000 risks and to strengthen
planning for achieving Year 2000 compliance for mission- critical systems.
This was necessary because the public faced a

high risk that critical services provided by the government and the private
sector could be severely disrupted by the Year 2000 problem. To help
agencies mitigate their Y2K risks, we produced a series of guides and
reports. Our guides provided systematic approaches to enterprise readiness,
business continuity and contingency planning, testing, and dayone planning.
They were used by federal agencies and other organizations to help organize
and manage their Year 2000 programs. In addition, we issued over 160 reports
and testimony statements detailing specific findings and recommendations
related to the Year 2000 readiness of both the government as a whole and a
wide

range of individual federal agencies. Our recommendations were almost
universally embraced. The Year 2000 challenge was met through the
collaborative efforts of the Congress, the Administration, federal agencies,
state and local governments, and the private sector. The Congress held
numerous hearings and passed important legislation. The President's Council
on Year 2000 Conversion took

many actions, including working with federal agencies, state and local
governments, the private sector, and the United Nations on the Year 2000
issue. As a result, the century- change and leap- day rollover periods
passed with only a few significant Year 2000 related incidents.

(See page 55.) The 2000 Census The decennial census is the nation's most

comprehensive and expensive statistical data- gathering program. Accurate
results are critical because, as required by the Constitution, decennial
census data are used to reapportion seats in the House of Representatives.
Public and private decisionmakers also use census data for such purposes as
state and local redistricting, allocating billions of dollars in government
funding, and a number of planning and evaluation

activities such as market research. Beginning in February 1997, when we
first designated the 2000 census a high- risk area, and in subsequent
reports, we noted that formidable challenges surrounded critical census-
taking operations. Key

among these challenges were building a complete and accurate master address
file, motivating the public to participate in the census by returning their
census

questionnaires, meeting field staffing goals in a tight labor market, and
collecting timely and accurate data from nonrespondents.

Moreover, in anticipation of comparatively low public participation in the
census, the Bureau of the Census planned on using statistical sampling and
estimation procedures that the Bureau believed would be more accurate and
cost- effective than visiting every

nonresponding household. However, Congress, citing legal and methodological
concerns, did not agree to the Bureau's planned use of sampling, which
raised questions about the Bureau's readiness for taking a
“traditional,” nonsampling census. In January 1999, the Supreme
Court ruled that the Census Act (13 U. S. C. 195) prohibited the use of
statistical sampling for purposes of determining the population count used
to apportion the

House of Representatives, which eliminated any uncertainties about which
census design the Bureau was to use.

Consistent with our findings, the Bureau of the Census took a number of
steps aimed at addressing the operational challenges it faced, generally
completed its peak data collection activities consistent with its
operational plans, and appears to be on track with the

remaining activities. As a result, we no longer consider the operation of
the 2000 Census to be high risk. Still, surmounting the various challenges
to a successful census that the Bureau faced in 2000 came at considerable
cost. As we noted in our December 1999 report, the Bureau estimated that the
cost of the 2000 Census will be at least $6. 8 billion, an increase of 113
percent in real terms over the $3. 2 billion cost of the 1990 census in 1999
dollars. 1 Moreover, the single most

important determinate of a successful census- the completeness and accuracy
of the census count and, in particular, the size and nature of the
undercount- will 1 2000 Census: Contingency Planning Needed to Address Risks
That Pose a Threat to a Successful Census (GAO/ GGD- 00- 06, December 14,
1999).

not be known until the Bureau completes various accuracy and coverage
assessments. At the request of Congress, we will continue to review the
Bureau's efforts on the 2000 Census, the lessons learned, and

changes needed for 2010. (See page 60.) National Weather

Almost two decades ago, the National Weather Service Service (NWS)

decided to improve its weather warnings and forecasts Modernization

through a nationwide modernization program. The agency recognized that
improved warnings and forecasts were essential to enhancing public safety
and our nation's economic productivity. However, the modernization effort,
originally expected to be completed in 1994, experienced difficulties that
included schedule delays, cost overruns, and technical problems

on key systems. Accordingly, in 1995, we identified NWS' modernization
effort as a high- risk initiative because of several issues, such as the
agency's lack of an overall systems architecture to guide the modernization
and problems in developing the Advanced Weather Interactive Processing
System (AWIPS)- the centerpiece of the modernization. 2 Over the years, we
have made numerous

recommendations to address the modernization's difficulties, and NWS has
acted to implement them. For example, in response to our recommendations,
NWS established an overall systems architecture, improved the availability
of its Next Generation Weather Radar, and enhanced its AWIPS software
development processes. Due to NWS' progress in addressing key concerns, and
in deploying and using AWIPS, we no longer consider NWS' modernization
effort to be a high2

High- Risk Series: An Overview (GAO/ HR- 95- 1, February 1995); High- Risk
Series: Information Management and Technology (GAO/ HR- 97- 9, February
1997); and High- Risk Series: An Update (GAO/ HR- 99- 1, January 1999).

risk initiative; however, we will continue to monitor NWS' plans to deploy
enhancements to AWIPS. (See page 63.) Farm Loan Programs USDA's farm loan
programs have been identified as high risk since 1990 because of significant
problems primarily with the direct loans. Among other factors, there had
been a high rate of defaults on repayments, billions of dollars of losses
had occurred and were likely

to occur, and the Department had evolved into a continuous source of
subsidized credit for thousands of borrowers. During the early- to mid-
1990s, GAO made a variety of recommendations to USDA and the Congress that
were aimed at improving the financial condition and operation of the farm
loan programs.

Since then, the Congress and USDA have acted upon our recommendations to
address the underlying causes of past program weaknesses. For example, the
1996 farm bill contained numerous provisions aimed at improving the solvency
of USDA's farm loan programs, including prohibiting certain high- risk
loans. As a result of these actions, the financial condition of USDA's
direct farm loan program has improved dramatically, as shown in table 4.
(See page 65.)

Table 4: Improved Condition of USDA's Direct Farm Loan Program Amount held
by

delinquent Percentage of

borrowers outstanding

Date (in billions)

principal

September 1995 $4.6 40.7 September 1996 $3.6 34.2 September 1997 $2.7 28.2
September 1998 $2.4 26.4 September 1999 $2.1 23.5 September 2000 $1.8 20.9

Superfund Program Under the Superfund program, five federal agencies are
involved in cleaning up abandoned hazardous waste sites located on either
private or federal lands, a job that could ultimately cost the federal
government as much as $300 billion. Three major management problems led us
to designate the Superfund program as a high- risk program in 1990. At that
time, we found that (1) the Environmental

Protection Agency (EPA) and the Departments of Agriculture, Defense, Energy,
and the Interior were not giving priority for limited cleanup funds to those
sites that posed the relatively highest risk to human health and the
environment, (2) EPA was not recovering billions of dollars in indirect
costs it had spent in cleanup costs from the parties responsible for
contaminating the sites, and (3) EPA was not effectively controlling the
costs of the contractors it used to conduct cleanups.

To address these major management problems, we reported on the need for (1)
EPA and the Departments of Agriculture, Defense, Energy, and the Interior to
set funding priorities based on a consideration of the health

and environmental risks posed by sites, (2) EPA to recover billions in
certain cleanup costs from parties responsible for contaminating sites, and
(3) EPA to better control contractors' costs. The agencies have demonstrated
a commitment to improving their management of the Superfund program and have
implemented a number of corrective actions in response

to our concerns and recommendations. For example, in response to GAO's
concerns and recommendation, all five agencies now generally have systems in
place to set priorities among Superfund

sites- or portions of those sites- that are based on a consideration of the
relative risks that sites pose, among other factors. Also, by using a new
method to calculate the costs that it incurs to operate the Superfund
program, EPA should be able to recover more of the

indirect costs from responsible parties in cases in which EPA initially pays
for the cleanup. In addition, EPA is now taking steps to better manage its
contractor cleanup costs, and it has significantly reduced the percentage of
cleanup funds it spends on contractor overhead costs, such as salaries and
rent, rather than on

actual cleanups. EPA has met or exceeded its goal of spending no more than
11 percent of total contractor cleanup funds on overhead costs. Because of
the progress that has been made in addressing the management problems we
have identified (see table 5), we are removing our designation of high risk
for the Superfund program. (See page 67.)

Table 5: EPA's Superfund Program Improvements

Setting funding priorities based on a consideration of the health and
environmental risks posed by sites

Implementing a new process to help EPA recover more cleanup costs from
responsible parties

Taking steps to better control contractor costs

Strategic Human This year, we have designated human capital as a new

Capital governmentwide high- risk area. Federal programs Management Added

involving billions of dollars rely for their success on the to High- Risk
List performance of the federal government's people- its human capital.
However, after a decade of government downsizing and curtailed investments
in human capital,

it is becoming increasingly clear that today's federal human capital
strategies are not appropriately constituted to adequately meet current and
emerging needs of government and its citizens in the most effective,
efficient, and economical manner possible. Human capital management is a
pervasive challenge across the federal government. We have identified
shortcomings at multiple agencies involving key elements of modern human
capital management,

including strategic human capital planning and organizational alignment;
leadership continuity and succession planning; acquiring and developing
staffs whose size, skills, and deployment meet agency needs;

and creating results- oriented organizational cultures. As our Performance
and Accountability Series reports make clear, these human capital shortfalls
are eroding

the ability of some agencies to perform their core missions. Agencies have
made varying efforts to address their human capital needs, but must do more
to create a

strategic and integrated approach to human capital management and to
maximize their efforts within the context of current law. We have taken
steps to encourage and facilitate the adoption throughout government of a
greater human capital focus, pursuing vigorous outreach with federal
agencies, the Office of Management and Budget (OMB), the Office of Personnel
Management (OPM), and members of Congress in both houses and on both sides
of the aisle. OPM has begun stressing to agencies the importance of
integrating strategic human capital management with agency planning and has
also been focussing more attention on developing tools to help agencies,
such as new Senior Executive Service performance standards and a workforce
planning model with associated web- based

research tools. In addition, OPM has helped achieve incremental legislative
reforms to help attract and retain federal employees, such as compensation
flexibility for

selected specialist positions and employee benefit enhancements. In regards
to OMB, the President's fiscal year 2001 budget gave new prominence to human
capital management by making “align Federal human resources to support
agency goals” a Priority Management Objective and OMB's latest
Circular No. A- 11 guidance on preparing annual performance plans now states
that agencies' fiscal year 2002 annual performance plans should set goals in
such areas as recruitment, retention, training, appraisals linked to program
performance, workforce diversity, streamlining, and family- friendly
programs. While these actions are encouraging, the scope and magnitude of
the federal government's human

capital challenges will require additional actions on a range of issues as
well as sustained and forceful leadership to make the promise of these
initiatives a reality. Among the most encouraging developments over the past
two years has been the visibility given the human capital issue by the
Senate Committee on Governmental Affairs and its Subcommittee on Oversight
of

Government Management, Restructuring, and the District of Columbia. The
Subcommittee has held a series of hearings on human capital in which we
participated. The Committee and Subcommittee Chairmen both have recently
issued reports underscoring the urgency of addressing the federal
government's strategic human capital management problems. 3 In addition,
Congress recently passed legislation that enables federal agencies to
provide some education- related debt relief in exchange for government
service. This is a positive step; however, additional legislative actions
will ultimately be needed to attract and retain a skilled, knowledgeable,
diverse, and performance- oriented workforce for the future.

As a first step toward providing agencies with the tools and concepts to
help them improve their approaches to managing people, we have developed a
conceptual framework for assessing human capital management. 4 The framework
has guided our recent inquiries into strategic human capital management
governmentwide and at specific federal agencies, some of which are now using
the framework in their human capital planning efforts. We also developed a
set of questions for political appointees that the Senate may use during the

confirmation process to make clear its commitment to sound federal
management and to explore what prospective nominees plan to do to ensure
that their agencies recognize and enhance the value of their 3 See Report of
Senator Fred Thompson, Chairman, Committee on Governmental Affairs, on
Management Challenges Facing the New Administration, Part 2: Federal
Workforce Challenges, October 2000; and Report to the President: The Crisis
in Human Capital, report prepared by Senator George V. Voinovich, Chairman,
Subcommittee on Oversight of Government Management, Restructuring, and the
District of Columbia, Committee on Governmental Affairs, United State
Senate, December 2000.

4 Human Capital: A Self- Assessment Checklist for Agency Leaders (GAO/ OCG-
00- 14G, September 2000).

people. 5 Further, we will continue to provide Congress with sound and
reliable data gathering and analysis to help inform a consensus on what
governmentwide human capital reforms may be needed. (See page 71.)

In addition to adding human capital strategy to our highrisk list, we are
modifying the focus for our work involving a number of previously designated
high- risk areas.

High- Risk Programs The focus of our work involving specific high- risk
areas

Involving a may be modified over time as agencies progress in Modified Focus

addressing high- risk areas and as additional information about them is
developed from our work or becomes available as a result of implementation
of various federal management reform initiatives, such as the Government
Performance and Results Act and the Chief Financial Officers Act. For this
update, we are modifying the

scope of our high- risk concerns in the following areas involving HUD and
the Internal Revenue Service (IRS). HUD Single- Family

Recognizing the progress HUD has made, we are Mortgage Insurance reducing
the number of HUD program areas deemed to and Rental Housing be high risk.
Specifically, because of the actions taken by Assistance Program HUD in
response to our recommendations to improve its

Areas management controls over its Community Planning and

Development programs, we no longer believe this HUD program area is at high
risk. However, significant weaknesses (internal controls, information and
financial management systems, organizational deficiencies, and staffing
problems) still persist in two of HUD's major program areas which remain at
high risk- single- family mortgage insurance and rental housing assistance.
5 Confirmation of Political Appointees: Eliciting Nominees' Views on
Leadership and Management Issues (GAO/ GGD- 00- 174, August 11, 2000).

To reduce financial risks, HUD's FHA needs to continue to improve its
management over home mortgage loans made by private lenders that it insures
against nearly all losses. While various factors, including a strong
economy, have resulted in the accumulation of capital reserves of about $16.
6 billion on FHA- insured home loans valued at about $454 billion, we
estimate that FHA lost about $1. 9 billion during fiscal year 2000 on the
sale of foreclosed homes that it had insured. We and HUD's

Inspector General have identified opportunities to strengthen FHA's single-
family mortgage insurance program management and internal controls and
reduce financial risks. These include:

? strengthening the integrity of the single- family loan origination
process; ? promoting better monitoring of lenders, appraisers,

and property management and marketing contractors; and ? ensuring that
sufficient staff are available and have the skills needed to carry out FHA's
home loan mission.

In addition, making decent, affordable rental housing available for eligible
low- income households is a top priority for HUD. However, HUD is able to
serve fewer than half of the households who are eligible for assisted
housing. Consequently, it is essential that HUD ensure that these programs
are used efficiently and effectively to maximize the number of households it
can assist. While the Department has made improvements, there are still
significant opportunities to (1) reduce the $3. 1 billion in excess subsidy
payments made over the last 4

years by ensuring that only eligible families occupy housing units and that
those families are paying the correct rents; (2) ensure that providers of
rental housing maintain housing that is decent, safe, sanitary, and in good
condition; and (3) be certain that HUD has the capital resources and
controls it needs to detect and

address problems that exist in its rental housing assistance programs. (See
page 167.) Earned Income

We have narrowed the focus of the former high- risk area Credit called IRS
Tax Filing Fraud to better describe the scope Noncompliance of our current
concern- billions of dollars for Earned Income Credit (EIC) claims that IRS
paid but should not have. IRS estimates that it paid $7. 8 billion in such
claims for tax year 1997 but does not know how much stems from fraud. It is
likely that factors other than fraud contribute to taxpayers filing
erroneous EIC

claims. In 1998, with tools and funds provided by Congress, IRS began a 5-
year EIC compliance initiative involving a mix of customer service and
enforcement activities. In July 1998, we recommended that IRS develop
evaluation plans for each initiative component to provide timely data for
decisionmakers on the interim results of the initiative. 6 IRS is collecting
some data on initiative results, however, it is not sufficient to determine
whether projects have reduced the overall non- compliance rate.

Until sufficient data are available to demonstrate that IRS has implemented
effective controls over EIC noncompliance and the billions of dollars in
erroneous refunds that result, this remains a high- risk area. (See page
155.)

Collection of Unpaid IRS faces substantial challenges in carrying out one of
Taxes its key functions- collecting unpaid taxes. Unpaid taxes include (1)
delinquent taxes that IRS is attempting to collect, (2) taxes that IRS knows
are due but it has

decided not to pursue collecting, and (3) an unknown 6 Earned Income Credit:
IRS' Tax Year 1994 Compliance Study and Recent Efforts to Reduce
Noncompliance (GAO/ GGD- 98- 150, July 28, 1998).

amount of unpaid taxes that IRS has not identified. As of September 30,
1999, the inventory of unpaid tax assessments that had some collection
potential was $104 billion. Since 1997, some key collection actions, such as
levies and seizures, have declined. For example, levies have decreased
dramatically from fiscal years

1997 to 2000- from about 3. 7 million to about 220,000. These declines may
increase the incentives for taxpayers to either not report or underreport
their tax obligations. Because IRS lacks a measure of voluntary compliance,
it does not know the impact of recent declines in collection actions. As a
result, the former high- risk area that was called IRS receivables and

unpaid assessments, and designated as such in 1990, has been expanded. We
have made numerous recommendations to address the serious deficiencies in
IRS' financial management and operational systems that affect taxes
receivable and other unpaid assessments. These include recommendations to
correct systemic errors in taxpayer accounts that have led to instances of
both lost revenue

to the federal government and taxpayer burden, as well as to correct
systemic deficiencies that have led to violations of the Internal Revenue
Code. IRS is working to address these issues, but a sustained commitment by
IRS senior management and successful implementation of IRS' systems
modernization efforts will be needed to fully resolve these issues. (See
page 157.) The following sections discuss the important progress being made
to further resolve the remaining high- risk areas and the challenges that
are yet to be addressed in resolving them.

Resolving Serious We designated information security as a

Information governmentwide high- risk area in 1997 because growing

Security evidence indicated that controls over computerized Weaknesses
federal operations were not effective and because the

related risks were escalating, in part due to increasing reliance on the
Internet. In the months prior to issuance of our 1999 high- risk report, the
President had launched a national effort to protect our nation's public and
private critical computer- dependent infrastructures, and we had reported
significant information security weaknesses in 24 major federal agencies,
along with recommendations for improvements.

Since then, progress has been made, but recent audits show that federal
operations and assets continue to be highly vulnerable to computer- based
attacks. Several agencies have taken significant steps to redesign and
strengthen their information security programs; the Federal Chief
Information Officers Council has issued a guide for measuring agency
progress, which we assisted in developing; the President issued a National
Plan for

Information Systems Protection and designated the related goals of computer
security and critical infrastructure protection as a priority management

objective in his fiscal year 2001 budget; and government information
security reform provisions were enacted into law. These actions are
laudable. However, recent reports and events indicate that they are not
keeping pace with the growing threats and that critical operations and
assets continue to be highly vulnerable to computer- based attacks. We and
agency inspectors general have made scores of recommendations to agencies
regarding specific steps they should take to make their security programs
more effective. Most agencies have heeded these recommendations and taken at
least some corrective actions. However, more needs to be done, especially in

the area of security program management, which continues to be a widespread
and fundamental problem. Our May 1998 guide entitled Information Security
Management: Learning From Leading Organizations (GAO/ AIMD- 98- 68) provides
a roadmap for managing risks through an ongoing cycle of activities
coordinated by a central focal point, and, over the last two years, its

concepts have become more widely adopted throughout the federal government.
Government information security reform provisions included in the fiscal
year 2001 Defense Authorization Act, enacted in October 2000, require
agencies to adopt these risk management practices and require annual
management evaluations and independent audits of agency security programs.
Effective implementation of these legislative reforms could significantly
reduce the government's risks.

In addition to individual agency efforts, further action is needed at the
governmentwide level. While OMB, the Chief Information Officers (CIO)
Council, and the various federal entities involved in critical
infrastructure protection have expanded their efforts, it will be important
to maintain the momentum. For example, it is

important that these entities ensure that new tools, such as the CIO
Council's Security Assessment Framework, and new requirements, such as those
outlined in the fiscal year 2001 Defense Authorization Act, are implemented
effectively. Even more important will be ensuring that the activities
currently underway are coordinated under a comprehensive strategy and that
the roles and responsibilities of the numerous

organizations with central responsibilities are more clearly defined. As the
federal government moves forward in these areas, it will be important to
take advantage of the experience gained from Year 2000 conversion efforts,
which also involved mitigating risks to critical

computer- dependent operations. In October 1999, 7 we noted that several
factors associated with the Year 2000 efforts had laid a foundation for
longer- term improvements in the way people now view protecting computers
that support critical operations. These factors include

? providing high- level congressional and executive branch leadership, ?
understanding risks to computer- supported

operations, ? providing adequate technical expertise, ? providing standard
guidance, ? establishing public- private sector relationships, ?
facilitating progress and monitoring performance, ? developing an incident
identification and

coordination capability, and ? implementing fundamental information
technology management improvements. (See page 97.) Ensuring Major

Progress is being made to implement essential Technology

information technology management processes called Investments

for by the 1996 Clinger- Cohen Act and related federal Improve Services
guidance, but several large modernization efforts that are key to delivering
critical services continue to be at risk. In particular, these efforts
include those underway to provide safe and efficient air travel, to
modernize

federal tax processing and customer service operations, and to support
national defense operations. The Federal Aviation Administration (FAA), IRS,
and the Department of Defense (DOD), respectively, are taking steps to

implement modernization management capabilities to 7 Critical Infrastructure
Protection: Comprehensive Strategy Can Draw on Year 2000 Experiences (GAO/
AIMD- 00- 1, October 1, 1999).

address our recommendations, but these projects continue to face challenges
that could affect their cost, schedule, and performance.

FAA Air Traffic Over the past 19 years, the FAA Air Traffic Control Control

modernization effort, expected to cost a total of $45 Modernization

billion through fiscal year 2005, has experienced cost overruns, schedule
delays, and performance shortfalls of large proportions. Because of its
size, complexity, cost, and problem- plagued past, we designated this
program as a high- risk information technology initiative in 1995. Our work
over the years has pinpointed root causes of the modernization program's
problems,

including immature software acquisition capabilities 8 and the lack of a
complete and enforced architecture. 9 Since 1995, we have made over 30
recommendations to address root causes of the modernization's problems, and
FAA has initiated numerous activities in response to our recommendations.
However, in many areas, more must be done. For example, the agency
established a software acquisition process improvement initiative and is
working to develop a comprehensive systems architecture, but neither of
these efforts is complete. In the meantime, major projects continue to face
challenges that could affect their cost, schedule, and

performance. (See page 108.) 8 Air Traffic Control: Immature Software
Acquisition Processes Increase FAA System Acquisition Risks (GAO/ AIMD- 97-
47, March 21, 1997). 9 Air Traffic Control: Complete and Enforced
Architecture Needed for FAA Systems Modernization (GAO/ AIMD- 97- 30,
February 3, 1997).

IRS Tax Systems Over a decade ago, IRS began modernizing its inefficient
Modernization

and outdated systems used to process tax returns and respond to taxpayer
inquiries. In 1995 we designated this modernization effort as a high risk
and reported that it suffered from serious and pervasive management and

technical weaknesses, such as lack of an enterprise architecture or
“blueprint” for modernizing; lack of controls for selecting,
controlling, and evaluating system investments; and lack of mature system
development and acquisition processes. 10 To address these and other
weaknesses, we made a series of recommendations. Subsequently, the Congress
placed certain limitations on IRS' information technology spending and
directed IRS to take actions consistent with our outstanding
recommendations. The Congress has also legislated that we provide continuous
oversight of IRS' modernization spending plans. We have worked
constructively with IRS to ensure that it satisfies congressional direction
and implements our

recommendations, and we have made additional recommendations as appropriate
in light of IRS' actions. 11 In the last year, IRS has made important
progress in satisfying congressional direction and fully implementing our
recommendations. Nevertheless,

important work remains to be accomplished, such as 10 Tax Systems
Modernization: Management and Technical Weaknesses Must Be Corrected If
Modernization Is to Succeed (GAO/ AIMD- 95- 156, July 26, 1995). 11 For
example, see Tax Systems Modernization: Blueprint Is a Good Start But Not
Yet Sufficiently Complete to Build or Acquire Systems (GAO/ AIMD/ GGD- 98-
54, February 24, 1998); Tax Systems Modernization: Results of Review of IRS'
Initial Expenditure Plan (GAO/ AIMD/ GGD- 99- 206, June 15, 1999); Tax
Systems Modernization: Results of Review of IRS' March 7, 2000, Expenditure
Plan (GAO/ AIMD- 00- 175, May 24, 2000); and Tax Systems Modernization:
Results of Review of IRS' August 2000 Interim Spending Plan (GAO- 01- 91,
November 8, 2000).

completing and enforcing its enterprise architecture, implementing
investment portfolio management controls, and implementing disciplined
system/ software acquisition process controls. Until these and other
modernization management capabilities and controls are in place and
functioning, IRS will continue to risk spending hundreds of millions of
dollars on systems that do not perform as intended and cost more and take
longer to deploy than they should. (See page 112.)

DOD Systems DOD systems modernization efforts were designated Modernization

high risk in 1995. DOD spends about $20 billion annually on information
technology (IT) to support a wide range of military operations and business
functions and additional tens of billions of dollars more on technology
embedded in sophisticated weaponry. This heavy reliance will only grow as
the Department moves to modernize and respond to technological advances.

To effectively and efficiently leverage the huge sums of money that the
Department plans to invest in IT, DOD will need to use IT implementation and
oversight processes called for by the Clinger- Cohen Act, which we have
recommended to DOD and the Congress has

reemphasized. To date, the Department has been challenged in its efforts to
implement these fundamental management controls, and although progress is
being made, much remains to be accomplished. For example, we have
recommended that DOD place a high priority on completing an electronic
commerce implementation plan; finishing an electronic commerce architecture;

establishing clearer lines of program management responsibility, authority,
and accountability; and ensuring that all new electronic commerce
initiatives

support the Department's strategic goals and have meaningful performance
measures. 12 (See page 116.) Providing Basic

Agencies continue to make progress implementing the Financial improvements
called for by the Congress through the Accountability Chief Financial
Officers (CFO) Act and other financial management reform legislation. These
efforts will have to be sustained and built upon to attain the “end
game”

of having timely, accurate, and useful financial and other important
management information to make decisions and monitor government performance
every day. We are working with OMB, the Department of the Treasury, and
agencies across government to identify and recommend financial management
improvements.

An important milestone for each agency is to receive an unqualified, or
“clean” opinion on its annual financial statements. Steady
progress is being made in the number of agencies that have been able to do
so. For these agencies, it will be important to maintain the ability to
obtain unqualified opinions on their annual financial statements and to
further improve financial

reporting in areas such as reporting costs and measuring performance.

Several major departments are not yet able to produce auditable financial
statements on a consistent basis, and a sustained commitment by these
agencies will be needed for continued progress. Producing auditable
financial statements is important in order to have this information
available for use by the Congress in overseeing agency programs, by agency
managers in maintaining accountability and managing operations,

and by Treasury in preparing the legislatively required 12 Defense
Management: Electronic Commerce Implementation Strategy Can Be Improved
(GAO/ NSIAD- 00- 108, July 18, 2000).

governmentwide financial statements. Further, many agencies have been able
to obtain unqualified audit opinions only through heroic efforts, which
include using extensive ad hoc procedures and making billions of dollars in
adjustments to derive numbers as of a single point in time- the end of the
fiscal year. Agencies do not yet have the financial systems needed to
dependably produce annual financial statements and

other financial information needed to manage day- today operations. For
fiscal year 1999, agency financial auditors have reported that 21 of 24
major agencies' financial systems do not comply substantially with federal
accounting standards or financial systems and

other requirements. Financial management at the agencies with the most
significant problems (DOD, the Forest Service, FAA, and IRS) have been
designated as high risk. DOD Financial

Considering DOD's vast operations, including an Management estimated $1
trillion in both assets and reported liabilities and a reported net cost of
operations of $378 billion in fiscal year 1999, effective asset
accountability and reliable financial information are critical. The

Department continues to confront pervasive and complex financial management
problems that can seriously diminish the efficiency of the military
services' support operations. Since 1995, when we designated DOD financial
management as high risk, the Department

has made progress in a number of areas, both larger steps forward and
smaller incremental improvements. However, DOD has a long way to go to
effectively address these problems.

We have testified 13 that: ? DOD's financial reporting continues to be
inaccurate.

No major part of DOD's operations has been able to prepare financial
statements that comply with generally accepted accounting principles and
pass the test of an independent financial audit. The most recent audits of
DOD's financial statements- for fiscal year 1999- highlight ongoing
financial management challenges that affect the development of accurate and
complete financial information. Weaknesses include an inability to reconcile
an estimated $7 billion difference between its available

fund balances and Treasury's. In addition, while the Department reported the
total net costs for its operations as $378 billion, it could not justify
this amount. ? DOD does not have an effective process in place to

comprehensively and accurately report liabilities associated with its
environmental and disposed costs. DOD has taken important steps to better
recognize and report on these liabilities, increasing its reported estimated
liabilities from $34 billion in its fiscal year 1998 financial statements to
$80 billion in fiscal year 1999. ? DOD has been unable to maintain effective
accountability over its weapon systems and support equipment and its huge
investment in inventories.

Lacking such accountability could affect supply responsiveness and purchase
decisions. ? DOD has acknowledged that its current financial

management systems (1) are flawed with decadesold problems that will take
time to resolve, (2) for the most part do not comply with federal financial
management systems requirements, and (3) were not designed to collect data
in accordance with generally 13 Department of Defense: Progress in Financial
Management Reform (GAO/ T- AIMD/ NSIAD- 00- 163, May 9, 2000).

accepted accounting principles. The Department has set out an integrated
financial management system goal. However, it faces a significant challenge
in integrating its financial management systems

because of its size and complexity and the condition of its current
financial management operations. Successfully completing efforts to prepare
financial statements that can withstand the test of an audit will be a key
milestone for DOD. It will also be a milestone for the federal government as
a whole since the government's consolidated financial statements cannot be
given a clean audit opinion until DOD's financial statements are auditable.
As we recently testified, many of DOD's planned financial management
improvement initiatives need to be designed to result in more than just a
one- time, yearend

number for financial statement purposes. In the long term, sustaining the
strong commitment we have seen over the past few years from the highest
levels of DOD leadership- a commitment that must extend to the next
Administration- will be needed to overhaul DOD's financial management
systems and to focus on the rudimentary processes and controls needed to
routinely generate reliable financial information. (See page 122.)

Forest Service We designated the Forest Service's financial Financial

management high risk in 1999. Since the first audit of the Management

Forest Service's financial statements, which covered fiscal year 1991, the
USDA's Inspector General (IG) has found serious accounting and financial
reporting weaknesses, some of which continue to exist today. While the
Forest Service has committed considerable resources and has progressed in
addressing some of its

long- standing financial management deficiencies, much work remains.

In fiscal year 1999, the IG was unable to determine the accuracy of the
reported $3. 1 billion in net property, plant, and equipment, which
represented 51 percent of the agency's total assets. Also, the IG identified
significant accounting and reporting weaknesses in the Forest Service's fund
balance with Treasury accounts and in its financial management systems.

The Forest Service implemented a new accounting system agencywide on October
1, 1999, as scheduled. However, it faces a number of challenges related to
consolidating, integrating, and reengineering its financial management
feeder systems and reorganizing its field structure to ensure clear lines of
responsibility and accountability within each region. The Forest Service has
completed several corrective actions and has begun others that, if
successfully carried through, will represent important steps toward
achieving financial accountability. The Forest Service must sustain top
management commitment and have substantial additional resources devoted to
addressing its accounting and reporting weaknesses. The Forest

Service will also need to address material internal control weaknesses that
limit its ability to maintain accountability over its assets on an ongoing
basis. (See page 127.)

FAA Financial In January 1999, we designated FAA's financial Management
management as a high- risk area because of serious and long- standing
accounting and financial management weaknesses. FAA received its first ever
unqualified opinion on its fiscal year 1999 financial statements,

which represents progress from prior years when the IG was unable to express
an opinion on FAA's financial statements. This represents an important
milestone, but it took heroic efforts to achieve that unqualified opinion.
FAA has not yet proven it can sustain this outcome, and

it has not reached the end goal of routinely having timely, accurate, and
useful financial information. For example, because FAA lacks an adequate
system to account for its property, plant, and equipment (PP& E) on an
ongoing basis, it had to use alternative procedures

and labor- intensive methods to establish a PP& E baseline and PP& E costs,
reported to be $10. 8 billion at the end of fiscal year 1999. FAA also lacks
a cost accounting system or an alternative means to meaningfully accumulate
and report its costs. FAA has efforts underway to develop new systems for
maintaining PP& E records and providing cost accounting capabilities. Until
FAA has financial

management systems and related procedures and controls that provide reliable
information for (1) preparing its financial statements and reports, (2)
accounting for its PP& E on an ongoing basis, and (3) meaningfully
accumulating and reporting its costs for programs and activities, FAA
financial management will continue to be at high risk. In addition, FAA's
unqualified audit opinion will be difficult to sustain while these problems
continue to exist. (See page 131.)

IRS Financial We designated IRS financial management as high risk in
Management 1995. IRS has neither the reliable financial and operational
information needed to measure the full cost of administering the Internal
Revenue Code nor the data to report meaningful, cost- based performance

information. As a result, IRS management and the Congress lack the
information to determine whether IRS has the appropriate levels of funding
and staff and is

effectively using them. Because of these problems, we were unable to render
audit opinions on four of IRS' six financial statements, and our opinion on
its balance sheet was qualified for

fiscal year 1999. IRS was able to reliably report the amounts of tax revenue
collected and related refunds disbursed during fiscal year 1999 and the
balance of taxes receivable outstanding at fiscal year- end. However, to
achieve this, IRS depended on successfully completing extensive and time-
consuming ad hoc procedures to compensate for its long- standing and

pervasive internal control weaknesses. As our audits of IRS' financial
statements have identified, IRS' primary internal control weaknesses relate
to several areas. 14 For example, severe

weaknesses in accounting, reporting, and budgetary controls rendered IRS
unable to reliably report how it spent the $8. 5 billion it was appropriated
by the Congress in fiscal year 1999. Also, internal controls over tax
receipts and data do not adequately protect the federal government and
taxpayers from the vulnerability to loss from theft and inappropriate
disclosure of proprietary taxpayer information. Additionally, serious
internal control deficiencies affect IRS' management of unpaid tax
assessments. IRS still lacks a subsidiary ledger that tracks and accumulates
unpaid tax assessments on an ongoing basis. Further, significant

and long- standing weaknesses in controls over information systems have been
reported for the past 7 years. We also found that computer security controls
over IRS' key applications that manage budget execution, tax return input,
and receipt processing did not provide assurance that only authorized
personnel

had access to the application and related data, that the data were complete
and accurate, and that application and data integrity was maintained.

IRS has taken action on a number of the financial management issues we have
identified, and has shown a

14 Financial Audit: IRS' Fiscal Year 1999 Financial Statements (GAO/ AIMD-
00- 76, February 29, 2000).

strong commitment to resolving these issues. In particular, IRS has worked
aggressively to address a number of issues that are not dependent on systems
modernization for their resolution. IRS also recognizes, however, that the
resolution of many of its financial

management issues depends on the success of its systems modernization
efforts. (See page 135.)

Reducing Our work to identify performance and accountability

Inordinate Program challenges has shown material weaknesses in several
Management Risks

major program and mission areas across government. We have designated and
continue to monitor them as high risk because the underlying problems can
significantly impair service, reduce effectiveness, or diminish efficiency.
Although agencies are making progress in addressing inordinate program
management risks, until additional progress is made, these programs will
remain high risk. Addressing the weaknesses in high- risk program management
areas can significantly reduce government costs and improve services.
Medicare Program The Medicare program, which is administered by the

Health Care Financing Administration (HCFA) in the Department of Health and
Human Services (HHS), was designated a high- risk area in 1990 and remains
so today. Medicare is inherently challenging to manage because of its sheer
size and vast range of participants- including

about 40 million beneficiaries and nearly a million physicians, hospitals,
and other providers. In fiscal year 2000, Medicare outlays totaled an
estimated $218 billion. As the baby boom generation becomes eligible for
benefits, program spending will significantly increase. Absent any program
reforms, the Medicare program is expected to double its share of the
national economy by 2075, according to the Medicare Trustees' 2000 Annual

Report. Moreover, a panel of experts advising the Trustees recently
concluded that, based on projections of future health care costs, the
estimate of future

Medicare expenditures should be increased significantly, which would
dramatically add to the program's projected long- term deficits. These
projections exclude consideration of any potential program changes, such as
the addition of a prescription drug benefit.

In recent years, some of the companies that contract with the government to
pay physicians, hospitals, and other providers that bill Medicare had
defrauded the program or had not rigorously safeguarded the program's
payments. Breakdowns in payment safeguards were due partly to HCFA's weak
efforts to monitor and evaluate contractors' performance and partly to the
lack of information on how providers

responded to Medicare's various payment policies. For fiscal year 1999, the
HHS Inspector General estimated that about $14 billion of the $171 billion
in Medicare's

fee- for- service payments were improper because claims lacked appropriate
documentation, were not for Medicare- covered services, or were for services
deemed not medically necessary. We made several

recommendations to strengthen HCFA's oversight of Medicare's claims
administration contractors, and the agency has taken steps in this
direction. 15 Nevertheless, other vulnerabilities exist. New prospective
payment methods, along with Medicare's method for paying managed care plans,
are designed to dampen providers' incentives to deliver unnecessary care but
may result in providers' achieving gains by inappropriately reducing patient
care. Because all payment methods can be subject to inappropriate
manipulation, the ability to promptly generate and 15 Medicare Contractors:
Despite Its Efforts, HCFA Cannot Ensure Their Effectiveness or Integrity
(GAO/ HEHS- 99- 115, July 14, 1999) and Medicare Contractors: Further
Improvement Needed in Headquarters and Regional Office Oversight (GAO/ HEHS-
00- 46, March 23, 2000).

analyze consistent, reliable data on payments and service utilization is a
crucial program safeguard. However, HCFA lacks data that are timely,
accurate, and

useful on payment and service use trends essential to effective program
monitoring. This will likely remain a problem for some time to come. HCFA's
efforts to modernize its information systems are still largely in the early
stages, but the agency has begun revamping its financial management, managed
care, and claims database systems in a concerted effort to improve program
management. 16 (See page 141.)

Supplemental Supplemental Security Income (SSI) overpayments and Security
Income

outstanding debt owed to the program remain at high levels. In fiscal year
1999, outstanding SSI debt and newly detected overpayments for the year
totaled more than $3. 8 billion. We designated SSI high risk in 1997. We
subsequently issued numerous recommendations aimed

at strengthening the Social Security Administration's (SSA) ability to
better verify recipients' financial eligibility for the program and recover
overpayments. 17 In response, SSA has taken steps in coordination with the
Congress, to improve the financial integrity and

management of SSI. For example, SSA submitted its first major SSI
legislative proposal in 1998, which included numerous overpayment deterrence
and recovery provisions that directly responded to our prior
recommendations. Many of these provisions were incorporated into the Foster
Care Independence Act, which was signed into law in 1999. Other actions
taken by SSA in response to our recommendations include 16 Medicare: HCFA
Faces Challenges to Control Improper Payments (GAO/ T- HEHS- 00- 74, March
9, 2000).

17 Supplemental Security Income: Action Needed on Long- Standing Problems
Affecting Program Integrity (GAO/ HEHS- 98- 158, September 30, 1998).

enhancing its computer matching efforts to better verify recipient
eligibility and significantly increasing its reviews of recipient financial
status. SSA's initiatives have the potential to significantly improve SSI
management and financial integrity.

However, many of the problems facing the program are attributable to more
than 20 years of inattention to payment controls and will take time to
correct. Thus,

SSA should move forward in fully implementing debt collection tools already
available to it, continue to develop additional ways to improve program
management and integrity, and seek legislative changes as appropriate. Until
additional progress is made, the SSI program will remain at high- risk of
waste, fraud, abuse, and continued overpayments. (See page 151.)

DOD Infrastructure DOD infrastructure management was identified as a
Management

high- risk area in 1997. DOD defines infrastructure as those activities that
provide support services to mission programs, such as combat forces, and
primarily operate from fixed locations. The activities include such program
elements as installation support, acquisition infrastructure, central
logistics, and central training, central medical and central personnel. In
fiscal year 2001, approximately $33 billion of infrastructure costs related
to maintenance and upkeep of facilities across these program elements are
expected. Infrastructure costs continue to consume a larger than necessary
portion of DOD's budget. Although the United States has made significant
reductions in defense force

structure and military spending since the end of the Cold War, it has not
achieved commensurate reductions in operations and support infrastructure
costs. As the Department has sought to bring about a revolution in military
affairs, it has realized that it must transform its support infrastructure
to become leaner and more efficient to serve the warfighter faster, better,
and

cheaper. However, planned savings from outsourcing initiatives of about $9.
2 billion by 2005, are likely to be smaller than expected. DOD has also
realized that highpriority

needs such as weapons modernization can be fulfilled only with a large
influx from infrastructure savings. The effectiveness of many civilian
agencies has also been undermined by outmoded organizational structures that
drain resources needed to make improvements to mission delivery
capabilities.

DOD has made some progress in reducing infrastructure costs, principally
through the congressionally approved Defense Base Closure and Realignment
process. However, significant opportunities for further reductions remain.
18 The Department projects that additional base closure rounds could produce
new savings of about $3. 4 billion a year once realignment and

closure actions were completed and the costs of implementing these actions
were offset by savings. As we have recommended, DOD needs to develop a plan
to better integrate, guide, and sustain the implementation of its diverse
defense reform initiatives and an approach for making key investment
decisions. Key reform initiatives, such as acquisition, financial
management, and logistics reform, could be strengthened if addressed in an
integrated fashion. DOD also needs to develop a comprehensive long- range
plan for its facilities infrastructure that addresses facility requirements,
recapitalization, and maintenance and repair needs. Development of such a
plan could be significantly affected by DOD's ability to reach

agreement with the Congress on the need for additional base realignment and
closure rounds. The infrastructure problems in civilian agencies also
suggest the possible 18 Defense Management: Actions Needed to Sustain Reform
Initiatives and Achieve Greater Results (GAO/ NSIAD- 00- 72, July 25, 2000).

relevance of a civilian facility closure and realignment process. 19 (See
page 159.)

DOD Inventory Management of DOD's $64 billion inventory of spare and

Management repair parts has been a high- risk area since 1990. While DOD has
taken actions to improve inventory management, including reducing the amount
of inventory it holds, our past and current work in this area

indicates that DOD is (1) continuing to store unnecessarily large amounts of
material, (2) purchasing material for which there is no valid requirement,
(3) experiencing equipment readiness problems because of a lack of key spare
parts, and (4) not maintaining adequate visibility over material being
shipped to and from military activities. As shown in figure 1, about half of
the $64 billion inventory exceeds war reserve or current operating
requirements.

19 Budget Issues: Effective Oversight and Budget Discipline Are Essential-
Even in a Time of Surplus (GAO/ T- AIMD- 00- 73, February 1, 2000).

Figure 1: DOD Inventory That Exceeded Requirements as of September 30, 1999

$29.6 Exceeds war reserves and

current operations $34.4

War reserves and current operations

Dollars in billions

Source: GAO Analysis

Also, as of September 30, 1999, DOD records showed that the Department had
inventory on order valued at about $1. 6 billion that would not have been
ordered based on current requirements. As we have recommended, DOD needs to
expand its efforts to make greater use of supply- chain best management
practices similar to those used in the private sector, such as using

highly accurate information systems to track and control inventory and
employing various methods to speed the flow of parts through the logistics
pipeline. 20 (See page 164.) 20 Defense Logistics: Actions Needed to Enhance
Success of Reengineering Initiatives (GAO/ NSIAD- 00- 89, June 23, 2000).

Student Financial Aid The Department of Education has addressed many of
Programs

the issues involving student financial aid programs, and the national
student loan default rate is the lowest ever- 6. 9 percent for fiscal year
1998, the most recent year for which data are available. The lower default
rate has been attributed to a robust economy, better management by the
Department, tougher enforcement tools authorized by the Congress, and
stepped up efforts

by colleges, lenders, guaranty agencies, and other participants in the
federal loan program.

However, the Department continues to face challenges managing student
financial aid programs. Despite the reduction in default rates, the risk of
default continues and the downturn in default rates may not continue if
economic conditions decline. Further, the annual costs of defaults remain
substantial- about $4. 3 billion in fiscal year 1999 alone; over $28 billion
over the last ten years. 21

Student financial aid programs continue to be high risk primarily because
the Department lacks the financial and management information needed to
manage these programs effectively and the internal controls needed to
maintain the integrity of their operations. For example, because the
Department did not properly account for and analyze transactions for its
guaranteed student loan program or properly reconcile related accounting and

budgetary accounts, the Department could not be assured that its financial
or budgetary reports were accurate. In addition, continued weaknesses in

information systems controls increase the risk of disruption in services and
make the Department's loan data vulnerable to unauthorized access,
inadvertent or deliberate misuse, fraudulent use, improper disclosure, 21
Some default costs may have been recovered through collections of previously
defaulted amounts.

or destruction, all of which could occur without detection. With the
exception of fiscal year 1997, Education has not received an unqualified, or
“clean,” opinion on its financial statements since its first
agencywide audit in 1995. Moreover, Education's OIG has been pursuing those
suspected of defrauding the federal government. For example, in the last
four fiscal years (fiscal years 1997 - 2000) Education's OIG opened 1030
fraud investigative cases and achieved 737 closures, including 268
convictions or guilty or “no contest” pleas. (See page 173.)
Asset Forfeiture

The asset forfeiture programs operated by the Programs

Department of the Treasury and the Department of Justice also remain high
risk. As of September 30, 1999, the combined value of assets in these two
programs was more than $1 billion. Both programs also hold large amounts of
nonvalued assets such as illegal drugs and weapons. In 1990, we designated
these programs as high risk because they did not adequately focus on
managing the items seized and Treasury and Justice had not

formed a plan to consolidate postseizure administration of certain
properties to eliminate duplication of resources and reduce administrative
costs.

We have made recommendations to certain Treasury and Justice entities
relating to improving accountability and stewardship over property seized,
primarily illegal drugs and weapons. These entities have taken many actions
to address our recommendations. However, challenges remain to address the
programs' continued weaknesses in accountability for and reporting of seized
and forfeited property.

Legislation in 1988 required Treasury and Justice to develop a plan to
consolidate their seized property management functions. In 1991, we
recommended that they consolidate the postseizure management and disposition
of noncash seized properties to reduce administrative costs. 22 Although the
Departments have not made plans for consolidating their programs, in
September 2000, they contracted for a study to identify opportunities for
increased cooperation and sharing of agency and contractor resources. Until
this study is complete, the federal government will have missed
opportunities for achieving reductions in administrative costs. (See page
178.)

Managing Large Federal agencies spend billions of tax dollars each year
Procurement

to acquire goods and services- ranging anywhere from Operations More
multibillion- dollar weapon systems to complex space Efficiently and
satellite systems. In recent years, the acquisition process has become more
streamlined as new contract vehicles and techniques have allowed agencies to
buy

what they need much faster than in the past. Progress is being made. As we
recently testified, reforms undertaken by the Congress and the
Administration have focused largely on simplifying the process,

particularly for buying commercial products and services, and on attempting
to improve decisionmaking. 23 Agencies themselves have also made
improvements in the way they relate to and oversee

their contractors. 22 Asset Forfeiture: Noncash Property Should be
Considered Under the Marshals Service (GAO/ GGD- 91- 97, June 28, 1991). 23
Federal Acquisition: Trends, Reforms, and Challenges (GAO/ T- OCG- 00- 7,
March 16, 2000).

Nevertheless, many initiatives now underway will take a number of years to
implement and demonstrate concrete results. And, as our reviews have shown,
additional efforts need to be undertaken to adopt and implement best
practices that have proven successful in the private sector. 24 Our work
continues to show that some of the government's largest procurement

operations are not always run efficiently, and we have recommended ways to
operate them better. DOD Weapon DOD spends close to $100 billion annually to
research, Systems Acquisition

develop, and acquire weapon systems. We designated weapon system acquisition
as high risk in 1990 because our reviews continually identified persistent
problems regarding (1) questionable requirements and solutions that were not
the most cost- effective available, (2) unrealistic cost, schedule, and
performance estimates, (3) questionable program affordability, and

(4) the use of high- risk acquisition strategies. The effect of these
problems is significant. We continue to uncover and report on examples of
weapon system programs with questionable mission needs. For

example, the Air Force and Navy continued their plans to spend $5 billion
acquiring 19, 000 Joint Standoff Weapons even though the ability to use the
weapon against moving and relocatable targets was significantly less than
originally projected. Moreover, we continue to identify programs facing
significant performance and schedule risks because of technical challenges
and compressed schedules. For example, the Navy was

moving toward a full rate production decision on the MV- 22 Osprey aircraft
without having an appropriate level of confidence that the program would
meet design parameters as well as cost and schedule objectives. 24 Defense
Acquisition: Employing Best Practices Can Shape Better Weapon System
Decisions (GAO/ T- NSIAD- 00- 137, April 26, 2000).

Overall, our reviews have also found that DOD tends to overestimate the
availability of future funding, and, when coupled with the tendency to
underestimate program costs, this has resulted in the advent of more
programs than could be executed as planned. Thus,

tension still exists between wants and needs- such as buying new weapons and
sustaining existing weapons- and what can be afforded. While these problems
have proven resistant to past reform efforts, we are finding that the best
practices employed by leading commercial firms to develop new products offer
different and promising solutions. More specifically, our reviews have shown
that product development in commercial ventures is a clearly defined
undertaking that will not be started unless a firm has the technology in
hand to meet customers' needs. Moreover,

successful firms demand and receive specific knowledge about a new product
before they begin production. They do not proceed with a particular program
unless a strong business case on which the program was originally justified
continues to hold true. 25 We believe that DOD should follow best commercial

practices unless there is a clear and compelling reason not to.

DOD has many acquisition reform initiatives in process and, as we
recommended in our series of best practice reports, has taken some steps to
attain the same kinds of outcomes achieved by leading firms. A few programs
have exhibited some of these features in the early stages

of development, but it would be premature to interpret this progress as
evidence that systemic change has occurred in DOD's acquisition process. The
key to meaningful change will depend on whether DOD, with the support of the
Congress, can institute new incentives 25 Defense Acquisition: Employing
Best Practices Can Shape Better Weapon System Decisions (GAO/ T- NSIAD- 00-
137, April 26, 2000).

and a different environment through individual decisions. (See page 184.)
DOD Contract

In contracting for goods and services, DOD also Management

continues to experience significant challenges related to (1) improving
oversight and accountability in the acquisition of services, (2) preventing
erroneous and improper payments being made to its contractors- for fiscal
years 1994- 99, DOD reported that contractors returned nearly $5. 3 billion,
26 (3) implementing commercial practices for contract pricing, 27 and

(4) managing health care contracts. 28 As a result, serious risks pervade
nearly every aspect of the acquisition process- from not having the skills,
knowledge, and succession planning needed to effectively manage large

procurements; to lacking assurance that the Department is obtaining fair and
reasonable prices; to overpaying contractors by billions of dollars. As a
result, we have reported DOD contract management as a high- risk area since
1992. Over the last few years, partly in response to recommendations made
through many of our reviews, DOD has made meaningful changes to improve the
way it relates to contractors and the rules governing these relationships-
such as introducing performance metrics to measure changes in contracting
processes and undertaking initiatives to improve contractor payment
processes. Nevertheless, these changes are by no means

complete, and acquisition reform, with its emphasis on 26 Financial
Management: Billions in Improper Payments Continue to Require Attention
(GAO- 01- 44, October 27, 2000). 27 Contract Management: DOD Pricing of
Commercial Items Needs Continued Emphasis (GAO/ NSIAD- 99- 90, June 24,
1999). 28 Defense Health Care: Operational Difficulties and System
Uncertainties Pose Continuing Challenges for TRICARE (GAO/ T- HEHS- 98- 100,
February 26, 1998).

widespread reengineering of fundamental processes, continues to need
attention at the highest levels in DOD. In particular, DOD still must
address a range of major workforce challenges; resolve underlying weaknesses
related to contractor payments, including accounting system deficiencies;
and successfully implement

improvement actions related to health care contracts. (See page 193.)
Department of The Department of Energy (DOE), the largest civilian Energy
Contract

contracting agency, relies primarily on contractors to Management operate
its facilities and carry out its missions. In fiscal year 1999, DOE
obligated about $15.5 billion, or about 90

percent of its total obligations, to contracts. Since 1990 we have
designated DOE's contract management as high risk because of the challenges
the agency faces. Over the

years we and others have reported on these challenges which include
noncompetitive awards, cost and schedule overruns, inadequate oversight of
contracts, and an inability to hold contractors accountable. In response,
DOE has begun numerous initiatives to address the challenges. For instance,
partly in response to issues raised by our reviews, DOE has acted to include
performance incentives in contracts, 29 and it created a new office to
implement policies and procedures to improve project management and
oversight. Although progress is being made, many of the

initiatives DOE is undertaking will take a number of years to fully
implement. Further, since DOE uses contractors to manage many aspects of its
missions, initiatives to improve contract management need to be directed at
the underlying culture of the organization. (See page 200.)

29 National Laboratories: DOE Needs to Assess the Impact of Using
Performance- Based Contracts (GAO/ RCED- 99- 141, May 7, 1999).

NASA Contract The National Aeronautics and Space Administration Management

(NASA) spends more than $12 billion annually for goods and services to
support space exploration as well as science and engineering efforts. In
1990, we identified NASA's contract management as an area at high risk
because it lacked effective systems and processes for

overseeing contractors' activities and because field centers were not
complying with contract management requirements.

NASA has made progress toward resolving these problems, especially with
regard to improving oversight of procurement practices, but key steps
remain. Specifically, NASA has not made as much progress in implementing a
new integrated financial management system, which is critical to effective
management of procurement resources. Also, to complete work on its

largest contract for the International Space Station, NASA still relies on
contract changes that initiate new work before NASA and the contractor agree
on a final estimated cost and fee- a risky practice because it increases the
potential for cost and scheduling delays. 30 (See page 206.) 30 Space
Station: Prime Contract Changes (GAO/ NSIAD- 00- 103R, May 11, 2000).

Substantial Progress Made to Resolve Several High- Risk Areas The government
continues to make progress toward long- needed improvements in high- risk
areas. In several cases, legislation and oversight by the Congress and
actions by agencies, including those in response to our recommendations,
have resulted in substantial

improvements. For five areas, progress in resolving problems in, or other
factors affecting, high- risk areas warrant our removing the high- risk
designation. These include two areas that were dependent on time- related
events that have already occurred and two areas that were first identified
as high risk when our initiative began 11 years ago.

? Year 2000 Computing Challenge ? The 2000 Census ? National Weather Service
Modernization ? Farm Loan Programs ? Superfund Program

Year 2000 Because of the urgent nature and potential widespread Computing
impact of the Year 2000 problem on critical government Challenge

operations, in February 1997 we designated it a high- risk area across the
federal government. In particular, as we reported in April 1998, the public
faced a high risk that critical services provided by the government and the
private sector could be severely disrupted by this problem. 1 Our purpose in
designating the Year 2000

computing challenge as high risk was to stimulate greater attention to
assessing the government's exposure to Year 2000 risks and to strengthen
planning for achieving Year 2000 compliance for mission- critical systems.

The federal government was initially slow in addressing the Year 2000
challenge but, as the date grew closer, the government's response improved.
In its first governmentwide quarterly progress report, the Office of
Management and Budget (OMB) reported that, as of May

15, 1997, only 21 percent of the 24 major federal departments' and agencies'
mission- critical systems were compliant. In July 1997, we testified on this
report and found that there was ample evidence that OMB and key federal
agencies needed to heighten their levels of concern and move with more
urgency. 2

Subsequent to our July 1997 testimony, additional federal government
attention began to be paid to the Year 2000 problem. For example, in
September 1997, OMB began to place agencies into one of three tiers based on
their progress. Agencies in the tier that

1 Year 2000 Computing Crisis: Potential for Widespread Disruption Calls for
Strong Leadership and Partnerships (GAO/ AIMD- 98- 85, April 30, 1998). 2
Year 2000 Computing Crisis: Time is Running Out for Federal Agencies to
Prepare for the New Millennium (GAO/ T- AIMD- 97- 129, July 10, 1997).

indicated insufficient evidence of progress came under additional scrutiny,
including reporting on their progress monthly and meeting with high- level
Administration officials. By December 1997, expressing its concern about
whether agencies would have enough time to adequately test mission- critical
systems in production settings, OMB accelerated two of its governmentwide
target milestones- moving up the date for completing renovation by 3 months
and for implementation by 8 months. Finally, in 1999, according to OMB's
Director, the Administration designated resolving the Year 2000

problem as its foremost management objective. By December 1999, OMB reported
that 99.9 percent of the 24 major federal departments' and agencies'
missioncritical systems were compliant.

One of the most significant actions taken by the Administration on the Year
2000 issue was establishing the President's Council on Year 2000 Conversion,
which

played an essential role in the government's response. The Council was
established by the President in February 1998, and its Chair was tasked with
(1) overseeing the activities of agencies; (2) acting as chief

spokesperson in national and international forums; (3) providing policy
coordination for executive branch activities with state, local, and tribal
governments; and

(4) promoting appropriate federal roles with respect to private- sector
activities. The Council took many actions between its inception and its
conclusion of operations at the end of March 2000. These actions included
working with the United Nations, state and local governments, and the
private

sector on the Year 2000 issue. For example, consistent with recommendations
in our April 1998 report, the Council established over 25 sector- based
working groups and conducted outreach activities, and the Chair directed the
Council's sector working groups to assess

the status of their sectors. 3 In 1999, the Council issued four public
reports summarizing these assessments. The last of these reported that,
since the Council's first report in January 1999, considerable progress had
been made in both the public and private sectors, and it concluded that it
was unlikely that there would be major national failures or breakdowns
related to the Year 2000.

As a result of this increased government response to the Year 2000 computing
challenge, by November 1999, we testified that substantial progress had been
made to reduce Year 2000 risks to the public. 4 Indeed, during the

century- change and leap- day rollover period, most Year 2000- related
errors reported by the federal government were minor and did not have an
effect on operations or the delivery of services. 5 Even those that were
significant (that resulted in degraded service or, if not corrected, would
have so resulted) were mitigated by quick action to fix the problem or by
implementing contingency plans. Sustained bipartisan and bicameral
congressional leadership played a key role in addressing the Year 2000
challenge. The Congress held agencies responsible for demonstrating progress
and heightened public awareness of the problem by holding over 100 hearings.

In particular, the Senate Special Committee on the Year 2000 Technology
Problem and the House Year 2000 Task Force- co- chaired by the Subcommittee
on Government Management, Information and Technology of the Committee on
Government Reform, and the 3 GAO/ AIMD- 98- 85, April 30, 1998. 4 Year 2000
Computing Challenge: Noteworthy Improvements in Readiness But
Vulnerabilities Remain (GAO/ T- AIMD- 00- 37, November 4, 1999). 5 Year 2000
Computing Challenge: Leadership and Partnerships Result in Limited Rollover
Disruptions (GAO/ T- AIMD- 00- 70, January 27, 2000).

Subcommittee on Technology of the Committee on Science- played major
leadership roles. The Congress also passed legislation to facilitate the
nation's Year 2000 work, including passing the Year 2000 Information and
Readiness Disclosure Act, which provided limited exemptions and protections
for the private sector in order to facilitate the sharing of Year 2000
readiness

information. In addition, to help agencies mitigate their Year 2000 risks,
we produced a series of guides and reports. Our guides provided systematic
approaches to enterprise readiness, business continuity and contingency
planning, testing, and day one planning. 6 Federal

agencies and other organizations used these guides widely to help organize
and manage their Year 2000 programs. In addition, we issued over 160 reports
and testimony statements detailing specific findings and recommendations
related to the Year 2000 readiness of both the government as a whole and a
wide range of individual federal agencies. Our recommendations were almost
universally embraced. It is critical that the momentum generated by the

government's Year 2000 efforts not be lost. In September 2000, we reported
that although the Year 2000 challenge was finite, it led to the development
of initiatives, processes, methodologies, and experiences that can

assist in resolving ongoing management challenges, such as computer security
and critical infrastructure

6 Year 2000 Computing Crisis: An Assessment Guide (GAO/ AIMD- 10.1.14,
issued as an exposure draft in February 1997 and in final form in September
1997), Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/ AIMD- 10. 1. 19, issued as an exposure draft in March 1998
and in final form in August 1998), Year 2000 Computing Crisis: A Testing
Guide (GAO/ AIMD- 10.1.21, issued as an exposure draft in June 1998 and in
final form in November 1998) and Year 2000 Day One Planning and Operations
Guide (GAO/

AIMD- 10.1.22, October 1999).

protection. 7 First, the Year 2000 challenge demonstrated the value of
sustained and effective bipartisan oversight by both the Senate and the
House of Representatives, which highlighted the issue and provided needed
resources. Second, leadership, commitment, and coordination by the federal
government, which included

periodic reporting and oversight of agency efforts, were major reasons for
the government's Year 2000 success. Third, the President's Council on Year
2000 Conversion and individual agencies formed working partnerships with
other agencies, states, other countries, and the private sector. Fourth,
communication within agencies, with partners, and with the public was vital
to coordinating efforts and ensuring an appropriate public response.
Finally, the federal government implemented

initiatives that helped ensure that necessary staff and financial resources
would be available to agencies.

Individual agencies also gleaned lessons from their Year 2000 efforts that
can be carried forward. Specific management practices that contributed to
Year 2000 success included top- level management attention, risk analysis,
project management, development of complete information systems inventories
and strengthened configuration management, independent reviews by internal
auditors and independent contractors, improved testing methods and
procedures, and business continuity and contingency planning. By continuing
and strengthening these practices in the future, federal agencies are more
likely to improve their overall IT management record, particularly in the
areas of critical infrastructure protection and security, the effective use

of technology, and large- scale IT investments. 7 Year 2000 Computing
Challenge: Lessons Learned Can Be Applied to Other Management Challenges
(GAO/ AIMD- 00- 290, September 12, 2000).

For additional information on Year 2000 computing issues, please contact
Joel C. Willemssen, Managing Director, Information Technology, at (202) 512-
6253 or willemssenj@ gao. gov.

The 2000 Census With respect to the 2000 Census, the Bureau of the Census
generally completed its peak data collection activities consistent with its
operational plans, and

remaining activities appear to be on track. As a result, we no longer
consider the operation of the 2000 Census to be high risk.

Beginning in February 1997, when we first designated the census a high- risk
area, and in subsequent reports, we noted that formidable challenges
surrounded critical census- taking operations. Key among these challenges
were building a complete and accurate master address file, motivating the
public to participate in the census by returning their census
questionnaires, meeting field staffing goals in a tight labor market, and
collecting timely and accurate data from nonrespondents. Moreover, in
anticipation of comparatively low public participation in the census, the
Bureau planned to use statistical sampling and estimation procedures that it
believed would be more accurate and cost- effective than visiting every
nonresponding household. However, Congress, citing legal and methodological
concerns, did

not agree to the Bureau's planned use of sampling, which raised questions
about the Bureau's readiness for taking a “traditional,”
nonsampling census. In January 1999, the Supreme Court ruled that the Census
Act (13 U. S. C. 195) prohibited the use of statistical sampling

for purposes of determining the population count used to apportion the House
of Representatives, which eliminated any uncertainties about which census
design the Bureau was to use.

As we noted in several reports and testimonies, the Bureau took a number of
steps aimed at addressing the challenges it faced. For example, in late
1997, the

Bureau redesigned its existing procedures for building its master address
file. Under the new approach, temporary Bureau employees went door- to- door
verifying the majority of housing unit addresses across the country. To
increase public participation in the census, the Bureau streamlined census
questionnaires, and implemented an aggressive outreach and promotion

campaign, hiring a private sector advertising firm to promote the census
nationally, and partnering with religious, community, and other local
organizations to market the census on a grassroots basis. The Bureau's peak
data collection activities proceeded on or ahead of schedule and generally
performed as planned. Particularly noteworthy was an initial mail

response rate of 65 percent, which was four percentage points higher than
the Bureau anticipated and matched the response rate of the 1990 Census. As
we have often noted, although the response rate does not guarantee a
successful census, it reduced the cost and scheduling pressures in
nonresponse follow- up and subsequent census operations while enhancing data
quality. Indeed, this lower nonresponse follow- up workload, combined with
the Bureau having met its national staffing goals, helped the Bureau
complete nonresponse follow- up in nine and a half weeks, several days ahead
of schedule.

Still, surmounting the various challenges to a successful census that the
Bureau faced in 2000 came at considerable cost. As we noted in our December
1999 report, the Bureau estimated that the cost of the 2000 Census will be
at least $6. 8 billion, an increase of 113 percent in real terms over the
$3. 2 billion cost of the

1990 census in 1999 dollars. 8 Moreover, the single most important
determinate of a successful census- the completeness and accuracy of the
census count and, in particular, the size and nature of the undercount- will

not be known until the Bureau completes various accuracy and coverage
assessments. Past experience suggests that increased investment in the
census does not necessarily generate more accurate results. Indeed,

the 1990 Census was, at that time, the most expensive in the nation's
history, but it left millions of Americans- particularly members of minority
groups- uncounted. As the Bureau looks toward the next census, continued
societal and demographic changes such as more complex living arrangements
and a large non- Englishspeaking

population, will make the national headcount in 2010 at least as challenging
as it was in 2000. As a result, it will be important for the Department of
Commerce to ensure that the Bureau completes its evaluations of key census
operations as planned, and explore innovative options in time for taking a
more complete, accurate, and cost- effective census in 2010.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Commerce (GAO- 01- 243, January 2001), which includes a
list of related GAO reports. For additional information on the 2000 Census,
please contact J. Christopher Mihm, Director, Strategic Issues, at (202)
512- 3236 or mihmj@ gao. gov.

8 2000 Census: Contingency Planning Needed to Address Risks That Pose a
Threat to a Successful Census (GAO/ GGD- 00- 06, December 14, 1999).

National Weather In the 1980s, NWS decided to leverage the power of

Service information technology to achieve more uniform Modernization weather
services across the nation, improve forecasting,

provide more reliable detection and prediction of severe weather and
flooding, permit more cost- effective operations through staff and office
reductions, and achieve higher productivity. At that time, NWS began a
nationwide modernization program to upgrade weatherobserving

systems (such as satellites and radars), to design and develop advanced
computer workstations for forecasters, and to reorganize its field office
structure. NWS' modernization included five major systems initiatives: the
Next Generation Weather Radar, the Next Generation Geostationary Operational

Environmental Satellite, the Automated Surface Observing System, and the
Advanced Weather Interactive Processing System (AWIPS), and Central Computer
Upgrades. In 1995, 1997, and 1999, we identified NWS' modernization as a
high- risk initiative because of several

issues, including NWS' lack of a systems architecture to guide the
modernization effort and problems in developing AWIPS. Over the years, we
made a series of recommendations intended to address NWS' problems. For
example, in 1994, we recommended that NWS develop an overall systems
architecture to be used as a guide in developing current and future
subsystems; 9 in 1995, we recommended that the agency correct shortfalls in
its radar performance; 10 and in 1996, we recommended that NWS improve its
processes for testing AWIPS software and obtain an independent 9 Weather
Forecasting: Systems Architecture Needed for National Weather Service
Modernization (GAO/ AIMD- 94- 28, March 11, 1994).

10 Weather Forecasting: Radar Availability Requirement Not Being Met (GAO/
AIMD- 95- 132, May 31, 1995).

AWIPS cost estimate since NWS did not have reliable project cost
information. 11 NWS has acted to implement our recommendations. In June
2000, the agency established an architecture and is using it to guide its
systems' future evolution. In accordance with Office of Management and
Budget

guidance on architecture development, NWS' architecture includes important
elements, such as information on its business processes, systems, and
technical standards. While NWS expects to enhance this document in future
versions, this is a good first step toward developing a comprehensive
systems architecture and will help the agency ensure that enhancements to
its modernized systems will be compatible and cost- effective. NWS has also
improved its radar availability, strengthened its software development and
testing processes, and completed an independent cost estimate of AWIPS.
Further, NWS overcame major obstacles in developing AWIPS. The system is now
operating in field offices across the country, though with less than the
full functionality that AWIPS was planned to provide. For example, it does
not provide weather forecasters a full range of interactive forecast
preparation techniques, such as allowing forecasters to enter human
observations of the weather into radar- based warning tools. To allow more
efficient and improved forecasts,

NWS plans to deploy radar and infrastructure enhancements to AWIPS in three
phased releases beginning in 2001 and 2002. Given the agency's progress in
issuing its initial systems architecture, and in deploying and using the
AWIPS 11 Weather Forecasting: Recommendations to Address New Weather
Processing Systems Development Risks (GAO/ AIMD- 96- 74, May 13, 1996).

system, NWS' modernization effort no longer merits a high- risk designation,
and we are removing it from our high- risk list. We will, however, continue
to monitor NWS' efforts to develop and deploy AWIPS enhancements.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Commerce (GAO- 01- 243, January 2001), which includes a
list of related GAO reports. For additional information on the National
Weather Service modernization, please contact Joel C. Willemssen, Managing
Director, Information Technology, at (202) 512- 6253 or willemssenj@ gao.
gov.

Farm Loan The Department of Agriculture's (USDA) farm loan Programs

programs are intended to provide temporary financial assistance to farmers
and ranchers who are unable to obtain commercial credit at reasonable rates
and terms. In operating the farm loan program, USDA faces the

conflicting tasks of providing temporary credit to highrisk borrowers so
they can stay in farming until they are able to secure commercial credit and
of ensuring that

the taxpayers' investment is protected. The unpaid principal on USDA's farm
loan portfolio totaled more than $16. 6 billion on September 30, 2000; about
$8. 7 billion in direct loans and almost $8 billion in guaranteed loans.
USDA's farm loan programs have been identified as high risk since 1990
because of significant problems primarily with the direct loans. As we have
previously reported, the farm loan programs had experienced a high rate of
defaults on repayments, billions of dollars of losses had occurred and were
likely to occur, and the Department had evolved into a continuous source of
subsidized credit for thousands of borrowers. These problems occurred
because of (1) program policies-

some of which were congressionally directed- that contributed to financial
risks and (2) the failure of the Department's field office officials to
comply with existing loan and property management standards. For example,
program policies allowed borrowers who

defaulted and caused losses on past USDA farm loans to obtain new loans and
allowed borrowers to obtain new direct loans for operating expenses without
demonstrating their ability to pay their existing USDA debt. Also, field
office lending officials approved loans using unrealistic estimates of
production, income, and expenses, and often failed to verify borrowers'
existing debts.

We are now removing the program's high- risk designation. Since our last
high- risk update in January 1999, the financial condition of USDA's farm
loan program has continued to improve. As of September 30,

2000, delinquent borrowers held more than $1. 8 billion, or about 21
percent, of the outstanding principal on direct loans as compared with $2. 4
billion (over 26 percent) in September 1998. This September 2000 portfolio
condition is dramatically improved over that in

September 1995 when the amount owed by delinquent borrowers was $4. 6
billion (about 41 percent). The condition of the guaranteed loan portfolio,
which has always been much better than the direct loan portfolio, has
continued to be relatively healthy.

We believe that these improvements in part reflect actions that the Congress
and USDA have taken to address the underlying causes of past program
weaknesses. More specifically, the 1996 farm bill contained numerous
provisions, based in part on recommendations we previously made, aimed at
improving the solvency of USDA's farm loan programs, including prohibiting
certain high- risk loans. For example, the bill generally prohibited
borrowers who caused losses on past USDA farm loans from obtaining new loans
and specifically prohibited borrowers who

were behind on payments on existing loans from obtaining new direct
operating loans. USDA and the Congress need to monitor the effects of the
lending and servicing reforms contained in the 1996 farm bill and any future
legislation to ensure that improvements in the financial integrity of the
farm loan programs continue.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Agriculture (GAO- 01- 242, January 2001), which
includes a list of related GAO reports. For additional information on farm
loan programs, please contact Lawrence J. Dyckman, Director, Natural
Resources and Environment, at (202) 512- 3841 or dyckmanl@ gao. gov.

Superfund Program Five federal agencies are involved in cleaning up most
abandoned hazardous waste sites located on either private or federal lands
under the Superfund program, a job that could ultimately cost the federal
government more than $300 billion. For over a decade, our work has
identified recurring problems that have put Superfund at risk. These
collective problems led us since 1990 to designate Superfund at high risk of
being vulnerable to waste, fraud, abuse, and mismanagement. At that time,

we had found that the Environmental Protection Agency (EPA) and the
Departments of Agriculture, Defense, Energy, and the Interior were not
giving priority for limited cleanup funds to those sites that posed the
relatively highest risk to human health and the environment. Further,
although under Superfund's stringent liability provisions, responsible
parties must pay for cleanups or EPA can conduct the cleanup and
subsequently recover its costs from the responsible parties, we found that
EPA was not recovering billions

of dollars in indirect costs it had spent on cleanups from the parties
responsible for contaminating the sites- dollars it could use on additional
cleanups. Finally, EPA was not effectively controlling the costs of the

contractors it used to conduct cleanups. To address these problems, we
reported on the need for (1) EPA and the Departments of Agriculture,
Defense, Energy, and the Interior to set funding priorities based on a
consideration of the health and environmental risks posed by sites, (2) EPA
to recover billions in certain cleanup costs from parties responsible for

contaminating sites, and (3) EPA to better control contractors' costs. In
the intervening decade, the agencies have demonstrated a commitment to
improving their management of the Superfund program and have implemented a
number of corrective actions in response

to our concerns and recommendations. Because of the progress that has been
made in addressing the management problems we have identified, we are

removing our designation of high risk for this program. More specifically:

? In response to our concerns and recommendations, all five agencies now
generally have systems in place to set priorities among Superfund sites- or
portions

of those sites- that are based on a consideration of the relative risks the
sites pose, among other factors. Defense and Energy do not set priorities
for sites on an agencywide basis but rather for each military component or
installation. Each agency also allocates limited cleanup funds according to
the priorities. However, within Interior, we found in the past that its
Bureau of Land Management did not have an inventory of the numerous
hazardous

abandoned mines it manages in order to be able to set priorities or a
cleanup strategy for them. In the past year, the Bureau has made
considerable progress towards developing such an inventory and strategy.
Finally, EPA has responded to our past concerns and is working with the
states to assign responsibility for assessing Superfund sites

potentially posing the highest risk and determining whether and how to
proceed with cleanup. ? EPA has made progress in addressing our past
concerns and recommendations related to cost recovery by adopting a new
method to calculate the

costs it incurs to operate the Superfund program. By using the new cost
rate, EPA should be able to increase recoveries from responsible parties in
situations where EPA initially pays for the cleanup. Indirect costs are
those prorated across all sites because they are not attributable to a
particular site, and in the past EPA did not include many of them in its
indirect cost calculations. EPA estimates the new

indirect cost rates will enable it to pursue the recovery of up to $600
million on those cleanups currently awaiting a final settlement and on
average about $100 million per year on future cleanups. In addition, the
agency is upgrading and better linking its financial accounting and
Superfund information systems so that it can more efficiently maintain
records critical to cost recovery negotiations and more effectively track
its cost recovery efforts.

? EPA is also taking steps to better manage its contractor cleanup costs. In
responding to our recommendations that the agency better control Superfund
contractors' costs, EPA has significantly reduced the percentage of cleanup
costs it spends on contractor overhead costs, such as salaries and rent,
rather than on actual cleanups. EPA did this in part by reducing the number
of cleanup contracts it maintains, an important step because the future
workload of the program could decrease. In addition, EPA has eliminated most
of its Superfund contract audit backlog and is generally meeting its goal of
completing audits within 2 years of receiving the necessary information from
the relevant contractors. Finally, EPA is now generating independent
estimates of what cleanup work should cost in order

to negotiate the best contract price for the government and is taking steps
to improve the quality of those estimates. The steps include issuing a

clear policy on the importance of controlling contractor costs; developing
new cost- estimating guidance, including a Web- based cost- estimating tool
that incorporates actual cost data; and providing

training on the policy and guidance. We will continue to monitor the
Department of the Interior's Bureau of Land Management's progress in
implementing a cleanup program and EPA's efforts to improve its cost-
estimating practices. But we believe that the significant progress achieved
in solving the other problems we had identified, as well as the considerable
changes in the program over the last decade, have reduced the risk that the
program poses to the federal government. EPA has already selected the

cleanup methods for most of the sites currently in the program, and
construction of these methods is under contract or completed. Also, EPA has
worked extensively with the states to accomplish additional cleanups
nationwide. Finally, EPA and the Congress are in the process of trying to
forecast the future policy

direction of the program. Given the uncertainty about its direction, we will
continue monitoring policy and program administration issues affecting the
program.

This issue is also discussed in Major Management Challenges and Program
Risks: Environmental Protection Agency (GAO- 01- 257, January 2001), which
includes a list of related GAO reports. For additional information on
Superfund, please contact David G. Wood, Director, Natural Resources and
Environment, at (202) 512- 3841 or woodd@ gao. gov.

Strategic Human Capital Management: A Governmentwide High- Risk Area

High performing organizations in the private and public sectors have long
understood the relationship between effective “people
management” and organizational success. An organization's people- its
human capital- are its most critical asset in managing for results. However,
the federal government has often acted as if people were costs to be cut
rather than assets to be valued. After a decade of government downsizing and
curtailed investments in human capital, it is becoming increasingly clear
that today's federal human capital strategies are not appropriately
constituted to adequately meet current and emerging needs of government and
its citizens in the most effective, efficient, and economical manner
possible.

Strategic human capital management is a pervasive challenge in the federal
government. Our work has found challenges in key areas.

? Strategic human capital planning and organizational alignment

? Leadership continuity and succession planning ? Acquiring and developing
staffs whose size, skills,

and deployment meet agency needs ? Creating results- oriented organizational
cultures

While legislation and other actions have been put in place since 1990 to
address most major management areas, human capital is the critical missing
link in

reforming and modernizing the federal government's management practices.
Inattentiveness to strategic human capital management has created a
governmentwide risk- one that is fundamental to the federal government's
ability to effectively serve the

American people. Stated simply, human capital problems lead to programmatic
problems and risks. As our Performance and Accountability Series (PAS)
reports make clear, human capital shortfalls are eroding the ability of many
agencies- and threatening the ability of others- to effectively,
efficiently, and economically perform their missions. Consequently, this
high risk area

urgently needs greater attention to ensure maximum government performance
and accountability for the benefit of the American public. Recently,
agencies have begun efforts to address their strategic human capital
management needs. In addition, as detailed below, the Office of Management
and Budget (OMB), the Office of Personnel Management (OPM), and Congress
have all taken steps to underscore the importance of the issue. But all
federal agencies need to give strategic human capital management the
enhanced and sustained attention it deserves and to modernize their human
capital policies and practices. Even in the absence of fundamental
legislative reforms, there is much more that can and should be done today by
individual agencies, OMB, OPM, and Congress.

The Missing Link in Today's nonpostal civilian federal workforce is smaller

the Performance than it was a decade ago. From approximately 2.3 Management

million federal employees in fiscal year 1990, the Framework

number was reduced to fewer than 1. 9 million by fiscal year 1999. 1 But
what happened- or more importantly, 1 See Office of Personnel Management's
Federal Civilian Workforce Statistics (1990- 1999).

did not happen- as this downsizing was being accomplished was just as
significant as the downsizing itself. For example, much of the downsizing
was set in motion without sufficient planning for its effects on agencies'
performance capacity. 2 Across government, federal employers reduced or
froze their hiring efforts for extended periods, as shown in figure 2. This
helped reduce their numbers of employees, but it also reduced the influx of
new people with new knowledge, new energy, and new ideas- the reservoir of
future agency leaders and managers.

2 Federal Workforce: Payroll and Human Capital Changes During Downsizing
(GAO/ GGD- 99- 57, Aug. 13, 1999).

Figure 2: Federal Permanent Hires Fiscal Years 19901999 (Excluding Postal
Service) Permanent hires (in thousands) 140

120 100

80 60 40 20

0 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999

Note: The number of permanent hires excludes Senior Executive Service
permanent hires and represents individuals, not FTEs.

Source: GAO calculations based on OPM data.

Further, anecdotal evidence tells us that as agencies tried to save on
workforce- related costs, they cut back on other human capital investments,
such as performance rewards, enabling technologies, and the training and
professional development programs they would need if their smaller
workforces were to compensate for institutional losses in skills and

experience. These curtailed investments in human capital took place even as
a smaller federal workforce remained to oversee larger federal budgets, as
shown in figure 3. Today, it is critically important that federal agencies
put greater focus on workforce planning and take the necessary steps to
build, sustain, and effectively

deploy the skilled, knowledgeable, diverse, and performance- oriented
workforce needed to meet the current and emerging needs of government and
its

citizens.

Figure 3: Federal Nonpostal Civilian Employment Compared With Federal
Outlays - Fiscal Years 1990- 1999

Number of employees Billions of constant 1999 dollars 2,500,000

2,000 1,800 2,000,000

1,600 1,400 1,500,000

1,200 1,000 0

0 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 Fiscal years

Federal employees Federal outlays

Source: GAO calculations based on OPM and OMB data.

Even as the downsizing of the federal workforce was proceeding, Congress was
developing a new performance management framework for the federal

government- one that promises a more strategic, results- oriented,
accountable approach to managing federal agencies. The federal management
reforms of

the 1990s addressed most of the essential elements of the modern performance
management model: financial management, information technology management,
and results- oriented goal- setting and performance measurement. The people
dimension has yet to find the

broad conceptual acceptance or political consensus needed for reform to
occur, and in this sense human capital remains the missing link in the
federal performance management framework. However, for the principles of
performance management embodied in this framework to produce real
improvements in how the federal government operates, agencies will need to
strategically manage all of their resources- financial,

information technology, and people- to achieve results. Strategic Human

As we have noted previously, high- performing Capital organizations focus on
valuing and investing in their Management Is a

employees and on aligning “people policies,” especially
Pervasive their performance management programs, to support overall
organizational performance goals. 3 However, our Challenge in the work has
shown that federal agencies have not Federal consistently made these
principles an integral part of Government

their strategic and programmatic approaches to mission accomplishment. As
discussed in our PAS reports and other work, agencies have experienced human
capital challenges in such areas as succession planning and performance
management, thereby eroding- or

threatening to erode- agencies' ability to economically, effectively, and
efficiently perform their missions. Agencies' strategic human capital
management challenges involve such key areas as strategic human capital
planning; leadership continuity and succession planning; acquiring and
developing staffs whose size,

skills, and deployment meet agency needs; and creating results- oriented
organizational cultures. 3 Human Capital: Key Principles From Nine Private
Sector Organizations (GAO/ GGD- 00- 28, January 31, 2000).

Strategic Human High- performing organizations establish a clear set of
Capital Planning and organizational intents- mission, vision, core values,
Organizational goals and objectives, and strategies- and then integrate

Alignment their human capital strategies to support these strategic

and programmatic goals. However, under downsizing, budgetary, and other
pressures, agencies have not consistently taken a strategic, results-
oriented approach to human capital planning.

Today, human capital challenges are common across the federal landscape.
(See table 6.) For example, at NASA, internal studies found that a one-
third reduction in the space shuttle program's workforce had affected NASA's
ability to safely support the shuttle's planned flight rate.

At DOD, where a Defense Science Board task force found “there is no
overarching framework” for planning DOD's future workforce, 4 civilian
downsizing has led to skills and experience imbalances that are jeopardizing
acquisition and logistics capacities. In addition, the State Department is
having difficulty recruiting and retaining Foreign Service Officers, as well
as staff for counternarcotics efforts. Also, staffing shortfalls in the
procurement area have hampered U. S. Agency for International Development
(USAID) reconstruction assistance in the wake of natural disasters. Although
many agencies have begun to recognize the importance of strategic human
capital management to mission accomplishment and have taken steps to align
their human capital with their missions, goals, and other

needs, it is clear that many agencies still find themselves facing serious
challenges that will require the sustained attention and commitment of
agency leaders. 4 Final Report of the Defense Science Board Task Force on
Human Resources Strategy, Office of the Under Secretary of Defense for
Acquisition, Technology, and Logistics, February 2000, p. viii.

Table 6: Examples of Agencies with Human Capital Challenges Agency Human
Capital Challenges Agriculture Organizational culture problems, including
resistance from affected USDA agencies and employees, have hampered
departmentwide reorganization and

modernization efforts. Further, the nation's food safety system, in which
USDA plays a major role, continues to suffer from inconsistent oversight,
poor coordination, and inefficient deployment of resources.

Bureau of

Untrained and inexperienced staff hamper effective management of $3 billion
in

Indian Affairs Indian trust funds.

Commerce A lack of sufficient numbers of experienced staff with the right
expertise limits the ability of Commerce and two other trade agencies to
monitor and enforce trade agreements. DOD In the past 2 years, the military
services have struggled to meet recruiting goals. Attrition among first-
time enlistees has reached an all- time high. The services face shortages
among junior officers, and problems in retaining intelligence analysts,
computer programmers, and pilots. On the civilian side, skills and
experience

imbalances following downsizing are jeopardizing acquisitions and logistics
capabilities.

Energy Headquarters and field staff have lacked contract management skills
to oversee large projects, such as the cleanup of radioactive and hazardous
waste sites. EPA EPA has not yet implemented any systematic means of
determining the right size, skills needs, or deployment of its workforce to
carry out its mission and achieve its

strategic goals and objectives, despite the demand for new skills due to
technological changes and the shift in EPA's regional environmental
responsibilities to the states, as well as growing retirement eligibilities
in its workforce.

FAA Air traffic control modernization is fraught with cost, schedule, and
performance problems due in part to an organizational culture that impaired
the acquisition process.

Health Care

Medicare's leadership problems include the lack of any official whose sole

Financing

responsibility it is to run the program. Further, frequent leadership
changes at Administration

HCFA have hampered long- term Medicare initiatives and the pursuit of a
consistent management strategy. HCFA's workforce lacks skills needed to meet
recent legislative requirements. The mismatch between HCFA's administrative
capacity and its mandate could leave Medicare unprepared to handle future
population growth and medical technology advances. HUD As HUD's
reorganization moves into its final phases, workload imbalances pose
programmatic challenges to several specialty centers and field offices.
Single family mortgage insurance programs administered by HUD's Federal
Housing Administration have been marked by a number of human capital
challenges, including insufficient staff. Further, insufficient or
inexperienced staff led to problems in quality assurance reviews for 203( k)
home rehabilitation loans and

oversight of appraisers and mortgage lenders. Immigration and

Lack of staff to perform intelligence functions and unclear guidance for
retrieving

Naturalization and analyzing information hamper efforts to combat the
growing problem of alien

Service

smuggling.

Interior and U. S. Difficulties replacing experienced fire personnel
threaten firefighting capabilities

Forest Service during catastrophic events.

(Continued From Previous Page)

Agency Human Capital Challenges IRS IRS lacks reliable cost and operational
information to measure the effectiveness of its tax collection and
enforcement programs and to judge whether its is appropriately allocating
its staff resources among competing management priorities.

NASA Staff and skills losses following downsizing pose potentially serious
problems for the safety and planned flight rate of the space shuttle.

National Park

Historically, the Park Service's decentralized priority- setting and
accountability Service systems left it without the means to monitor progress
toward achieving its goals or hold park managers accountable for the results
of park operations. The park concessions program continues to face
management problems, including inadequate qualifications and training of the
agency's concession specialists and concessions contracting staff.
Insufficient fire safety training has contributed to fire safety risks at
visitor centers, hotels, and other national park buildings. Nuclear

NRC's organizational culture is struggling with the agency's new
“risk- informed” Regulatory regulatory approach. Further, NRC's
ability to maintain the skills needed to achieve

Commission its mission and fill the gaps created by growing retirement
eligibilities could be threatened by the decline in university enrollments
in nuclear engineering and other fields related to nuclear safety.

Pension Benefit Because the agency did not adequately link its contracting
decisions to long- term Guaranty

strategic planning, it may not have the cost- effective mix of contractor
and federal

Corporation

employees needed to meet future workload challenges. Further, PBGC employees
who monitor contractors lack adequate guidance and policies essential to
monitoring contractor performance.

SSA Increasing demand for services, imminent retirement of a large part of
its workforce, changing customer expectations, and mixed success in past
technology investments will challenge SSA's ability to meet its service
delivery demands, which include faster and more accurate benefit claims
determinations and increased emphasis on returning the disabled to work.
State Issues related to the quality of life at overseas posts, career
development opportunities, and talent management are hampering recruitment
and retention of Foreign Service Officers. Efforts to determine the right
size and composition of overseas posts have begun, but State faces
challenges in aligning its workforce

with new economic, political, security, and technological requirements.
Also, staffing shortfalls are hampering counternarcotics programs and
efforts to combat visa fraud.

USAID Staffing shortfalls in the procurement area have hampered the agency's
ability to initiate and monitor contracts, thus delaying reconstruction
assistance in the wake of natural disasters in Central America and the
Caribbean.

Veterans Affairs A national nursing shortage could adversely affect VA's
efforts to improve patient safety in VA facilities and put veterans at risk.
Further, VA's training and recruitment programs may not be adequate to
ensure a sufficient workforce of competent claims processors, which would
likely undermine efforts to reduce current problems of claims processing
backlogs and errors. Source: GAO's Performance and Accountability Series
reports.

The strategic planning requirements of the Government Performance and
Results Act (GPRA) provide a useful framework for agencies to integrate
their human capital strategies with their strategic and programmatic
planning- and in particular, to identify the workforce size, skills mix, and
deployment needed for mission accomplishment and to create strategies to
fill the gaps.

However, while agencies' fiscal year 2001 annual performance plans all
included at least some discussion of human capital, the discussions varied
widely in scope and specificity. Some agencies' plans provided detailed
goals, objectives, and strategies for human capital management, but others
merely noted the importance of human capital in general terms. In either
case, agencies will need to follow up through effective implementation and
assessment to determine whether their plans lead to improvements in human
capital management and programmatic outcomes. Leadership Because it will
entail changes in management systems Continuity and

and organizational cultures that will take years to Succession Planning
implement, the transition to modern performance management will require
sustained commitment on the part of agency leaders and managers. However,
whether at the top leadership levels or among managers, many agencies are
plagued by turnover that could hamper

these efforts. For example, the Health Care Financing Administration (HCFA),
which administers the multibillion dollar Medicare program, has had 19
Administrators or Acting Administrators in its 24 years

of existence- an inhibiting factor in the implementation of long- term
Medicare initiatives and the pursuit of a consistent management strategy. At
the Department of Energy (DOE), the office responsible for the Stockpile
Stewardship Program has seen the proportion of offices vacant or with acting
managers rise from 17 percent in 1996 to almost 65 percent in 2000. This
high turnover may help account for the fact that the same

programmatic concerns in the nuclear weapons stockpiling program are cited
by GAO year after year. We have noted that successful organizations know the
importance of fostering a committed leadership team and providing reasonable
continuity through succession planning and executive development. The
customarily high turnover rate among political appointees has been a

long- standing issue at the upper levels of the executive branch. 5 But
succession planning for career executives- always a challenge for federal
agencies- looms especially urgent as the current corps of Senior Executive
Service (SES) members approaches retirement age. 6 (See figure 4.) The
retirement eligibility trends suggest a loss in leadership continuity,
institutional knowledge, and expertise in the SES ranks- impacts that will
be felt to varying degrees among federal agencies and occupations. Agencies
need to aggressively pursue the comprehensive SES

succession planning and executive development actions needed to address this
issue.

5 Political Appointees: Turnover Rates in Executive Schedule Positions
Requiring Senate Confirmation (GAO/ GGD- 94- 115FS, April 21, 1994). 6 See
Senior Executive Service: Retirement Trends Underscore the Importance of
Succession Planning (GAO/ GGD- 00- 113BR, May 2000).

Figure 4: Proportion of Career SES Members Projected to Become Eligible to
Retire, and Those Projected to Retire, by Fiscal Year 2005.

29% Will remain ineligible

to retire 45%

Will become eligible to retire and are expected to retire

26% Will become eligible

to retire but are expected to remain on board

Total employees that will become eligible to retire (71%) Note: Projections
are for Sept. 30, 2005 and are calculated on the basis of the 5,981 career
SES members employed as of Sept. 30, 1998.

Source: GAO calculations based on OPM data.

A related leadership issue involves executive compensation. Federal
executives must often compete for talent against private sector
organizations that compensate their executives at levels far above what the
federal government offers. Moreover, the existing cap on SES pay has
increased pay compression between the maximum and lower SES pay levels,
meaning that federal executives at different levels of responsibility can
receive identical salaries. Further, pay compression can create situations
in which the difference between executive and nonexecutive pay is so small
that the

financial incentive for managers to apply for positions of greater
responsibility may disappear.

Acquiring and High- performing organizations identify their current and
Developing Staffs future human capital needs- including the appropriate
Whose Size, Skills,

number of employees, the key competencies for mission and Deployment
accomplishment, and the appropriate deployment of Meet Agency Needs staff
across the organization- and then create strategies for identifying and
filling the gaps.

Faced with growing retirement eligibilities- some 35 percent of the fiscal
year 1998 federal workforce will be eligible for regular retirement by 2006-
agencies may have difficulties replacing the loss of skilled and experienced
staff. Moreover, some agencies face imposing challenges filling certain
mission- critical occupations due to increasing competition in the labor
market. For example, the Nuclear Regulatory Commission (NRC) must deal with
declining university enrollments in nuclear engineering and other fields

related to nuclear safety. A nationwide nursing shortage threatens efforts
by the Department of Veterans Affairs (VA) to improve performance at VA
hospitals, putting veterans' care at risk. The Department of the Interior
and the U. S. Forest Service must maintain their

firefighting capacity during catastrophic events, even as experienced fire
personnel retire and prove increasingly difficult to replace.

Confronting staffing challenges such as these, it is critical for agencies
to engage in effective recruiting and succession planning strategies. This
includes attracting and retaining skilled and knowledgeable individuals
whose performance meets or exceeds expectations, regardless of their age.
All decisions in regard to recruiting and retention- as in every area of
human

capital management- must be based on clearly defined, well- documented,
consistently applied, transparent criteria that are nondiscriminatory and
merit- based. To deal with their recruiting and retention challenges,

agencies also need to identify and use the hiring and retention
flexibilities available to them. It is also crucial

to invest in training and developing staff to meet agencies' specific
performance needs. Agencies we studied faced a number of challenges in this
area, including a lack of staff and resources to develop training and
development programs to ensure that their

employees had the competencies needed to perform mission- critical
activities. 7 A particularly critical area on which to focus better
investments in training is contract management, where agencies must have
enough skilled staff on board to oversee the quality, cost, and timeliness
of products and services delivered by third parties- and where agencies such
DOE, HCFA, and HUD, among others, have experienced costly performance
problems.

Creating ResultsOriented Many federal agencies lack a crucial ingredient
found in

successful organizations: organizational cultures that Organizational
promote high performance and accountability. In fact, Cultures

the results of our 2000 survey of federal managers indicated that in some
key areas, agencies may be losing ground in their efforts to build
organizational cultures that focus on results. 8 For example, in one
important area- use of performance information for program

management activities- a significantly lower percentage of managers reported
that they were using such information to a great or very great extent in
2000

than in 1997 for five out of eight key management activities we asked about.
(See table 7.) Overall, the survey findings underscored the importance of
having agency leaders and managers with the skills and

commitment to drive cultural change. 7 Human Capital: Design,
Implementation, and Evaluation of Training at Selected Agencies (GAO/ T-
GGD- 00- 131, May 18, 2000). 8 The survey was a follow- up to one we did in
1996- 1997. See Managing for Results: Federal Managers' Views Show Need for
Ensuring Top Leadership Skills (GAO- 01- 127, Oct. 20, 2000); and The
Government Performance and Results Act: 1997 Governmentwide Implementation
Will Be Uneven (GAO/ GGD- 97- 109, June 2, 1997).

Table 7: Percentage of Federal Managers Who Reported Using Information
Obtained From Performance Measurement to a Great or Very Great Extent for
Various Management Activities Management Activity 1997 Survey a 2000 Survey
a Difference

Setting program priorities 66% 56 % -10% b Allocating resources 62 53 -9 b
Adopting new program approaches 66 51 -15 b or changing work processes
Coordinating program efforts with 57 43 -14 b

other internal or external organizations Refining program performance

52 44 -8 measures Setting new or revising existing

58 51 -7 performance goals Setting individual job expectations

61 51 -10 b for my staff Rewarding staff I manage or

53 53 None supervise Developing and managing N/ A c 38 N/ A c

contracts a Percentages based on those respondents answering on the extent
scale. b Statistically significant difference. c Not available; question not
asked in 1997.

Source: GAO survey data.

Organizational cultures can be a barrier to high performance and make
management improvement efforts more difficult. For example, a
“stovepiped” culture at the Federal Aviation Administration
(FAA) has been one of several underlying causes of acquisition problems in
the agency's multibillion dollar modernization program, which has
experienced cost overruns, schedule delays, and significant performance
shortfalls. Cultural issues have also been linked to longstanding

security problems at DOE weapons laboratories, and to intractable waste,
fraud, abuse, and mismanagement problems in the Social Security

Administration's (SSA) high- risk Supplemental Security Income program.
Agency leaders and managers have a number of strategies available to them to
steer their organizational cultures to support agency goals. These include
modern performance management and incentive approaches-

whether directed at individual employees or teams- to help empower and
motivate staff, reward high performance, and ensure accountability. However,
agencies we have studied have struggled to link employee performance
expectations to agency goals and many have reported that they do not know
whether their incentive programs are effectively motivating their employees.
9 Agencies, OMB,

As leaders and managers in the federal government have OPM, and Congress
become more acutely aware of challenges facing the Have Key Roles to
government in the human capital area, some have taken Play

steps to improve their approaches to building and maintaining human capital.
As noted in our PAS reports, some of the agencies whose human capital
problems were mentioned earlier- such as NASA, HCFA, and NRC- have efforts
under way to address them. However, agencies' human capital problems are
invariably difficult and the associated programmatic

risks continue to take their toll. Even under the constraints of current
law, federal agencies, OMB, OPM, and Congress can and should do more to
foster human capital improvements.

9 Human Capital: Using Incentives to Motivate and Reward High Performance
(GAO/ T- GGD- 00- 118).

Agencies Need to The key step for agencies that hope to improve their

Focus on Human “people management” is to focus on human capital
as a

Capital strategic asset. Agencies can begin by assessing how

well their existing human capital approaches support their missions, goals,
and other organizational needs. A useful assessment tool is GAO's human
capital framework, which identifies a number of human capital elements and
underlying values that are common to high- performing organizations. This
framework is shown in table 8 and also presented in Human Capital: A

Self- Assessment Checklist for Agency Leaders (GAO/ OCG- 00- 14G, Sept.
2000). We have used the framework to guide our recent inquiries into human
capital issues across the federal government and at specific agencies, some
of which- such as NASA and SSA- have said they are using the framework in
their human capital planning efforts.

Table 8: GAO's Human Capital Framework Strategic Planning Establish the
agency's mission, vision for the future, core values, goals and objectives,
and

strategies. ? Shared vision ? Human capital focus

Organizational Alignment Integrate human capital strategies with the
agency's core business practices. ? Improving workforce planning ?
Integrating the human

resources function

Leadership Foster a committed leadership team and provide for reasonable
continuity through succession planning. ? Defining leadership ? Building
teamwork and

communications ? Ensuring continuity

Talent Recruit, hire, develop, and retain employees with the skills needed
for mission accomplishment. ? Recruiting and hiring ? Training and
professional

development ? Workforce deployment ? Compensation ? Employee- friendly
workplace

Performance Culture Empower and motivate employees while ensuring
accountability and fairness in the workplace. ? Performance management ?
Performance incentives ? Continuous learning and

improvement ? Managers and supervisors ? Job processes, tools, and

mission support ? Information technology ? Inclusiveness ? Employee and
labor relations

Although some improvements in the civil service will require legislative
reforms, federal agencies must not wait to modernize their human capital
policies and

practices. Agencies can and must take the initiative to be more competitive
in attracting new employees with critical skills; create the kinds of
performance incentives and training programs that motivate and empower
employees; and build labor- management relationships that are based on
common interests and the public trust. To shape human capital strategies
that support their specific needs and circumstances, agencies must identify
the flexibilities available to them under current law. As we have previously
reported, some of the

barriers to effective strategic human capital management in the federal
government do not stem from law or regulation. 10 Some of these barriers
arise out of long- standing attitudes about the limitations that have been
placed on agency officials' managerial prerogatives or about the basic ways
in which people ought to be managed. However, changing times demand new
approaches, and agencies need to be innovative and energetic in their use of
the human capital flexibilities available to them. 11

10 Transforming the Civil Service: Building the Workforce of the Future-
Results of a GAO- Sponsored Symposium (GAO/ GGD- 96- 35, December 20, 1995).
11 OPM has made information on human capital flexibilities readily
available. For example, see HR Innovators' Tool Kit, U. S. Office of
Personnel Management.

OMB and OPM Must It is clear that OMB and OPM have substantial roles to Be
Leaders play in fostering a more results- oriented approach to strategic
human capital management across

government. OPM has begun stressing to agencies the importance of
integrating strategic human capital management into agency planning. 12 OPM
has also been focussing more attention on developing tools to help agencies.
For example, it has developed a workforce planning model with associated
research tools and has launched a website to facilitate information sharing
about workforce planning issues. OPM has also brought attention to the need
for integrating human capital

professionals into agencies' planning processes, acknowledging that a gap
exists between the roles that federal human capital professionals need to
perform-

such as those of technical expert and strategic partner- and those that they
have traditionally been given. 13 12 See OPM's Strategic Human Resources
Management: Aligning With the Mission, U. S. Office of Personnel Management,
September 1999.

13 The HR Workforce: Meeting the Challenge of Change, U. S. Office of
Personnel Management, January 2000. See also A Call to Action: A Coalition
on the Future of the Federal Human Resource Management Profession, Federal
Section of the International Personnel Management Association, September
2000.

Further, OPM recently revised the SES performance management regulations so
that a balanced scorecard of customer satisfaction, employee perspectives,
and

organizational results will be used by agencies to evaluate executive
performance. In addition, OPM has helped achieve incremental legislative
reforms to help attract and retain Federal employees, such as compensation
flexibility for selected specialist positions and employee benefit
enhancements.

Characterizing the most appropriate mission and role for OPM, and defining
the most effective tools and strategies for accomplishing its goals in a
changing civil service, have been long- standing issues facing the agency.
14 OPM's recent efforts to communicate the

importance of aligning human capital with results clearly reflect the
important role it can play in promoting human capital improvements.

While OPM has recently done more to promote strategic human capital
management, OMB has played a limited role in this key area to date. OMB's
role in setting governmentwide management priorities and defining resource
allocations will be critical to inducing agencies

to integrate strategic human capital management into their core business
processes. In 2000, two key steps were taken that reflected OMB's potential
importance in 14 See Observations on the Office of Personnel Management's
Fiscal Year 1999 Performance Report and Fiscal Year 2001 Performance Plan
(GAO/ GGD- 00- 156R, June 30, 2000); Civil Service Reform: Changing Times
Demand New Approaches (GAO/ T- GGD- 96- 31, October 12, 1995); and Managing
Human Resources: Greater OPM Leadership Needed to Address Critical
Challenges (GAO/ GGD- 89- 19, January 19, 1989).

this area. First, the President's fiscal year 2001 budget gave new
prominence to human capital management by making “align Federal human
resources to support agency goals” a Priority Management Objective.
Second, a June 2000 presidential memorandum directed the heads of the
executive branch departments and agencies to integrate human resources
management into their planning, budgeting, and mission evaluation processes.
The memo also directed agencies to include specific human resource
management goals and objectives in their strategic and annual performance
plans, beginning October 1, 2000. OMB's latest Circular No. A- 11 guidance
on preparing annual performance plans now states that agencies' fiscal year
2002 annual performance plans

should set goals in such areas as recruitment, retention, training,
appraisals linked to program performance, workforce diversity, streamlining,
and family- friendly programs. These actions by OMB will prove to be useful
steps if they result in a better governmentwide focus on the strategic
importance of human capital. What is now required is the sustained and
forceful leadership to make the promise of these initiatives a reality. This
will

require much greater attention by OMB to strategic human capital management
issues. OMB has the ability to ensure that agencies view this area as a
critically important element in their overall strategic planning,

performance management, and budgeting efforts. Important areas for attention
include benchmarking and best practices efforts within the executive branch
and greater attention during resource allocation to the linkages between
agency missions and the human capital needed to pursue them. OPM can help,
but OMB must be directly involved in this area, given its

importance from both a mission accomplishment and resource allocation
perspective.

Congressional Leadership on the part of Congress will be critical if
Leadership Will Be

governmentwide improvements in strategic human Critical to Improving

capital management are to occur. To raise the visibility Human Capital of
the human capital issue and to move toward a Governmentwide

consensus on legislative reforms, commitment to people as an urgent federal
management concern must come from both parties in both houses of Congress.
One of the most encouraging developments in this regard over the past two
years has been the attention paid the issue by the Senate Committee on
Governmental Affairs and its Subcommittee on Oversight of Government

Management, Restructuring, and the District of Columbia. 15 Through the
creation over the past decade of the performance management framework,
Congress has been the institutional champion for improving management of the
federal government. On an agencyspecific

basis as well, support from Congress has been indispensable to instituting
and sustaining management reforms. Congress has opportunities available
through its confirmation, oversight and appropriations, and legislative
roles to ensure that agencies recognize their responsibilities and have the
needed tools to manage their people for results. 15 The Committee and
Subcommittee Chairmen both have recently

issued reports underscoring the urgency of addressing the federal
government's strategic human capital management problems. See Report of
Senator Fred Thompson, Chairman, Committee on Governmental Affairs, on
Management Challenges Facing the New Administration, Part 2: Federal
Workforce Challenges, October 2000; and Report to the President: The Crisis
in Human Capital, report prepared by Senator George V. Voinovich, Chairman,
Subcommittee on Oversight of Government Management, Restructuring, and the
District of Columbia, Committee on Governmental Affairs, United States
Senate, December 2000.

First, Congress can draw wider attention to the critical role of human
capital in the performance management paradigm. One means of focusing on the
critical link between people management and program results is through the
appointment and confirmation process, where the Senate has an opportunity to
make clear its commitment to sound federal management and to explore what
prospective nominees plan to do to ensure that their agencies recognize and
enhance the value of their people. 16

As part of the oversight and appropriations processes, Congress can examine
whether agencies are managing their human capital to improve the
effectiveness, efficiency, and economy of their programs and deliver better
performance to the American people. Congress

can also encourage more agencies to identify the flexibilities available to
them under current law and to reexamine their approaches to strategic human
capital management in the context of their individual missions,

goals, and other organizational needs. Congress can also play a defining
role in determining the scope and appropriateness of additional human
capital flexibilities agencies may seek through legislation. For agencies
that request legislative exceptions from current civil service constraints,
Congress can require that they make a business case based on rational and
fact- based analyses of their needs, the constraints under which they
presently operate, and the flexibilities available to them. Further,
Congress may wish to consider, on its own, a variety of targeted investments
or new flexibilities- while maintaining appropriate safeguards to prevent
abuse- to address emerging human capital 16 Toward this end, we recently
developed a set of questions for political appointees that the Senate may
use during the confirmation process. See Confirmation of Political
Appointees: Eliciting Nominees' Views on Leadership and Management Issues
(GAO/ GGD- 00- 174, August 11, 2000).

challenges in such areas as recruiting and hiring, executive pay
compression, and the loss of institutional knowledge and skills associated
with the rising numbers of individuals eligible to retire. For example,
Congress

recently passed legislation that enables federal agencies to provide some
education- related debt relief in exchange for government service. This is a
positive step; however, additional legislative actions will ultimately be
needed to attract and retain a skilled, knowledgeable, diverse, and
performance- oriented workforce for the

future. Ultimately, Congress may wish to consider comprehensive legislative
reform in the human capital area to address the missing link in the
performance

management portfolio, giving agencies the tools and reasonable flexibilities
they need to manage effectively while providing appropriate safeguards to
prevent

abuse. As part of this effort, Congress may also wish to consider the extent
to which traditional “civil service” approaches- structures,
oversight mechanisms, rules and regulations, and direction- setting- make
sense for a government that is largely a knowledge- based enterprise that
has adopted and is now implementing modern performance management
principles.

As noted earlier, a consensus has yet to emerge on broad- based federal
human capital reform. However, even in the absence of fundamental
legislative reform, federal agencies need to take a more strategic and
integrated approach to human capital management and

to maximize their efforts in such areas as recruiting and retention,
succession planning, training and professional development, and performance
management and rewards, within the context of current law. Congress, OMB,
OPM, and the agencies should work together to make this happen.

For additional information on strategic human capital management issues,
please contact Victor S. Rezendes, Managing Director, Strategic Issues, on
(202) 512- 6082 or at rezendesv@ gao. gov.

Resolving Serious Information Security Weaknesses We designated information
security as a governmentwide high- risk area in 1997 and 1999 because
growing evidence indicated that controls over computerized federal
operations were not effective and because the related risks were escalating,
in part due to increasing reliance on the Internet. For example, in
September 1998 1 we had reported significant information security weaknesses
in 24 major federal

agencies. In the months prior to our January 1999 highrisk report, the
President had launched a national effort to protect our nation's critical
public and private

computer- dependent infrastructures, as outlined in Presidential Decision
Directive 63 (PDD 63). Since issuance of our last high- risk report in
January 1999, progress in strengthening federal information security has
been mixed. Efforts to address the problem have gained momentum. However,
recent audits show that federal operations and assets continue to be highly
vulnerable to computer- based attacks.

Important Actions Since January 1999, efforts to improve information Taken

security have expanded at individual agencies and at the governmentwide
level. 1 Information Security: Serious Weaknesses Place Critical Federal
Operations and Assets at Risk (GAO/ AIMD- 98- 92, September 23, 1998).

? Several agencies have taken significant steps to redesign and strengthen
their information security programs. For example, IRS has made notable
progress in improving computer security at its facilities, corrected a
significant number of identified weaknesses, and established a servicewide
computer security management program that should, when fully implemented,
help the agency effectively manage its security risks. 2 Similarly, the
Environmental Protection Agency has moved aggressively to reduce the
exposure of its systems and data and to correct weaknesses we identified in
February 2000. While we have not tested their effectiveness, these actions
show that the agency is taking a comprehensive and systematic approach that
should help ensure that its efforts are effective. 3 ? In January 2000, the
President issued the National Plan for Information Systems Protection. 4
This plan, which focused largely on efforts to protect federal
infrastructures, is intended to be a major element of a more comprehensive
effort to protect the nation's information systems and critical assets from
future attacks. Subsequent versions are to address a

broader range of concerns, including the specific role industry and state
and local governments will play in protecting physical and cyber- based
infrastructures

from deliberate attack, as well as international aspects of critical
infrastructure protection. 5 Also, 2 Financial Audit: IRS' Fiscal Year 1999
Financial Statements (GAO/ AIMD- 00- 76, February 29, 2000). 3 Information
Security: Fundamental Weaknesses Place EPA Data and Operations at Risk (GAO/
AIMD- 00- 215, July 6, 2000). 4 Defending America's Cyberspace: National
Plan for Information Systems Protection: Version 1. 0: An Invitation to a
Dialogue. Released

January 7, 2000. The White House. 5 Critical Infrastructure Protection:
Comments on the National Plan for Information Systems Protection (GAO/ T-
AIMD- 00- 72, February 1, 2000).

the President designated the related goals of computer security and critical
infrastructure protection as a priority management objective in his fiscal
year 2001 budget. ? In mid- 1999, the Security Committee of the Federal
Chief Information Officers (CIO) Council expanded its name and its focus to
“Security, Privacy, and

Critical Infrastructure” and established three subcommittees to
address issues in these three areas. Since then, the Committee has taken
steps to raise awareness, promote best practices, and provide

agencies tools for improving their security programs. For example, during
2000, the Committee sponsored development of a Federal Information Security
Assessment Framework, which is intended to serve as a self- assessment guide
for agencies and a means

of measuring their progress. We participated in development of the
framework, which was issued for agency use in December 2000, accompanied by
our letter of support.

? The Federal Computer Incident Response Capability (FedCIRC) at the General
Services Administration and the National Infrastructure Protection Center
located in the Federal Bureau of Investigation have both expanded their
efforts to issue warnings of potential computer intrusions or misuse and to
assist in responding to computer security incidents. In October 2000, the
CIO Council provided detailed guidance, developed cooperatively with the
Office of Management and Budget and others, on the process agencies should
follow to ensure that they (1) report security incidents to FedCIRC and (2)
receive alerts and warnings from FedCIRC. ? During 1999 and 2000, the
Congress held important

hearings on progress at specific agencies and on ways to strengthen
information security practices throughout the federal government and to
better

address threats to the nation's critical computerdependent infrastructures.
Several proposed bills were considered, and, in October 2000, provisions
intended to strengthen federal information security were enacted in law.
Continuing

Although the improvement efforts cited above are Weaknesses laudable, recent
reports and events indicate that they Underscore Need are not keeping pace
with the growing threats. While for Further Actions

complete summary data are not available because many computer security
incidents are not reported, the number of incidents that are reported is
growing. For example, the number of reported incidents handled by Carnegie-
Mellon University's CERT Coordination Center 6 has increased from 1, 334 in
1993 to 9,859 in 1999 and to 15, 167 during the first three quarters of
2000. Similarly, the Federal Bureau of Investigation reports that its
caseload of computer intrusion- related cases is more than doubling every
year. Further, in May 2000, the ILOVEYOU computer virus caused widespread
disruptions throughout the federal government.

In September 2000, we reported that, based on our analysis of the previous
year's audit reports, federal computer security continued to be fraught with
weaknesses and that, as a result, critical operations and assets continue to
be at risk. Similar to our September

1998 summary report, our September 2000 report identified significant
weaknesses in each of the 24 agencies covered by our review. 7 6 Originally
called the Computer Emergency Response Team, the center was established in
1988 by the Defense Advanced Research Projects Agency. It is charged with
(1) establishing a capability to quickly and effectively coordinate
communication among experts in order to limit the damage associated with,
and respond to, incidents and (2) building awareness of security issues
across the Internet community.

7 Information Security: Serious and Widespread Weaknesses Persist at Federal
Agencies (GAO/ AIMD- 00- 295, September 6, 2000).

Recently reported findings for individual agencies include the following
examples.

? In October 1999 8 and September 2000, 9 we reported that pervasive
computer security weaknesses at the Department of the Treasury's Financial
Management Service placed billions of dollars of payments and collections at
significant risk of loss or fraud, vast amounts of sensitive data at risk of
inappropriate disclosure, and critical computer- based operations at risk of
serious disruption. These weaknesses

affected a wide array of information systems that the Financial Management
Service used in its role as the government's central financial manager,
disburser, and collection agency. Our reports contained over 100 detailed
recommendations for correcting control weaknesses, many of which the Service
has implemented. ? In June 2000, 10 we reported that computer systems at the
Department of Energy's laboratories supporting civilian research had become
a popular target of the

hacking community with the result that the threat of attacks had grown
dramatically in recent years. We further noted that because of security
breaches, several laboratories had been forced to temporarily disconnect
their networks from the Internet, disrupting the laboratories' ability to do
scientific research for up to a full week on at least two occasions. We
recommended that the Secretary take specific actions to strengthen the
management of the 8 Financial Management Service: Significant Weaknesses in
Computer Controls (GAO/ AIMD- 00- 4, October 4, 1999).

9 Financial Management Service: Significant Weaknesses in Computer Controls
(GAO/ AIMD- 00- 305, September 26, 2000). 10 Information Security:
Vulnerabilities in DOE's Systems for Unclassified Civilian Research (GAO/
AIMD- 00- 140, June 9, 2000).

Department's unclassified computer security program. ? In July 2000, we
reported serious and pervasive problems that essentially rendered the
Environmental Protection Agency's (EPA) agencywide information security
program

ineffective. Our tests of computer- based controls concluded that the
computer operating systems and the agencywide computer network that support
most of EPA's mission- related and financial operations were riddled with
security weaknesses. 11 Our reviews resulted in over 100 recommendations for
correcting specific control weaknesses and

strengthening EPA's agencywide security program. ? In June 1999, 12 October
1999, 13 and September 2000, 14 we reported that the Department of Veterans
Affairs

had not yet fully implemented an integrated security management program and
had not devoted adequate resources to effectively manage computer security
at its medical facilities. In response to our findings and recommendations,
the Department plans to implement additional security initiatives in 2001
and

establish a fully operational security program by 2003.

11 Information Security: Fundamental Weaknesses Place EPA Data and
Operations at Risk (GAO/ AIMD- 00- 215, July 6, 2000). 12 VA Information
Systems: The Austin Automation Center Has Made Progress in Improving
Information System Controls (GAO/ AIMD- 99- 161, June 8, 1999). 13
Information Systems: The Status of Computer Security at the Department of
Veterans Affairs (GAO/ AIMD- 00- 5, October 4, 1999).

14 VA Information Systems: Computer Security Weaknesses Persist at the
Veterans Health Administration (GAO/ AIMD- 00- 232, September 8, 2000).

? In October 2000, we reported that pervasive weaknesses in the Corps of
Engineers' computer controls at its data processing centers and other

Corps' sites could allow both hackers and numerous legitimate users to
improperly modify, inappropriately disclose, and/ or destroy sensitive

and financial data, including Privacy Act data such as social security
numbers and other personal information. Further, such weaknesses could
result in a disruption of critical computer- based operations. These
weaknesses also increase the vulnerability of other Department of Defense
networks and systems

to which the Corps' network is linked. 15 We recommended 93 specific
corrective actions to address the weaknesses identified. Further Actions

We and agency inspectors general have made scores of Needed recommendations
to agencies regarding specific steps they should take to make their security
programs more effective. Most agencies have heeded these recommendations and
taken at least some corrective

actions. However, more needs to be done, especially in the area of security
program management, which continues to be a widespread and fundamental
problem. Recent audits continue to show that many agencies have not
developed security plans for major systems based on risk, have not
documented security policies, and have not implemented a program for testing
and evaluating the effectiveness of the controls they rely on. As a result,
they could not ensure that the controls they had implemented were operating
as intended and they could not make informed judgments as to whether they
were spending too little or too much of their resources on security.

15 Financial Management: Significant Weaknesses in Corps of Engineers'
Computer Controls (GAO- 01- 89, October 11, 2000).

Our May 1998 guide entitled Information Security Management: Learning From
Leading Organizations (GAO/ AIMD- 98- 68) provides a roadmap for managing
risks through an ongoing cycle of activities coordinated by a central focal
point, and, over the last two years, its

concepts have become more widely adopted throughout the federal government.
These risk management concepts are depicted in the Risk Management Cycle
shown in figure 5. Figure 5: Risk Management Cycle

Assess Risk and Determine

Needs Implement Central

Monitor and Policies and

Focal Evaluate

Controls Point Promote Awareness With enactment of the government
information security reform provisions of the fiscal year 2001 Defense
Authorization Act, in October 2000, agencies were

formally required to adopt these risk management practices. In addition, the
new law required annual management evaluations and independent audits of
agency security programs.

In November 1999, we issued a supplement to our May 1998 guide entitled
Information Security Risk Assessment: Practices of Leading Organizations
(GAO/ AIMD- 00- 33), which provides additional direction on this important
aspect of security program

management, including a list of critical success factors and examples of
practical risk assessment procedures that have been successfully adopted by
leading organizations.

In addition to individual agency efforts, further action is needed at the
governmentwide level. While OMB, the CIO Council, and the various federal
entities involved in critical infrastructure protection have expanded their
efforts, it will be important to maintain the momentum. For example, it is
important that these entities ensure that new tools, such as the CIO
Council's Security Assessment Framework, and new requirements, such as

those outlined in the fiscal year 2001 Defense Authorization Act, are
implemented effectively. Even more important will be ensuring that the
activities

currently underway are coordinated under a comprehensive strategy and that
the roles and responsibilities of the numerous organizations with central
responsibilities are clearly defined.

Further, as the federal government moves forward in these areas, it will be
important to take advantage of the experience gained from Year 2000
conversion efforts, which also involved mitigating risks to critical

computer- dependent operations. In October 1999, 16 we noted that several
factors associated with the Year 2000 efforts had laid a foundation for
longer- term improvements in the way we view protecting computers supporting
critical operations. These factors include ? providing high- level
congressional and executive branch leadership,

? understanding risks to computer- supported operations, ? providing
adequate technical expertise,

? providing standard guidance, ? establishing public- private sector
relationships, ? facilitating progress and monitoring performance, ?
developing an incident identification and

coordination capability, and ? implementing fundamental information
technology management improvements. For additional information on
information security issues, please contact Robert F. Dacey, Director,
Information Technology, at (202) 512- 3317 or daceyr@ gao. gov.

16 Critical Infrastructure Protection: Comprehensive Strategy Can Draw on
Year 2000 Experiences (GAO/ AIMD- 00- 1, October 1, 1999).

Ensuring Major Technology Investments Improve Services

The rapid pace of technological change and innovation has offered
unprecedented opportunities for the government to use information technology
(IT) to improve operational performance, reduce costs, and enhance service
responsiveness to citizens and consumers. Yet at the same time, a range of
issues have emerged about how to best manage and integrate complex
information technologies and management processes so that they are aligned
with mission goals, strategies and objectives. It is critical that federal
agencies have effective leadership and focused management control over the
government's $40 billion

annual investment in information technology. The government has made
improvements in its IT management, such as updating policies and guidance to
reflect best practices. Moreover, agencies are responding with concerted
actions to effectively address

critical IT management shortcomings in response to passage of the 1996
Clinger- Cohen Act. Nevertheless, our work shows that agencies continue to
be challenged by (1) fundamental weaknesses in information technology
investment selection and management control processes, (2) slow progress in
designing and implementing information technology architectures, (3)
inadequate or immature software development, cost estimating, and systems
acquisition practices, (4) the

need to build effective chief information officer leadership and
organizations, and (5) significant computer security weaknesses. Several
large modernization efforts that are key to delivering critical services
continue to be at risk. In particular, these efforts include those underway
to provide safe and efficient air travel, to modernize tax processing and
customer service operations, and to support national defense operations.
Since these projects were designated high risk in 1995, we have continued to
monitor them and recommend ways to ensure these major technology investments
are

successful in improving service and reducing costs. FAA, IRS, and DOD,
respectively, are taking steps to implement modernization management
capabilities to address our recommendations, but these projects continue to
face challenges that could affect their cost,

schedule, and performance.

? FAA Air Traffic Control Modernization ? IRS Tax Systems Modernization ?
DOD Systems Modernization

FAA Air Traffic Faced with rapidly growing traffic volume and aging Control

equipment, FAA initiated an ambitious Air Traffic Modernization

Control (ATC) modernization effort in 1981. This effort involves acquiring
new air traffic control facilities, as well as a vast network of radar,
automated data processing, navigation, and communications equipment, and it
is expected to cost a total of $45 billion through fiscal year 2005. To
date, the Congress has appropriated over $32 billion, and FAA estimates that
it will need $13 billion more.

Over the past 19 years, the modernization effort has experienced cost
overruns, schedule delays, and performance shortfalls of large proportions.
Our work over the years has pinpointed root causes of the modernization
program's problems, including (1) immature software acquisition
capabilities, (2) the lack of a complete and enforced systems architecture,

(3) inadequate cost estimating and cost accounting practices, (4) the lack
of an effective Chief Information Officer (CIO) management structure, (5) an
ineffective investment management process, and (6) an organizational culture
that impaired the acquisition process. We also noted that FAA faced many
challenges

in implementing its new air traffic management concept known as “free
flight,” which would allow pilots more flexibility in choosing routes
and is intended to improve

air traffic safety and efficiency. Since 1995, we have made over 30
recommendations to address the root causes of the modernization's problems.
For example, we recommended that FAA improve its software acquisition
capabilities by institutionalizing mature processes, develop and enforce

a complete systems architecture, and implement an effective CIO management
structure consistent with the department- level CIOs prescribed by the
Clinger- Cohen Act of 1996. FAA initiated numerous activities in response to
our recommendations in each of these areas. However, in many areas, more
must be done. For example:

? FAA developed an integrated framework for improving its software
acquisition, software development, and systems engineering processes. The
agency is also tracking several projects' efforts to improve these
processes. However, FAA does not yet require all systems to achieve a
minimum level of software process maturity before being funded.

? FAA is working to develop a complete systems architecture, or overall
blueprint, and expects to issue its draft of a technical architecture in
2001.

? To improve cost estimates, FAA developed a standard work breakdown
structure and has established an historical database for tracking

systems' costs and other information. However, it has not yet fully
instituted rigorous cost estimating practices. Further, FAA is working to
develop a cost accounting capability and expects to have this

capability fully in place by September 2002. ? FAA established a CIO
management structure consistent with the provisions of the Clinger- Cohen

Act, and the CIO is working to manage several complex agencywide
initiatives, which include improving information systems security,
developing a complete systems architecture, and improving the agency's
software acquisition processes. However, the CIO faces a continuing
challenge in ensuring that these initiatives are implemented and enforced. ?
To improve its investment management processes, FAA is now overseeing
investment risks and

capturing key information from the investment selection process in a
management information system. However, the agency has not yet issued
guidance for validating investment analysis data or instituted a process for
evaluating projects after

implementation in order to identify lessons learned and to improve the
investment management process.

? FAA issued an organizational culture framework in 1997 and is working to
implement it. However, the Department of Transportation's (DOT) Inspector
General reported in August 2000 that FAA's culture remains a barrier to
successful acquisition projects

and that integrated teams, a key mechanism to deliver more cost- effective
and timely products, are not working well because FAA's culture continues to
operate in vertical “stovepipes,” which conflict with the
horizontal structure of team operations. 1 In fact, 1 DOT Office of
Inspector General, Survey of the Federal Aviation Administration's
Integrated Product Development System (AV- 2000- 110, August 29, 2000).

our recent report on FAA's Wide Area Augmentation System (WAAS) confirmed
that the integrated teams were not working as intended. 2 We found that
competing priorities between two key organizations that are part of the WAAS
integrated team negated the effectiveness of the team's approach for meeting

the agency's goals for WAAS. ? FAA established a program office for its free
flight initiative to help reduce technical and financial risk

through the limited implementation of selected technologies for evaluation
prior to their full implementation. However, many challenges remain,
including developing software, integrating free flight technologies with
other modernization projects, and

addressing human factor issues affecting controllers and pilots. Clearly,
FAA has initiated numerous improvements, but its reform efforts are not yet
complete. In the meantime, major projects continue to face challenges that
could affect their cost, schedule, and performance. For example, in June
2000 we reported that FAA's WAAS project had experienced cost increases of
$500 million,

or about double the original cost, and a 3- year delay. Further, cost
increases and schedule delays are likely to grow because of problems
associated with meeting a key performance requirement to provide timely
warnings when its signal is providing misleading information and should not
be used.

We made several recommendations to FAA to address some of the risks facing
the WAAS program. We will 2 WAAS, which will be a ground- and satellite-
based navigation system for airspace users, is intended to significantly
augment and improve

the current ground- based system, which requires pilots to fly less
efficient routes to arrive at their destinations.

continue to evaluate FAA's progress on this and other system acquisition
efforts.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Transportation (GAO- 01- 253, January 2001), which
includes a list of related GAO reports. For additional information on FAA's
Air Traffic Control modernization, please contact Joel C. Willemssen,
Managing Director, Information Technology, at (202) 512- 6253 or
willemssenj@ gao. gov.

IRS Tax Systems Over a decade ago, IRS began modernizing its inefficient
Modernization

and outdated IT systems used to process tax returns and respond to taxpayer
inquiries. In 1995, we reported that this modernization effort suffered from
serious and

pervasive management and technical weaknesses, and until these weaknesses
were corrected, IRS was not ready to invest billions of dollars building
modernized systems. 3 At that time, we made recommendations to

correct the weaknesses. Immediately following our 1995 report, IRS made
limited progress in strengthening its modernization management capability.
As a result, we suggested in

1996, that the Congress limit IRS' IT spending to certain cost- effective
categories. In the fiscal year 1997 Omnibus Consolidated Appropriations Act
(Public Law 104- 208), the Congress did so and directed IRS to develop a
plan to correct its weaknesses, including developing and submitting to the
Congress by May 1997, an enterprise architecture (or agency- wide blueprint
for the modernization). In response, IRS took several

actions to address congressional direction and 3 Tax Systems Modernization:
Management and Technical Weaknesses Must Be Corrected If Modernization Is To
Succeed (GAO/ AIMD- 95- 156, July 26, 1995).

implement our recommendations. For example, IRS developed the first two
levels of a four- level enterprise architecture, referred to by IRS as the
Modernization

Blueprint. In September 1997 briefings and a subsequent report in early
1998, we noted that the blueprint was a good first step that provided a
solid foundation from which to define the level of detail and precision
needed to effectively and efficiently build a modernized system of
interrelated systems. 4 Subsequently, the Congress

established a multiyear capital account- the IT Investments Account (ITIA)-
to fund IRS system modernization initiatives and limited IRS' obligation of
these funds until it met certain conditions. 5 Between May 1999 and October
2000, IRS submitted three expenditure plans and two interim “stop
gap” plans, totaling about $477 million, for multiple program

and project- level modernization initiatives. This series of plans was
consistent with our position for IRS to incrementally modernize its systems
and submit incremental expenditure plans for release of ITIA funds. As we
had reported, such an incremental approach is an industry best practice and,
if properly implemented, is an appropriate approach to systems
modernization. 6

4 Tax Systems Modernization: Blueprint Is a Good Start But Not Yet
Sufficiently Complete to Build or Acquire Systems (GAO/ AIMD/ GGD- 98- 54,
February 24, 1998). 5 IRS was to submit to the Congress for approval an
expenditure plan that (1) implements the blueprint, (2) complies with
requirements of the Office of Management and Budget's (OMB) system
investment guidelines, (3) passes reviews and approvals by IRS, Treasury's
IRS Management Board, and OMB and is reviewed by us, (4) meets the
requirements of IRS' system life cycle management program, and (5) complies
with federal acquisition requirements and management practices.

6 Tax Systems Modernization: Results of Review of IRS' Initial Expenditure
Plan (GAO/ AIMD/ GGD- 99- 206, June 15, 1999).

We found that these expenditure plans generally complied with the
legislative conditions and our open recommendations. However, we also
reported that IRS' plans to build systems (perform detailed design and
software development activities) before correcting its long- standing
weaknesses introduced a high risk of failure. 7 In March 2000, IRS
appropriately restructured its modernization program by scaling back its
system development activities and giving priority to putting in place
modernization management capabilities and

controls. IRS' appropriation subcommittees underscored the need for IRS to
pursue this restructuring.

Since it restructured the program, IRS has made important progress in
addressing our recommendations. Specifically, in July 2000, IRS established
a program office to manage and oversee modernization activities. In response
to our recommendations, IRS is taking steps to make the program office fully
functional by early 2001 and is tracking this as a major program risk until
it is

done. Also in response to our recommendations, IRS has begun using
performance- based task orders to better ensure contractor satisfaction of
specified system and

service requirements on time and within budget. In addition, in September
and November 2000, when we reported on IRS' most recent ITIA requests, 8 we
observed that IRS had continued to make progress in 7 For example, see Tax
Systems Modernization: Results of Review of IRS' March 7, 2000, Expenditure
Plan (GAO/ AIMD- 00- 175, May 24, 2000) and Tax Systems Modernization:
Results of Review of IRS' August 2000 Interim Spending Plan (GAO- 01- 91,
November 8, 2000).

8 IRS submitted its second interim plan to the Congress in late August 2000
and requested approximately $32 million to carry the modernization through
the end of fiscal year 2000 and into early fiscal year 2001. In early
October 2000, IRS submitted its third expenditure plan, requesting about
$200 million to fund modernization programlevel activities through September
2001and project- level activities through their next milestones.

implementing our modernization management recommendations. For example, we
reported that IRS had largely defined its system life cycle methodology that
incorporated software acquisition and investment management processes as
well as program roles and responsibilities of IRS and its prime contractor.
To fully

implement our recommendation, IRS plans to have its life cycle management
processes- referred to by IRS as the Enterprise Life Cycle- implemented in
early 2001. We also reported on IRS progress in implementing our
recommendation for developing and implementing an enterprise architecture.
Despite important progress, IRS has more work to do before it will have
fully addressed our recommendations. IRS has plans and initiatives underway
to do so, but until this work is completed, key modernization management
controls are missing, which

increases the risks of projects not performing as intended, and costing more
and taking longer than they should. These risks are not as severe early in
the projects' life cycles when they are being planned (project definition
and design), but escalate as projects

begin to be built (detailed design and software development). Given that IRS
plans to begin building several major projects, it is important for IRS to
continue to make implementation of these program management controls,
particularly completion of its enterprise architecture, a top priority and
to refrain from building systems until these controls are sufficiently in
place and functioning. We have made recommendations,

which IRS has agreed to implement to accomplish this. This issue is also
discussed in Major Management Challenges and Program Risks: Department of
the Treasury (GAO- 01- 254, January 2001), which includes a list of related
GAO reports. For additional information on tax systems modernization, please
contact Randolph C. Hite, Director, Information Technology, at (202)

512- 3439 or hiter@ gao. gov.

DOD Systems DOD spends about $20 billion annually on IT to support

Modernization a wide range of military operations and business

functions (e. g., logistics, finance and accounting, health services), and
tens of billions more on technology embedded in sophisticated weaponry. This
heavy reliance will only grow as the Department moves to modernize and
respond to technological advances that are changing traditional approaches
to managing business functions and engaging in conflicts. To effectively and
efficiently leverage the huge sums of money that the Department plans to
invest in IT, DOD will have to develop and implement an integrated set of
enterprise architectures, or Departmentwide blueprints defining the future
operational and technical

environments for its core military operations and business functions. It
will also have to use investment selection, control, and evaluation
processes that ensure production of tangible, observable improvements in
mission performance and accountability, at acceptable costs within
reasonable timeframes. To date, the

Department has been challenged in its efforts to implement these fundamental
management controls, and although progress is being made, much remains to be
accomplished. The Department of Defense Appropriation Act for Fiscal Year
2000 (P. L. 106- 79, Oct. 25, 1999) reemphasized the need for the kind of IT
implementation and oversight processes cited in the Clinger- Cohen Act of
1996. Among other things, the act calls for an IT investment oversight
process that covers the life of each investment and includes explicit
criteria for analyzing projects'

expected and actual cost, benefits, and risks. DOD Inspector General and our
reports on DOD systems modernization efforts have identified a broad array
of

problems that reinforce the need for those processes and management
controls. 9

The Department's vision of using electronic commerce technologies to
transform and streamline its business processes and relationships is a vivid
illustration of the problems and risks that DOD faces in this area.
Specifically, we reported that the Department's electronic commerce vision
is at risk because a key element- a DOD- wide implementation plan, including
an electronic commerce enterprise architecture- has not been developed to
direct and control business

process change and IT investments in this area. 10 Without these management
controls, the Department does not have a common blueprint or roadmap that is
essential for effectively introducing modern electronic commerce operations
and investing in supporting systems.

DOD has not developed such a plan primarily because its Chief Information
Officer (CIO) and the Joint Electronic Commerce Program Office have been
unable to reach agreement with the military services and Defense agencies on
the scope and content of the plan.

In lieu of a common and integrated approach to electronic commerce, DOD is
allowing the joint program office, the military services, and three of the
larger Defense agencies to develop separate plans. According to CIO
officials, the separate plans may then be merged into a DOD- wide plan at
some point in the future, 9 Defense Information Management: Continuing
Implementation Challenges Highlight the Need for Improvement (GAO/ T- AIMD-
99- 93, February 25, 1999), Acquisition Management of the Composite Health
Care System II Automated System (Report Number 99- 068, January 21, 1999),
and Defense Management: Electronic Commerce Implementation Strategy Can Be
Improved (GAO/ NSIAD- 00- 108, July 18, 2000). 10 GAO/ NSIAD- 00- 108, July
18, 2000.

however, no specific commitment or date for doing this has been established.

As a result, DOD components are addressing architecture development within
their respective, stovepipe organizations. Such an approach will not
adequately support the Department's electronic commerce strategic
objectives, such as achieving systems interoperability across the Department
and streamlining its processes before implementing electronic commerce
technologies. Accordingly, we recommended that DOD place a high priority on
completing an electronic commerce

implementation plan; finishing an electronic commerce architecture;
establishing clearer lines of program management responsibility, authority,
and accountability; and ensuring that all new electronic commerce
initiatives support the Department's strategic

goals and have meaningful performance measures. In commenting on the report,
the Department concurred with our findings and recommendations. In its 2000
annual report to the President and the Congress, DOD acknowledged that
improvements were needed in IT management and oversight. Additionally,

the report cites steps underway to address its challenges in this regard,
such as creation of a Portfolio Management and Oversight Working- Level
Integrated Product Team to ensure that IT investments are managed and
evaluated based on specific measurable contributions to the Department's
mission goals and priorities. Similarly, the DOD has published an enterprise
architecture framework to guide component efforts in developing
architectures and to better ensure that they are defined consistently. Also,
the Department's fiscal year 2001 performance plan, which was required by
the Government Performance and

Results Act of 1993, included performance goals for IT management.
Recognition that improvements are needed in systems modernization management
is a positive step. Equally important will be the unwavering commitment of
DOD's

executive leadership. In successfully addressing the Year 2000 computing
challenge, DOD recognized the importance of this commitment. According to
DOD's lessons learned report, in the summer of 1998, senior DOD leaders
recognized that the century date change was a CEO problem. Additionally, the
Department recognized that a “business- as- usual” approach
would

not solve a problem as challenging, pervasive, and risky as Year 2000.
Accordingly, DOD instituted new, more enterprise- focused Year 2000
management controls. As we have reported and recommended, 11 applying Year
2000 lessons learned to management of systems modernization efforts will
better position DOD to effectively invest in IT in a way that optimizes
Departmentwide performance and accountability. We plan to continue
evaluating DOD's approach to investing in IT and to promote a more
integrated approach across organizational and cultural divides. This issue
is also discussed in Major Management Challenges and Program Risks:
Department of Defense (GAO- 01- 244, January 2001), which includes a list of
related GAO reports. For additional information on DOD systems modernization
efforts, please contact Randolph C. Hite, Director, Information Technology,
at (202) 512- 3439 or hiter@ gao. gov.

11 Department of Defense: Implications of Financial Management Issues (GAO/
T- AIMD/ NSIAD- 00- 264, July 20, 2000).

Providing Basic Financial Accountability

The federal government has historically lacked timely, accurate, and useful
financial information to assure financial accountability. Without good
financial information, the government cannot adequately measure

and control costs, manage for results, nor make timely and fully informed
decisions about allocating limited resources.

Over the past decade, the Congress has put in place a financial management
reform legislative framework- the Chief Financial Officers (CFO) Act, the
Federal Financial Management Improvement Act (FFMIA), and

the Government Management Reform Act. These statutes set the expectation for
agencies to improve financial reporting and internal control, routinely
produce sound cost and operating performance information and design results
oriented reports on the government's financial condition, and strengthen
human capital practices in financial operations. These legislative
expectations are not yet fulfilled.

A critical aspect of this is the legislative requirement for annual audited
financial statements for 24 major federal departments and agencies beginning
with fiscal year 1996, as well as for the government as a whole beginning

with fiscal year 1997. We have seen a steady increase in the number of
agencies that have obtained unqualified opinions on their financial
statements and in agencies' timeliness in issuing them. Fifteen of 24 major
agencies received unqualified opinions on their fiscal year 1999

financial statements- for fiscal year 1996, only 6 agencies achieved that
goal. At the same time, several major departments are not yet able to
produce auditable financial statements on a consistent basis. The most
significant in this regard is the Department of Defense (DOD), which
represents a large percentage of the government's assets, liabilities, and
net costs, but is not yet able to comply with generally accepted accounting
principles.

Challenges also continue in producing reliable statements for the entire U.
S. government. For the last 3 years, we reported serious deficiencies in the

government's systems, recordkeeping, documentation, financial reporting, and
controls. Until DOD, which is a major contributor to these problems, has
auditable financial statements, the government's consolidated statements
cannot be given a clean audit opinion. While clean audit opinions are
essential to providing an annual public scorecard, they do not guarantee
that agencies have the financial systems needed to dependably produce
reliable financial information. Many agencies have been able to obtain
unqualified audit opinions only through heroic efforts, which include using
extensive ad hoc procedures and billions of dollars in adjustments to derive
numbers as of a single point in time- the end of the fiscal year. These
efforts are often completed months after the end of the fiscal year. The
fundamental problem is that agency financial systems cannot routinely
provide this information.

Modernizing financial management systems is critical because most federal
agencies' financial management systems do not meet systems requirements and
cannot provide reliable financial information for managing dayto- day
government operations and holding managers accountable. For fiscal year
1999, agency financial auditors have reported that 21 of 24 major agencies'
financial systems did not comply substantially with federal accounting
standards and financial systems and

other requirements, as required by FFMIA. It will take time and effort to
raise federal financial systems to the level of quality and reliability
envisioned in FFMIA and the CFO Act.

We have seen important progress in improving financial management, and a
host of corrective actions are

underway. These efforts will have to be sustained and built upon to attain
the “end game” of having reliable, useful, and timely financial
and other important management information to make decisions and

monitor government performance every day. Concerted effort over a number of
years will be needed to achieve the intent of the CFO Act and other
financial management improvement legislation. We are working with OMB,
Treasury, and agencies

across government to identify and recommend financial management
improvements. The financial operations at agencies with the most significant
problems have been designated as high risk.

? DOD Financial Management ? Forest Service Financial Management ? FAA
Financial Management ? IRS Financial Management

DOD Financial Accurate financial information is crucial to making Management

sound decisions and controlling assets so that DOD's mission and goals are
efficiently and effectively accomplished. Considering DOD's vast operations,
including an estimated $1 trillion in both assets and reported liabilities,
and a reported net cost of operations of $378 billion in fiscal year 1999,
effective asset accountability and reliable financial information are

critical. The Department continues to confront pervasive and complex
financial management problems that can seriously diminish the efficiency of
the military services' support operations. Since 1995, DOD financial
management has been on our list of high- risk areas vulnerable to waste,
fraud, abuse, and mismanagement. The Department has made progress in a
number of areas, both larger steps forward and smaller incremental
improvements. As detailed in the following paragraphs, however, DOD has a
long way to go to effectively address these problems. Financial Reporting No
major part of DOD's operations has been able to pass

Continues to Be the test of an independent financial audit. The most
Inaccurate

recent audits of DOD's financial statements- for fiscal year 1999- highlight
ongoing financial management challenges that affect the development of
accurate and complete financial information. If available, this information
could provide useful perspectives to decisionmakers on such key areas as
budget requests, performance measurement, and costs. For example, because of
weaknesses in DOD's budget execution

accounting, the Department does not know with certainty the amount of
funding it has available. These weaknesses include (1) an inability to
reconcile an estimated $7 billion difference between DOD's available fund
balances and Treasury's, (2) frequent adjustments of recorded payments
between appropriation accounts- with nearly $1 of every $3 in fiscal year
1999 contract payments representing an adjustment, and (3) incorrect or
unsupported obligations. In addition, DOD records show an estimated

$1. 6 billion of transactions held in suspense accounts at the end of fiscal
year 1999. Until these suspended transactions are posted to the proper
appropriation account, the Department will have little assurance that
reported appropriation balances are correct. As we have testified, such
information is essential for DOD and the

Congress to determine if funds are available to reduce current funding
requirements or to be reprogrammed to meet other critical program needs.

Also, we have testified that, while the Department reported the total net
costs for its operations as $378 billion, it could not justify this amount.
Areas in which DOD has been hampered by the lack of reliable information on
the full cost of its programs include

(1) accounting for the costs associated with functions studied for potential
outsourcing under OMB Circular A- 76, including a long- standing concern
over how accurately DOD's in- house cost estimates reflect actual costs; (2)
controlling and managing weapon system acquisition, operation, and disposal
costs under its

overall Defense Reform Initiative; and (3) long- standing problems in
accumulating and reporting the cost data needed to help assess the economy
and efficiency of its businesslike activities used to provide goods and
services in support of the military services. Environmental

DOD does not have an effective process in place to Liability Is Uncertain

comprehensively and accurately report liabilities associated with its
environmental and disposal costs. DOD has taken important steps to better
recognize and report on these liabilities, increasing its reported estimated
liabilities from $34 billion in its fiscal year 1998 financial statements to
$80 billion in fiscal year 1999. As we have testified, more complete and
accurate information on these liabilities would be an important factor in
determining the timing of funding requests.

However, the full magnitude and timing of these costs are not yet known
because (1) DOD does not yet have a comprehensive inventory of all potential
environmental and disposal liabilities, potentially excluding billions of
dollars of costs associated with nonnuclear weapons, conventional munitions,
and ongoing operations; (2) estimates were not based on the consistent
application of assumptions and methodologies, resulting

in some cases in significantly different results across the services; and
(3) support for the basis of reported cost estimates continues to be
inadequate.

Accountability Over DOD cannot properly account for and report on its

Equipment and weapon systems and support equipment. Lacking such

Inventory Is Weak reliable information, DOD has little assurance that all

items purchased are received and properly recorded. Because the military
services cannot identify all of their weapon systems and support equipment
through a centralized system, each service had to supplement its

automated data with manual procedures to collect the information needed on
these assets to meet military objectives and readiness goals. For example,
items that were not included in the Army's centralized systems in fiscal
year 1999 included 56 airplanes, 32 tanks, and 36 Javelin missile command-
launch units. Additionally,

DOD has also been unable to account for and control its huge investment in
inventories. These weaknesses (1) increase the risk that responsible
inventory item managers may request funds to obtain additional, unnecessary
items that may be on hand but not reported

and (2) result in a loss of accountability that could affect supply
responsiveness and purchase decisions. (DOD inventory management, which is
another high- risk area, is discussed later in this report.) Financial

Establishing an integrated financial management Management Systems system-
including both automated and manual Are Inadequate processes- will be key to
reforming DOD's financial management operations. DOD has acknowledged that
its current financial management systems (1) are flawed with decades- old
problems that will be impossible to reverse overnight, (2) for the most part
do not comply with federal financial management systems

requirements, and (3) were not designed to collect data in accordance with
generally accepted accounting principles. The Department has set out an
integrated

financial management system goal. However, it faces a significant challenge
in integrating its financial management systems because of its size and
complexity and the condition of its current financial management operations.
That is, DOD supports personnel on an estimated 500 bases in 137 countries
and territories

throughout the world, makes an estimated $24 billion in monthly
disbursements, and maintains as many as 500 or more active appropriations in
any given year. In addition, each service operates unique, nonstandard
financial processes and systems. As a result, millions of transactions must
be keyed and rekeyed into multiple systems.

Transactions must be recorded using a complex line of accounting that
accumulates appropriation, budget, and management information that varies by
military service and fund type. An error in any one character in such a line
of code can delay payment processing or affect the

reliability of data used to support management and budget decisions.

Further, through the Year 2000 experience, DOD has learned that its goal of
systems improvement initiatives should be improving end- to- end business
processes.

Lessons learned from the Year 2000 effort also stressed the importance of
strong leadership from top leaders in making any goal- such as financial
management and systems improvements- an entitywide priority. DOD's current
Financial Management Improvement Plan sets out an integrated financial
management system as the

long- term solution for establishing effective financial management and
includes hundreds of initiatives to address its financial management
problems. However, as we recently testified, the plan's vision and goals
fell short of achieving basic financial management

accountability and control and did not position DOD to adopt financial
management best practices.

Key Actions Needed Successfully completing efforts to prepare financial
statements that can withstand the test of an audit will be a key milestone
for DOD. Such audit efforts can help in better understanding the extent,
nature, and underlying causes of the Department's long- standing financial
management problems, identifying information needs, and strengthening
fundamental discipline in its controls and systems. However, as we recently
testified, many of the planned financial management improvement initiatives
are mainly focused on one- time, year- end

numbers for financial statement purposes. In the short term, DOD also needs
to focus on improving its routine processes and controls relied on to manage
its every day operations. In the long term, sustaining the strong commitment
we have seen over the past few years from the highest levels of DOD
leadership- a commitment that must extend to the next Administration- will
be needed to overhaul DOD's financial systems and to ensure that personnel
throughout the Department share the common goal of establishing financial
management systems and

processes that routinely generate reliable financial information. This issue
is also discussed in Major Management Challenges and Program Risks:
Department of Defense (GAO- 01- 244, January 2001), which includes a list of
related GAO reports. For additional information on DOD

financial management, please contact Gregory D. Kutz, Director, Financial
Management and Assurance, at (202) 512- 9095 or kutzg@ gao. gov.

Forest Service Since the first audit of the Forest Service's financial

Financial statements, which covered fiscal year 1991, the USDA's Management

Inspector General (IG) has found serious accounting and financial reporting
weaknesses, some of which continue to exist today. While the Forest Service
has

committed considerable resources and has progressed in addressing some of
its long- standing financial management deficiencies, much work remains. In
fiscal year 1999, the IG was unable to determine the accuracy

of the reported $3. 1 billion in net property, plant and equipment, which
represented 51 percent of the agency's total assets. Also, the IG identified
significant

accounting and reporting weaknesses in the Forest Service's fund balance
with Treasury accounts and its financial management systems. Due to the
severity of the aforementioned deficiencies, in February 2000, the

IG disclaimed from issuing an opinion on the Forest Service's fiscal year
1999 financial statements. In addition to the IG reported weaknesses, we
have reported that the Forest Service's autonomous field structure has
hampered efforts to correct these accounting and financial reporting
problems. The IG reported in its fiscal year 1999 audit report that it was
unable to determine the accuracy of the Forest Service's reported $3. 1
billion in net property, plant and equipment. Specifically, of the $3. 1
billion, the IG could not verify the accuracy of the pooled assets, such as
roads and trails, valued at $1. 5 billion, because the agency lacked
sufficient documentation to support their purchase price, date acquired, and
related depreciation

costs. In addition, the IG reported that the Forest Service's pooled assets
did not include the book value of road prism costs- costs associated with
the underlying

foundation- for roads constructed prior to fiscal year 1998. The IG's audit
also disclosed that it was unable to verify fund balances with Treasury
totaling $2. 6 billion because the reconciliation of agency records with
Treasury records had not been completed. The IG has been providing
consulting services to the Forest Service and

the agency's outside consultant by assisting in researching and analyzing
unreconciled differences between agency and Treasury records and by

monitoring the agency's efforts to correct systemic problems within its new
accounting system that have contributed to the unreconciled differences.
While the Forest Service made great strides during fiscal year 2000 to
reconcile its fund balance with Treasury accounts, the IG still considers
the absolute unreconciled differences between the Forest Service and
Treasury's records significant and believes the Forest Service should
continue to research and correct the unreconciled amounts. As of October
2000, the IG estimated the absolute difference between Treasury's

records and the Forest Service's general ledger was over $592 million for
disbursements, and over $71 million for collections. However, the IG noted
that some of the unreconciled differences can be attributed to normal timing
differences. In addition, the IG stated that a portion of the unreconciled
differences will be corrected

when systems problems that have been present in the Forest Service's new
accounting system- such as posting fund balance transactions to the
incorrect

account- are fixed. The Forest Service implemented its new accounting system
agencywide on October 1, 1999, as scheduled. Despite some start- up
problems, such as rejected transactions and system downtime, Forest Service
staff

are now entering transactions into the system. However, the new accounting
system depends on and receives data from feeder systems that the IG and the
outside consultant have characterized as seriously deficient. Specifically,
the IG reported that these feeder systems-

which process and transfer information such as credit card, personal
property, and travel transactions into the new accounting system- are poorly
documented, operationally complex, deficient in appropriate control
processes, and costly to maintain. The IG has also concluded that these
feeder systems reduce assurance that the new system will be able to provide
timely, accurate, reliable, and consistent financial information.

USDA has agreed with the IG's recommendation to develop a long- range plan
to consolidate, integrate, and/ or reengineer the feeder systems. According
to USDA officials, the agency is in the process of requesting the funding
needed to implement the longrange

plan. In the meantime, USDA officials stated that the agency has developed
an interim plan to address problems plaguing some of the feeder systems that
the Forest Service uses in their financial operations. USDA anticipates
implementing this interim plan during this fiscal year.

The independence afforded by the agency's autonomous field structure has
hampered efforts to correct accounting and financial reporting weaknesses.
The Forest Service's field structure lacks a consistent structure for
financial management practices and each unit has operated independently when
carrying out various functions such as budget execution and

financial plan development. The Forest Service has initiated an assessment
of its field office financial management organizational structure but has
not yet reorganized its field structure to ensure clear lines of
responsibility and accountability within each region.

Until this is completed, the Forest Service's current autonomous field
structure may hamper its efforts to achieve financial accountability. The
Forest Service has completed several corrective actions and begun others
that, if successfully carried through, represent important steps toward
achieving financial accountability. For example, the Forest Service
implemented the previously mentioned new accounting system and completed and
implemented its

methodology for valuing road assets with the IG's concurrence. In addition,
the Forest Service is working to resolve problems in reconciling the fund
balance with Treasury accounts. The Forest Service must sustain top
management commitment and have substantial additional resources devoted to
addressing its

accounting and reporting weaknesses. In addition, the Forest Service will
need to demonstrate sustained financial accountability, which goes beyond
receiving an unqualified audit opinion. For instance, the Forest Service
will need to address material internal control weaknesses that limit its
ability to maintain accountability over its assets on an ongoing basis.
Because major barriers to achieving financial accountability at the Forest
Service remain, we continue to designate the Forest Service's financial
management as a high- risk area.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Agriculture (GAO- 01- 242, January 2001), which
includes a list of related GAO reports. For additional information on Forest
Service financial management, please contact McCoy Williams, Acting
Director, Financial Management and Assurance, at (202) 512- 6906 or
williamsm1@ gao. gov. Federal Aviation In January 1999, we designated FAA's
financial Administration

management as a high- risk area because of serious and (FAA) Financial long-
standing accounting and financial management Management weaknesses. FAA
received its first ever unqualified opinion on its fiscal year 1999
financial statements,

which represents progress from prior years when the IG was unable to express
an opinion on FAA's financial statements. But it took heroic efforts to
achieve an unqualified opinion. For example, because FAA lacks an adequate
system to account for its property, plant, and equipment (PP& E) on an
ongoing basis, FAA used alternative procedures and labor- intensive methods
to establish a baseline and costs for PP& E. FAA has reached an important
milestone by attaining a clean audit opinion on its financial statements,
but it has not yet proven it can sustain this outcome, and it has not

reached the end goal of routinely having timely, accurate, and useful
financial information.

Until FAA has financial management systems and related procedures and
controls that provide reliable information to (1) prepare financial
statements and reports, (2) account for PP& E on an ongoing basis, and (3)
meaningfully accumulate and report costs for programs and activities, FAA
financial management will continue to be at high risk of waste, fraud,
abuse, and

mismanagement. FAA Property Since 1994, DOT's Inspector General has reported
that Systems FAA lacks the systems and related procedures to accurately and
routinely account for its PP& E- which,

as of September 30, 1999, totaled $10.8 billion. This lack of timely and
accurate PP& E information may impede program officials' ability to properly
manage and safeguard these assets and to make prudent business decisions. It
may also limit their ability to accurately determine the costs of operations
on an ongoing basis.

In fiscal year 1999, FAA started an extensive laborintensive project to
reconstruct the detailed records needed to document its PP& E costs. With a
significant effort and commitment of resources, FAA made real progress and,
for the first time, established a PP& E

baseline. This extraordinary effort resulted in corrections to previously
reported PP& E amounts, including a $3 billion increase in the reported cost
of PP& E and an $806 million increase in accumulated depreciation. While
these special efforts established a

baseline for PP& E, without adequate systems and controls, FAA will have
difficulty tracking its PP& E activity on a routine basis. In its report on
FAA's financial statements for fiscal year 1999, the IG concluded that the
manual and labor- intensive efforts could not be sustained in the future and
are prone to errors, mistakes, and inaccuracies. As a result, the IG

classified the internal controls over FAA's PP& E as a material weakness.

During fiscal year 2000, FAA began implementing a new system to maintain
detailed PP& E records that can calculate depreciation. In the past,
depreciation expense, which is an important component of FAA's operating
costs, required the preparation of separate electronic spreadsheets. The new
system is expected to be fully operational by September 2001. However, the
full benefits of the new system for PP& E will not be realized until it is
integrated with systems changes (or replacements) to FAA's existing related
property systems that identify and track PP& E activity, such as property
acquisitions and disposals. FAA does not expect these related PP& E systems
to be fully implemented until fiscal year 2003. We will continue to monitor
FAA's progress in implementing these new systems to determine whether they
are responsive to the concerns that we and the IG has raised.

FAA Managerial Cost FAA lacks a cost accounting system or an alternative
Accounting

means to meaningfully accumulate and report its costs. Information

The objective of a cost accounting system is to accurately assign basic
financial costs- such as an agency's labor, overhead, and other costs- to
program activities and projects. Accurate cost information is essential in
managing FAA's programs in the following areas: (1) budgeting and cost
control, (2) performance management, (3) determination of cost
reimbursements

and the setting of fees and prices, (4) program evaluations, and (5)
choosing between alternative actions. 1 Deficiencies in these areas limit
FAA's and 1 The Statement of Federal Financial Accounting Standards No. 4,
Managerial Cost Accounting Standards, July 31, 1995, describes these

five areas for which cost information is essential in managing government
programs.

others' ability to make effective decisions about resource needs and to
adequately control major projects, such as its multibillion- dollar ATC
modernization program.

FAA has made substantial progress in developing its cost accounting
capabilities. It is developing a comprehensive cost accounting system which
it expects

to have fully operational by the end of fiscal year 2002. This system is
expected to provide detailed information about the costs of services that
FAA provides to the

public. As of September 30, 2000, FAA had implemented three of the four Air
Traffic Services cost accounting system applications. 2 In July, these
applications began producing reports that FAA's managers are using for
analysis and training. The fourth application is scheduled for
implementation during the second quarter of fiscal year 2001. These plans
address many of our concerns. However, the

applications being placed in service are not fully integrated with other FAA
and DOT systems. Integration, which is an important element to fully realize
the efficiency and effectiveness of modern data processing systems, is
dependent on the eventual replacement of those other systems. In addition,
FAA's

cost systems applications, like DOT's system, presently require some costs
to be manually allocated, rather than allocating them automatically. As a
result, the systems

do not provide the reliable up- to- date data needed for making decisions.
This issue is also discussed in Major Management Challenges and Program
Risks: Department of Transportation (GAO- 01- 253, January 2001), which

2 Air Traffic Services is the FAA organization responsible for maintenance
and operation of the national airspace system.

includes a list of related GAO reports. For additional information on FAA
financial management, please contact Linda M. Calbom, Director, Financial
Management and Assurance, at (202) 512- 9508 or calboml@ gao. gov.

IRS Financial IRS financial management continues to be a high- risk
Management

area because of ongoing weaknesses in IRS financial management and
operational systems and processes. IRS has neither the reliable financial
and operational information needed to measure the full cost of administering
the Internal Revenue Code nor the data to report meaningful, cost- based
performance information. As a result, IRS management and the Congress lack
the

information to determine whether IRS has the appropriate levels of funding
and staff and is effectively using them. Because of these problems, we were
unable to render audit opinions on four of IRS' six financial statements,
and our opinion on its balance sheet was qualified for fiscal year 1999. IRS
was able to reliably report the amounts of tax revenue collected and related
refunds disbursed during fiscal year 1999 and the balance of taxes
receivable outstanding at fiscal year- end. However, to achieve this, IRS
once again depended on successfully completing extensive and time- consuming
ad hoc procedures to compensate for its long- standing and pervasive
internal control weaknesses.

IRS has taken action on a number of the financial management issues we have
identified, and has shown a strong commitment to resolving these issues. In
particular, IRS has worked aggressively to address a

number of issues that are not dependent on systems modernization for their
resolution. IRS recognizes, however, that the resolution of many of the
financial

management issues depends on the success of its systems modernization
efforts.

IRS' primary internal control weaknesses relate to the following areas.
Accountability Over

Our audit of IRS' fiscal year 1999 financial statements Administrative
identified severe weaknesses in accounting, reporting, Accounts and and
budgetary controls that rendered IRS unable to Budgetary Resources reliably
report how it spent the $8. 5 billion it was appropriated by the Congress in
fiscal year 1999. IRS was unable to reliably report the costs of its
programs,

was not timely charging costs against appropriations and was failing to de-
obligate balances appropriately, and continued to exhibit severe
deficiencies in accountability for property and equipment. These weaknesses
seriously impaired IRS' ability to ensure that resources were spent in
accordance with laws, regulations, and management policy. IRS did make
substantial progress in resolving its long- standing problems with controls
over its fund balance with Treasury, 3 and has laid the groundwork for
institutionalized reconciliation policies and procedures that, if
effectively implemented and maintained, should prevent similar problems from
recurring in future years. Management of IRS' internal controls over tax
receipts and data do not Taxpayer Receipts

adequately protect the federal government and and Data taxpayers from the
vulnerability to loss from theft and inappropriate disclosure of proprietary
taxpayer information. IRS made some improvements in these controls during
fiscal year 1999, such as enhancing 3 Agencies record their budget spending
authorizations in their fund

balance with Treasury accounts. Agencies increase or decrease these accounts
as they collect or disburse funds.

controls over tax receipts by strengthening courier operations. However, we
continued to find significant but easily correctable weaknesses. For
example, we

found that IRS continued to allow thousands of employees access to taxpayer
receipts and data before it received the results of their fingerprint
checks. We also continued to find checks left in open baskets, returned
checks that had not been marked nonnegotiable, and personal belongings of
IRS' employees allowed into restricted areas where taxpayer receipts were
being processed. These weaknesses expose the government and taxpayers to
avoidable losses and increase the risk that confidential taxpayer data may
be compromised. Management of IRS continues to have serious internal control

Unpaid Tax deficiencies that affect its management of unpaid tax

Assessments assessments. IRS still lacks a subsidiary ledger that tracks and
accumulates unpaid tax assessments on an ongoing basis. Consequently, IRS
must rely on specialized computer programs to extract unpaid assessment
information from its masterfiles- its only detailed databases of taxpayer
account information- in order to prepare its financial statements. However,
tens of billions of dollars in adjustments were necessary to correct
misclassifications and eliminate duplications in

fiscal year 1999. Additionally, IRS' automated records continued to contain
errors and IRS continued to experience delays in recording tax assessments,

payments, and other activities. These weaknesses have resulted in both lost
revenue to the government and significant taxpayer burden. For example,
during fiscal year 1999, IRS (1) pursued collection efforts against
taxpayers actually due refunds and issued refunds to taxpayers who actually
owed taxes, (2) entered into installment agreements that did not provide for
full payment of the outstanding taxes owed, and (3) did not always promptly
release tax liens

once the tax liability had been satisfied. 4 In addition, we found that IRS
did not aggressively pursue significant amounts in outstanding taxes owed
the federal government, resulting in potentially billions of dollars in lost
revenue. This issue is also discussed later under the high- risk area
designated as Collection of Unpaid Taxes.

Computer Security For the past 7 years, we have reported significant and
Controls long- standing weaknesses in controls over IRS' information
systems. We also found that computer security controls over IRS' key
applications that manage tax return input, and receipt processing did not
provide assurance that only authorized personnel had access to the
application and related data, that the data were complete and accurate, and
that application and data

integrity was maintained. IRS has made significant progress in improving
computer security weaknesses that we have identified. However, much remains
to be done to resolve the serious weaknesses within IRS' computing
environment that place its automated systems and taxpayer data at serious
risk to both internal and external threats. Addressing the Issues We have
provided IRS with detailed management and

operational recommendations, and we will continue to make additional
recommendations as necessary. Additionally, to better assist the Congress in
making informed funding decisions concerning the appropriate levels and uses
of IRS' resources, Congress should 4 The Treasury Inspector General for Tax
Administration also reported IRS delays in releasing tax liens in its report
Controls for Ensuring That Federal Tax Liens are Promptly Released in the
Northeast Region (Report No. 682302, September 8, 1998).

consider requiring IRS to provide reliable aggregate cost- benefit
information related to its various collection and enforcement activities in
any budget request for additional resources in support of these programs.
IRS' senior management, including the Deputy

Commissioner for Operations, has been proactive in addressing these issues
and has played a major role in the progress IRS has achieved to date.
However, resolving many of IRS' most serious problems will require a
sustained long- term commitment of resources, continued involvement of
senior management, and sustained progress in systems modernization.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of the Treasury (GAO- 01- 254, January 2001), which
includes a list of related GAO reports. For additional information on IRS
financial management, please contact Steven J. Sebastian, Acting Director,
Financial Management and Assurance, at (202) 512- 3406 or sebastians@ gao.
gov.

Reducing Inordinate Program Management Risks

We have identified inordinate program management risks in major program and
mission areas. These range from large benefit payment programs that sustain
substantial losses to the earned income credit program that experiences a
high rate of noncompliance, the problems related to collecting unpaid taxes,
and the continuing difficulties associated with programs that provide
financial aid to students. We have reported these in our Performance and
Accountability Series and have designated, and continue to monitor several
of them, as high risk because the underlying problems can significantly
impair service, reduce effectiveness, or diminish efficiency. Effectively
addressing the underlying causes of program management weaknesses

offers tremendous opportunities to reduce government costs and improve
services.

? Medicare Program ? Supplemental Security Income ? Earned Income Credit
Noncompliance ? Collection of Unpaid Taxes ? DOD Infrastructure Management ?
DOD Inventory Management ? HUD Single- Family Mortgage Insurance and

Rental Housing Assistance Program Areas ? Student Financial Aid Programs ?
Asset Forfeiture Programs

Medicare Program Because of the program's vast size and complex structure,
in 1990 we designated Medicare as a high- risk

program- that is, at risk of considerable losses to waste, fraud, abuse, and
mismanagement- and it remains so today. Since that time, we have
consistently reported on systemic difficulties in safeguarding Medicare
payments.

One such difficulty is the production of reliable management information,
which has had an impact on paying or denying Medicare claims appropriately,
developing new payment methods for post- acute care, paying Medicare's
managed care (Medicare+ Choice) plans appropriately, and implementing sound
financial

management practices. In Medicare's traditional fee- for- service component,
HCFA does not have a clear picture of the individual or relative performance
of the program's claims

administration contractors, which are responsible for safeguarding
Medicare's fee- for- service payments. In fiscal year 1999, these payments
totaled $171 billion. HCFA also lacks sufficient information on newly
designed payment systems to determine whether providers are being paid
appropriately for the services

they deliver. As for Medicare+ Choice, HCFA similarly lacks the data needed
to monitor the appropriateness of payments made to health plans and the
services Medicare enrollees receive. Due to a failed attempt in the 1990s to
modernize Medicare's multiple information systems, HCFA's current systems
remain seriously outmoded. Without effective systems, the agency is not well
positioned for sound financial or programmatic management.

In Traditional HCFA contracts with private companies, mostly Medicare,
Problems insurance companies, to review and pay providers' Ensuring
Appropriate claims for health care delivered to program

Claim Payment beneficiaries. These contractors run the day- to- day Remain
operations of Medicare's traditional, fee- for- service

program component, which accounts for over 80 percent of the program.
Although the contractors are the front- line of defense against provider
fraud and abuse and erroneous Medicare payments, in the 1990s, several
contractors defrauded the government or settled cases alleging fraud for
hundreds of millions of dollars.

HCFA rarely uncovered these cases through its own oversight efforts. The
reason is, in part, that the agency relied on contractors' self-
certifications of management controls and contractors' self- reported data
on performance and seldom made independent validations

of contractor- provided information. This is inconsistent with federal
standards that require the monitoring of internal controls to assess the
quality of performance over time and ensure that identified problems are
promptly resolved. 1

Our July 1999 report on HCFA's efforts to monitor Medicare's claims
administration contractors identified many weaknesses. For years, HCFA's
contractor evaluation process lacked the consistency that agency reviewers
need to make comparable assessments of contractor performance. HCFA
reviewers had few measurable performance standards and little agencywide
direction on monitoring contractor's payment safeguard activities. Under
these circumstances, the reviewers in HCFA's 10 regional offices, who were
responsible for conducting contractor evaluations, had broad discretion to
decide what and how much to review as well as what disciplinary actions to
take against contractors with performance problems. This highly
discretionary evaluation process allowed 1 The Comptroller General's
Standards for Internal Control in the Federal Government (GAO/ AIMD- 00- 21.
3. 1, November 1999) provides a framework for agencies to establish and
maintain internal controls and identify and address major performance and
management

challenges in areas at greatest risk of fraud, waste, abuse, and
mismanagement.

key program safeguards to go unchecked and led to the inconsistent treatment
of contractors with similar performance problems. In addition,
responsibility for

various aspects of contractor activities was splintered across many central
office components, while regional staff who conducted day- to- day oversight
were not directly accountable to any particular central office unit.

As a result of these findings, we made a number of recommendations to
improve HCFA's management and oversight of Medicare claims administration
contractors. In summary, we recommended that HCFA enforce contractors'
compliance with existing standards while developing better standards for
assessing

contractor performance; strengthen accountability for evaluating contractor
performance and agency oversight; and require verification of contractors'
internal controls and contractor- reported data. In response to our
recommendations, HCFA

? has begun using national review teams to conduct contractor evaluations.
The teams combine the expertise and dual perspective of central and regional
office staff. ? established an executive- level position at its central
office with ultimate responsibility for contractor oversight and recently
established four positions in

the field reporting directly to that executive, reflecting the 4 groupings
of its 10 regional offices. ? hired several public accounting firms to
review overall internal control design and the effectiveness

of financial controls at 26 Medicare contractors and required contractors
with control weaknesses to develop plans to correct them. 2

2 For fiscal year 2001, HCFA is planning to have effectiveness of
information technology, claims processing, financial, and debt collection
controls tested at 13 Medicare contractors.

HCFA is also seeking to enhance the usefulness of the Medicare national fee-
for- service claims error rate data developed by the HHS Office of the
Inspector General

(OIG). Each year, from reviewing a sample of paid claims, the OIG estimates
how many claims were paid in error because they lacked appropriate
documentation, were not for Medicare- covered services, or were for services
deemed not medically necessary. However, the error rate does not distinguish
between benign paperwork mistakes and abusive billing practices, nor does it
identify the volume of erroneous payments at each contractor. Thus, to
improve the error rate's use as a management tool, HCFA has an initiative to
develop a separate error rate for each contractor. It has hired a
“validation” contractor that will randomly sample processed
claims and recheck the processing and

payment decisions made. From the results, HCFA intends not only to measure
contractor performance but also to identify which categories of services or
provider types are the source of improper billing practices, thus targeting
specific areas that need improvement. Improved Payment

In addition to monitoring the contractors' claims review Methods Can Still
Be activities to ensure that only appropriate claims are Exploited

paid, HCFA faces challenges in establishing appropriate prices to pay for
covered services. Most recently, it has had the challenge of ensuring the
integrity of new payment methods mandated by the Congress. For example, the
Balanced Budget Act of 1997 introduced several payment reforms, calling for
HCFA to develop

and implement new methods to pay for post- acute care- the care provided
principally by skilled nursing facilities, home health agencies, and
outpatient rehabilitation facilities. Under the old payment methods,

post- acute care providers were reimbursed their costs (within certain
limits) for all the services delivered. The Congress changed this payment
approach to control the rapid spending growth for post- acute care that
occurred during most of the 1990s.

Under the new approach, known as prospective payment (currently in place for
home health providers and skilled nursing facilities), post- acute care
providers are paid rates fixed in advance for units of care (such as a day
in a skilled nursing facility or an episode of home health care) rather than
for the costs of each service.

Providers face the risk of loss if their costs exceed their payments, while
those that can furnish care for less than the prospective payment rate will
retain the difference.

However, a new opportunity for providers to boost net revenues
inappropriately exists under this approach: providers could skimp on
services and compromise the patient's quality of care. HCFA does not have
the analytic tools available to identify and document underservice. Major
gaps in information make prospective payment systems vulnerable to
manipulation, thus undermining the systems' potential to constrain Medicare
costs. To protect taxpayer dollars, HCFA needs the information to ensure
that claims payments are accurate and that payment rates are set at the
appropriate level. To protect beneficiaries, HCFA needs information on
patients'

health status and use of services to guard against providers' withholding
needed services. Our findings on the prospective payment method for home
health services illustrate the problem and support our recommendation, as
shown in table 9.

Table 9: Risk- Sharing Could Mitigate Potential Problems in Home Health
Payments Design of home health Selected design features include the
following:

prospective payment

? Home health agencies receive one payment for each 60- day episode of
system

care, regardless of the actual services provided. There are no limits on the
number of episodes a home health agency may provide a patient. ? Rates are
based on pre- BBA use levels, which are widely regarded as

excessive.

Vulnerability to To increase revenues, a provider could

payment abuses ? treat beneficiaries for more episodes than necessary ?
reduce the number of visits provided during an episode

GAO recommendation To mitigate beneficiary and financial risk, we
recommended that HCFA adopt a risk- sharing provision whereby the government
shares in a home health agency's excessive losses but protects the program
from an agency's excessive gains. a

Agency response HCFA did not agree to implement our recommendation. It was
concerned that any additional change to payment policy would be too
confusing for home health agencies at this time. However, we believe that
the absence of any constraint on payments leaves Medicare's new home health
payment system open to exploitation.

a A risk- sharing arrangement that limits the amount a home health agency
can lose or gain would involve a year- end settlement that compares an
agency's actual Medicare- allowed costs with its total Medicare payments.
Payments above the costs would be constrained to a specific percentage, as
would agency losses.

Medicare+ Choice Medicare's managed care component known as Has Its Own Set
of Medicare+ Choice is also subject to improper payment

Integrity Issues problems. In fiscal year 1999, payments to Medicare+ Choice
plans totaled $37 billion, or more than 17 percent of all program spending.
The fact that a

Medicare+ Choice plan receives a fixed monthly payment for each beneficiary
it enrolls rather than for each service delivered raises another set of
program integrity challenges involving excessive payments for enrollees and
failure to deliver necessary services. Plans may be overpaid when they
attract relatively healthy and low- cost beneficiaries. It becomes a program
integrity issue when plans purposely seek to enroll these individuals. Plans
may also be overpaid

when their reported data used to establish payment levels are erroneous or
misreported. Program integrity is also compromised when plans fail to
deliver services that enrolled beneficiaries need. Table 10 provides
specific examples of these issues.

Table 10: Program Integrity Issues in Medicare+ Choice Favorable selection
of Through their marketing practices or provider incentive arrangements,
some healthier beneficiaries plans may attract healthier beneficiaries and
have more of their sick members

disenroll. Plans gain financially because healthy beneficiaries cost less to
serve than chronically or acutely ill beneficiaries. Whether intentional or
accidental, however, favorable selection results in huge excess Medicare
costs. In August 2000 we reported that, in 1998, Medicare+ Choice plans were
paid an estimated $3.2 billion more than if the plans' enrollees had
received care in the traditional Medicare program. In reports and testimony,
we have consistently discussed the need to adjust Medicare+ Choice payments
to reflect enrollees' health status. However, in 1999, the Congress slowed

implementation of HCFA's health- status- based payment adjuster and mandated
additional studies on HCFA's adjustment methods.

Misreported or The HHS OIG found cases in which Medicare paid plans for
deceased

erroneous data that beneficiaries and beneficiaries receiving services in
traditional Medicare. The

increase payments

OIG also found that some plans inappropriately received enhanced payments
because the plans erroneously reported some of their enrollees as having
institutional status. (An enrollee's residence in an institution triggers a
higher payment.) In 1998, we reported that some plans took advantage of an
overly broad Medicare definition to classify healthy beneficiaries living in
retirement communities as living in “institutions” and thereby
increase their Medicare

payments substantially. HCFA has since adopted our recommendation to tighten
the definition of an institution for payment purposes, but the extent to
which the new definition is being enforced is uncertain.

Failure to deliver In April 1999, we reported that a large Medicare+ Choice
plan provided a

required services prescription drug benefit with less coverage than it
agreed to in its contract with HCFA. This case was discovered in our review
of plan marketing materials, which found that several plans distributed
misleading, inaccurate, or incomplete information about covered benefits. In
a separate April 1999 report, we noted that several plans failed to
adequately inform beneficiaries that they could appeal a plan's decision to
deny services or payment for services. We have made several recommendations
addressing HCFA's need to develop formatting and content standards for
plans' marketing and appeals process literature. HCFA has implemented
certain of our recommendations and has established work groups to consider
others. Reliable information about plan enrollees will become even more
critical in the future as Medicare phases in a new risk adjustment
methodology that will pay plans on

the basis of their enrollees' expected care costs. Under this new
methodology, payment rates will be determined largely by patient utilization
data submitted by plans.

Any errors in the patient data will thus result in inaccurate plan payments.
Inadequate

A major weakness underlying HCFA's efforts to ensure Information Systems
proper payments of Medicare claims is that its and Financial information
systems are outmoded and many of its Management financial management
procedures are not yet in order. Continue to Although HCFA has taken steps
to begin modernizing its

Undermine Efforts to systems and strengthening its financial management,

Safeguard Medicare many challenges remain. In the early 1990s, HCFA launched
a systems acquisition initiative to replace Medicare's multiple,
contractoroperated

claims processing systems with a single, more technologically advanced
system. It was envisioned that such a system would have information for both
traditional Medicare and Medicare+ Choice, simplify program administration,
save on administrative costs, and better ensure proper payment by greatly
improving HCFA's ability to spot improper billing practices. Although based
on a sound notion, this system acquisition failed due to a series of
planning and

implementation missteps. Thus, Medicare was left with numerous aging
information systems that needed Year 2000 renovation. To its credit, HCFA
made exceptional efforts to ensure that the agency's systems and those of
its business partners were prepared, with the result that HCFA reported few
significant Year 2000 problems.

These system renovations, however, put broader modernization plans on the
back burner until recently. To date, initial work on some of its systems has
begun,

but completion of its systems modernization remains years away. Similarly,
HCFA's first step toward improving its financial management procedures met
with success, but

much work in this area remains to be done. In an audit of its fiscal year
1999 financial statements, HCFA received for the first time an unqualified,
or “clean,” opinion. The agency achieved this, in part, because
it recognized the need to address long- standing concerns about the accuracy
of Medicare accounts receivable- primarily overpayments made to providers
that need to be recouped. Assisted by the HHS OIG and auditors

from an independent public accounting firm, HCFA conducted an extensive
effort to validate reported receivables, which resulted in a one- time
write- off of $3 billion.

However, HCFA has a long way to go to achieve sound financial management-
that is, systems, processes, and controls that routinely generate reliable,
useful, and timely information for managers and other decisionmakers. Since
the audit of the fiscal year 1996 financial statements, subsequent annual
audits and other reviews have found numerous weaknesses in internal controls
in HCFA's financial activities. At the heart of its problems, the agency
does not have a single,

integrated financial accounting system that can be used to track and report
financial activities, including receivables. Instead, HCFA and its
contractors use several fragmented and overlapping systems and do not
adequately verify the accuracy of reported activities and balances, which
increases the risk of errors and misstatements. For example, Members of
Congress

were concerned that millions of dollars were owed to Medicare by Texas home
health agencies that had been paid too much for services provided to
Medicare beneficiaries and were no longer in business. The usefulness of the
information HCFA developed in response to this concern was limited, however,
since HCFA was not able to determine the correct amounts owed. In part, this
was because HCFA's Provider Overpayment Report system, which it uses to
track certain overpayments, had incorrect information. This situation and
problems with the adequacy of existing

internal controls indicate that extraordinary measures will be needed to
maintain a clean opinion on HCFA's annual financial statements until these
problems can be remedied. The fragmentation of accounting systems that
overlap

without being reconciled makes generating accurate and reliable information
a major challenge. For example, even after the $3 billion write- off of
accounts receivable, HCFA was left with significant amounts of delinquent
receivables. At the end of fiscal year 1999, HCFA had an accounts receivable
balance of $7. 3 billion, of which 45 percent was more than 6 months
delinquent. HCFA's efforts under the Debt Collection Improvement Act of 1996
to refer delinquent debt for collection to the Department of the Treasury in
a timely manner have been confounded, in part, because of the work it takes

the contractors to validate each debt before it can be referred to Treasury.
3 Such validation is problematic because of the unreliability of the
agency's systems for tracking and recording overpayments. We, the OIG, and
independent auditors have made numerous recommendations to strengthen HCFA's
financial management. Because of the seriousness of the challenge, we
recommended that HCFA develop a comprehensive strategy to address financial
management and accountability issues. To this end, HCFA has initiated a
number of efforts, including working to develop a set of integrated
financial management information systems. However, these

systems are not expected to be fully operational until 2004 at the earliest.
In the meantime, using its current systems, HCFA and its contractors must
take interim steps to put adequate controls in place. Without these

3 The act generally requires that debts delinquent over 180 days be
transferred to Treasury or, in certain cases, a Treasury- designated center
for debt collection.

controls, HCFA is not in a position to generate the consistent and accurate
data needed to ensure the integrity of the agency's financial management
operations.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Health and Human Services (GAO- 01- 247, January 2001),
which includes a list of related GAO reports. For additional information on
Medicare, please contact Leslie G. Aronovitz, Director, Health Care, on
(312) 220- 7600 or at aronovitzl@ gao. gov.

Supplemental In prior work, we have reported on Supplemental

Security Income Security Income (SSI) program abuses and

mismanagement, increases in overpayments, and SSA's difficulties recovering
outstanding SSI debt. These issues have spurred congressional criticism of
SSA's ability to manage its workloads effectively. In February 1997, we
designated SSI a high- risk program because of its susceptibility to fraud,
waste, abuse, and

mismanagement. We found that, to a great extent, SSA's inability to address
its most significant problems with the SSI program is attributable to two
underlying causes: (1) an organizational culture that places a greater
priority on processing and paying claims than on controlling program
expenditures and (2) a management approach characterized by SSA's reluctance
to fulfill its policy development and planning role in advance of major
program crises.

In regard to SSA's organizational culture, our prior work confirmed that
there has been a tendency among staff and managers to view the SSI program
in much the same way as SSA's Old Age Survivors Insurance and Disability
Insurance programs- where emphasis is placed on quickly processing claims
for individuals with an earned right to benefits- rather than as a welfare
program,

where additional income and asset verifications are necessary. As a result,
SSA has often relied heavily on recipient self- reporting of their financial
circumstances with insufficient agency verification. SSA's culture has also
contributed to the low priority placed on recovering overpayments once they
are identified. This has been evidenced by SSA's past reluctance to use
available overpayment recovery tools and to pursue additional

tools aggressively when warranted, including tax refund offsets, credit
bureau reporting, collection agencies, and interest levies on outstanding
debt. In fiscal year 1999, outstanding SSI debt and newly detected
overpayments for the year totaled more than $3. 8 billion. SSI writeoffs-

overpayments waived or deemed uncollectable by SSA- also totaled about $466
million for the year. We have reported that write- offs represent overpaid
program dollars that SSA will likely never recover. In regard to SSA's
management approach, our work also shows that SSA's actions have been
historically reactive in nature, resulting in missed opportunities to
address

critical policy issues before they reach crisis levels. However, in response
to our high- risk designation and report recommendations, SSA has taken
steps in coordination with the Congress to improve the financial integrity
and management of SSI. For example, in 1998, SSA submitted its first major
SSI legislative proposal,

which included numerous overpayment deterrence and recovery provisions. Many
of these provisions were incorporated into the Foster Care Independence Act,

which was signed into law in 1999. The Act, which directly addresses several
of our prior recommendations, provides SSA with additional tools for
obtaining applicant income and resource information from financial
institutions, accessing state databases for essential eligibility
information, imposing a period of ineligibility for applicants who transfer
assets in order to qualify for SSI benefits, and using credit bureaus,
private collection agencies, interest

levies, and other means to recover delinquent debt.

SSA also produced its first SSI management report in 1998, which discussed
its intent to take aggressive action to control program overpayments and
outstanding debt through enhanced computer matching and other means. This
includes more frequent (monthly) data matches to identify ineligible SSI
recipients residing in nursing homes and stepping up efforts to obtain
online access to SSI recipient employment and income information. In fiscal
year 1999, SSA also sought and obtained additional budget resources to
substantially increase the number of SSI financial

redeterminations conducted. These reviews focus on income and resource
factors affecting eligibility and payment amounts. Through this effort, SSA
calculated that it collected and prevented nearly $600 million in
overpayments above fiscal year 1998 levels. SSA's Office of Inspector
General has also significantly increased the level of resources and staff
dedicated to investigating

program fraud and abuse. Finally, SSA has begun using tax refund offsets for
delinquent SSI debtors and has recovered about $84 million in additional
collections over the last 2 fiscal years. This increased emphasis on program
integrity is further evident in SSA's planning and performance measurement
activities. SSA's current strategic and annual performance plans include
several goals and performance measures targeted specifically at achieving
SSA's goal of improving SSI program integrity and addressing fraud and
abuse.

SSA's initiatives have the potential to significantly improve SSI management
and financial integrity. However, many problems facing the program are
attributable to more than 20 years of inattention to payment controls and
will take time to correct. SSI overpayments and outstanding debt owed to the
program remain at high levels. Further, our recent work shows that SSI
continues to be vulnerable to abuse, especially from individuals feigning
disabilities with the help of suspicious medical providers and middlemen.
Last year, SSA's Office of Inspector General also

reported that, since 1998, SSI representative payees 4 have defrauded the
program of nearly $8 million in benefit payments. This was attributable
primarily to SSA's failure to screen and monitor these individuals
sufficiently. SSA's OIG also recently reported that due to weaknesses in
SSA's verification processes, thousands of fugitive felons incorrectly
received more than $76 million in SSI benefits over the last several years,
despite a law prohibiting such payments. We believe that sustained and
additional actions are needed to improve SSI program integrity. In
accordance with our prior recommendations, SSA should move forward in fully
implementing the debt collection tools

currently available to it, continue to develop additional ways to improve
program management and integrity, and seek legislative changes as
appropriate. SSA should also consider ways to revise its work credit and
measurement system, which has historically rewarded staff for cases
processed, rather than thoroughly verifying applicant eligibility or
preventing overpayments. Any revised system should include specific goals
and performance measures to hold staff

and managers accountable for ensuring program integrity. If properly
implemented and managed, such measures should ultimately facilitate a change
in SSA's organizational culture and provide much- needed

incentives for staff to devote time to verifying recipient information,
preventing fraud and abuse, and controlling program overpayments. Until
additional progress is made, the SSI program will remain at high- risk for
waste, fraud, abuse, and mismanagement. This issue is also discussed in
Major Management Challenges and Program Risks: Social Security
Administration (GAO- 01- 261, January 2001), which

4 SSA appoints representative payees to SSI recipients whom it has
determined incapable of managing their own benefits.

includes a list of related GAO reports. For additional information on
Supplemental Security Income, please contact Barbara D. Bovbjerg, Director,
Education, Workforce, and Income Security, at (202) 512- 7215 or bovbjergb@
gao. gov. Earned Income

Earned Income Credit (EIC) noncompliance 5 exposes Credit

the federal government to billions of dollars of risk. Noncompliance

Subsequent to an April 1997 IRS study showing billions of dollars of EIC
noncompliance, Congress passed legislation that provided IRS additional
funding and new enforcement tools specifically designated for EICrelated
activities. With these new tools and funds, in 1998, IRS began a 5- year EIC
compliance initiative that involved several components directed at the major
sources of EIC noncompliance. For example, IRS initiated enforcement efforts
that focused on (1) cases in which an EIC- qualifying child's Social
Security number (SSN) was used on more than one tax return for

the same tax year and (2) returns filed by certain EIC claimants who used
the head- of- household filing status. IRS' efforts have, among other
things, reduced the number of EIC- related errors involving SSNs and enabled
IRS to stop millions of dollars in erroneous EIC claims.

In July 1998, we recommended that IRS develop evaluation plans for each
component of the EIC compliance initiative so that decisionmakers would have
timely data for use in continually improving EIC

5 In 1995, we designated IRS Tax Filing Fraud as a high- risk area. We have
narrowed the focus of this area to better describe the scope of our current
concern- billions of dollars for Earned Income Credit (EIC) claims that IRS
paid but should not have.

compliance efforts. 6 IRS is collecting data on initiative results, such as
the number of erroneous refund claims identified. However, it is not
sufficient to determine whether projects have reduced the overall
noncompliance rate.

In September 2000, IRS reported the results of a compliance study involving
tax year 1997 returns, that is pre- compliance initiative returns. The study
showed that of the estimated $30. 3 billion in EIC claims, $9. 3 billion was
claimed erroneously. Of that $9.3 billion, about $7.8

billion (about 26 percent of the total claims) was paid out by IRS. 7 IRS is
conducting an EIC compliance study of tax year 1999 returns and plans to
study tax year 2001 returns. IRS plans to analyze the results of those
studies, along with the results of the tax year 1997 study, to measure

changes in taxpayer behavior and to determine the effectiveness of the EIC
initiative. IRS officials did not know when the results of the tax year 1999
study would be finalized. This area remains high risk because billions of
dollars are at risk for improper payment and IRS lacks sufficient data to
demonstrate that it has implemented effective controls over EIC
noncompliance and the erroneous refunds that result.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of the Treasury (GAO- 01- 254, January 2001), which
includes a list of related GAO reports. For additional information on Earned
Income Credit noncompliance, please 6 Earned Income Credit: IRS' Tax Year
1994 Compliance Study and Recent Efforts to Reduce Noncompliance (GAO/ GGD-
98- 150, July 28, 1998).

7 Compliance Estimates for Earned Income Tax Credit Claimed on 1997 Returns,
Department of Treasury, Internal Revenue Service, September 2000.

contact James R. White, Director, Tax Administration and Justice, at (202)
512- 9110 or whitej@ gao. gov.

Collection of IRS faces substantial challenges in carrying out one of Unpaid
Taxes

its key functions- collecting unpaid taxes. Unpaid taxes include (1)
delinquent taxes that IRS is attempting to collect, (2) taxes that IRS knows
are due but it has

decided not to pursue collecting, and (3) an unknown amount of unpaid taxes
that IRS has not identified. As of September 30, 1999, the inventory of
unpaid tax

assessments that had some collection potential was $104 billion. Since 1997,
some key collection actions, such as levies and seizures, have declined. For
example, levies have decreased dramatically from fiscal years

1997 to 2000- from about 3. 7 million to about 220,000. These declines may
increase the incentives for taxpayers to either not report or underreport
their tax obligations. Because IRS lacks a measure of voluntary compliance,
it does not know the impact of recent declines in collection actions. As a
result, the former high- risk area covering IRS receivables and unpaid

assessments 8 has been expanded. The expanded highrisk area encompasses not
only unpaid taxes known to IRS but also includes unpaid taxes that IRS does
not know about. The former high- risk area was originally designated as

such in 1990, in part, due to serious deficiencies in IRS' information
systems. The deficiencies resulted in the lack of sound, reliable
information that hindered IRS' 8 Unpaid tax assessments consist of (1) taxes
due from taxpayers for

which IRS can support the existence of a receivable through taxpayer
agreement or a favorable court ruling (federal taxes receivable); (2)
compliance assessments in which neither the taxpayer nor the court has
affirmed that the amounts are owed; and (3) write- offs,

which represent unpaid assessments for which IRS does not expect further
collections due to such factors as the taxpayer's death, bankruptcy, or
insolvency.

ability to focus collection efforts on those accounts that had the greatest
collection potential. These conditions persist. IRS' systems are not
integrated; thus, they continue to create high rates of error in taxpayer
accounts, which in some cases have led to instances of taxpayer burden and
lost revenue to the federal government. IRS attempts to identify taxpayers
who have not paid the

taxes they owe through its various enforcement programs. In making decisions
about the number and types of enforcement cases to pursue, IRS considers its
resources as well as the potential for collection. IRS attributes its
inability to fully pursue such cases to a decrease in staff, reassignment of
collection employees to support customer service activities, and additional

staff time needed to implement certain taxpayer protections that were
included in the IRS Reform and Restructuring Act. However, inadequate
financial and operational information has rendered IRS unable to develop
cost- based performance information for its tax collection and enhancement
programs and to judge whether it is appropriately allocating available
resources among competing management priorities.

IRS' financial management weaknesses continue to expose the federal
government to significant losses of tax revenue and increase the burden on
compliant taxpayers, who bear the burden of financing the government's
activities. Over the past 8 years, we have issued many reports on financial
management and internal control weaknesses fundamentally affecting IRS'
operations such as collecting unpaid taxes and collecting and reporting
financial data. We have made numerous recommendations to address the serious
deficiencies in IRS' financial management and operational systems that
affect taxes receivable and other unpaid assessments. These include
recommendations to correct systemic errors in taxpayer accounts that have
led to instances of both lost revenue

to the federal government and taxpayer burden, as well as to correct
systemic deficiencies that have led to violations of the Internal Revenue
Code. IRS is working to address these issues, but a sustained commitment by
IRS senior management and successful implementation of IRS' systems
modernization efforts will be needed to fully resolve these issues. This
issue is also discussed in Major Management Challenges and Program Risks:
Department of the Treasury (GAO- 01- 254, January 2001), which includes a
list of related GAO reports. For additional information on collection of
unpaid taxes, please contact James R. White, Director, Tax Issues, at (202)
512- 9110 or whitej@ gao. gov.

DOD Infrastructure Although the United States has made significant
Management reductions in defense force structure and military spending since
the end of the Cold War, it has not achieved commensurate reductions in
operations and support infrastructure 9 costs. As the Department has

sought to bring about a revolution in military affairs, it has realized that
it must transform its support infrastructure to become leaner and more
efficient to serve the warfighter faster, better, and cheaper. It has also
realized that high- priority needs such as weapons modernization can be
fulfilled only with a large influx from infrastructure savings. While DOD
has made some progress, it needs to do more to achieve significant
reductions in its infrastructure costs, and many 9 DOD defines
infrastructure as those activities that provide support services to mission
programs, such as combat forces, and primarily

operate from fixed locations. The activities include such program elements
as installation support, acquisition infrastructure, central logistics, and
central training, central medical and central personnel. In fiscal year
2001, approximately $33 billion of infrastructure costs are expected to be
related to maintenance and upkeep of facilities across these program
elements.

obstacles remain. The effectiveness of many civilian agencies has also been
undermined by outmoded organizational structures that drain resources needed
to make improvements to mission delivery capabilities.

Designated high risk in 1997, DOD Infrastructure costs continue to consume a
larger than necessary portion of DOD's budget. Our recent reviews of DOD's
Future Years Defense Program (FYDP) did not find significant reductions in
DOD's budgets devoted to supporting infrastructure. For example, we reported
in April 1996 that no significant net infrastructure reductions were
expected between fiscal years 1996 and 2001. 10 We noted that the proportion
of planned infrastructure funding in DOD's budgets would remain relatively
constant at about 60 percent through 2001. This is not to suggest

that operating efficiencies and reductions have not occurred due to such
efforts as base realignment and closure, consolidations, regionalization,
privatization, and outsourcing efforts. However, our October 2000 analysis
of the FYDP for fiscal years 2001- 2005 found that the portion of the FYDP
devoted to direct infrastructure relative to mission has not changed,

despite the expectations that it would. 11 At the same time, the Department
acknowledges that it has not been spending enough to offset a growing
backlog of facilities maintenance and repair projects.

10 Defense Infrastructure: Budget Estimates for 1996- 2001 Offer Little
Savings for Modernization, (GAO/ NSIAD- 96- 131, April 4, 1996). 11 Future
Years Defense Program: Risks in Operation and Maintenance and Procurement
Programs (GAO- 01- 33, October 5, 2000).

The Defense Reform Initiative, announced by the Secretary of Defense in
November 1997, was intended to improve the effectiveness and efficiency of
DOD's

business processes and support infrastructure. It represents a number of
management initiatives, such as adopting best business practices; expanding
the use of electronic commerce, logistics reengineering, and public- private
competitions (using the Office of Management and Budget's A- 76 process), 12
and

eliminating unneeded facilities infrastructure. The latter has included such
actions as demolition of unneeded buildings, privatization of housing and
utilities on military facilities, and a proposal for additional base
realignment and closure rounds. While the initiatives collectively offer the
potential for significant long- term savings, the Department is not likely
to realize quickly large- scale net savings from many of these initiatives
because most individual initiatives are long- term efforts that require
significant up- front investments to implement. Additionally, the major
benefit from some of the initiatives involves cost avoidance such as
avoiding upkeep of unneeded buildings and relying on private sector
resources, rather than the government's, for needed capital investment for
new housing and revitalized utilities. In July 2000, we reported that only a
few of the reform initiatives had been completed and, while most of the

remaining initiatives are progressing, they face barriers that could keep
them from meeting specific time frames and goals. 13 For example:

12 Under A- 76, agencies conduct public/ private competitions to determine
whether the public or private sector will perform selected commercial
activities and functions.

13 Defense Management: Actions Needed to Sustain Reform Initiatives and
Achieve Greater Results (GAO/ NSIAD- 00- 72, July 25, 2000).

? DOD's program to evaluate activities involving over 200,000 positions for
potential outsourcing is expected to result in estimated savings of $9. 2
billion by 2005 and $2. 8 billion in annual recurring savings thereafter.
However, the savings are likely to be smaller than expected in the short
term because of delays in completing the studies and because the

Department had not fully calculated either the investment costs associated
with undertaking these competitions or the personnel separation costs likely
to be associated with them. ? DOD has encountered delays in its efforts to
improve military family housing through private sector financing, ownership,
operation, and maintenance.

Almost 4 years after the program was initiated, the Department has awarded
few contracts to build or renovate military family housing units. While the
program offers an important opportunity to improve military housing at a
faster rate than relying on traditional military construction methods, we
have found that DOD's life- cycle cost analyses associated with its
privatization efforts have been incomplete and inaccurate and have
overstated savings. 14 ? DOD continues to emphasize that additional base
realignment and closure rounds are necessary to reduce unneeded
infrastructure and to free up funds

for readiness, weapon modernization, and quality- oflife plans. The Reform
Initiative called for two additional rounds of base realignment and closure
to supplement the four rounds conducted between 1988 and 1995. The
Department projects that additional base closure rounds could produce new
savings of $3. 4 billion a year once realignment and closure actions were
completed and the costs of 14 Military Housing: Continued Concerns in
Implementing the Privatization Initiative (GAO/ NSIAD- 00- 71, March 30,
2000).

implementing these actions were offset by savings. However, because of
issues related to economic impacts, cost and savings from prior rounds, and
executive branch handling of two closure and realignment decisions in the
1995 round, Congress has been reluctant to authorize additional rounds. As
we have recommended, DOD needs to develop a plan to better integrate, guide,
and sustain the implementation of its diverse defense reform initiatives and
an approach for making key investment decisions. Key reform initiatives,
such as acquisition, financial management, and logistics reform, could be
strengthened if addressed in an integrated fashion.

DOD also needs to develop a comprehensive long- range plan for its
facilities infrastructure that addresses facility requirements,
recapitalization, and maintenance and repair needs. Development of such a
plan could be significantly affected by DOD's ability to reach

agreement with the Congress on the need for additional base realignment and
closure rounds. Despite limitations in the precision of DOD's estimates of
savings from base closures, our prior work has shown that significant net
annual recurring savings can be expected once initial investment costs have
been offset. 15 We also reported that legislation enacted in 1990 and which
expired in 1995 has been seen by many officials as a starting point should
the Congress decide that it wants to authorize future base realignment and

closure rounds. The infrastructure problems in civilian 15 Military Bases:
Review of DOD's 1998 Report on Base Realignment and Closure (GAO/ NSIAD- 99-
17, November 13, 1998).

agencies also suggest the possible relevance of a civilian facility closure
and realignment process. 16

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Defense (GAO- 01- 244, January 2001), which includes a
list of related GAO reports. For additional information on DOD
infrastructure management, please contact Barry W. Holman, Director, Defense
Capabilities and Management, at (202) 512- 5581 or holmanb@ gao. gov.

DOD Inventory One of the most serious weaknesses in DOD's logistics

Management operations is the Department's inventory management processes.
Since 1990, we have identified DOD's

management of secondary inventories (spare and repair parts, clothing,
medical supplies, and other items to support the operating forces) as a
high- risk area because levels of inventory were too high and management
systems and procedures were ineffective and wasteful.

While DOD's inventory value for the last 10 years has been declining, our
past and current work in this area indicates that DOD is (1) continuing to
store unnecessarily large amounts of material, (2) purchasing material for
which there is no valid requirement, (3) experiencing equipment readiness
problems because of a lack of key spare parts, and (4) not maintaining
adequate visibility over material being shipped to and

from military activities. About half of DOD's $64 billion secondary
inventory exceeds war reserve or current operating requirements.

16 Budget Issues: Effective Oversight and Budget Discipline Are Essential-
Even in a Time of Surplus (GAO/ T- AIMD- 00- 73, February 1, 2000).

As of September 30, 1999, DOD records showed that the Department had
inventory on order valued at about $1. 6 billion that would not have been
ordered based on current requirements. We reported in June 2000 17 that it
appeared items were needed when orders were placed, but either the records
contained errors that resulted in overstating the requirements or the
requirements changed after the orders were made. We also reported in
November 1999 18 that the Air Force did not always cancel purchases that
exceeded current operating requirements- primarily because the Air Force's

process for canceling contracts takes a long time, during which costs are
incurred for which the government is liable. Another problem is that DOD is
selectively experiencing equipment readiness problems because of a lack of
key spare parts. For years, insufficient spare parts have been recognized as
a major contributor to aircraft performing at lower mission capable rates
than expected. In June

2000, 19 we reported that insufficient quantities of spare parts is one of
the primary reasons airlift and aerial refueling aircraft are performing
below the Air Force Air

Mobility Command mission capable standard rates. In April 1999 20 we
reported that some Air Force major aircraft were unfit to fly because supply
problems had risen from 6.4 percent in fiscal year 1990 to 13. 9 percent in
fiscal year 1998. We also reported that, to support the mission capability
rates, the military was routinely cannibalizing aircraft for parts and using
parts from

17 Defense Inventory: Process for Canceling Inventory Orders Needs
Improvement (GAO/ NSIAD- 00- 160, June 30, 2000). 18 Defense Inventory:
Improvements Needed to Prevent Excess Purchases by the Air Force (GAO/
NSIAD- 00- 5, November 10, 1999). 19 Military Readiness: Air Transport
Capability Falls Short of Requirements (GAO/ NSIAD- 00- 135, June 22, 2000).
20 Air Force Supply: Management Actions Create Spare Parts Shortages and
Operational Problems (GAO/ NSIAD/ AIMD- 99- 77, April 29, 1999).

units' war reserve kits that are intended to support deployed operations.
The aircraft spare parts shortages were due, in part, to DOD's weaknesses in
forecasting inventory requirements and the failure of DOD's logistics system
to achieve expected inventory management improvements. DOD's inability to
maintain adequate oversight for material being shipped to and from military
activities is another long- standing inventory management problem. The
tracking of this inventory from origin to destination continues to raise
concerns about the vulnerability of this inventory to waste, fraud, and
abuse. We reported in June 2000 21 that the Army did not know the extent to
which shipped inventory had been lost or stolen because of weaknesses in its
inventory control procedures and

financial management practices. We also reported in March 1999 22 that the
Navy was unable to account for more than $3 billion worth of inventory being
shipped, including some classified and sensitive items. Because DOD had not
fully corrected its long- standing problems in tracking inventory during
shipment, the Congress required DOD to submit a comprehensive plan
addressing how it planned to ensure visibility over shipment of all end
items and secondary items. In February 2000, 23 we reported that DOD's
September

1999 plan did not contain some key management elements needed to effectively
implement its proposed actions or to adequately address underlying
weaknesses

21 Defense Inventory: Army Needs to Strengthen and Follow Procedures to
Control Shipped Items (GAO/ NSIAD- 00- 109, June 23, 2000). 22 Defense
Inventory: Navy's Procedures for Controlling In- Transit Items Are Not Being
Followed (GAO/ NSIAD- 99- 61, March 31, 1999).

23 Defense Inventory: Plan to Improve Management of Shipped Inventory Should
Be Strengthened (GAO/ NSIAD- 00- 39, February 22, 2000).

that have led to the lack of control over inventory shipments. For example,
the plan did not fully address how the Department will correct errors in the
automated systems that the military services use to manage this inventory.
In addition, the plan did not adequately address the underlying problems
that have been consistently highlighted in prior GAO and DOD

audit reports. DOD has had some success in adopting best practices to
improve inventory management and is looking at the possibility of using
other new concepts. However, much needs to be done to resolve long- standing
deficiencies that have increased the cost and decreased the effectiveness of
DOD's logistics system. DOD faces

significant challenges in addressing these and other logistics problems, and
it is unclear to what extent the reengineering initiatives it has undertaken
will achieve the required results. This issue is also discussed in Major
Management Challenges and Program Risks: Department of Defense (GAO- 01-
244, January 2001), which includes a list of related GAO reports. For
additional information on DOD inventory management, please contact David R.
Warren, Director, Defense Capabilities and Management, at (202) 512- 8412 or
warrend@ gao. gov.

HUD Single- Family The Department of Housing and Urban Development Mortgage
Insurance

(HUD) encourages homeownership by providing and Rental Housing mortgage
insurance through its Federal Housing

Assistance Program Administration (FHA) for about 7 million homeowners Areas

who otherwise might not have qualified for loans, as well as by managing
about $508 billion in insured mortgages and $570 billion in guarantees of
mortgagebacked securities. It also makes housing affordable for about 4
million low- income households by insuring loans for multifamily rental
housing and providing rental

assistance. In addition, it has helped to revitalize over 4, 000 localities
through community development programs. To accomplish these missions, HUD
relies on the performance and integrity of thousands of mortgage lenders,
contractors, property owners, public housing agencies, communities, and
others to administer its

programs. Strong oversight and management are critical to ensure that HUD's
reliance on these third parties results in the effective and efficient
stewardship of federal funds and the accomplishment of federal programs'
goals and objectives. In the late 1980s, various management deficiencies led
to a number of widely publicized instances of waste, fraud, abuse, and
mismanagement at HUD. In 1994, we designated all of HUD's major program
areas as high risk because four major departmentwide deficiencies continued
to undermine the integrity and accountability of HUD's programs. These
deficiencies included (1) internal control weaknesses, such as a lack of
necessary data and management processes; (2) poorly integrated, ineffective,
and generally unreliable information and financial management systems;

(3) organizational deficiencies, such as overlapping and ill- defined
responsibilities and authorities between HUD headquarters and field
organizations, and a fundamental lack of management accountability and
responsibility; and (4) an insufficient mix of staff with the proper skills.

In 1997, HUD initiated its 2020 Management Reform Plan to address these and
other deficiencies. In our January 1999 report on HUD's management
challenges and program risks and our high- risk series update, 24 we
reported that HUD had made credible progress in overhauling its operations
but that several reforms were 24 Major Management Challenges and Program
Risks: Department of Housing and Urban Development (GAO/ OCG- 99- 8, January
1999). High- Risk Series: An Update (GAO/ HR- 99- 1, January 1999).

in the early stages of implementation. Accordingly, we concluded that HUD's
management deficiencies, taken together, continued to place the integrity
and accountability of the Department's programs at high risk.

During the past 2 years, HUD has continued to make progress in addressing
these problems. To address its internal control weaknesses, HUD has since
January 1999 implemented new early warning monitoring tools, including the
first physical inspections and financial assessments of the entire
multifamily housing inventory. Through a large- scale computer matching
initiative, which linked income data reported by tenants for

housing and tax purposes, HUD also identified and sent letters to 211,000
households that may have underreported their incomes for housing purposes,
thereby resulting in excess subsidy payments, estimated by HUD at $3. 1
billion over the last 4 years.

To improve its information and financial management systems, HUD has taken
actions to develop an information technology investment management process
to improve and strengthen the selection, control, and evaluation of
information technology projects. In addition, HUD has reduced the number of
financial management systems that are not in compliance with federal
requirements. To strengthen organizational links between headquarters and
the field, improve accountability, and accomplish its missions more
efficiently, during fiscal year 1999 HUD substantially completed its
reorganization under the 2020 Management Reform Plan. Staff and workload
were transferred from the field to several new specialty centers, which are
now operating and have started to produce some results. For example, the
Homeownership Centers reduced the average time for processing single- family
mortgage

loans from 4 to 6 weeks to 2 to 3 days and the Enforcement Center relocated
427 families from substandard housing and recovered $12. 6 million from

property owners for ineligible costs. To ensure that it has the appropriate
mix of staff with the proper skills to carry out its missions, HUD piloted a
new resource estimation and allocation process to determine appropriate
staffing levels. It also provided

more training and travel funds for its staff. HUD has taken important steps
toward addressing some of its other management deficiencies. Its top
management has given high priority to implementing the Department's 2020
Management Reform Plan, the Department's reorganization is substantially
complete, and the Department's reform efforts have resulted in some
improvements. Recognizing the progress HUD has

made, we are reducing the number of HUD program areas deemed to be high
risk. Specifically, because of the actions taken by HUD in response to our
recommendations to improve its management controls over its Community
Planning and Development programs, we no longer believe this HUD program
area is at high risk. However, significant weaknesses

(internal controls, information and financial management systems,
organizational deficiencies, and staffing problems) still persist in two of
HUD's major program areas which remain at high risk- single- family mortgage
insurance and rental housing assistance.

To reduce financial risks, HUD's FHA needs to continue to improve its
management over home mortgage loans made by private lenders that it insures
against nearly all losses. While various factors, including a strong
economy, have resulted in the accumulation of capital reserves of about $16.
6 billion on FHA- insured home loans valued at about $454 billion, we
estimate that FHA lost about $1. 9 billion during fiscal year 2000 on the
sale

of foreclosed homes that it had insured. We and HUD's Inspector General have
identified opportunities to strengthen FHA's single- family mortgage
insurance

programs' management and internal controls and reduce financial risks. These
include: ? strengthening the integrity of the single- family loan
origination process; ? promoting better monitoring of lenders, appraisers,

and property management and marketing contractors; and ? ensuring that
sufficient staff are available and have the skills needed to carry out FHA's
home loan mission.

HUD also needs to resolve two material internal control weaknesses
identified by its Inspector General relating to FHA's information and
financial management systems-( 1) fully reconciling accounting and budget
systems for loan guarantees to ensure that all credit subsidy amounts are
recorded properly and

(2) improving information systems to support business processes more
effectively. The Department has begun to address many of our recommendations
and those of the Inspector General

related to its single- family mortgage insurance program, but it has not
completed actions to implement most of them. Because of the programs' size,
the variety of management challenges FHA faces, and the potential

liability FHA has assumed, these programs remain at high- risk. To reduce
the programs' financial risks, FHA must continue its efforts to strengthen
its controls and monitoring. This includes completing actions on our
recommendations, such as clarifying HUD's authority to hold FHA- approved
lenders accountable for poor- quality

FHA single- family appraisals. 25 HUD must also continue its efforts to
resolve the programs' two material internal control weaknesses and assess
its staffing needs. In addition, making decent, affordable rental housing
available for eligible low- income households is a top priority for HUD.
However, HUD is able to serve fewer than half of the households who are
eligible for assisted housing. Consequently, it is essential that HUD ensure
that these programs are used efficiently and effectively to maximize the
number of households it can assist. While the Department has made
improvements, there are still significant opportunities to (1) reduce excess
subsidy payments by ensuring that only eligible families occupy housing
units and that those families are paying the correct rents; (2) ensure that
providers of rental housing maintain housing that is decent, safe, sanitary,

and in good condition; and (3) be certain that HUD has the capital resources
and controls it needs to detect and address problems that exist in its
rental housing assistance programs.

HUD is addressing these challenges as well as our recommendations and those
of the Inspector General. However, its actions are not yet complete. Because
of their size and complexity and the opportunity to provide assisted housing
to more low- income households through better management, these programs
remain at high- risk. HUD must continue to strengthen its internal controls
by completing its efforts to ensure that correct rental housing subsidies
are paid. It must also complete actions on our recommendations aimed at
improving the quality of contractors' physical inspections of the

25 Single- Family Housing: Weaknesses in HUD's Oversight of the FHA
Appraisal Process (GAO/ RCED- 99- 72, April 16, 1999).

condition of public and multifamily housing. 26 This includes revising its
quality assurance activities to ensure that they provide the timely,
reliable, and useful information needed for HUD to assess, among other
things, compliance with inspection contracts.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Housing and Urban Development (GAO- 01- 248, January
2001), which includes a list of related GAO reports. For additional
information on HUD programs, please contact Stanley J. Czerwinski, Director,
Physical Infrastructure, at (202) 512- 7631 or czerwinskis@ gao. gov.

Student Financial Through federal grant and loan programs administered Aid
Programs

by the Department of Education, millions of students who might not otherwise
have had access to higher education have been able to enroll in
postsecondary education programs of their choice. These programs are the
largest source of student aid in the United States, currently providing a
total of about $53 billion in federal student aid grants and loans to nearly
8. 1 million students and parents.

These student aid programs, however, continue to be at high risk for fraud,
waste, error, and mismanagement because Education lacks the financial and
management information needed to manage these programs effectively and the
internal controls needed to maintain the integrity of their operations. For
example, because Education did not properly account for and analyze

transactions for its guaranteed student loan program or properly reconcile
related accounting and budgetary 26 HUD Housing Portfolios: HUD Has
Strengthened Physical Inspections but Needs to Resolve Concerns About Their
Reliability (GAO/ RCED- 00- 168, July 25, 2000).

accounts, Education could not be assured that its financial or budgetary
reports were accurate.

In addition, continued weaknesses in information systems controls increase
the risk of disruption in services and make Education's loan data vulnerable
to unauthorized access, inadvertent or deliberate misuse,

fraudulent use, improper disclosure, or destruction, all of which could
occur without detection. With the exception of fiscal year 1997, Education
has not received an unqualified, or “clean,” opinion on its

financial statements since its first agencywide audit in 1995. Moreover,
these programs operate independently with different rules, processes, and
data systems and involve millions of students, thousands of schools, and
thousands of lenders, guaranty agencies, third- party servicers, and
contractors. Because of problems related to these long- standing conditions,
in 1990, we designated Education's financial aid programs at high risk for
fraud, waste, abuse, or mismanagement. This high- risk designation remains.

Although serious weaknesses continue, Education has addressed many of the
issues we discussed in our series of reports on high- risk programs. For
example, the national student loan default rate is the lowest ever6.9
percent for fiscal year 1998, the most recent year for

which data are available. This lower default rate is especially noteworthy
considering that the dollar amount of loans has tripled and the number of
loans has

doubled since 1990. The lower default rate has been attributed to a robust
economy, better management by Education, tougher enforcement tools
authorized by the Congress, and stepped up efforts by colleges, lenders,
guaranty agencies, and other participants in the federal loan program.

Education has also been pursuing those suspected of defrauding the federal
government. For example, in the

last four fiscal years (fiscal years 1997- 2000) Education's OIG opened 1,
030 fraud investigative cases and achieved 737 closures, including 268
convictions/ pleas. 27

Despite the reduction in default rates, the risk of default continues and
the downward turn in default rates may not continue if economic conditions
decline. Further, the annual costs of defaults remain substantial. In fiscal
year 1999, the default cost for the Federal Family Education Loan Program
(FFELP) and Federal Direct Loan Program (FDLP) was about $4. 3 billion; over
$28 billion since 1990. 28

In July 1999, we reported that the method used by Education to calculate
schools' default rates 29 understates the default rate, and we proposed an
alternative, more appropriate method. We suggested that the Congress may
wish to consider amending the Higher Education Act of 1965 to exclude from
the annual calculation of school default rates borrowers who have loans in
deferment or forbearance by the end of the 2- year cohort default period- a
cohort consists of a group of borrowers who began repaying their loans

during a given fiscal year. Further, we suggested that the 27 According to
the OIG, pleas refer to guilty pleas (an accused person's formal admission
in court of having committed the charged offense) or a plea of “no
contest” (a criminal defendant's plea that, while not admitting guilt,
the defendant will not dispute the charge). During the same time period, the
OIG also reported achieving 261 indictments/ informations. (An information
is a formal criminal charge made by a

prosecutor without a grand jury indictment, according to Black's Law
Dictionary (St. Paul, Minn: West Group, 1999)). 28 Some default costs may
have been recovered through collections of previously defaulted amounts. 29
The issue involves borrowers who have temporary approval through their
lenders or loan servicers for “deferment” or
“forbearance,” that is, to delay payments on their loans. In
Education's calculation of a

school's default rate, these borrowers are not counted as defaulters, but
they do count as a part of the total number of borrowers. The number of
borrowers in default is divided by a number larger than the total number of
borrowers who are actually repaying their loans. As a result, the default
rate is understated.

Congress may wish to require that borrowers excluded from a cohort's default
rate calculation due to an authorized deferment or forbearance are included
in a future cohort after they have resumed making payments on their loans.
Education has improved its databases containing information about students
receiving financial aid and its process for certifying schools to
participate in federal student aid programs. However, Education's OIG has
recently noted that the Department's process for recertifying foreign
schools is ineffective. Also, in a separate study of the case management and
oversight of all participating institutions, the OIG has recently found

that proper controls were not in place to ensure the effective use of
program reviews. These program reviews are intended to monitor and improve
institutional performance and compliance with title IV requirements. The
outcome of such reviews may determine whether an educational institution is

recertified to participate in federal student aid programs. The Department
is improving its procedure for obtaining and verifying the eligibility
information used to prevent student loan fraud. However, further
improvements to prevent fraud are needed. As we reported in September 2000,
the problem is that neither Education nor

individual institutions such as colleges and universities that check the
accuracy of student financial aid applications have access to third- party
data sources to verify independently most applicants' family income before
disbursing loan and grant payments. Education's OIG, which traced a sample
of income data from applications that institutions had verified, documented
weaknesses in the verification process. While Education's verification
procedures- such as computer checks to identify error- prone applications-
are reasonable for detecting and correcting mistakes on

applications, they cannot identify students who intentionally underreport
family income.

In the 1998 amendment to title IV of the Higher Education Act, the Congress
instructed Education and the Internal Revenue Service (IRS) to cooperate in
verifying students' income to prevent loan fraud. Subsequently, in September
2000, we determined that Education could obtain eligibility information by
matching automated computer files and accessing online databases from the
IRS. The two agencies are currently conducting two pilot projects to match

Education and IRS data. If the pilots are successful and if IRS grants
Education permission to receive summary taxpayer information for use in
verifying data provided on loan applications, Education could use enhanced
data sharing to make more timely and accurate eligibility determinations.

While Education's performance plans for fiscal year 1999 through fiscal year
2001 address most of the Department's key outcomes, none of its goals or
objectives directly address fraud, waste, and mismanagement in its financial
management system or the high- risk status of its student financial aid
programs.

Because these vulnerabilities potentially pose high costs to the federal
government and America's citizens, we concluded in a June 2000 report that
Education should develop performance goals, objectives, and measures

that directly relate to the management and oversight of its financial system
and student loan programs. After we issued our report, Education revised its
strategic plan to include a performance goal of improving the integrity of
the financial aid program. For that goal, the Department has not developed
objectives and measures although it has identified a number of strategies
that have the potential to address our concerns, such as increasing
oversight efforts, continuing to work on the feasibility of matching
application and tax data, and educating the foreign school community about
program requirements.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Education (GAO- 01- 245, January 2001), which includes
a list of related GAO reports. For additional information on student
financial aid programs, please contact Cornelia M. Ashby, Director,
Education, Workforce, and Income Security, at (202) 512- 7215 or ashbyc@
gao. gov.

Asset Forfeiture The Departments of the Treasury and Justice operate
Programs

similar but separate asset forfeiture programs. 30 As of September 30, 1999,
the combined value of assets in these two programs was more than $1 billion,
of which about $625 million and $378 million were assets under Treasury's
and Justice's management, respectively. Both programs also hold large
amounts of nonvalued assets such as illegal drugs and weapons. These
programs were part of our original high- risk list in 1990 for two reasons.
First, over the years, neither Treasury nor Justice had adequately focused
on management and accountability for seized and forfeited items to reduce
the risk of theft and misappropriation. Second, Treasury and Justice had not
formed a plan to consolidate postseizure management and disposition to
eliminate duplication of resources and reduce administrative costs.

In recent years, Treasury and Justice have taken many actions to address our
recommendations to improve the management and accountability of seized and
forfeited property. For example, in response to our recommendations to
improve accountability and

30 The asset forfeiture program involves the management of property seized
in consequence of a violation of public law, including monetary instruments,
real property, and tangible personal property of others in the actual or
constructive possession of the custodial agency, and

forfeited property, or property for which the title has passed to the U. S.
Government.

stewardship over seized property, Treasury's Customs Service has upgraded
existing storage facilities and implemented a new seized property inventory
system. These improvements have helped reduce the vulnerability of seized
illegal drugs and other property to theft and misappropriation. In 1999, we
reported that Justice had improved its management of real property,

such as cars, boats, and houses, in the four locations we visited. 31
Specifically, our report indicated that we were able to account for all of
the seized assets included in our review and that the seized assets
generally appeared to be in good condition and were stored and secured
properly, in accordance with the storage and maintenance contract
provisions. In addition, Treasury and Justice are undertaking a joint study
to examine the

opportunities for increased cooperation in the management of the two
programs. However, challenges remain to address the continued weaknesses in
accountability for and reporting of seized and forfeited property. Also, the
results of the joint study are yet to be determined.

As we reported in January 1999, a major management challenge facing
Treasury's asset forfeiture program is the need to address weaknesses in the
Department's accountability for and reporting of seized and forfeited

property. In its audit of Custom's fiscal year 1999 financial statements,
Treasury's Office of Inspector General (OIG) found that accountability
controls over certain seized property still need improvement. For

example, although system enhancements have been made to Customs' Seized
Asset and Case Tracking System (SEACATS), the Treasury OIG reported that the
SEACATS data could not be relied on for fiscal year 1999 financial reporting
purposes without substantial manual

31 Asset Forfeiture: Marshals Service Controls Over Seized Assets (GAO/ GGD-
99- 41, March 26, 1999).

reconciliation. 32 Further, Treasury reported instances of material
nonconformance with the provisions of the Federal Financial Management
Improvement Act of 1996 in its Fiscal Year 1999 Accountability Report
involving SEACATS and the Secret Service's Seized Property Systems. We and
Justice's auditors have also reported weaknesses in Justice's accountability
and reporting over seized and forfeited property. In late 1999, we
recommended that two Justice bureaus take several specific actions to
address physical safeguards over drugs and firearm evidence and to
strengthen accountability over such evidence. 33 The types of problems
reported increase the risk of theft, misuse, and

loss or compromise of evidence needed for prosecution purposes. In February
2000, independent auditors for Justice reported weaknesses in Justice's
financial accounting controls used to report on and account for seized and
forfeited property, such as seizing and custodial agencies not taking
required steps to ensure that corrections to the Consolidated Asset Tracking
System inventory records were properly made. 34

Legislation in 1988 required Treasury and Justice to develop a plan to
consolidate their seized property management functions. In 1991, we
recommended that they consolidate the postseizure management and disposition
of noncash seized property to reduce administrative costs. Although the
Departments have 32 Report on U. S. Customs Service's Fiscal Years 1999 and
1998 Financial Statements (OIG- 00- 050), February 18, 2000, prepared by the
Department of the Treasury's OIG.

33 Seized Drugs and Firearms: FBI Needs to Improve Certain Physical
Safeguards and Strengthen Accountability (GAO/ AIMD- 00- 18, December 16,
1999) and Seized Drugs and Weapons: DEA Needs to Improve Certain Physical
Safeguards and Strengthen Accountability (GAO/ AIMD- 00- 17, November 30,
1999). 34 Audit Report: U. S. Department of Justice Annual Financial
Statement Fiscal Year 1999 (00- 06), February 2000, prepared by the
Department of Justice's OIG.

not made plans for consolidating their programs, in September 2000, they
contracted for a study to identify opportunities for increased cooperation
and sharing of agency and contractor resources. The study is to result in
recommendations for improving the effectiveness and efficiency of property
management functions within the

federal asset forfeiture program. The study is not expected to fully embrace
the concept of consolidating the two separate, seized asset management and
disposal functions, however, taking advantage of opportunities for
cooperation and sharing of agency and contractor resources encompasses the
spirit of the recommendation designed to reduce the programs'

administrative costs. To determine whether to remove the asset forfeiture
programs from our high- risk list in the future, we will consider the
results of Justice's and Treasury's study, including the implementation of
any related recommendations, as well as the results of ongoing initiatives
for resolving Justice and Treasury's respective

weaknesses in accountability for and reporting of seized and forfeited
property. This issue is also discussed in Major Management Challenges and
Program Risks: Department of the Treasury (GAO- 01- 254, January 2001) and
Major Management Challenges and Program Risks: Department of Justice (GAO-
01- 250, January 2001), which include a list of related GAO reports. For

additional information on asset forfeiture programs, please contact Norman
J. Rabkin, Managing Director, Tax Administration and Justice, at (202) 512-
3610 or rabkinn@ gao. gov.

Managing Large Procurement Operations More Efficiently

Federal agencies spend billions of tax dollars each year to acquire goods
and services- ranging anywhere from multibillion- dollar weapon systems to
complex space and satellite systems, information technology systems, and
hazardous waste cleanup. As we recently testified, the acquisition process
has become more streamlined in the past few years as new contract vehicles
and techniques have allowed agencies to buy what they need much faster than
in the past. Nevertheless, our work continues to show that some of the
government's largest procurement operations are not always run efficiently,
and we have recommended ways to operate them better. 1

Our reports on large procurement operations as well as information
technology acquisitions show that many of the problems we have identified
are rooted in the fact that agencies lack the right tools for getting the
best deal possible. Upfront justifications are often narrowly focused,
without full consideration of alternative solutions. In some cases, agencies
are avoiding competition when acquiring services and skimping on such
important practices as defining requirements and

performing vigorous cost- benefit and pricing analyses. We have also found
that agencies are embarking on highrisk acquisition strategies, such as
beginning production of systems before development, testing, and evaluation
are complete. Once a deal is made, agencies are not always taking steps
needed to effectively oversee their contractors. For example, the need to
build in effective performance

incentives that are clearly linked to an agency's objectives is frequently
overlooked. Contractor work itself is often allowed to continue in the face
of cost overruns and scheduling delays. Moreover, the 1 Federal Acquisition:
Trends, Reforms, and Challenges (GAO/ T- OCG00-

7, March 16, 2000).

government continues to experience problems achieving effective control over
payments to contractors, and, as a result, has had to contend with billions
of dollars in improper payments. When it comes to information technology
acquisitions, our reviews also show that agencies often lack the
capabilities and disciplined processes needed to effectively manage a
contractor's efforts to design, develop, and implement a system.

It is also becoming increasingly evident that agencies are at risk of not
having enough of the right people with the right skills to manage large
procurements. Past downsizing efforts coupled with a continuing loss of
government's more experienced and valued acquisition workers have resulted
in a huge knowledge drain. At the

same time, the demand for skilled acquisition workers to manage outsourcing
efforts is growing as outsourcing becomes an increasingly popular avenue for
delivery of government services. Acquisition workforce problems can be seen
as part of a broader pattern of human capital shortcomings that have eroded
mission capabilities across the federal government.

Progress is being made. Reforms undertaken by the Congress and the
Administration have focused largely on simplifying the process, particularly
for buying commercial products and services, and on attempting to streamline
decisionmaking. Agencies themselves have also made improvements. Over the
last few years, for

example, DOD has made changes to improve the way it relates to contractors
and the rules governing these relationships. The Department of Energy has
efforts

underway to improve acquisition planning as well as contract management and
oversight. NASA has implemented a new system to help procurement managers
measure and improve the performance of their organizations.

Nevertheless, many initiatives now underway will take time to implement and
demonstrate concrete results. And more work needs to be undertaken to adopt
and implement best practices that have proven successful in the private
sector. For practices to work, significant

changes in the underlying environment are needed. 2 As a result, the large
procurement operations discussed in the following sections will continue to
merit close

attention.

? DOD Weapon Systems Acquisition ? DOD Contract Management ? Department of
Energy Contract Management ? NASA Contract Management

DOD Weapon Acquiring weapons for the military forces is central to Systems

accomplishing the Department's mission. DOD spends Acquisition

close to $100 billion annually to research, develop, and acquire weapon
systems. Although the Department has many acquisition reform initiatives in
process, pervasive problems persist regarding (1) questionable

2 Defense Acquisition: Employing Best Practices Can Shape Better Weapon
System Decisions (GAO/ T- NSIAD- 00- 137, April 26, 2000).

requirements and solutions that are not the most costeffective available;
(2) unrealistic cost, schedule, and performance estimates; (3) questionable
program affordability relative to competing wants and needs; and

(4) the use of high- risk acquisition strategies. While these problems have
proven resistant to reform, the best practices employed by leading
commercial firms to develop new products offer different and promising
solutions. We have reported that weapon systems

acquisition is a high- risk area since 1990, and it remains on our high-
risk list.

Requirements and DOD acquisition policies require analyses of missions,
Solutions That Are

mission needs, costs, and weapon system alternatives to Questionable and Not

ensure that cost- effective solutions are matched to valid Cost- Effective
needs before substantial resources are committed to a particular program.
However, we have found that while the services conduct considerable analyses
in justifying major acquisitions, these analyses can be narrowly focused,
without full consideration of alternative solutions, including the joint
acquisition of systems with

the other services. In addition, because DOD does not routinely develop
information on joint mission needs and aggregate capabilities, it has little
assurance that decisions to buy, modify, or retire systems are sound. Three
examples of our findings follow: ? The Air Force and Navy continued their
plans to spend $5 billion acquiring 19, 000 Joint Standoff Weapons even
though the ability to use the weapon

against moving and relocatable targets was significantly less than
originally projected. 3 ? Although average annual funding for space systems
exceeds $6 billion, the U. S. Space Command's longrange plan and the Air
Force Space Command's 3 Defense Acquisitions: Reduced Operational
Effectiveness of Joint Standoff Weapon (GAO/ NSIAD- 99- 137, August 31,
1999).

supporting strategic master plan do not fully conform to the Department's
new space policy. The plans propose space systems only and do not provide
for an assessment of the cost- effectiveness of terrestrial land, sea, and
air systems as alternatives

to space systems, which is called for in DOD policy. 4 ? Although the F/ A-
18E/ F met its key performance parameters, such as range and carrier
suitability, the operational testers' comparisons of the F/ A- 18E/ F to the
F/ A- 18C showed that the former did not demonstrate superior operational
performance. Instead, after comparing 18 operational mission

areas such as interdiction and fighter escort, the testers concluded that
the F/ A- 18E/ F's operational mission effectiveness was essentially the
same as the F/ A- 18C's. Such performance is disconcerting, given that the
F/ A- 18E/ F costs nearly twice as much as the F/ A- 18C/ D. 5

Unrealistic Cost, We continue to find that the desire of program sponsors
Schedule, and

to keep cost estimates as low as possible and to present Performance
attractive milestone schedules encourages the use of Estimates unreasonable
assumptions about the pace and magnitude of the technical effort, material
costs, production rates, savings from competition, and other

factors. For example: ? Some F- 22 development activities have been
deferred, reduced, or eliminated in order to maintain

the aircraft program's development costs within the congressional cost
limitation. 6

4 Defense Acquisitions: Improvements Needed in Military Space Systems'
Planning and Education (GAO/ NSIAD- 00- 81, May 18, 2000). 5 Defense
Acquisitions: F/ A- 18E/ F Aircraft Does Not Meet All Criteria for Multiyear
Procurement (GAO/ NSIAD- 00- 158, May 26, 2000). 6 Defense Acquisitions: Use
of Cost Reduction Plan in Estimating F- 22 Total Production Costs (GAO/ T-
NSIAD- 00- 200, June 15, 2000).

? The Army's Theater High Altitude Area Defense Program's compressed flight-
test schedule did not allow for adequate ground testing, and as a result,
officials could not detect problems prior to flight tests. The schedule also
left insufficient time for preflight testing, post- flight analysis, and
corrective actions. 7 ? The original schedule for developing the Joint Air-
toSurface Standoff Missile was ambitiously set at about half of what
previous missile programs required. The

schedule was later delayed by 22 months, and total program costs increased
by $500 million. Questionable Each year for the past several years, we have
reported Program that DOD's spending plans could not be executed with
Affordability available funds. We continue to find and report on numerous
problems with DOD's budgeting and spending practices for weapon system
acquisitions, suggesting that wants and needs are not being balanced with
affordability limitations. For example, the availability of several billions
of dollars in funding increases that the

Air Force has projected for space system expansion is uncertain. 8 The
President and Congress have not agreed on overall funding increases to DOD
for the first 6 years of the 18- year projection (fiscal years 2000- 05).
Additionally, for the last 12 years of the projection (fiscal years 2006-
17) the Air Force relies on planned funding

increases for program modernization without identifying funding sources,
thus creating additional uncertainty and putting the expansion of space
systems in jeopardy for affordability reasons.

7 Missile Defense: THAAD Restructure Addresses Problems But Limits Early
Capability (GAO/ NSIAD- 99- 142, June 30, 1999). 8 GAO/ NSIAD- 00- 81, May
18, 2000.

Further, we reported that current planned procurement spending may be
reduced to fund potential operations and maintenance shortfalls.
Specifically, DOD's 2001 Future Years Defense Plan may have understated cost
and overstated savings projections for operations and maintenance which
increases the risk that planned spending for procurement may be shifted to
pay for operations and maintenance funding shortfalls. 9

High- Risk Acquisition In our previous high- risk reports, we stated that
highrisk

Strategies acquisition strategies- such as the acquisition of weapons based
on optimistic assumptions about the maturity and availability of enabling
technologies- were being based on the need to meet the threat and to reduce

acquisition costs. We also reported on the high- risk practice of beginning
production of a weapon system before development, testing, and evaluation
are complete. Using highly concurrent strategies and rushing prematurely
into production can lead to uninformed decisions about a weapon's
demonstrated operational effectiveness and the purchase of systems that do
not perform as intended, which ultimately result in lower- than- expected
availability for operations and expensive modifications.

Nevertheless, DOD still begins production on many major and nonmajor weapons
without first ensuring that the systems will meet critical performance
requirements. Examples include: ? The Army plans to begin production of its
Comanche helicopter before initial operational testing starts. 10 9 Future
Years Defense Program: Risks in Operations and Maintenance and Procurement
Programs (GAO/ NSIAD- 01- 33, October 5, 2000). 10 Defense Acquisitions:
Comanche Program Cost, Schedule and Performance Status (GAO/ NSIAD- 99- 146,
August, 24, 1999).

? The Army established an aggressive production schedule for an
inexperienced contractor to produce its Family of Medium Tactical Vehicles,
resulting in the contractor producing trucks that could not meet
qualification and operational testing requirements. 11 ? The Navy was moving
towards a full rate production decision on the MV- 22 Osprey aircraft
without having an appropriate level of confidence that the program would
meet design parameters as well as cost and

schedule objectives. 12 ? DOD, citing the emerging missile threat from rogue
nations, compressed the National Missile Defense program schedule by at
least 4 years- making the program vulnerable to delays. 13

In addition to these examples, we have raised similar issues regarding the
acquisition strategy for the Joint Strike Fighter Program 14 and production
of the Navy F/ A- 18E/ F aircraft. 15

The Prospects for After having performed hundreds of reviews of major

Change weapon systems over the last 20 years, we have seen many of the same
problems recur- cost increases,

schedule delays, and performance shortfalls. These problems have proven
resistant to reform in part because underlying incentives have not changed.
On the other hand, our work also shows that leading 11 Army Medium Trucks:
Information on Delivery Delays and Corrosion Problems (GAO/ NSIAD- 99- 26,
January 13, 1999). 12 Letter to the Secretary of Defense, December 15, 2000.

13 Missile Defense: Status of the National Missile Defense Program (GAO/
NSIAD- 00- 131, March 31, 2000). 14 Defense Acquisitions: Decisions on the
Joint Strike Fighter Will be Critical for Acquisition Reform (GAO/ T- NSIAD-
00- 173, May 10, 2000). 15 Defense Acquisitions: F/ A- 18E/ F Aircraft Does
Not Meet All Criteria for Multiyear Procurement (GAO/ NSIAD- 00- 158, May
26, 2000).

commercial firms are getting the kinds of outcomes from their development of
new products that DOD seeks. Specifically, these firms are developing
increasingly sophisticated products in significantly less time and at lower
cost than their predecessors. Valuable lessons can be learned from the
commercial sector and applied to the development of weapon systems.

Leading commercial firms expect that their program managers will deliver
high quality products on time and within budget. 16 Doing otherwise could
result in the

customer's walking away, meaning failure for the product. Thus, these firms
have created an environment and adopted practices that put their program
managers

in a good position to succeed in meeting these expectations. Key elements of
this environment are deliberately short cycle times, assurance that
technology is mature before starting a new product development, and use of a
knowledge- based approach to managing product development. Commercial firms

develop new products in well under 5 years, a number that continues to fall.
Short cycle times help people stay focused on delivering the product and
make them accountable for outcomes. Specific practices are embodied in a
knowledge- based approach to product development that can be distilled into
three cumulative knowledge points, depicted in figure 6.

16 Defense Acquisition: Employing Best Practices Can Shape Better Weapon
System Decisions (GAO/ T- NSIAD- 00- 137, April 26, 2000).

Figure 6: Knowledge- based Process for Applying Best Practices to the
Development of New Products Technology

Product Development Production Development Technologies

Design Production can meet match

performs as cost, schedule, and requirements

expected quality targets

Source: GAO.

Product development in commercial ventures is a clearly defined undertaking
that firms will not start unless they have the technology in hand to meet
customers' needs. Leading firms do not ask their product managers to develop
technology. The process of developing a product culminates in delivery and

therefore gives great weight to design and production. The firms demand- and
receive- specific knowledge about a new product before production begins. A
program does not go forward unless a strong business

case on which the program was originally justified continues to hold true.
Such a knowledge- based process is essential to commercial firms' getting
better cost, schedule, and performance outcomes. It enables

decisionmakers to be reasonably certain about critical facets of the product
under development when they need it. DOD wants the kinds of outcomes
commercial companies have achieved and has taken steps to reform its
acquisition process to attain them. Examples include the recent revision of
the 5000 series of acquisition guidance, which puts more emphasis on mature
technology before a program is started and a more flexible requirements
process that permits requirements to be met in stages. A few programs have
exhibited some

of these features in the early stages of development, including the Tactical
and Global Hawk unmanned aerial vehicles. It would be premature to interpret
this progress as evidence that systemic change has occurred in DOD's
acquisition process. Rather, such progress

appears to be more the result of individuals' attempts to pioneer change
through extraordinary effort. The environment for DOD weapon system
programs, particularly regarding the requirements setting, funding, and
career management processes, encourages launching programs that embody more
technical unknowns than commercial ventures and less knowledge about the
performance and production risks they entail. The reason DOD programs are
launched earlier is at least partly because establishing a formal program
has been necessary to attract the funds needed to develop a new weapon
system. As requirements are

being set, a new weapon system is more likely to be funded if it possesses
performance features that significantly distinguish it from other systems.
Consequently, DOD program managers have incentives to promote performance
features and design characteristics that rely on immature technologies. To
gain approval, program estimates are squeezed to fit into profiles of
available funding. Additional requirements, such as high reliability, serve
to make the fit even tighter. As competition for funding continues
throughout the program, success becomes identified with the ability to
secure the next installment. Other factors, such as the short tenures of
program managers- relative to long development cycle times- and the
unlikelihood that an unsatisfied customer will walk away, serve to make
managers less accountable for delivering the product as promised.

Key Actions Needed As we have recommended, DOD leadership could improve the
acquisition of weapon systems by (1) routinely considering, in establishing
weapon requirements, joint mission needs and aggregate capabilities; (2)
using more realistic assumptions in developing system cost, schedule, and
performance

requirements; (3) approving only those programs that can be fully executed
within reasonable expectations of future funding; and (4) limiting the use
of high- risk acquisition strategies. Also, as we have recommended, taking
these steps would require a better environment for starting and managing
weapon system development programs. DOD

leadership could help create such an environment by applying best commercial
practices unless there is a clear and compelling national security reason
not to. Such practices would enable DOD to (1) ensure that key technologies
are mature before they are included in weapon system development programs;
(2) set limits, such as 5 years for program development cycle times; and (3)
adopt a knowledge- based approach to managing and making decisions on weapon
system programs.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Defense (GAO- 01- 244, January 2001), which includes a
list of related GAO reports. For additional information on DOD weapon
systems acquisition, please contact Jack L. Brock, Jr., Managing Director,
Acquisition and Sourcing Management, at (202) 512- 6240 or brockj@ gao. gov.

DOD Contract DOD spent in excess of $130 billion in fiscal year 1999
Management

for goods and services. Since 1992, we have reported DOD contract management
as a high- risk area. It remains on our list of high- risk areas because DOD
continues to experience significant challenges related to contract
management, including (1) improving oversight

and accountability in the acquisition of services, (2) preventing erroneous
and improper payments from being made to its contractors, (3) implementing
commercial practices for contract pricing, and (4) managing health care
contracts.

Although contract management remains a high- risk area, DOD has made
meaningful changes to improve the way it relates to contractors and the
rules governing these relationships over the last few years. It also has

attempted to measure select changes to its contracting processes by
establishing key metrics, including (1) the percentage of purchases made by
purchase card, (2) the percentage of paperless contracting and payment
transactions, and (3) the percentage reduction in acquisition workforce
personnel. However, while DOD reported it generally met these established
metrics for last year, the metrics do not measure many of the significant
challenges to improving processes and controls for reducing contract risk.

Improving Oversight DOD also faces challenges in addressing concerns about
and Accountability in

the lack of oversight and accountability in acquiring Acquiring Services

services. This is an area that must receive additional attention as DOD
shifts to greater procurement of sophisticated services. DOD is presently
changing what it buys and how it buys. For example, contracts for research
and development, engineering, and various management support services make
up a growing share of DOD's purchases. In fact, DOD now spends about $70
billion annually acquiring services from the private sector, and that number
is expected to grow as DOD pursues efforts to contract with the private
sector for many functions currently performed by DOD personnel.

We recently raised concerns that DOD has avoided competition when acquiring
services, and the DOD Inspector General found that DOD had not adequately

performed many basic management tasks, including market research, price
analyses, and contractor surveillance. 17 Consequently, DOD seriously
undermined its ability to ensure that it gets the best services at the best
prices. Such concerns, in part, led the Congress to ask us to examine the
practices of leading commercial companies and identify “best
practices” that could yield benefits to DOD in acquiring services.
Both the Congress and DOD have taken steps to improve DOD's acquisition of
services. For example, recently enacted legislation 18 requires that each
military department establish at least one center of excellence for service
contracting. These centers are intended to assist the acquisition community
by identifying and

serving as a clearinghouse on best practices in contracting for services in
the public and private sectors. For its part, DOD has targeted the increased
use of performance- based service acquisitions as a high priority. In April
2000, DOD announced that it had

established a goal that by 2005, 50 percent of all service acquisitions,
measured in both dollars and actions, be based on performance. Each of the
military services and the Defense Logistics Agency are to develop an
implementation plan, while DOD committed itself to provide training,
templates, and other tools to its acquisition workforce to help define,
acquire, and

manage service requirements. While these initiatives 17 Contracts for
Professional, Administrative, and Management Support Services (Office of the
Inspector General, Department of Defense, D- 2000- 100, March 10, 2000) and
Contract Management: Not Following Procedures Undermines Best Pricing Under
GSA's Schedule (GAO- 01- 125, November 28, 2000). 18 Floyd D. Spence
National Defense Authorization Act for Fiscal Year 2001 (P. L. 106- 398,
October 30, 2000).

should help DOD improve its acquisition of services, it may be several years
before they are fully implemented and the impact on DOD's acquisition of
services can be evaluated. Fixing DOD's HighRisk The need for DOD to achieve
effective control over its Payment

payment process remains imperative. For fiscal years Systems Is 1994- 99,
DOD reported that contractors returned nearly Imperative

$5. 3 billion. 19 Of this amount, DOD's Defense Finance and Accounting
Service erroneously paid $1. 2 billion- as a result of errors such as paying
the same invoice twice or misreading invoice amounts. Other payment errors
can be attributed to problems with contract administration, such as the
failure to adjust progress

payments for changes in contract requirements or performance. Further, in
its fiscal year 1999 financial statements, DOD reported $3. 6 billion in
uncollected debt that relates to a variety of contract payment problems. Of
this amount, we determined that at least $225 million relates to duplicate
payments, overpayments, and payments for goods not received, all of which we
consider improper payments.

DOD payment errors can be attributed to complex regulations, long- term
contracts, nonintegrated systems, and the manual entry of contract data into
payment systems. In October 2000, we reported that DOD had not

yet made a comprehensive estimate of improper payments made to its
contractors, and there are likely more overpayments that have yet to be
identified and returned. With an annual budget of over $130 billion in
purchases involving contractors, DOD would benefit from estimating the
magnitude of improper payments. As discussed in the financial management
area, system 19 Financial Management: Billions in Improper Payments Continue
to Require Attention (GAO- 01- 44, October 27, 2000).

deficiencies significantly contribute to improper payments. In addition to
improper payments, weak systems and internal controls can leave DOD
vulnerable to fraud. In February 2000 testimony before the House Budget
Committee, the DOD Deputy Inspector General stated that the finance and
acquisition communities appear to be moving in opposite directions on
contractor pay. He noted that while the finance community is attempting to
improve controls over payments by taking measures

such as rejecting vouchers with remittance addresses that are not in the
Central Contractor Registry and may be suspect. Some DOD acquisition
officials believe that payments to contractors are not being made promptly
enough, and they advocate making payments without

any attempt to match invoices to receiving documents. According to the DOD
Inspector General, contractor payment processes remain vulnerable to fraud.
As of September 30, 1999, the Defense Criminal Investigative

Service had 85 open financial fraud cases. Moreover, as DOD's reliance on
electronic payment methods increases, unresolved computer security
weaknesses will impact its vulnerability to fraudulent contract payments.

Adjusting to In recent years, DOD has significantly changed the way
Commercial Contract it acquires goods and services by removing what were
Pricing Practices considered barriers to efficient and effective use of the
commercial marketplace. A major focus of these changes is the adoption of
commercial buying practices. 20 For example, for an increasing number of
contracts for sole- source spare parts, DOD is transitioning from a cost-
based pricing environment, in 20 Federal Acquisition: Trends, Reforms, and
Challenges (GAO/

T- OCG- 00- 7, March 16, 2000).

which contractor costs are the basis to negotiate prices, to a market- based
or commercial pricing environment in which factors other than cost, such as
pricing data, are

the principal means used to determine the reasonableness of prices. While
the level of commercial contracting remains relatively small compared to
total

DOD procurement, it is likely to increase substantially in the coming years.
Both we and the DOD Inspector General have found and recommended that DOD
needs to strengthen its efforts to obtain fair and reasonable prices. For
example, the Inspector General found that DOD needs to use more cost-
effective buying strategies for commercial spare

parts. The Inspector General noted that DOD was paying higher prices for
some commercial spare parts than necessary. Our work also identified 21
cases in which limited price analyses of commercially offered prices
resulted in significantly higher prices than previously paid. DOD is taking
steps to improve its workforce training in commercial buying and pricing.
How well DOD's acquisition workforce will adjust to an environment with
increased use of commercial pricing practices remains to be seen.

Managing DOD's DOD's difficulty in managing contracts is further Contracts
for Health

illustrated in the implementation of its TRICARE health Care care program.
TRICARE was established during a period of military downsizing and budget
concerns to contain

costs and maintain access to and the quality of health care for DOD's 8. 2
million beneficiaries. To implement this program DOD awarded seven
competitively bid 5- year contracts totaling about $15 billion.

21 Contract Management: DOD Pricing of Commercial Items Needs Continued
Emphasis (GAO/ NSIAD- 99- 90, June 24, 1999).

Once these contracts were awarded, DOD made numerous and continuous changes
to them through contract change orders. We reported that DOD had not
developed a reliable estimate of the total federal liability for the
contract changes and that DOD neither systematically reviewed the need for
each order nor considered its likely costs and other effects. 22 As of July
2000, over 500 change orders to the TRICARE contracts

had not been settled and may represent a significant future liability to the
Defense Health Program. To address this growing backlog DOD initiated a
plan, called Mobilization, to settle all of its open change orders by
December 2000. We are evaluating DOD's progress in settling change orders
and identifying improvements to the process. Furthermore, in an effort to
better control costs and improve health care contracting, DOD has initiated
a broad review of TRICARE's operational structure. For the study, DOD will
examine TRICARE's organization and business plans and will develop a revised
procurement strategy. Whether DOD can successfully develop and launch the
new procurement strategy and

whether this new strategy will reduce the current volume of contract changes
or control health care costs remains to be seen.

Key Actions Needed As we have previously stated in testimony, the problems
that we have identified are difficult ones and are deeprooted in very large
programs and organizations. There is much to be learned from the best
practices of leading, high- performing private sector organizations that can
be used to improve the acquisition and contracting process

22 Defense Health Care: Operational Difficulties and System Uncertainties
Pose Continuing Challenges for TRICARE (GAO/ T- HEHS- 98- 100, February 26,
1998).

and controls to reduce contract risk. We testified that, when use of
commercial best practices is determined to be appropriate, government
agencies should adopt these practices unless compelling reasons exist for
not doing so. To ensure that progress continues, sustained management
attention and congressional oversight will be necessary.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Defense (GAO- 01- 244, January 2001), which includes a
list of related GAO reports. For additional information on DOD contract
management, please contact David E. Cooper, Director, Acquisition and
Sourcing Management, at (202) 512- 4841 or cooperd@ gao. gov.

Department of Since 1990, we have designated contract management at Energy
Contract

the Department of Energy (DOE) as a high- risk area, and Management

we continue to consider it high risk. DOE, the largest civilian contracting
agency in the federal government, relies primarily on contractors to operate
its facilities and carry out its missions. DOE uses contractors to manage a
wide variety of activities, including performing research, maintaining the
nuclear weapons stockpile, and cleaning up radioactive and hazardous wastes.
To carry out these missions, DOE's contracts often involve the design,
construction, and operation of multi- milliondollar, one- of- a- kind
facilities. In fiscal year 1999, DOE obligated about $15. 5 billion, or
about 90 percent of its total obligations, to contracts.

For years, we and others have reported on problems with DOE's contract
management, which we have defined broadly to include contract administration
and

project management. These problems have included noncompetitive awards, cost
and schedule overruns, the inadequate oversight of contractors' activities,
an overreliance on cost- reimbursement contracts, and an

inability to hold contractors accountable. Because it relies on contractors
to carry out its missions, failing to address these problems could limit
DOE's effectiveness and efficiency in its stockpile stewardship, security,
cleanup, and other missions. DOE is aware of its contract management
problems and has numerous initiatives under way to address them. While
progress is being made to correct the problems, many of these initiatives
will take a number of years to fully implement. Furthermore, since DOE uses
contractors to manage many aspects of its missions, initiatives to

improve contract management need to be directed at the underlying culture of
the organization. Therefore, DOE will need to continue focusing management
attention on

these problems for the long term to effect lasting change for both DOE and
contractor staff. For example, DOE created a new office in November 1999 to
implement policies and procedures to improve project management and
oversight. Efforts are also under way to improve up- front acquisition
planning, to help ensure that the appropriate contracting and

financing approach is used on major projects, and to better integrate
contract and project management. However, these initiatives are in the early
stages, and it is too soon to tell whether they will be effective in
preventing cost and schedule overruns and in holding contractors fully
accountable. Cost and schedule overruns have plagued DOE's projects over the
years, and they continue to persist, as shown in the following examples:

? The National Ignition Facility, being built at the Lawrence Livermore
National Laboratory to evaluate the behavior of nuclear weapons without
explosive testing, was originally expected to cost about $2. 1 billion and
to be completed in 2002. DOE now estimates that this facility will
eventually cost about $3. 5 billion and be completed in 2008- over $1
billion dollar increase in cost and 6 years later than

originally estimated. As we reported in August 2000, these cost increases
and schedule delays have been attributed to a combination of poor contractor
management and inadequate DOE oversight, including inadequate technical and
managerial skills to oversee the project. We recommended that DOE arrange
for an outside scientific and technical review of the facility's remaining
technical challenges related to its cost and schedule risks. ? At DOE's
Savannah River Site, the in- tank

precipitation process was selected in 1983 as the preferred method for
separating highly radioactive wastes from 34 million gallons of liquids in
storage tanks. In 1985, DOE estimated that it would take about 3 years and
$32 million to construct the in- tank

precipitation facility. In April 1999, we reported that after a decade of
delays and spending almost $500 million, DOE suspended the project because
it would not work safely and efficiently as designed. Among the factors
contributing to this failure were the ineffectiveness of the contractor's
management and of DOE's oversight of the project. Problems in management may
have continued in DOE's efforts to find an alternative method for waste
separation.

According to a 2000 report by a committee of the National Research Council,
the committee did not see a strong and technically informed management in
place at the Savannah River Site. Furthermore, the committee noted that it
became increasingly difficult to determine who was in charge of managing the
program over the course of the committee's study. 23

23 See Alternatives for High- Level Waste Salt Processing at the Savannah
River Site, Committee on Cesium Processing Alternatives for High- Level
Waste at the Savannah River Site, National Research Council, (2000). The
National Research Council, as the principal operating agency of the National
Academy of Sciences and the National Academy of Engineering, provides the
government, public, and scientific and engineering communities with services
and research.

In another example, DOE's Office of Environmental Management started its
privatization initiative in 1995 to reduce the cost, and speed the cleanup,
of its contaminated sites and to improve the contractors' performance. For
large cleanup projects, this was primarily an alternative contracting and
financing strategy that emphasized fixed- price contracts and full private
financing. We reported in June 2000 that while fixed price contracting had
been successful for some projects with a known scope, privatization has
generally not accomplished DOE's goals for complex cleanup projects.

For example, DOE chose the privatization approach for the Tank Waste Project
at the Hanford site. The project involved treating about 5 million gallons
of highly radioactive wastes stored in underground tanks. The

contract to design, build, and operate the facility to treat the wastes had
an estimated price of $6. 9 billion. In April 2000, the contractor submitted
a revised price estimate of over $15 billion. DOE terminated the privatized
contract because it was concerned about the contractor's performance and the
rapidly escalating cost

estimates, as well as the full private financing approach chosen by DOE. In
October 1998, we concluded that DOE should reassess the cost- effectiveness
of its proposed approach to the project, including contracting and financing
alternatives to the privatized approach. On the basis of DOE's assessment of
the alternatives, the Department has recompeted the project under a more
traditional cost- reimbursement- plus- incentive- fee approach.

In 1993, DOE established a Contract Reform Team and in 1994 began
implementing numerous initiatives to improve contract management. These
initiatives include increasing competition and switching to performancebased

contracts. For example, DOE revised its procurement regulations to make
competition the normal practice and, overall, has increased its use of

competition in awarding contracts. As of September 2000, 68 percent of DOE's
major contracts were awarded competitively compared with only 9 percent of
its major contracts in 1990. However, some of DOE's larger contracts for
operating its national laboratories,

including ones that have a history of security and/ or project management
problems, continue to be extended rather than competed. 24 Deciding to
extend rather than compete these contracts may weaken DOE's negotiating
position to use contracts to effect changes that relate to problem areas
such as security and project management. In another example, DOE revised its
procurement regulations to shift to performance- based contracts and to hold
its contractors more accountable. In April 1999, DOE implemented a new fee
policy that would put a contractor's entire incentive fee at risk for poor
performance in environment, safety, and health areas. DOE also has
initiatives in place to improve the performance incentives for contractors
to align them more closely with DOE's strategic goals for a site. As of
September 2000, DOE officials told us that all of their major contracts to
manage and operate the Department's facilities are now performance- based

contracts. While performance incentives can better focus contractors'
efforts in doing the work most crucial to achieving DOE's missions, the
performance incentives are not always clearly linked to DOE's objectives nor
structured to focus on outcomes to be achieved and, thus, may not accomplish
the desired results. For example, in April 2000, DOE's Office of Inspector
24 DOE's national laboratories are designated as federally funded

research and development centers and are not subject to full and open
competitive procedures for their establishment or maintenance. Nevertheless,
DOE has competed the contracts for some of its current centers.

General reported that the performance- based incentives at the Idaho
National Engineering and Environmental Laboratory had not been fully
successful in improving performance and reducing costs. Because of problems
with structuring incentives to reward outcome rather than process and with
validating the contractor's performance, the Office of Inspector General
questioned $11. 3 million in incentive fees paid to the contractor. 25 Our
May 1999 report on the use of performance- based

contracting at DOE's national laboratories indicated that DOE did not know
if this form of contracting was achieving the intended results of improved
performance and lower costs. We recommended that DOE evaluate the costs and
benefits from using such contracts at its national laboratories. In April
1999, we reported that one of the factors contributing to DOE's security
problems at

the national laboratories was the lack of emphasis given to security matters
in the contractor's performance incentives. For example, two of the
contracts lacked performance incentives for counterintelligence activities,
and the performance incentive for safeguarding classified documents and
materials accounted for less than 1 percent in the contractor's performance
evaluation. Over the long term, DOE may resolve all of the problems in its
contract management.

Until then, DOE's ongoing problems can increase the government's costs and
expose DOE to billions of dollars of financial risk.

This issue is also discussed in Major Management Challenges and Program
Risks: Department of Energy (GAO- 01- 246, January 2001), which includes a
list of related GAO reports. For additional information on Department of
Energy contract management, please 25 See Performance Incentives at the
Idaho National Engineering and Environmental Laboratory, Department of
Energy, (WR- B- 00- 05, April 3, 2000).

contact James E. Wells, Director, Natural Resources and Environment, at
(202) 512- 6877 or wellsj@ gao. gov.

NASA Contract NASA spends more than $12 billion annually for goods

Management and services- ranging from procurements of expensive

space hardware to contracts for research and development- related services.
As such, much of NASA's success hinges on its contractors. Moreover, with
most of its funds going to outside businesses and other organizations, it is
exceedingly important that NASA have good control and oversight over its
procurement dollars.

In 1990, we began a special effort to review and report on federal program
areas that our work had identified as high risk because of vulnerabilities
to waste, fraud, abuse, and mismanagement. We identified NASA's contract
management as an area at high risk because it lacked effective systems and
processes for overseeing contractor activities. Specifically, little
emphasis was being placed on end results and on controlling costs.

Procurement processes themselves were cumbersome and time- consuming. In
1992, we reported that the agency still had ineffective systems and
processes for overseeing contractors' activities and that NASA field centers
had failed to comply with contract management requirements. Since then, NASA
has made progress in addressing its contract management challenges. In July
1998, for example, we reported that NASA was developing systems to provide
oversight and information needed to improve contract management and that it
had made progress evaluating its field centers' procurement

activities on the basis of international quality standards and its own
procurement surveys. In January 1999, we found that NASA was implementing
its new system for measuring procurement- related activities and had made

progress in evaluating procurement functions at its field centers.

Nevertheless, as discussed below, key issues remain. For example, in 1998
and again in 1999, we reported that NASA had delayed implementation of its
integrated financial management system- which was central to producing
accurate and reliable information needed to support contract management.
Moreover, in 2000, we reported that NASA needed to rely less on the use of
undefinitized contract actions- that is, unnegotiated contract changes- as a
way of doing business since this practice could result in contract cost
overruns and cost growth in the International Space Station program. NASA
Delayed Modernizing NASA's financial management systems is Implementation of
key to providing better oversight over contract Integrated Financial

management activities. However, according to NASA, Management System

the agency's financial management environment is comprised of decentralized,
nonintegrated systems with policies, procedures, and practices that are
unique to its field centers. For the most part, data formats are not
standardized, automated systems are not interfaced, and

on- line financial information is not readily available to program managers.
Thus, it is difficult to assure contracts are being efficiently and
effectively implemented and budgets are executed as planned. In addition,
NASA has pointed out that the cost to maintain these systems has been high,
since both data and software are replicated at each field center. To correct
these problems, on September 18, 1997, NASA awarded a fixed- price contract,
valued at $186 million, to provide a NASA- wide integrated financial
management system primarily based on commercial off- the- shelf software.
The contract required that the integrated financial management project be
implemented at all NASA centers by July 1, 1999. From its inception, the
project experienced

significant development and implementation problems. Work was stopped on the
contract in March 2000. On October 13, 2000, a settlement agreement was
reached between NASA and the contractor to terminate the

contract for the convenience of the government. NASA's total cost for the
unsuccessful attempt to implement the integrated financial management
project was $131 million. NASA is undertaking its third attempt to implement
the integrated financial management project. Its approach focuses on
learning from other organizations' successes

in implementing similar projects, as opposed to revisiting its own failures.
NASA has also abandoned the single product approach that the two prior
attempts had as their basic architecture. Instead, the project will be
broken down into implementable modules on the basis of the availability of
proven software products. Specifically, NASA has segmented implementation of
the integrated financial management project into 14 modules, with estimated
completion scheduled in fiscal year 2007. The first project scheduled for
completion is the core financial project for acquiring and implementing
financial software to serve as the

backbone for all the other projects. However, NASA has established only
tentative planning dates for full implementation.

Until the core financial project is operational, NASA has devised an interim
approach, which it believes will achieve certain benefits associated with
full cost accounting practices. The concept of full cost accounting ties all
agency costs (including civil service personnel costs) to major activities.
NASA officials expect this approach to provide complete cost information to
management for more fully informed decision- making. In September 1999,
NASA's Chief Financial Officer directed that (1) the centers initiate full-
cost accounting activities in fiscal year 2000; (2) the focus in the
immediate future be on providing full cost

reports to center project managers; and (3) NASA not plan to spend
significant amounts on enhancing existing systems on the basis of current
plans to replace many of these systems, if not all, in the future. NASA
plans to follow this interim approach until the core financial project is
operational at all centers (estimated in 2003). NASA Has

In response to our March 1997 report 26 on NASA's Implemented Its New
contract management and our observation on the System for Measuring agency's
need to produce accurate and reliable Procurement- Related procurement-
related information, NASA implemented a Activities

revised system of procurement metrics in fiscal year 1999. This revised
system involves the development of measurable performance metrics,
benchmarking these metrics, and the development of both NASA headquarters
and agencywide procurement customer satisfaction surveys for timeliness,
quality, and service. According to a NASA official, the purpose of the
initiative is to help procurement managers measure and improve the
performance of their organizations. NASA conducted a customer satisfaction
survey in 1999. It showed that most participants were satisfied with
procurement services quality, timeliness, and customer service. A second
survey, now being analyzed, will further assess satisfaction in
communication, customer service, meeting mission goals, and procurement

knowledge and skills. 26 NASA Procurement: Contact Management Oversight
(GAO/ NSIAD- 97- 114R, March 18, 1997).

NASA Has Made To strengthen contract management across the agency, Progress
in

NASA now requires a management system that, at a Evaluating minimum,
complies with the International Organization Procurement at Its for
Standardization (ISO) 9000 27 series of standards, Field Centers

which includes a standard for purchasing. The ISO 9000 series consists, in
part, of 20 quality management and assurance standards. The general
purchasing standard states that the supplier (for example, NASA's field

centers' procurement offices) shall establish and maintain documented
procedures to ensure that purchased products conform to specified
requirements. In April 1998, NASA's procurement officers agreed that a
combination of ISO 9000 external and internal audits and procurement surveys
should provide sufficient confidence in the soundness of NASA's procurement
system. A NASA procurement official stated that NASA survey teams are
currently conducting self- assessments

and extensive audits of center operations on a 3- year schedule.
Furthermore, NASA headquarters and all centers were certified as ISO 9000
compliant by authorized independent accreditation organizations as of the
end of fiscal year 1999. NASA Continues to NASA officials can authorize work
to begin on a Use Undefinitized

contract change before NASA and the contractor agree Contract Actions

on a final estimated cost and fee. Such changes are referred to as
undefinitized contract actions- that is, unnegotiated contract changes.
Relying on unnegotiated changes as a way of doing business is risky because
it increases the potential for additional unanticipated cost growth. This,
in turn, may force an agency to divert scarce budget resources intended for
other important 27 ISO is a worldwide federation of national standards
bodies from some 130 countries. ISO 9000 standards provide a framework for

quality management and quality assurance.

programs. In view of this risk, the Federal Acquisition Regulation and
current NASA policy state that work on contract changes that have not been
negotiated should occur on an exception basis and be limited to urgent
requirements. Both NASA's Office of the Inspector General and we have
reported our concerns about NASA's frequent use of undefinitized contract
changes. In May 2000, we reported 28 that NASA authorized 593 changes to the
space station prime contract in fiscal years 1998 and 1999. The cost of
these changes amounted to $897. 7 million. Of the 593 changes, 280 added
capability or revised initial designs. Added capabilities were to increase
the station's operational performance, especially in meeting research needs.
Revisions of initial

designs included changes to (1) correct operability and design deficiencies
and (2) reduce cost, schedule, and technical risks. The total estimated cost
of changes made to add capabilities and revise initial designs was $368. 1
million. NASA officials have stated that because the space station program
is complex and is nearing completion of the design, development, test, and
evaluation stage of the program, the agency expects many urgent changes in
the future. While they recognize that beginning work on contract changes
that have not been negotiated is not

the preferred way of doing business, NASA officials believe that such
changes are necessary in order to avoid delaying the space station program
schedule, to modify ongoing work, or to reduce the cost of a change by
taking advantage of other ongoing work.

28 Space Station: Prime Contract Changes (GAO/ NSIAD- 00- 103R, May 11,
2000).

Our recent review of space station prime contract changes, 29 however,
showed that unnegotiated change orders accounted for more than one- half of
all authorized changes and 98 percent of the cost of changes whereas the
Federal Acquisition Regulation limits the use of such change orders to an
exception basis. Moreover, the practice puts NASA at risk to unanticipated
cost increases that may require funding

reallocations and negatively impact other critical NASA programs. Contract

While NASA has made progress in correcting some Management weaknesses in
contract management, it has not yet Remains a High- Risk

established a financial management system or Area integrated it with full
cost accounting practices. NASA is starting its third attempt on this effort
by segmenting implementation of the project into 14 modules, with completion
tentatively scheduled in fiscal year 2007.

This effort will require continued management attention to correct problems
and keep projects on schedule. NASA included an objective in its fiscal year
2000 strategic plan to continue to develop a new integrated financial
management system. The strategic plan notes that the integrated financial
management project and other initiatives, such as full- cost accounting,
will improve NASA's financial resource management. Until the system is
operational, performance assessments relying on cost data may be incomplete
and full costing will be only partially implemented.

In NASA's view, with the exception of an integrated financial management
system, significant progress has been made resolving those contract
management challenges related to the procurement function, notably,
measuring procurement- related activities and evaluating 29 GAO/ NSIAD- 00-
103R, May 11, 2000.

procurement activities at its field centers. Therefore, NASA officials
believe designating contract management as a major management challenge and

high- risk area is no longer warranted. While these actions are steps in the
right direction, more actions are required to provide for effective
oversight and management of the entire contract implementation process.
Principally, NASA still needs an effective and efficient integrated
financial management system as well as cost controls, particularly for the
International Space Station program. Moreover, NASA's Inspector General and
we have repeatedly reported on the need to limit the use of undefinitized
contract change orders to prevent further unanticipated cost increases and

scheduling delays. Therefore, we are retaining the highrisk designation for
NASA contract management.

This issue is also discussed in Major Management Challenges and Program
Risks: National Aeronautics and Space Administration (GAO- 01- 258, January
2001), which includes a list of related GAO reports. For additional
information on NASA contract management, please contact Allen Li, Director,
Acquisition and Sourcing Management, at (202) 512- 3600 or lia@ gao. gov.

GAO United States General Accounting Office

Page 1 GAO- 01- 263 High- Risk Update

Contents

Page 2 GAO- 01- 263 High- Risk Update

Comptroller General of the United States

Page 3 GAO- 01- 263 High- Risk Update United States General Accounting
Office

Washington, D. C. 20548

Page 4 GAO- 01- 263 High- Risk Update

Page 5 GAO- 01- 263 High- Risk Update

Executive Summary Page 6 GAO- 01- 263 High- Risk Update

Executive Summary Page 7 GAO- 01- 263 High- Risk Update

Executive Summary Page 8 GAO- 01- 263 High- Risk Update

Executive Summary Page 9 GAO- 01- 263 High- Risk Update

Executive Summary Page 10 GAO- 01- 263 High- Risk Update

Executive Summary Page 11 GAO- 01- 263 High- Risk Update

Executive Summary Page 12 GAO- 01- 263 High- Risk Update

Executive Summary Page 13 GAO- 01- 263 High- Risk Update

Executive Summary Page 14 GAO- 01- 263 High- Risk Update

Executive Summary Page 15 GAO- 01- 263 High- Risk Update

Executive Summary Page 16 GAO- 01- 263 High- Risk Update

Executive Summary Page 17 GAO- 01- 263 High- Risk Update

Executive Summary Page 18 GAO- 01- 263 High- Risk Update

Executive Summary Page 19 GAO- 01- 263 High- Risk Update

Executive Summary Page 20 GAO- 01- 263 High- Risk Update

Executive Summary Page 21 GAO- 01- 263 High- Risk Update

Executive Summary Page 22 GAO- 01- 263 High- Risk Update

Executive Summary Page 23 GAO- 01- 263 High- Risk Update

Executive Summary Page 24 GAO- 01- 263 High- Risk Update

Executive Summary Page 25 GAO- 01- 263 High- Risk Update

Executive Summary Page 26 GAO- 01- 263 High- Risk Update

Executive Summary Page 27 GAO- 01- 263 High- Risk Update

Executive Summary Page 28 GAO- 01- 263 High- Risk Update

Executive Summary Page 29 GAO- 01- 263 High- Risk Update

Executive Summary Page 30 GAO- 01- 263 High- Risk Update

Executive Summary Page 31 GAO- 01- 263 High- Risk Update

Executive Summary Page 32 GAO- 01- 263 High- Risk Update

Executive Summary Page 33 GAO- 01- 263 High- Risk Update

Executive Summary Page 34 GAO- 01- 263 High- Risk Update

Executive Summary Page 35 GAO- 01- 263 High- Risk Update

Executive Summary Page 36 GAO- 01- 263 High- Risk Update

Executive Summary Page 37 GAO- 01- 263 High- Risk Update

Executive Summary Page 38 GAO- 01- 263 High- Risk Update

Executive Summary Page 39 GAO- 01- 263 High- Risk Update

Executive Summary Page 40 GAO- 01- 263 High- Risk Update

Executive Summary Page 41 GAO- 01- 263 High- Risk Update

Executive Summary Page 42 GAO- 01- 263 High- Risk Update

Executive Summary Page 43 GAO- 01- 263 High- Risk Update

Executive Summary Page 44 GAO- 01- 263 High- Risk Update

Executive Summary Page 45 GAO- 01- 263 High- Risk Update

Executive Summary Page 46 GAO- 01- 263 High- Risk Update

Executive Summary Page 47 GAO- 01- 263 High- Risk Update

Executive Summary Page 48 GAO- 01- 263 High- Risk Update

Executive Summary Page 49 GAO- 01- 263 High- Risk Update

Executive Summary Page 50 GAO- 01- 263 High- Risk Update

Executive Summary Page 51 GAO- 01- 263 High- Risk Update

Executive Summary Page 52 GAO- 01- 263 High- Risk Update

Page 53 GAO- 01- 263 High- Risk Update

Page 54 GAO- 01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 55 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 56 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 57 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 58 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 59 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 60 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 61 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 62 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 63 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 64 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 65 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 66 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 67 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 68 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 69 GAO-
01- 263 High- Risk Update

Substantial Progress Made to Resolve Several High- Risk Areas Page 70 GAO-
01- 263 High- Risk Update

Page 71 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 72 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 73 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 74 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 75 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 76 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 77 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 78 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 79 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 80 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 81 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 82 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 83 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 84 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 85 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 86 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 87 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 88 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 89 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 90 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 91 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 92 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 93 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 94 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 95 GAO- 01- 263 High- Risk Update

Strategic Human Capital Management: A Governmentwide High- Risk Area

Page 96 GAO- 01- 263 High- Risk Update

Page 97 GAO- 01- 263 High- Risk Update

Resolving Serious Information Security Weaknesses

Page 98 GAO- 01- 263 High- Risk Update

Resolving Serious Information Security Weaknesses

Page 99 GAO- 01- 263 High- Risk Update

Resolving Serious Information Security Weaknesses

Page 100 GAO- 01- 263 High- Risk Update

Resolving Serious Information Security Weaknesses

Page 101 GAO- 01- 263 High- Risk Update

Resolving Serious Information Security Weaknesses

Page 102 GAO- 01- 263 High- Risk Update

Resolving Serious Information Security Weaknesses

Page 103 GAO- 01- 263 High- Risk Update

Resolving Serious Information Security Weaknesses

Page 104 GAO- 01- 263 High- Risk Update

Resolving Serious Information Security Weaknesses

Page 105 GAO- 01- 263 High- Risk Update

Resolving Serious Information Security Weaknesses

Page 106 GAO- 01- 263 High- Risk Update

Page 107 GAO- 01- 263 High- Risk Update

Ensuring Major Technology Investments Improve Services Page 108 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 109 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 110 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 111 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 112 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 113 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 114 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 115 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 116 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 117 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 118 GAO- 01- 263
High- Risk Update

Ensuring Major Technology Investments Improve Services Page 119 GAO- 01- 263
High- Risk Update

Page 120 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 121 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 122 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 123 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 124 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 125 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 126 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 127 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 128 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 129 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 130 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 131 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 132 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 133 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 134 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 135 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 136 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 137 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 138 GAO- 01- 263 High- Risk Update

Providing Basic Financial Accountability

Page 139 GAO- 01- 263 High- Risk Update

Page 140 GAO- 01- 263 High- Risk Update

Reducing Inordinate Program Management Risks Page 141 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 142 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 143 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 144 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 145 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 146 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 147 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 148 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 149 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 150 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 151 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 152 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 153 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 154 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 155 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 156 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 157 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 158 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 159 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 160 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 161 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 162 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 163 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 164 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 165 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 166 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 167 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 168 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 169 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 170 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 171 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 172 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 173 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 174 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 175 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 176 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 177 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 178 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 179 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 180 GAO- 01- 263 High-
Risk Update

Reducing Inordinate Program Management Risks Page 181 GAO- 01- 263 High-
Risk Update

Page 182 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 183 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 184 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 185 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 186 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 187 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 188 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 189 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 190 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 191 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 192 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 193 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 194 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 195 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 196 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 197 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 198 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 199 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 200 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 201 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 202 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 203 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 204 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 205 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 206 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 207 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 208 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 209 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 210 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 211 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 212 GAO- 01- 263 High- Risk Update

Managing Large Procurement Operations More Efficiently

Page 213 GAO- 01- 263 High- Risk Update

Ordering Information

The first copy of each GAO report is free. Additional copies of reports are
$2 each. A check or money order should be made out to the Superintendent of
Documents. VISA and MasterCard credit cards are accepted, also. Orders for
100 or more copies to be mailed to a single address are discounted 25
percent.

Orders by mail:

U. S. General Accounting Office P. O. Box 37050 Washington, DC 20013

Orders by visiting:

Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U. S. General
Accounting Office Washington, DC

Orders by phone:

(202) 512- 6000 fax: (202) 512- 6061 TDD (202) 512- 2537

Each day, GAO issues a list of newly available reports and testimony. To
receive facsimile copies of the daily list or any list from the past 30
days, please call (202) 512- 6000 using a touchtone phone. A recorded menu
will provide information on how to obtain these lists.

Orders by Internet:

For information on how to access GAO reports on the Internet, send an e-
mail message with “info” in the body to: info@ www. gao. gov or
visit GAO's World Wide Web home page at: http:// www. gao. gov

To Report Fraud, Waste, or Abuse in Federal Programs

Contact one:

? Web site: http:// www. gao. gov/ fraudnet/ fraudnet. htm ? e- mail:
fraudnet@ gao. gov ? 1- 800- 424- 5454 (automated answering system)

United States General Accounting Office Washington, D. C. 20548- 0001

Official Business Penalty for Private Use $300

Address Correction Requested Presorted Stardard

Postage & Fees Paid GAO Permit No. GI00
*** End of document. ***