Indian Health Service: Mismanagement Led to Millions of Dollars  
in Lost or Stolen Property and Wasteful Spending (31-JUL-08,	 
GAO-08-1069T).							 
                                                                 
In June 2007, GAO received information from a whistleblower	 
through GAO's FraudNET hotline alleging millions of dollars in	 
lost and stolen property and gross mismanagement of property at  
Indian Health Service (IHS), an operating division of the	 
Department of Health and Human Services (HHS). GAO was asked to  
conduct a forensic audit and related investigations to (1)	 
determine whether GAO could substantiate the allegation of lost  
and stolen property at IHS and identify examples of wasteful	 
purchases and (2) identify the key causes of any loss, theft, or 
waste. GAO analyzed IHS property records from fiscal years 2004  
to 2007, conducted a full physical inventory at IHS headquarters,
and statistically tested inventory of information technology (IT)
equipment at seven IHS field locations in 2007 and 2008. GAO also
examined IHS policies, conducted interviews with IHS officials,  
and assessed the security of property.				 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-08-1069T					        
    ACCNO:   A83186						        
  TITLE:     Indian Health Service: Mismanagement Led to Millions of  
Dollars in Lost or Stolen Property and Wasteful Spending	 
     DATE:   07/31/2008 
  SUBJECT:   Accountability					 
	     Agency evaluation					 
	     Data integrity					 
	     Equipment inventories				 
	     Equipment management				 
	     Federal property					 
	     Federal property management			 
	     Financial management				 
	     Information technology				 
	     Internal controls					 
	     Investigations into federal agencies		 
	     Losses						 
	     Noncompliance					 
	     Policy evaluation					 
	     Property						 
	     Property and supply management			 
	     Property losses					 
	     Policies and procedures				 
	     Waste, fraud, and abuse				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-08-1069T

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to [email protected]. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Committee on Indian Affairs, U.S. Senate: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 9:30 a.m. EDT: 

Thursday, July 31, 2008: 

Indian Health Service: 

Mismanagement Led to Millions of Dollars in Lost or Stolen Property and 
Wasteful Spending: 

Statement of Gregory D. Kutz, Managing Director Forensic Audits and 
Special Investigations: 

GAO-08-1069T: 

GAO Highlights: 

Highlights of GAO-08-1069T, a testimony before the Committee on Indian 
Affairs, U.S. Senate. 

Why GAO Did This Study: 

In June 2007, GAO received information from a whistleblower through 
GAOï¿½s FraudNET hotline alleging millions of dollars in lost and stolen 
property and gross mismanagement of property at Indian Health Service 
(IHS), an operating division of the Department of Health and Human 
Services (HHS). GAO was asked to conduct a forensic audit and related 
investigations to (1) determine whether GAO could substantiate the 
allegation of lost and stolen property at IHS and identify examples of 
wasteful purchases and (2) identify the key causes of any loss, theft, 
or waste. 

GAO analyzed IHS property records from fiscal years 2004 to 2007, 
conducted a full physical inventory at IHS headquarters, and 
statistically tested inventory of information technology (IT) equipment 
at seven IHS field locations in 2007 and 2008. GAO also examined IHS 
policies, conducted interviews with IHS officials, and assessed the 
security of property 

What GAO Found: 

Millions of dollars worth of IHS property has been lost or stolen over 
the past several years. Specifically: 

* IHS identified over 5,000 lost or stolen property items, worth about 
$15.8 million, from fiscal years 2004 through 2007. These missing items 
included all-terrain vehicles and tractors; Jaws of Life equipment; and 
a computer containing sensitive data, including social security 
numbers. 

* GAOï¿½s physical inventory identified that over 1,100 IT items, worth 
about $2 million, were missing from IHS headquarters. These items 
represented about 36 percent of all IT equipment on the books at 
headquarters in 2007 and included laptops and digital cameras. Further, 
IHS staff attempted to obstruct GAOï¿½s investigation by fabricating 
hundreds of documents. 

* GAO also estimates that IHS had about 1,200 missing IT equipment 
items at seven field office locations worth approximately $2.6 million. 
This represented about 17 percent of all IT equipment at these 
locations. 

However, the dollar value of lost or stolen items and the extent of 
compromised data are unknown because IHS does not consistently document 
lost or stolen property, and GAO only tested a limited number of IHS 
locations. Information related to cases where GAO identified 
fabrication of documents and potential release of sensitive data was 
referred to the HHS Inspector General for further investigation. 

The figure shows examples of the lost and stolen property GAO 
identified during the audit. 

Figure: Examples of Lost and Stolen Property Identified at IHS: 

This figure is a combination of illustrations showing examples of lost 
and stolen property identified at IHS. 

Caterpillar tractor; 
All-terrain vehicle; 
Pickup truck; 
Jaws of life; 
Laptop; 
Digital camera. 

[See PDF for image] 

Source: GAO, Art Explosion. 

[End of figure] 

GAO also found evidence of wasteful spending, including identifying 
that there are about 10 pieces of IT equipment for every one employee 
at headquarters.  GAOï¿½s investigation also found computers and other IT 
equipment were often assigned to vacant offices. 

GAO identified that the loss, theft, and waste can be attributed to 
IHSï¿½s weak internal control environment. IHS management has failed to 
establish a strong ï¿½tone at the top,ï¿½ allowing property management 
problems to continue for more than a decade with little or no 
improvement or accountability for lost and stolen property and 
compromise of sensitive personal data. In addition, IHS has not 
effectively implemented numerous property policies, including the 
proper safeguards for its expensive IT equipment. For example, IHS 
disposed of over $700,000 worth of equipment because it was ï¿½infested 
with bat dung.ï¿½ 

What GAO Recommends: 

In the report (GAO-08-727), on which this testimony was based, GAO made 
10 recommendations to IHS to update its policy and enforce management 
policies. HHS agreed to 9 recommendations but did not agree to 
establish procedures to track all sensitive equipment if they fall 
under the accountable dollar threshold criteria. GAO disagreed with 
HHSï¿½s assessment and reiterated support for all recommendations. 

To view the full product, including the scope and methodology, click on 
[http://www.gao.gov/cgi-bin/getrpt?GAO-08-1069T]. For more information, 
contact Gregory Kutz at (202) 512-6722 or [email protected]. 

[End of section] 

Mr. Chairman and Members of the Committee: 

Thank you for the opportunity to discuss the results of our 
investigation of lost or stolen property at the Indian Health Service 
(IHS). In June 2007, we received information from a whistleblower 
through GAO's FraudNET hotline alleging gross mismanagement of property 
at IHS and wasteful spending. Specifically, the whistleblower, who was 
a cognizant property official, alleged that IHS could not locate 1,180 
pieces of accountable personal property valued at over $1.8 million. 
The lost or stolen equipment included computers and other potentially 
sensitive information technology (IT) equipment at IHS headquarters. 
The whistleblower also claimed that officials at IHS headquarters wrote 
off millions of dollars worth of missing inventory without holding 
anyone financially liable. Based on the significance of these claims, 
we conducted an investigation to determine whether the whistleblower's 
allegations were valid. We described the results of the investigation 
in a recent report that was issued last month.[Footnote 1] 

Today, our testimony will summarize the results of our investigation 
and will describe the (1) substantiation of the allegation of lost or 
stolen property at IHS, (2) identification of examples of wasteful 
purchases and (3) identification of the key causes of any loss, theft, 
or waste that we detected. 

As detailed in our recent report, to substantiate the allegation of 
lost or stolen property at IHS, we analyzed IHS property documents that 
identified lost or stolen property from fiscal year 2004 through fiscal 
year 2007. We conducted a full physical inventory of property at IHS 
headquarters[Footnote 2] and performed random sample testing of IT 
equipment inventory at seven IHS field locations[Footnote 3] that we 
selected based on book value of inventory and geographic 
proximity.[Footnote 4] We did not attempt to quantify the level of 
waste at IHS, but we identified instances of waste through observations 
during our equipment inventories at headquarters and random sample 
testing at the selected field locations. Although we did not perform a 
systematic review of IHS internal controls, we identified the key 
causes of lost and stolen property and waste by examining IHS policies 
and procedures, conducting interviews with IHS officials, and assessing 
the physical security of property through our inventory testing. 

We conducted this forensic audit and related investigations from 
September 2007 to June 2008 in accordance with generally accepted 
government auditing standards.[Footnote 5] Those standards require that 
we plan and perform the audit to obtain sufficient, appropriate 
evidence to provide a reasonable basis for our findings and conclusions 
based on our audit objectives. Despite IHS efforts to obstruct our 
audit by making misrepresentations and fabricating hundreds of 
documents, we were still able to accomplish our objectives. We believe 
that the evidence obtained provides a reasonable basis for our findings 
and conclusions based on our audit objectives. We performed our 
investigative work in accordance with standards prescribed by the 
President's Council on Integrity and Efficiency. 

Summary: 

We confirmed the whistleblower's allegation of gross mismanagement of 
property at IHS. Specifically, we found that thousands of computers and 
other property, worth millions of dollars[Footnote 6], have been lost 
or stolen at IHS over the past several years. The number and dollar 
value of items that have been lost or stolen since 2004 is likely much 
higher because IHS did not consistently document lost or stolen 
property items. In addition, IHS did not provide us all the requested 
reports that IHS field offices used to document lost or stolen property 
since fiscal year 2004. 

IHS's ineffective management over IT equipment has also led to wasteful 
spending. Our analysis of IHS records indicates that there are 
approximately 10 pieces of IT equipment for every one employee at IHS 
headquarters.[Footnote 7] We also found numerous pieces of recent-model 
excess equipment at IHS headquarters, including 25 brand new computers-
-valued at a combined total of about $30,000--that were not issued to 
any employees and were collecting dust in a store room. 

The lost or stolen property and waste we detected at IHS can be 
attributed to the agency's weak internal control environment and its 
ineffective implementation of numerous property policies. IHS 
management has failed to establish a strong "tone at the top" by 
allowing inadequate accountability over property to persist for years 
and by neglecting to fully investigate cases related to lost and stolen 
items. Moreover, we found that IHS did not (1) conduct annual 
inventories of accountable property; (2) use receiving agents for 
acquired property at each location and designate property custodial 
officers in writing to be responsible for the proper use, maintenance, 
and protection of property; (3) place barcodes on accountable property 
to identify it as government property; and (4) maintain proper user- 
level accountability, including custody receipts, for issued property. 
IHS personnel also did not implement proper physical security controls 
to safeguard property. 

As discussed in our recent report, we made 10 recommendations to IHS to 
update its policy and enforce property management policies. The 
Department of Health and Human Services (HHS) agreed with 9 of our 10 
recommendations. HHS did not agree with our recommendation to establish 
procedures to track all sensitive equipment such as blackberries and 
cell phones even if they fall under the accountable dollar threshold 
criteria. We disagree with HHS's assessment and reiterate support for 
our recommendations. 

IHS Has Had Millions of Dollars in Lost or Stolen Property: 

We substantiated the allegation of gross mismanagement of property at 
IHS. Specifically, we found that thousands of computers and other 
property, worth millions of dollars, have been lost or stolen over the 
past several years. We analyzed IHS reports for headquarters and the 12 
regions from the last 4 fiscal years. These reports identified over 
5,000 property items, worth about $15.8 million, that were lost or 
stolen from IHS headquarters and field offices throughout the country. 
The number and dollar value of this missing property is likely much 
higher because IHS did not conduct full inventories of accountable 
property[Footnote 8] for all of its locations and did not provide us 
with all inventory documents as requested. Despite IHS attempts to 
obstruct our investigation, our full physical inventory at headquarters 
and our random sample of property at 7 field locations, identified 
millions of dollars of missing property. 

IHS Records Indicate at Least $15.8 Million of Property Is Lost or 
Stolen: 

Our analysis of Report of Survey[Footnote 9] records from IHS 
headquarters and field offices show that from fiscal year 2004 through 
fiscal year 2007, IHS property managers identified over 5,000 lost or 
stolen property items worth about $15.8 million. Although we did 
receive some documentation from IHS, the number and dollar value of 
items that have been lost or stolen since 2004 is likely much higher 
for the following reasons. First, IHS does not consistently document 
lost or stolen property items. For example, 9 of the 12 IHS regional 
offices did not perform a full physical inventory in fiscal year 2007. 
Second, an average of 5 of the 12 regions did not provide us with all 
of the reports used to document missing property for each year since 
fiscal year 2004, as we requested. Third, we found about $11 million in 
additional inventory shortages from our analysis of inventory reports 
provided to us by IHS, but we did not include this amount in our 
estimate of lost or stolen property because IHS has not made a final 
determination on this missing property. Some of the egregious examples 
of lost or stolen property include: 

* In April 2007, a desktop computer containing a database of uranium 
miners' names, social security numbers, and medical histories was 
stolen from an IHS hospital in New Mexico. According to an HHS report, 
IHS attempted to notify the 849 miners whose personal information was 
compromised, but IHS did not issue a press release to inform the public 
of the compromised data. 

* From 1999 through 2005, IHS did not follow required procedures to 
document the transfer of property from IHS to the Alaska Native Tribal 
Health Consortium, resulting in a 5-year unsuccessful attempt by IHS to 
reconcile the inventory. Our analysis of IHS documentation revealed 
that about $6 million of this property--including all-terrain vehicles, 
generators, van trailers, pickup trucks, tractors, and other heavy 
equipment--was lost or stolen. 

* In September 2006, IHS property staff in Tucson attempted to write 
off over $275,000 worth of property, including Jaws of Life equipment 
valued at $21,000. The acting area director in Tucson refused to 
approve the write-off because of the egregious nature of the property 
loss. 

GAO Inventory Testing Reveals Lost or Stolen IT Equipment at IHS 
Headquarters: 

To substantiate the whistleblower's allegation of missing IT equipment, 
we performed our own full inventory of IT equipment at IHS 
headquarters. Our results were consistent with what the whistleblower 
claimed. Specifically, of the 3,155 pieces of IT equipment recorded in 
the records for IHS headquarters, we determined that about 1,140 items 
(or about 36 percent) were lost, stolen, or unaccounted for. These 
items, valued at around $2 million, included computers, computer 
servers, video projectors, and digital cameras. According to IHS 
records, 64 of the items we identified as missing during our physical 
inventory were "new" in April 2007. 

During our investigation of the whistleblower's complaint, IHS made a 
concerted effort to obstruct our work. For example, the IHS Director 
over property misrepresented to us that IHS was able to find about 800 
of the missing items from the whistleblower's complaint. In addition, 
an IHS property specialist attempted to provide documentation 
confirming that 571 missing items were properly disposed of by IHS. 
However, we found that the documentation he provided was not dated and 
contained no signatures. Finally, IHS provided us fabricated receiving 
reports after we questioned them that the original reports provided to 
us were missing key information on them. Figure 1 shows the fabricated 
receiving report for a shipment of new scanners delivered to IHS. 

Figure 1: Example of Questionable Receiving Report: 

This figure is a picture of an example of a questionable receiving 
report. 

[See PDF for image] 

Source: GAO analysis of IHS data. 

[End of figure] 

As shown in figure 1, there is almost a 3-month gap between the date 
the equipment was received in September and the date that the receiving 
report was completed and signed in December--even though the document 
should have been signed upon receipt. In fact, the new receiving report 
IHS provided was signed on the same date we requested it, strongly 
suggesting that IHS fabricated these documents in order to obstruct our 
investigation. 

GAO Testing Identifies Lost or Stolen IT Equipment at Seven IHS Field 
Locations: 

We selected a random sample of IT equipment inventory at seven IHS 
field offices to determine whether the lack of accountability for 
inventory was confined to headquarters or occurred elsewhere within the 
agency.[Footnote 10] Similar to our finding at IHS headquarters, our 
sample results also indicate that a substantial number of pieces of IT 
equipment were lost, stolen, or unaccounted for. Specifically, we 
estimate that for the 7 locations, about 1,200 equipment items or 17 
percent, with a value of $2.6 million were lost, stolen or unaccounted 
for.[Footnote 11] Furthermore, some of the missing equipment from the 
seven field locations could have contained sensitive information. We 
found that many of the missing laptops were assigned to IHS hospitals 
and, therefore, could have contained patient information and social 
security numbers and other personal information. 

Wasteful Purchases Identified During Inventory Tests: 

IHS has also exhibited ineffective management over the procurement of 
IT equipment, which has led to wasteful spending of taxpayer funds. 
Some examples of wasteful spending that we observed during our audit of 
headquarters and field offices include: 

* Approximately 10 pieces of IT equipment, on average, are issued for 
every one employee at IHS headquarters. Although some of these may be 
older items that were not properly disposed, we did find that many 
employees, including administrative assistants, were assigned two 
computer monitors, a printer and scanner, a blackberry, subwoofer 
speakers, and multiple computer laptops in addition to their computer 
desktop. Many of these employees said they rarely used all of this 
equipment, and some could not even remember the passwords for some of 
their multiple laptops. 

* IHS purchased numerous computers for headquarters staff in excess of 
expected need. For example, IHS purchased 134 new computer desktops and 
monitors for $161,700 in the summer of 2007. As of February 2008, 25 of 
these computers and monitors--valued at about $30,000--were in storage 
at IHS headquarters. In addition, many of the computer desktops and 
monitors purchased in the summer of 2007 for IHS headquarters were 
assigned to vacant offices. 

Weak Tone at the Top and Other Control Weaknesses Leave IHS Highly 
Vulnerable to Loss, Theft, and Waste: 

The lost or stolen property and waste we detected at IHS can be 
attributed to the agency's weak internal control environment and its 
ineffective implementation of numerous property policies. In 
particular, IHS management has failed to establish a strong "tone at 
the top" by allowing inadequate accountability over property to persist 
for years and by neglecting to fully investigate cases related to lost 
and stolen items. Furthermore, IHS management has not properly updated 
its personal property management policies, which IHS has not revised 
since 1992. Moreover, IHS did not (1) conduct annual inventories of 
accountable property; (2) use receiving agents for acquired property at 
each location and designate property custodial officers in writing to 
be responsible for the proper use, maintenance, and protection of 
property; (3) place barcodes on accountable property to identify it as 
government property; (4) maintain proper individual user-level 
accountability, including custody receipts, for issued property; (5) 
safeguard IT equipment;[Footnote 12] or (6) record certain property in 
its new property management information system.[Footnote 13] 

Implementation of GAO Recommendations Will Lead to Better Management of 
IHS Property: 

To strengthen IHS's overall control environment and "tone at the top", 
we made 10 recommendations to IHS to update its policy and enforce 
property management policies of both the HHS and IHS. Specifically, we 
recommended that the Director of IHS should direct IHS property 
officials to take the following 10 actions: 

* Update IHS personal property management policies to reflect any 
policy changes that have occurred since the last update in 1992. 

* Investigate circumstances surrounding missing or stolen property 
instead of writing off losses without holding anyone accountable. 

* Enforce policy to conduct annual inventories of accountable personal 
property at headquarters and all field locations. 

* Enforce policy to use receiving agents to document the receipt of 
property and distribute the property to its intended user and to 
designate property custodial officers in writing to be responsible for 
the proper use, maintenance, and protection of property. 

* Enforce policy to place bar codes on all accountable property. 

* Enforce policy to document the issuance of property using hand 
receipts and make sure that employees account for property at the time 
of transfer, separation, change in duties, or on demand by the proper 
authority. 

* Maintain information on users of all accountable property, including 
their buildings and room numbers, so that property can easily be 
located. 

* Physically secure and protect property to guard against loss and 
theft of equipment. 

* Enforce the use of the property management information system 
database to create reliable inventory records. 

* Establish procedures to track all sensitive equipment such as 
blackberries and cell phones even if they fall under the accountable 
dollar threshold criteria. 

HHS agreed with 9 of the 10 recommendations. HHS disagreed with our 
recommendation to establish procedures to track all sensitive equipment 
such as blackberries and cell phones even if they fall under the 
accountable dollar threshold criteria. We made this recommendation 
because we identified examples of lost or stolen equipment that 
contained sensitive data, such as a PDA containing medical data for 
patients at a Tucson, Arizona area hospital. According to an IHS 
official, the device contained no password or data encryption, meaning 
that anyone who found (or stole) the PDA could have accessed the 
sensitive medical data.[Footnote 14] While we recognize that IHS may 
have taken steps to prevent the unauthorized release of sensitive data 
and acknowledge that it is not required to track devices under a 
certain threshold, we are concerned about the potential harm to the 
public caused by the loss or theft of this type of equipment. 
Therefore, we continue to believe that such equipment should be tracked 
and that our recommendation remains valid. 

Mr. Chairman and Members of the Committee, this concludes our 
statement. We would be pleased to answer any questions that you or 
other members of the committee may have at this time. 

Contacts and Acknowledgments: 

For further information about this testimony, please contact Gregory D. 
Kutz at (202) 512-6722 or [email protected]. Contact points for our Offices 
of Congressional Relations and Public Affairs may be found on the last 
page of this testimony. In addition to the individual named above, the 
individuals who made major contributions to this testimony were 
Verginie Amirkhanian, Erika Axelson, Joonho Choi, Jennifer Costello, 
Jane Ervin, Jessica Gray, Richard Guthrie, John Kelly, Bret Kressin, 
Richard Kusman, Barbara Lewis, Megan Maisel, Andrew McIntosh, Shawn 
Mongin, Sandra Moore, James Murphy, Andy O'Connell, George Ogilvie, 
Chevalier Strong, Quan Thai, Matt Valenta, and David Yoder. 

[End of section] 

Footnotes; 

[1] GAO, IHS Mismanagement Led to Millions of Dollars in Lost or Stolen 
Property, GAO-08-727 (Washington, D.C.: June 18, 2008). 

[2] IHS headquarters property consists mostly of IT equipment. 

[3] We considered equipment to be lost or stolen in our physical 
inventory testing and random sample testing of seven field locations if 
we could not observe the item to confirm bar code and serial number, or 
if IHS could not provide us with adequate documentation to support the 
disposal of the equipment. 

[4] The seven sites we selected account for 35 percent of the IT 
equipment items or 40 percent of the value of IT equipment. The seven 
locations we tested included both IHS area offices and service units 
such as hospitals and supply centers. 

[5] A forensic audit is a systematic evaluation of the effectiveness of 
internal controls over a program, process, and/or policies and 
procedures. Forensic audits identify ineffective controls and 
vulnerabilities and use data mining and investigations to expose areas 
of fraud, waste, abuse, and security vulnerabilities to show the effect 
of inadequate controls. 

[6] The amount of lost or stolen property stated throughout the report 
was valued at acquisition cost which is how IHS typically values the 
property in its records. 

[7] More specifically, each IHS employee is issued approximately 3 
computers per person. 

[8] Accountable personal property is personal property with an 
acquisition value of $5,000 or greater and all sensitive items with a 
value of $500 or greater. 

[9] Report of Survey is the document used to record and present 
findings and recommendations concerning the loss, theft, damage, or 
destruction of government property, to approve corrective actions, 
including financial recovery efforts, and to approve the resulting 
adjustments to property accountability records. 

[10] We selected the seven field locations based on book value of 
inventory and geographic proximity. Five field office locations were 
selected because they had the highest dollar amount of IT equipment. We 
selected 2 additional sites because of their geographic proximity to 
the other field offices being tested. 

[11] Because these estimates are based on a probability sample, they 
are subject to sampling error. For example, we are 95 percent confident 
that missing IT equipment is valued between $1.39 million and $4.53 
million. Likewise, we are 95 percent confident that between 12 and 22 
percent (or between 893 and 1588) of the IT equipment items were lost 
or stolen. 

[12] For example, as noted in our recent report, because IHS did not 
properly protect its equipment against damage or destruction, IHS had 
to dispose over $700,000 worth of equipment because it was infested 
with bat dung. 

[13] Because IHS has not entered all property information into its new 
property management information system, it does not have reliable 
inventory records related to expensive, sensitive, and pilferable 
property. Specifically, our investigation found that IHS failed to 
enter over 18,000 items, worth approximately $48 million, from 
headquarters and the sites we reviewed. Furthermore, over half of the 
items we selected while performing our random sample testing of the 
seven field locations were not recorded in the new property management 
information system. 

[14] This increased the risk that sensitive information could be 
disclosed to unauthorized individuals and was in violation of federal 
policy: OMB Memorandum M-07-16, Safeguarding Against and Responding to 
the Breach of Personally Identifiable Information (May 22, 2007).

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability.  

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates."  

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:  

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548:  

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061:  

To Report Fraud, Waste, and Abuse in Federal Programs:  

Contact:  

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: [email protected]: 
Automated answering system: (800) 424-5454 or (202) 512-7470:  

Congressional Relations:  

Ralph Dawn, Managing Director, [email protected]: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548:  

Public Affairs: 

Chuck Young, Managing Director, [email protected]: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: 

*** End of document. ***