General Services Administration: Many Building Security Upgrades Made But
Problems Have Hindered Program Implementation (Testimony, 06/04/98,
GAO/T-GGD-98-141).

GAO discussed the General Service's Administration's (GSA) progress in
upgrading the security of federal buildings under its operation,
focusing on: (1) what criteria GSA used to assess security risks and
prioritize security upgrades for its buildings; (2) the implementation
and operational status of GSA's security upgrade program and the costs
GSA has incurred by both funding source and type of security upgrade;
and (3) whether any problems have hindered GSA's implementation of the
security upgrade program.

GAO noted that: (1) GSA used the Department of Justice (DOJ) report's
criteria to assess risks and prioritize security upgrades in its
buildings; (2) despite the formidable challenges posed by this program,
GSA has made progress implementing upgrades in federal buildings
throughout the country, particularly in its higher risk buildings; (3)
GSA's data systems indicate that about 7,000 upgrades were completed and
it estimates that roughly $353 million were obligated from the Federal
Buildings Fund for the upgrade program nationally between October 1,
1995, and March 31, 1998; (4) however, mistakes made by rushing to meet
the timetables in the DOJ report because of GSA's sense of urgency to
upgrade security in its buildings, reduced staffing due to downsizing,
data reliability problems, and uncertain funding sources have hindered
GSA's upgrade program implementation; (5) because of data reliability
problems, neither GSA nor GAO can specify the exact status or cost of
the building security upgrade program, and because GSA has not
established program outcome measures, neither GSA nor GAO knows the
extent to which completed upgrades have resulted in greater security or
reduced vulnerability for federal office buildings; and (6) GSA is not
in a good position to manage its program to mitigate security threats.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-GGD-98-141
     TITLE:  General Services Administration: Many Building Security 
             Upgrades Made But Problems Have Hindered Program
             Implementation
      DATE:  06/04/98
   SUBJECT:  Crime prevention
             Federal office buildings
             Federal agency accounting systems
             Data integrity
             Facility security
             Federal property management
IDENTIFIER:  Federal Buildings Fund
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Before the Subcommittee on Public Buildings and Economic Development,
Committee on Transportation and Infrastructure, House of
Representatives

For Release on Delivery
Expected at
9:00 a.m.  EDT
Thursday
June 4, 1998

GENERAL SERVICES
ADMINISTRATION - MANY BUILDING
SECURITY
UPGRADES MADE BUT PROBLEMS HAVE
HINDERED PROGRAM
IMPLEMENTATION

Statement of Bernard L.  Ungar
Director, Government Business Operations Issues
General Government Division

GAO/T-GGD-98-141

GAO/GGD-98-141T


(240255)


Abbreviations
=============================================================== ABBREV

  BSC -
  DOJ -
  FBF -
  FPS -
  GSA -
  NEAR -
  OIG -
  OMB -

GENERAL SERVICES ADMINISTRATION: 
MANY BUILDING SECURITY UPGRADES
MADE BUT PROBLEMS HAVE HINDERED
PROGRAM IMPLEMENTATION
====================================================== Chapter SUMMARY

In response to the April 19, 1995, bombing of the Murrah Federal
Building in Oklahoma City, the President directed the Department of
Justice (DOJ) to assess the vulnerability of federal office
buildings, particularly to acts of terrorism and other forms of
violence.  A DOJ-directed interagency working group issued a report
in June 1995 recommending specific minimum security standards for
federal buildings and criteria, guidance, and timetables for
evaluating the security needs of federal buildings and estimating the
cost of needed upgrades.  The President directed executive
departments and agencies to upgrade the security of their facilities
to the extent feasible based on the DOJ report's recommendations, and
he gave the General Services Administration (GSA) this responsibility
for the buildings it controls. 

In July 1995, GSA initiated a multimillion-dollar security
enhancement program for its 8,300 buildings.  Using the criteria,
guidance, and timetables recommended in the DOJ report, GSA has made
progress in assessing risks, setting priorities, and completing
thousands of upgrades in its buildings, particularly the high-risk
ones.  GSA's computer-based upgrade tracking system showed that about
7,000 upgrades were completed between October 1, 1995, and March 31,
1998, and based on data from GSA's accounting system, we estimated
that GSA obligated roughly $353 million from the Federal Buildings
Fund (FBF) for these upgrades.  However, because of erroneous and
incomplete data in these systems, we were unable to reliably
determine the exact status or costs of the program. 

Mistakes made by rushing to meet the DOJ report's recommended
timetables so it could improve security in federal buildings before
the first anniversary of the Oklahoma City bombing, staff reductions
due to downsizing, uncertain funding sources, and unreliable data in
GSA's upgrade tracking and accounting systems hindered GSA's
implementation of the program.  GSA didn't meet either the DOJ
recommended times for completing building security evaluations and
upgrade cost estimates or its own internal goals for completing
security upgrades.  Funding uncertainties continue because GSA and
the Office of Management and Budget (OMB) have not yet completely
agreed on how best to fund all the future costs of the building
security program.  Finally, GSA does not have valid data needed to
assess the costs versus the benefits of upgrades and the extent to
which completed upgrades have contributed to increased security or
reduced vulnerability to the greatest threats to federal office
buildings.  Therefore, we are recommending that GSA correct the data
in its upgrade tracking and accounting systems; ensure that all GSA
buildings are evaluated for security needs; work with OMB to ensure
sufficient funding is available for the building security program;
and develop outcome-oriented program goals, measures, and evaluations
so that it can better manage the program and work toward mitigating
security threats in its buildings. 


GENERAL SERVICES ADMINISTRATION: 
MANY BUILDING SECURITY UPGRADES
MADE BUT PROBLEMS HAVE HINDERED
PROGRAM IMPLEMENTATION
==================================================== Chapter STATEMENT

Mr.  Chairman and Members of the Subcommittee: 

I am pleased to be here today to discuss the General Services
Administration's (GSA) progress in upgrading the security of federal
buildings under its operation.  As you know, following the April 19,
1995, bombing of the Murrah Federal Building in Oklahoma City, the
President directed the Department of Justice (DOJ) to assess the
vulnerability of federal office buildings, particularly to acts of
terrorism and other forms of violence.  Under the direction of DOJ,
an interagency working group comprising security professionals from
nine federal departments and agencies issued, in June 1995, a report
recommending specific minimum security standards for federal
buildings.\1 Subsequently, the President directed executive
departments and agencies to upgrade the security of their facilities
to the extent feasible based on the DOJ report's recommendations. 
The President gave GSA this responsibility for the buildings it
controls, and in July 1995, GSA initiated a multimillion-dollar
security enhancement program for its 8,300 buildings.\2

You requested that we evaluate the GSA building security upgrade
program.  Specifically, you asked that we determine (1) what criteria
GSA used to assess security risks and prioritize security upgrades
for its buildings, (2) the implementation and operational status of
GSA's security upgrade program and the costs GSA has incurred by both
funding source and type of security upgrade (such as x-ray machines
and security guards), and (3) whether any problems have hindered
GSA's implementation of the security upgrade program. 

In summary, we found that GSA used the DOJ report's criteria to
assess risks and prioritize security upgrades in its buildings. 
Despite the formidable challenges posed by this program, GSA has made
progress implementing upgrades in federal buildings throughout the
country, particularly in its higher risk buildings.  GSA's data
systems indicate that about 7,000 upgrades were completed and we
estimate that roughly $353 million were obligated from the FBF for
the upgrade program nationally between October 1, 1995, and March 31,
1998.  However, mistakes made by rushing to meet the timetables in
the DOJ report because of GSA's sense of urgency to upgrade security
in its buildings, reduced staffing due to downsizing, data
reliability problems, and uncertain funding sources have hindered
GSA's upgrade program implementation.  Because of data reliability
problems, neither GSA nor we can specify the exact status or cost of
the building security upgrade program, and because GSA has not
established program outcome measures, neither GSA nor we know the
extent to which completed upgrades have resulted in greater security
or reduced vulnerability for federal office buildings.  Thus, GSA is
not in a good position to manage its program to mitigate security
threats. 

Before presenting specific information on our findings, I would like
to provide some information on our scope and methodology.  In
responding to your request, we interviewed key GSA officials in
Washington, D.C.; and in GSA Regional Offices in Atlanta, GA; Ft. 
Worth, TX; Denver, CO; and the National Capital Region of Washington,
D.C.; and obtained and reviewed the DOJ report as well as documents
from GSA relating to the planning, implementation, and operation of
the security upgrade program.  We held discussions and obtained data
from representatives of the Office of Management and Budget (OMB),
the GSA Office of Inspector General (OIG), and several federal
agencies that have organizational units in GSA-owned and -leased
buildings.  We did not evaluate the appropriateness of the DOJ
building security standards or the effectiveness of either GSA's
building security program or security programs administered by other
agencies.  We did our work from July 1997 to May 1998 in accordance
with generally accepted government auditing standards.  We have
included more details about our scope and methodology and additional
details about our findings in appendixes I through IV. 


--------------------
\1 Vulnerability Assessment of Federal Facilities, (hereinafter
referred to as the DOJ report) issued June 28, 1995, by a
DOJ-directed working group comprising security professionals from
GSA, DOJ, Marshals Service, Federal Bureau of Investigation, Secret
Service, Social Security Administration, the Departments of Defense
and State, and the Administrative Office of the U.S.  Courts. 

\2 According to the DOJ report, there are 26 federal agencies that
are authorized to purchase, own, or lease space, buildings, or other
parcels of land.  The three largest of these are GSA, the Department
of Defense, and the Department of State.  According to GSA's fiscal
year 1997 annual report, the 8,300 buildings it managed contained
about 257 million square feet of office space and constituted about
39 percent of the government's total office space. 


   CRITERIA USED BY GSA
-------------------------------------------------- Chapter STATEMENT:1

GSA used the criteria and guidance recommended in the DOJ report to
assess the types of security upgrades needed and to prioritize its
buildings for receiving upgrades.  The DOJ report established minimum
security standards in categories such as perimeter and interior
security, and provided guidance for estimating upgrade costs. 
Different standards were to be applied to each building based on its
evaluated risk level.  Risk levels were to be assigned to buildings
using criteria such as tenant population and volume of public
contact, with level I the lowest risk level and level V the highest. 
The report also recommended that GSA establish a building security
committee (BSC) in each GSA-controlled building to identify the
minimum security requirements needed in each specific building.  The
committees were to consist of representatives from all agencies
occupying a given building and were to be assisted by a GSA regional
physical security specialist in identifying and estimating the costs
of needed security upgrades.  GSA assigned initial risk level
designations to its buildings based on information available at the
time, pending more definitive determinations by the BSCs.  Generally,
GSA prioritized its buildings for receiving security upgrades based
on risk level, with the higher risk buildings receiving security
assessments and needed upgrades first.  (For further details, see
app.  II.)


   OPERATIONAL AND IMPLEMENTATION
   STATUS
-------------------------------------------------- Chapter STATEMENT:2

Although GSA has completed many building security assessments,
upgrade cost estimates, and upgrades, we weren't able to reliably
determine the total numbers of upgrades completed nationally because
GSA's upgrade tracking system contained incomplete and erroneous
data.  According to GSA, tracking system data were unreliable because
its regional staff did not always appropriately or accurately record
upgrade transactions in the tracking system. 

The Federal Protective Service (FPS)--the physical security and law
enforcement arm of GSA's Public Buildings Service--developed a
computerized database system to track the status of all building
security committee-requested upgrades.  The system, which became
fully operational in early 1996, was designed to track by region, and
by building, upgrades requested, approved, and completed, as well as
upgrade cost estimates. 

The tracking system was also intended to serve in part as a
forerunner to a larger government-wide database of security upgrades
in all federal buildings, as required by Executive Order 12977, dated
October 19, 1995.  The order created the Interagency Security
Committee, which was to be chaired by GSA's administrator or his
designee, comprising representatives from 17 federal agencies and
specific individuals.  The Committee was established to enhance the
quality and effectiveness of security in buildings and facilities
occupied by federal employees. 

As of March 31, 1998, the tracking system showed that about 7,800
upgrades had been approved and about 7,000, or 90 percent, had been
completed.  Our review of the records of 53 buildings and our visits
to 43 buildings in GSA regions 4, 7, 8, and 11, as well as visits by
GSA's OIG audit staff to 121 buildings in GSA regions 1, 4, 7, and
11, showed that GSA had completed security upgrades in many of its
buildings across the United States.  Examples of the types of
upgrades that we observed on our visits to GSA buildings around the
country included (1) concrete bollards constructed around building
perimeters, (2) security cameras installed and in use both inside and
outside of buildings, and (3) metal detectors and x-ray machines
installed at building entrances and operated by GSA or contract
security personnel. 

However, based on our work and that of the OIG, we do not believe
that a reliable determination of the building security upgrade
program's status can be made because of errors in the upgrade
tracking system.  GSA's upgrade tracking system contained errors
related to the number of upgrades approved and the number completed
in 24, or 45 percent, of the buildings we reviewed and in 65, or 54
percent, of the buildings reviewed by the OIG.  For example, (1) some
upgrades that were shown as approved and completed in the tracking
system in fact were not completed, and the requests for the upgrades
had been cancelled; and (2) some approved upgrades shown in the
system as completed weren't complete, and in fact the related
security equipment was boxed and stored.  According to GSA, these
errors occurred because GSA personnel didn't always appropriately or
accurately record the status of the upgrades in the tracking system. 

In addition to these errors related to upgrades approved, completed,
and cancelled in the tracking system, we have concerns about whether
all GSA buildings have been evaluated for security needs.  We found
that, as of October 1997, the nationwide upgrade tracking system
contained little or no evidence that building security evaluations
had been done for 754 GSA buildings, 14 of which were level-IV
buildings.  We judgmentally selected a sample of 26 of the 754
buildings and attempted to determine whether a security evaluation
had been done by contacting a representative from each building's
security committee during December 1997 and January 1998.\3
Representatives from 22 of the 26 buildings responded.  Of the 22,
representatives of 5 buildings told us that a building evaluation
wasn't done, 6 said they weren't sure whether one was done, and 7
representatives said that the evaluations were done, but the
remaining 4 representatives said that evaluations weren't applicable
for their buildings because (1) the lease for the federal agency
tenants in the building had been terminated, (2) the building was
leased and used only for storage purposes, (3) the building was a
maintenance garage with access limited to agency personnel, and (4)
the building was no longer in use. 

For the 11 building representatives that said a building evaluation
was not done or that they weren't sure, we asked whether they
believed that their buildings' current levels of security met the DOJ
minimum standards.  Representatives of four buildings said "yes";
five said they didn't know; and two said that the standards weren't
applicable to their specific buildings because the agencies were
moving out of the buildings.  Four of the five that said they didn't
know also said that they weren't aware of the DOJ minimum security
standards. 

Similarly, we found no evidence in GSA's building files that security
evaluations had been done for a number of buildings that had no
requests for security upgrades in the tracking system.  During the
latter part of 1997, we judgmentally selected 50 buildings in two GSA
regions that showed no requests for security upgrades in the tracking
system, and we found no evaluations on file for 12, or 24 percent, of
the buildings.  GSA had initially classified 3 of these 12 buildings
as level IVs, 8 as level IIIs, and 1 as level II.  Ten of the 12
buildings were in one GSA region. 

FPS officials told us that they weren't sure whether evaluations had
been done for all GSA buildings.  They said that although they had
attempted to obtain evaluations for all buildings, not all BSCs had
provided evaluations. 


--------------------
\3 Our sample was selected to obtain a cross section of GSA regions
and building risk levels, and included buildings in 9 of 11 GSA
regions and security risk levels I through IV. 


   UPGRADE OBLIGATIONS DATA
   UNRELIABLE AND NOT AVAILABLE BY
   TYPE
-------------------------------------------------- Chapter STATEMENT:3

In addition to being unable to reliably determine the program's
operational and implementation status, we also couldn't reliably
determine the actual costs or obligations incurred by GSA for
security upgrades because GSA's accounting system, like its tracking
system, contained significant errors.  Further, we couldn't determine
the actual costs incurred by type of security upgrade because GSA
said that its accounting system was not designed to account for costs
by upgrade type.  Nevertheless, based on the existing accounting
system data, we estimate that from October 1, 1995, through March 31,
1998, GSA obligated roughly $353 million for the building security
upgrade program nationally.  The source of those funds was the FBF. 
As you know, the Fund consists primarily of rent that GSA charges
federal agencies for space and is administered by GSA.  It is the
primary means of financing the capital and operating costs associated
with GSA-controlled federal space. 

According to GSA, and we agree, the accuracy of these obligations
data was unreliable because of errors GSA personnel had made when
they recorded obligations for upgrade transactions in the accounting
system.  For example, late in fiscal year 1997, FPS attempted to
identify regions with unneeded upgrade funding allowances that could
be shifted to regions in need of funds to complete upgrades.  In FPS'
analysis, it identified over $5 million in obligations shown in the
accounting system for upgrades in 109 buildings in 10 GSA regions for
which there were no corresponding approved upgrades shown in the
tracking system.  FPS found that (1) $0.9 million of the obligations
related to other GSA programs rather than the building security
upgrade program; (2) $0.6 million in obligations related to upgrades
that in fact had been completed but were shown in the tracking system
as cancelled and voided by GSA; (3) $1.2 million in obligations
related to upgrades completed in other buildings; and (4) $1.6
million were valid obligations, but the corresponding upgrades had
inadvertently not been entered into the tracking system.  FPS was
uncertain about the remaining discrepancies.  FPS found similar
problems relating to upgrades recorded in the tracking system for
which there were no corresponding obligations recorded in the
accounting system.  Because of these errors or discrepancies in the
obligations data, FPS was unable to complete its efforts to
reallocate funds among regions for over 2 months.  We discuss these
discrepancies in more detail in appendix III. 


   PROBLEMS HINDERING PROGRAM
   IMPLEMENTATION
-------------------------------------------------- Chapter STATEMENT:4

In addition to the unreliable nature of the data in the upgrade
tracking and accounting systems, several other problems have hindered
and slowed GSA's implementation of the security upgrade program. 
These included (1) funding source uncertainties; (2) mistakes made to
meet deadlines by a downsized staff, as well as a sense of urgency to
rapidly complete as many security upgrades as possible; and (3)
unreliable upgrade cost estimates.  As a result of these problems,
GSA was not able to meet several program implementation goals.  In
addition, GSA lacks information about the benefits of upgrades
relative to their costs; has not established specific program
effectiveness goals, outcomes, or measures; and doesn't know whether
and to what extent federal office buildings' vulnerability to acts of
terrorism and other forms of violence has been reduced. 

Funding uncertainties:  Uncertainties about the source of funds for
the security upgrade program have confronted GSA from the beginning. 
With no specific building security upgrade funding initially
identified in fiscal year 1996 budget plans, GSA had to use FBF funds
that were intended for other purposes.  In addition, because of
funding concerns in early fiscal year 1996, GSA placed on hold
proposed costly upgrades, such as the purchase of parking areas
adjacent to GSA buildings.  Further, even though the June 1995 DOJ
report recommended that GSA consider increasing the rent of federal
agencies to pay for the increased costs of upgraded security,
uncertainty continues to exist regarding the source of funds for the
building security program.  While GSA has projected about $260
million in obligations for fiscal year 1998 and budgeted about $251
million in obligations for fiscal year 1999 on building security, GSA
and OMB have not yet reached complete agreement on how best to fund
all the future costs of the program.  Once GSA and OMB agree on how
to fund increased security costs, the increased funding would be
contingent on congressional approval in the appropriations process. 

Timetables, staff, and urgency issues:  According to GSA officials,
GSA wanted to add as much security as possible in federal buildings
before the first anniversary of the Oklahoma City bombing--April 19,
1996.  The officials said that this sense of urgency, coupled with
the program implementation timetables in the DOJ report and limited
availability of staff due to downsizing, led to security upgrade
decisions being made with the information available, recognizing that
planning and implementation adjustments would likely be necessary. 
They acknowledged that, as a result, some initial efforts suffered
and some mistakes were made.  GSA and agency staffs at GSA-controlled
buildings had about 3.5 months after issuance of the DOJ report to do
security assessments and develop upgrade cost estimates for several
hundred level-IV buildings, and they had about 7 months to do the
same for several thousand lower level buildings. 

According to FPS staff and a member of the DOJ report task force from
the U.S.  Marshals Service, there was little time available to
develop the desired level of implementing guidance and training for
FPS staff and the thousands of BSCs.  Further, they said that the
ratio of GSA-operated buildings to FPS physical security specialists
added to the difficulties.  For example, in one GSA region, we were
told that the region had responsibility for about 1,000 buildings but
had only 15 FPS physical security specialists available to assist
BSCs with the building risk assessments.  Nationwide, a total of
about 200 FPS physical security specialists were responsible for
assisting in the assessment of over 8,000 GSA-operated buildings. 

According to GSA, the speed with which these assessments and cost
estimates had to be done caused errors that contributed to the need
to reevaluate, change, cancel, and void a number of decisions on
security upgrades.  For example, some hurriedly approved upgrades had
to be cancelled and voided or modified because of the effects that
the planned upgrades would have had on the flow of people and
vehicular traffic in and around the buildings or because of concerns
raised by local governments or by others due to the historic nature
of some of the buildings.  As a result, GSA had to devise alternative
security measures, which sometimes required additional funds. 

Unreliable cost estimates:  A number of the initial cost estimates
for upgrades recorded in the tracking system proved unreliable.  In
an effort to determine how much money was available to complete
approved upgrades and reallocate funds among its regions, GSA
analyzed upgrade cost estimates versus the actual obligations
required to complete the upgrades in many of its buildings, and it
found that many of the initial cost estimates were unreliable.  For
example, the estimated costs in the tracking system of completed
upgrades for a group of 98 buildings in 11 GSA regions were about
$10.4 million, while the actual obligations to complete the upgrades
recorded in the accounting system were about $29 million--that is,
obligations to complete the upgrades were over $18 million more than
the estimated costs of completing the upgrades.  According to GSA,
the initial cost estimates were made using the general guidance
contained in the DOJ report.  Although more accurate cost estimates
were made as the upgrade implementation progressed, the upgrade
tracking system was not designed to readily capture the revised cost
estimates.  Without more accurate cost estimates, GSA decisionmakers
were not in the best position to judge the cost/benefit of various
upgrade options or to reliably estimate funds needed to complete
approved upgrades. 

The unreliable cost estimates combined with the unreliability of the
status and cost data in the upgrade tracking and accounting systems,
the funding source uncertainties, the reduced level of staff, and the
mistakes made due to program deadlines, as well as the sense of
urgency by GSA to complete upgrades as quickly as possible hindered
the implementation of the upgrade program.  Thus, GSA was unable to
fully meet program timetables established in the DOJ report and
several upgrade implementation goals it had established internally. 
Further, because additional security upgrade requests were received
in the last half of fiscal year 1997, and additional funds were
needed to complete previously approved upgrades, GSA estimated in
October 1997 that it would need about $7.8 million in additional
funds in fiscal year 1998 to complete the upgrades approved as of
September 26, 1997. 

The DOJ report called for GSA to complete security assessments and
upgrade cost estimates by October 15, 1995, for its high-risk
(level-IV) buildings, and by February 1, 1996, for the remaining
lower risk buildings (levels I through III).  Level-V buildings were
generally not included in GSA's building security upgrade program
because the DOJ report recommended that agencies (usually those
involved in national security issues) in these buildings secure the
buildings according to their own requirements.  Although the DOJ
report did not specify goals for GSA's completion of the security
upgrades, GSA established and subsequently revised internal goals for
completing upgrades in all its buildings several times in 1996 and
1997. 

GSA has indicated that it had met the goals established by the DOJ
report for evaluating the security needs and estimating the costs of
upgrades for all level-IV buildings:  In November 1995, GSA told the
Senate Subcommittee on Transportation and Infrastructure that, in
accordance with the DOJ report's recommendation and the President's
directive, it had established 429 level-IV building security
committees, and it had received over 2,500 upgrade requests from
these committees.  Also, later that same month, GSA told OMB that
$222.6 million would be needed in fiscal years 1996 and 1997 to pay
for the upgrades in these 429 buildings. 

However, we believe that GSA did not fully meet either goal specified
in the DOJ report because (1) security evaluations were not made for
some level-IV buildings until after November 1995 and (2) in October
1997, much later than the DOJ report's target dates of October 15,
1995, and February 1, 1996, we found indications that not all of
GSA's buildings, including some level-IV buildings, had been
evaluated for security needs.  In addition, GSA reported to us that,
by March 1996, the number of level-IV buildings had increased to over
700.  GSA stated that the increase was partly caused by DOJ's request
that GSA reclassify certain buildings containing court-related
tenants from lower levels to level IV, and partly by additional
level-IV BSCs' decisions to conduct building evaluations and provide
GSA with upgrade requests after November 1995. 

Concerning GSA's internal goals, GSA initially established a goal to
have all security upgrades completed for level-IV buildings by
September 30, 1996.  When it didn't meet the September 30, 1996,
goal, GSA established a new goal to have upgrades completed in all
buildings, including level IVs, by September 30, 1997.  This goal was
not met either, and now GSA's goal is September 30, 1998, for
completing all upgrades approved as of September 26, 1997.  GSA's
tracking system indicated that GSA had completed about 85 percent of
the approved upgrades for all buildings as of October 3, 1997, and
reached the 90-percent mark by March 31, 1998. 

Information lacking on program goals, measures, and results:  GSA did
not have information to evaluate whether the benefits of the upgrades
justified their costs, to determine the effectiveness of the security
upgrades completed, or to know whether upgrades reported as completed
were actually complete and operating as planned.  GSA needs this
information to justify expenditures for security upgrades and to make
changes in its security program if and when appropriate.  For
example, Social Security Administration (SSA) officials expressed
concern to GSA about certain security upgrades that GSA initially
placed in some SSA-occupied buildings.  SSA was concerned about both
the need for and the costs of purchasing and operating the upgrade
equipment.  After negotiations, GSA removed some upgrades from some
SSA locations. 

Further, security-related evaluations, which GSA security staff were
doing prior to the Oklahoma City bombing, were curtailed because
these staff were needed to help implement the upgrade program, and at
the time of our review, these evaluations hadn't been resumed.  In
addition, GSA also hadn't fully implemented a key recommendation,
from an internal "lessons learned" study done after the Oklahoma City
bombing incident, to evaluate its current risk assessment methodology
to ensure that a wider range of risks are addressed, with an
increased emphasis on acts of mass violence.  The principal
conclusion of the October 1995 study was that GSA's security and law
enforcement processes currently in place did not adequately address
the threat environment. 

In a related issue, the Government Performance and Results Act of
1993 (the Results Act) requires every major federal agency to
establish its mission, its goals and how they will be achieved, how
its performance toward meeting its goals will be measured, and how
performance measures will be used to make improvements.  In
accordance with the Results Act, GSA established its strategic plan,
dated September 30, 1997, covering years 1998 through 2002.  GSA's
building security program is specifically addressed in the 1997 plan
and in its annual performance plan for fiscal year 1999.  However,
GSA did not identify in its strategic plan security program
evaluations it plans to do, and the 1999 annual performance plan did
not state its goals and indicators for the security program in terms
of outcomes or desired results as is called for by OMB in Circular
A-11.  Finally, although GSA's data systems for tracking program
status and funding had incorrect data, which hampered implementation,
GSA has just recently initiated efforts to ensure security program
measurement data would be valid in connection with the
security-related performance goal included in its 1999 annual
performance plan prepared under the Results Act. 

Without more specific information on security program goals and
results, GSA does not know the extent to which the upgrades have
improved security or reduced federal office building vulnerability to
acts of terrorism or other forms of violence.  (For further details,
see app.  IV.)


   RECOMMENDATIONS
-------------------------------------------------- Chapter STATEMENT:5

We recommend that the GSA Administrator direct the PBS Commissioner
to

  -- correct the data in GSA's upgrade tracking and accounting
     systems and institute procedures to accurately record approved
     and completed upgrades in the upgrade tracking system and
     accurately record obligations incurred for security upgrades in
     the accounting system;

  -- review all GSA buildings to ensure that security evaluations
     have been completed;

  -- complete agreements with OMB on the most appropriate means of
     providing sufficient funding for the security of GSA-operated
     buildings at the minimum standard levels recommended by the DOJ
     report;

  -- develop outcome-oriented goals and measures for its security
     program, identify security program evaluations to be done and
     implement them as appropriate, and identify the means by which
     FPS will verify and validate measurement data related to
     security program goals in GSA's annual performance plan for
     2000; and

  -- complete the internally recommended review of GSA's current
     security risk assessment methodology, and once the appropriate
     risk assessment methodology is determined, resume GSA's program
     of periodic building security inspections by GSA physical
     security specialists. 


   AGENCY COMMENTS
-------------------------------------------------- Chapter STATEMENT:6

On May 27, 1998, we met with GSA's Public Buildings Service Deputy
Commissioner and Assistant Commissioner, Office of the Federal
Protective Service, and members of their staff to obtain their
comments on the information discussed in a draft of our testimony. 
These GSA officials generally agreed with the information in the
testimony and with our recommendations.  The Deputy Commissioner
stated though that he did not completely agree with our
characterization that funding uncertainties hindered GSA's
implementation of the building security upgrade program because GSA
was able to fund virtually all of the upgrades requested by the
building security committees.  He pointed out that all required
funding to accomplish security enhancements has been provided to the
GSA regions.  However, we believe that our characterization is
appropriate because, as we have described, GSA faced uncertainties
throughout much of the program about the source of funds to pay for
the capital and operating costs of the upgrades.  For example, GSA
initially had to use funds to pay for upgrades that had been intended
for other purposes.  Further, as we have pointed out, early in the
program GSA placed on hold proposed costly upgrades, such as the
purchase of parking areas adjacent to GSA buildings, because of
funding concerns.  Thus, while some security upgrades were put on
hold due to lack of funds, our major concern is the uncertain funding
sources that have confronted the program from its inception. 

In addition, the GSA officials stated that they have directed GSA
regions to resume the periodic building inspection and risk
assessment program placed on hold after the Oklahoma City bombing. 
They said that the inspections are to resume shortly, and inspections
for all level-IV buildings are to be completed by the end of fiscal
year 1998.  Also, the GSA officials said that they have begun to
correct the data in the upgrade tracking system and will consider
developing outcome-oriented goals for the security program that will
be described in GSA's Year 2000 annual performance plan.  In
addition, the GSA officials said that they have made substantial
progress in discussions with OMB on adjusting agency rental charges
to cover the cost of security, and they expect to reach agreement
with OMB in time for the Year 2000 budget cycle. 


------------------------------------------------ Chapter STATEMENT:6.1

Mr.  Chairman, this concludes my prepared statement.  I will be happy
to answer any questions you or Members of the Subcommittee may have. 


OBJECTIVES, SCOPE, AND METHODOLOGY
=========================================================== Appendix I

The objective of our work was to evaluate the GSA building security
upgrade program.  Specifically, we were to determine (1) what
criteria GSA used to assess security risks and prioritize security
upgrades for its buildings, (2) the implementation and operational
status of GSA's security upgrade program and the costs GSA has
incurred by both funding source and type of security upgrade, and (3)
whether any problems have hindered GSA's implementation of the
security upgrade program. 

To meet our first objective of determining the criteria GSA used to
assess building security risks and prioritize its security upgrade
implementation, we held discussions with GSA personnel; reviewed
relevant correspondence, guidance, and other documentation on program
implementation; reviewed building risk assessment files; and obtained
and reviewed copies of GSA's security upgrade tracking system
database as of June 27, August 29, October 3, and December 30, 1997. 
We also had discussions with a member of the DOJ report task force at
the U.S.  Marshals Service, as well with security personnel at the
Social Security Administration and Department of Health and Human
Services, to obtain more insight into how the minimum standards were
developed and how they were being implemented by GSA. 

To meet our objective of determining the security upgrade program's
implementation and operational status and costs, we reviewed the
security upgrade tracking system database; compiled data on security
upgrades requested, approved, completed, and voided; and compared our
results with those compiled by GSA.  We judgmentally selected and
reviewed GSA building files for 53 buildings in 4 regions and visited
43 of these buildings to determine whether the upgrades were
operational.  We selected these files to provide a cross section of
different risk level buildings with either high or low dollar upgrade
cost estimates.  We chose not to include level-I buildings in this
sample because most upgrades were going into buildings at the higher
risk levels.  During our review, the GSA OIG's Office of Audits also
began a review of the GSA security upgrade program.  We maintained
contact with the OIG audit staff and coordinated our work.  The GSA
OIG audit staff shared with us three alert reports issued to and
discussed with GSA management in October 1997, December 1997, and
February 1998, concerning problems with erroneous upgrade completion
data in the upgrade tracking system and instances of inefficient and
ineffective use of security equipment in one or more of the four GSA
regions reviewed.  We referred to their findings in our report. 

Further, we obtained and reviewed GSA budget information and actual
obligations data from accounting reports generated from the NEAR
system\4 and from data compiled for us by GSA headquarters for fiscal
year 1996 through the second quarter of fiscal year 1998.  We also
reviewed upgrade cost estimates contained in GSA's security upgrade
tracking system as well as documentation on GSA headquarters' efforts
during late August to October 1997 to correlate upgrade cost
estimates recorded in the security upgrade tracking system with
upgrade obligations data recorded in the accounting system for the
purpose of reallocating unneeded upgrade funds among GSA regions. 

To determine any problems that may have hindered GSA's implementation
of the security upgrade program, we had discussions with GSA
headquarters and regional staff in four regions; reviewed GSA
correspondence and building files; performed analyses of the security
upgrade tracking system databases; and made contacts with 22 of 26
selected building security committees that, according to GSA records,
had not requested security upgrades.  We also reviewed the results of
GSA headquarters' analyses made during late August to October 1997 of
the security upgrade tracking system and accounting system that
identified data errors and unreliable upgrade cost estimates. 
Further, we held discussions with responsible GSA and OMB staff to
understand the concerns and ongoing debate related to the future
funding of the GSA building security program at the enhanced levels. 

Finally, we discussed with FPS staff what procedures were in place
for monitoring security operations and what efforts had been made to
evaluate the security upgrade program, including actions taken on
recommendations in an October 1995 internal FPS "lesson learned"
report concerning its experiences following the Oklahoma City bombing
incident.  We also reviewed GSA's 1997 strategic plan and 1999 annual
performance plan required under the Results Act to determine the
goals, performance measures, and outcomes that GSA had established
for the building security program. 

We did our work primarily at GSA headquarters in Washington, D.C.,
and four GSA regional offices in Atlanta, GA--GSA Region 4; Denver,
CO--GSA Region 8; Fort Worth, TX--GSA Region 7; and Washington,
D.C.--GSA Region 11 (National Capital Region), between July 1997 and
May 1998, in accordance with generally accepted government auditing
standards.  Because the various samples we used in our work were
judgmentally selected, the results of the samples cannot be projected
to the universes from which they were taken.  We also did not
evaluate the DOJ security standards or the effectiveness of GSA's
building security upgrade program or any other agency's building
security program. 


--------------------
\4 The National Electronic Accounting and Reporting (NEAR) System is
GSA's agencywide accounting system.  We used obligation data
primarily from the monthly FR70P-PBS Fund and Program Status Report
to compile obligation data for the security upgrade program. 


INFORMATION ON DOJ
REPORT-RECOMMENDED CRITERIA FOR
FEDERAL BUILDING SECURITY
========================================================== Appendix II


   GSA USED CRITERIA IN DOJ REPORT
   FOR ITS BUILDING SECURITY
   UPGRADE PROGRAM
-------------------------------------------------------- Appendix II:1

In July 1995, the Federal Protective Service (FPS) began its process
for identifying and prioritizing building security upgrade needs and
cost estimates using the criteria, guidance, and timetable
recommended by the DOJ report, which was issued on June 28, 1995. 
The DOJ report established 52 minimum security standards in 4
separate categories, which were to be considered for buildings under
GSA's operation based on their assessed risk level.  GSA assigned
initial risk level designations to its buildings based on information
it had on file.  Building security committee (BSC) and FPS staff were
to subsequently assign the buildings a risk level, using the DOJ
report's more definitive criteria, and evaluate them to determine
needed security upgrades and the estimated costs for the upgrades. 


      BUILDING RISK LEVELS
------------------------------------------------------ Appendix II:1.1

Using DOJ report criteria, BSC and FPS staff were to place buildings
under GSA's operation into risk levels.  The DOJ criteria included
tenant population, volume of public contact, size, and agency
sensitivity, with level V the highest risk level and level I the
lowest, as follows: 

Level V:  A building that contains mission functions critical to
national security, such as the Pentagon or CIA Headquarters.  A
Level-V building should be similar to a Level-IV building in terms of
number of employees and square footage.  It should have at least the
security features of a Level-IV building.  The missions of Level-V
buildings require that tenant agencies secure the site according to
their own requirements. 

Level IV:  A building that has 451 or more federal employees; high
volume of public contact; more than 150,000 square feet of space; and
tenant agencies that may include high-risk law enforcement and
intelligence agencies, courts, and judicial offices, and highly
sensitive government records. 

Level III:  A building with 151 to 450 federal employees;
moderate/high volume of public contact; 80,000 to 150,000 square feet
of space; and tenant agencies that may include law enforcement
agencies, court/related agencies and functions, and government
records and archives.  (According to GSA, at the request of the
Judiciary, GSA changed the designation of a number of buildings
housing agencies with court and court-related functions from Level
III to Level IV.)

Level II:  A building that has 11 to 150 federal employees; moderate
volume of public contact; 2,500 to 80,000 square feet of space; and
federal activities that are routine in nature, similar to commercial
activities.  Level I:  A building that has 10 or fewer federal
employees; low volume of public contact or contact with only a small
segment of the population; and 2,500 or less square feet of space,
such as a small "store front" type of operation. 


      FACILITY EVALUATIONS
------------------------------------------------------ Appendix II:1.2

BSCs were also to prepare facility evaluations based on the DOJ
minimum standards.  The facility evaluations, containing requested
security upgrades, justifications, and estimated costs for each
upgrade were to be submitted to the applicable FPS regional offices
for review and approval.  Security upgrades costing more than
$100,000 to acquire or having an annual operating cost greater than
$150,000 required final approval at FPS headquarters. 

FPS regional staff focused their evaluation efforts on level-IV
buildings first, followed by levels III through I, consistent with
the timetable recommended by the DOJ report and endorsed by the
President.\5 Funding of upgrades generally followed this same
progression, with FPS focusing first on level-IV buildings and then
levels III through I.  Each FPS region established its own building
security upgrade implementation schedule based on coordination with
other involved PBS components and the individual requirements of the
various types of security upgrades.  For example, some upgrades
required design and engineering work before actual installation could
proceed, and some required coordination and approvals from local
governments and historical building societies before work could
proceed. 

In early 1996, FPS completed a computerized database system to track,
by regional office and by building, all BSC-requested security
upgrades.  This tracking system was to include the date each upgrade
was approved or disapproved; the estimated cost of acquiring,
installing, and operating the upgrade; and its scheduled and actual
completion status.  Each FPS region was to have a database of its
buildings and was responsible for maintaining its database.  FPS
headquarters staff periodically uploaded and entered data into each
region's database to show headquarters' approval actions on requested
upgrades, where required.  FPS headquarters staff also consolidated
the regional databases for its own use in tracking the nationwide
security upgrade program. 


--------------------
\5 \2 The DOJ report noted that level-V facilities required tenant
agencies to secure their facilities according to their own
requirements, and that the degree to which those requirements dictate
security features in excess of those for a level IV facility should
be set by the individual agencies.  For this reason, except for two
approved level-V upgrades requiring capital and/or operating funding,
risk level IV was the highest level included in GSA's security
upgrade program. 


      APPLICATION OF DOJ STANDARDS
      TO SECURITY RISK LEVELS
------------------------------------------------------ Appendix II:1.3

The DOJ report established 52 minimum security standards in the
categories of perimeter security, entry security, interior security,
and security planning to be considered for a building based on its
assessed risk level.  Tables II.1 through II.4 show how the DOJ
report's minimum security standards are to be applied to each
building on the basis of its assessed risk level.  For example,
control of facility parking is recommended as a minimum standard for
buildings in security level III through V and recommended as
desirable for buildings in security levels I and II. 



                               Table II.1
                
                Recommended Minimum Security Standards-
                          -Perimeter Security

                                               Level of security
                                          ----------------------------
Perimeter Security                           I    II   III    IV     V
----------------------------------------  ----  ----  ----  ----  ----
Parking
----------------------------------------------------------------------
Control of facility parking                                        
Control of adjacent parking                                  O O
Avoid leases in which parking cannot be                   O O
 controlled
Leases should provide security control                           
 for adjacent parking
Post signs and arrange for towing            O     O               
 unauthorized vehicles
ID system and procedures for authorized                          
 parking (placard, decal, card key,
 etc.)
Adequate lighting for parking areas                              

Closed circuit television (CCTV) monitoring
----------------------------------------------------------------------
CCTV surveillance cameras with time                               
 lapse video recording
Post signs advising of 24 hour video                                
 surveillance

Lighting
----------------------------------------------------------------------
Lighting with emergency power backup                             

Physical barriers
----------------------------------------------------------------------
Extend physical perimeter with concrete    N/A   N/A
 and/or steel barriers
Parking barriers                           N/A   N/A
----------------------------------------------------------------------
Legend:
Minimum standard =  Standard based on facility evaluation =
Desirable = Not applicable = N/A

Source:  Vulnerability Assessment of Federal Facilities, Department
of Justice, June 28, 1995. 



                               Table II.2
                
                Recommended Minimum Security Standards-
                            -Entry Security

                                               Level of security
                                          ----------------------------
Entry Security                               I    II   III    IV     V
----------------------------------------  ----  ----  ----  ----  ----
Receiving/Shipping
Review receiving/shipping procedures                             
 (current)
Implement receiving/shipping procedures                            
 (modified)

Access control
----------------------------------------------------------------------
Evaluate facility for security guard                               
 requirements
Security guard patrol
Intrusion detection system with central                            
 monitoring capability
Upgrade to current life safety standards                         
 (fire detection, fire suppression
 systems, etc.)

Entrances/Exits
----------------------------------------------------------------------
X-ray and magnetometer at public           N/A                       
 entrances
Require x-ray screening of all mail/       N/A                      
 packages
Peepholes                                              N/A   N/A   N/A
Intercom                                               N/A   N/A   N/A
Entry control with CCTV and door strikes               N/A   N/A   N/A
High security locks                                              
----------------------------------------------------------------------
Legend:
Minimum standard =  Standard based on facility evaluation =
Desirable = Not applicable = N/A

Source:  Vulnerability Assessment of Federal Facilities, Department
of Justice, June 28, 1995. 



                               Table II.3
                
                Recommended Minimum Security Standards-
                           -Interior Security

                                               Level of security
                                          ----------------------------
Interior Security                            I    II   III    IV     V
----------------------------------------  ----  ----  ----  ----  ----
Employee/Visitor identification
----------------------------------------------------------------------
Agency photo ID for all personnel          N/A                      
 displayed at all times
Visitor control/screening system                                  
Visitor identification accountability      N/A                      
 system
Establish ID issuing authority                                      

Utilities
----------------------------------------------------------------------
Prevent unauthorized access to utility                             
 areas
Provide emergency power to critical                              
 systems (alarm systems, radio
 communications, computer facilities,
 etc.)

Occupant emergency plans
----------------------------------------------------------------------
Examine occupant emergency plans (OEP)                           
 and contingency procedures based on
 threats
OEPs in place, updated annually,                                 
 periodic testing exercise
Assign & train OEP officials (assignment                         
 based on largest tenant in facility)
Annual tenant training                                           

Daycare centers
----------------------------------------------------------------------
Evaluate whether to locate daycare         N/A                    
 facilities in buildings with high
 threat activities
Compare feasibility of locating daycare    N/A                    
 in facilities outside locations
----------------------------------------------------------------------
Legend:
Minimum standard =  Standard based on facility evaluation =
Desirable = Not applicable = N/A

Source:  Vulnerability Assessment of Federal Facilities, Department
of Justice, June 28, 1995. 



                               Table II.4
                
                Recommended Minimum Security Standards-
                           -Security Planning

                                               Level of security
                                          ----------------------------
Security Planning                            I    II   III    IV     V
----------------------------------------  ----  ----  ----  ----  ----
Intelligence Sharing
----------------------------------------------------------------------
Establish law enforcement agency/                                
 security liaisons
Review/establish procedure for                                   
 intelligence receipt and dissemination
Establish uniform security/threat                                
 nomenclature

Training
----------------------------------------------------------------------
Conduct annual security awareness                                
 training
Establish standardized unarmed guard                             
 qualifications/training requirements
Establish standardized armed guard                               
 qualifications/training requirements

Tenant assignment
----------------------------------------------------------------------
Co-locate agencies with similar security
 needs
Do not co-locate high/low risk agencies

Administrative procedures
----------------------------------------------------------------------
Establish flexible work schedule in high
 threat/high risk areas to minimize
 employee vulnerability to criminal
 activity
Arrange for employee parking in/near
 building after normal workhours
Conduct background security checks and/                          
 or establish security control
 procedures for service contract
 personnel

Construction/Renovation
----------------------------------------------------------------------
Install mylar film on all exterior                                  
 windows (shatter protection)
Review current projects for blast                                
 standards
Review/establish uniform standards for                           
 construction
Review/establish new design standards                              
 for blast resistance
Establish street setback for new                                    
 construction
----------------------------------------------------------------------
Legend:
Minimum standard =  Standard based on facility evaluation =
Desirable = Not applicable = N/A

Source:  Vulnerability Assessment of Federal Facilities, Department
of Justice, June 28, 1995. 


STATUS AND COSTS OF UPGRADES
UNCERTAIN
========================================================= Appendix III

GSA's upgrade tracking system showed that as of March 31, 1998, about
7,000 building security upgrades had been completed, and we estimate
that roughly $353 million were obligated for upgrades between October
1, 1995, and March 31, 1998.  The source of funds expended on the
upgrade program was the FBF.  However, actual cost information by
upgrade type was not readily available, and the data on the
implementation status and actual costs of GSA's security upgrade
program are unreliable.  We could not reliably determine the
completion and operational status of security upgrades in GSA's
buildings because upgrade status data were not accurately recorded in
the tracking system.  Further, the accuracy and reliability of the
obligations data are questionable because of errors made by GSA
personnel when recording upgrade obligations transactions into the
accounting system. 


      SECURITY UPGRADE TRACKING
      SYSTEM NOT ACCURATE
----------------------------------------------------- Appendix III:0.1

GSA's upgrade tracking system showed that as of March 31, 1998, about
7,800 upgrades were approved and about 7,000 upgrades were completed
in federal buildings across the United States.  However, the data
shown by the tracking system were not reliable because the tracking
system contained numerous errors.  According to GSA, these errors
occurred because its regional personnel did not always appropriately
or accurately record upgrade transactions into the tracking system. 

Our review of security upgrade program records of 53 buildings and
our visits to 43 of these buildings in 4 regions, as well as visits
by the GSA OIG's audit staff to 121 buildings in 4 GSA regions,
showed that GSA has implemented numerous upgrades in buildings
throughout the country.\6 However, through these visits, errors were
identified in the tracking system related to the number of upgrades
approved and completed in 24, or 45 percent, of the buildings we
reviewed and in 65, or 54 percent, of the buildings reviewed by the
OIG.  Our comparison of tracking system data for the 53 GSA buildings
with information from FPS building files and our observations at the
buildings showed errors affecting completion rates (for 24 buildings)
and other information (for 6 buildings) in the tracking system for 30
of these buildings, or about 57 percent, and ranged from 46 percent
of the buildings reviewed in region 8 to 70 percent in region 11. 

For 24 of these 30 buildings, we found (1) upgrades in 20 buildings
that were not operational but that were reported as completed in the
tracking system and (2) for four buildings, completed upgrades were
not shown in the tracking system.  In addition, in nine of the 20
buildings, we found security upgrades that were initially approved
and then subsequently cancelled, but were still shown as approved
upgrades in the tracking system. 

Further, for six of the buildings, we found other discrepancies
between the buildings' records and the upgrade tracking system.  For
example, some buildings' risk level designations, security upgrade
cost estimates, and types of upgrades approved were inaccurately
recorded in the tracking system. 

Additionally, in one region, we found that the completion status of
the region's security upgrade program was overstated and erroneously
reported to FPS headquarters because regional FPS staff were
inappropriately accounting for some upgrades.  According to regional
FPS staff, the term "pending" may have been used to categorize
upgrades that had been approved and not completed because (1) the
upgrades were for new buildings being constructed or (2) the
contracts for purchasing the upgrade equipment had not been signed or
GSA funds obligated.  Further, the regional staff thought
headquarters had instructed that new upgrades approved after March
31, 1997, would not be funded in fiscal year 1997 and should be put
in a pending status for funding in fiscal year 1998.  According to
FPS headquarters staff, the "pending" category was intended only for
upgrades not yet approved.  FPS headquarters officials became aware
of this issue late in fiscal year 1997 while attempting to reallocate
among regions funds needed to complete approved upgrades.  FPS then
instructed the regions to ensure that all approved upgrades were
categorized as "approved" in the tracking system because all
"pending" upgrades as of September 26, 1997, would be considered for
funding at a later time. 

Because of the confusion over the intent of the term pending for
categorizing upgrades, this region reported in August 1997 an upgrade
completion rate of 99.6 percent for level-IV buildings.  However,
once these pending upgrades were changed to approved, the region's
completion rate decreased to 77 percent in October 1997.  For the
same reason, the region's upgrade completion rate for levels-I
through -III buildings also dropped from about 65 percent to about 56
percent over this same period.  GSA's completion goal for all
level-IV building upgrades was 100 percent by the end of fiscal year
1997. 

GSA's OIG issued three separate audit "alert" reports with
significant findings related to the building security upgrade
program.\7 The OIG audit staff's visits to 121 buildings in GSA
regions 1, 4, 7, and 11 showed that 65 buildings, about 54 percent,
had upgrades reported as completed in the tracking system that were
not completed.  In fact, the OIG staff found instances where security
upgrade equipment reported as completed was actually stored
(sometimes in its original packaging), missing, or not operational. 
For example, in region 11, upgrades for 32 buildings involving
equipment, such as x-ray scanners and magnetometers used to screen
people and packages, were shown in the tracking system as completed
but were actually missing, not operational, or in storage. 

In addition, the OIG staff found problems, similar to those we found,
related to security upgrades in 33 of the 69 buildings they visited
in regions 1, 4, and 7.  They found that upgrades shown in the
tracking system as completed had not been installed because of
changes in building security needs, use of alternative security
measures, or building lessors' opposition to the installation of the
planned security upgrades. 

Finally, in a separate report, the OIG stated that security equipment
costing about $2 million, such as X-ray devices, magnetometers, and
cameras purchased for the upgrade program, were found stored in two
storage rooms in region 11.  Much of the equipment was in its
original packaging.  The OIG reported that at that time, the GSA
region had no immediate plans for using the equipment. 

In addition to these errors related to upgrades approved, completed,
and cancelled in the tracking system, we have concerns about whether
all GSA buildings have been evaluated for security needs.  We found
that as of October 1997, the nationwide upgrade tracking system
contained little or no evidence that building security evaluations
had been done for 754 GSA buildings, 14 of which were level-IV
buildings.  We judgmentally selected a sample of 26 of the 754
buildings to determine whether a security evaluation had been done by
attempting to contact a representative from each building's security
committee during December 1997 and January 1998.\8 Representatives
from 22 of the 26 buildings responded.  Of the 22, representatives of
5 told us that a building evaluation wasn't done, 6 said they weren't
sure whether one was done, 7 representatives said that the
evaluations were done, but the remaining 4 representatives said that
evaluations weren't applicable for their buildings because (1) the
lease for the federal agency tenants in the building had been
terminated, (2) the building was leased and used only for storage
purposes, (3) the building was a maintenance garage with access
limited to agency personnel, or (4) the building was no longer in
use. 

For the 11 building representatives that said a building evaluation
was not done or that they were not sure, we asked whether they
believed that their building's current level of security met the DOJ
minimum standards.  Representatives of four buildings said "yes";
five said they didn't know; and two said that the standards weren't
applicable to their specific buildings because the agencies were
moving out of the buildings.  Four of the five that said they didn't
know also said that they weren't aware of the DOJ minimum security
standards. 

Similarly, we found no evidence in GSA's building files that security
evaluations had been done for a number of buildings that had no
requests for security upgrades in the tracking system.  During the
latter part of 1997, we judgmentally selected 50 buildings in 2 GSA
regions that showed no requests for security upgrades in the tracking
system, and we found no evaluation on file for 12, or 24 percent, of
the buildings.  Of these 12 buildings, 1 was a level II, 8 were level
IIIs, and 3 were level IVs.  Ten of the 12 buildings were in one GSA
region. 

FPS regional officials told us that they were not sure that
evaluations had been done for all GSA buildings.  They said that
although they had attempted to obtain evaluations on all buildings,
not all building security committees had provided evaluations. 

Table III.1 provides upgrade completion status information we
compiled from the tracking system as of different points in time
during program implementation.  The note at the end of the table
provides upgrade status information as of March 31, 1998, which was
provided to us by FPS in late April 1998. 



                                                                      Table III.1
                                                        
                                                           Number of Buildings with Approved
                                                         Upgrades; Number of Upgrades Approved,
                                                          Completed, and Voided; and Estimated
                                                         Costs By Security Level as of Mar. 25,
                                                         1996, Aug. 29, 1997, Oct. 3, 1997, and
                                                                     Dec. 30, 1997

                                  Number of                                   Percent of     No. voided                     Estimated
                                  buildings      Number of      Number of       approved       upgrades                        annual
Security                      with approved       upgrades       upgrades       upgrades     previously      Estimated      operating           *Total
risk level        As of date       upgrades       approved      completed      completed       approved  capital costs          costs  estimated costs
-------------  -------------  -------------  -------------  -------------  -------------  -------------  -------------  -------------  ===============
IV                   3/25/96            632          3.752            N/A            N/A            N/A    $86,464,000    $86,712,000     $173,176,000
                     8/29/97            681          3,790          3,315          87.5%          1,360     99,103,450     68,711,348      167,814,798
                     10/3/97            699          4,013          3,503           87.3          1,432    111,601,661     76,765,746      188,367,407
                    12/30/97            683          3,836          3,402           88.7          1,459    102,073,684     67,647,011      169,720,695
III                  3/25/96            358          1,097            N/A            N/A            N/A     15,842,000     12,793,000       28,635,000
                     8/29/97            359            973            727           74.7            473     12,933,733     12,527,197       25,460,930
                     10/3/97            368          1,030            828           80.4            511     14,473,940     13,092,721       27,566,661
                    12/30/97            357            984            798           81.1            526     13,310,690     11,622,264       24,932,954
II                   3/25/96          1,348          2,977            N/A            N/A            N/A     22,791,000     14,117,000       36,908,000
                     8/29/97          1,104          2,268          1,698           74.9          1,294     12,581,987     10,712,357       23,294,344
                     10/3/97          1,120          2,327          1,944           83.5          1,337     13,946,715     10,786,679       24,733,394
                    12/30/97          1,115          2,310          2,015           87.2          1,355     14,136,904     11,426,275       25,563,179
I                    3/25/96            451            751            N/A            N/A            N/A      6,927,000      5,458,000       12,385,000
                     8/29/97            370            583            454           77.9            246      3,019,216      1,793,648        4,812,864
                     10/3/97            379            642            510           79.4            259      4,432,516      2,149,894        6,582,410
                    12/30/97            409            755            626           82.9            312     12,667,600     11,285,743       23,953,343
======================================================================================================================================================
Totals               3/25/96          2,789          8,577            N/A            N/A            N/A   $132,024,000   $119,080,000     $251,104,000
                     8/29/97          2,514          7,614          6,194          81.4%          3,373    127,638,386     93,744,550      221,382,936
                     10/3/97          2,566          8,012          6,785           84.7          3,539    144,454,832    102,795,039      247,249,871
                    12/30/97          2,564          7,885          6,841           86.8          3,652    142,188,879    101,981,293      244,170,172
------------------------------------------------------------------------------------------------------------------------------------------------------
Note:  GSA/FPS headquarters provided us a completion status update as
of March 31, 1998--For all levels, 6,997, or 90.1 percent of 7,764
approved upgrades, were reported as completed.  For level-IV
buildings, 3,416, or 88.8 percent, of 3,848 approved upgrades were
reported as completed.  For levels-I through -III buildings, 3,581,
or 91.4 percent were reported as completed.  GSA/FPS did not provide
us with information on the number of buildings with approved
upgrades.  Totals may not add up due to rounding. 

Source:  Compiled by GAO from GSA/FPS security upgrade tracking
system. 


--------------------
\6 \3 Our work related to these buildings was done during the period
August through December 1997 in GSA regions 4, 7, 8, and 11.  The GSA
OIG staff's work related to these buildings was reported on in
October and December 1997 and in February 1998 in GSA regions 1, 4,
7, and 11.  We and the OIG audit staff reviewed 4 of the same
buildings--2 in Region 7 and 2 in Region 11. 

\7 \4 These reports were issued to the Assistant Commissioner, FPS. 
They were reports A70659/P/2/R98001, dated Oct.  1, 1997;
A80613/P/2/R98006, dated Dec.  11, 1997; and A80615/P/2/R98012, dated
Feb.  11, 1998. 

\8 \5 Our sample was selected to obtain a cross section of GSA
regions and building risk levels, and included buildings in 9 of 11
GSA regions and security risk levels I - IV. 


      ACTUAL COSTS OF UPGRADES NOT
      READILY AVAILABLE BY TYPE
      AND OBLIGATIONS DATA NOT
      RELIABLE
----------------------------------------------------- Appendix III:0.2

Based on data obtained from GSA's accounting system, we estimated
that from October 1, 1995, through March 31, 1998, obligations of
roughly $353 million were incurred for the building security upgrade
program, and all of these funds were obtained from the FBF.  However,
we could not readily obtain actual cost information by upgrade type
because, according to GSA, its accounting system was not designed to
provide obligations incurred by upgrade type.  In addition, the
obligations data shown by the accounting system were not reliable
because GSA personnel did not always appropriately and accurately
record the obligations incurred for upgrades in the accounting
system. 

Although actual cost information by upgrade type was not readily
available, to provide an indication of the costs incurred by GSA by
upgrade type, we compiled from the upgrade tracking system data
showing the estimated costs of upgrades by upgrade category.  These
estimated costs data are shown in table III.2.  However, as we
discuss in detail in appendix IV, many of the estimated costs of
upgrades differed significantly from the actual obligations incurred
by GSA to complete the upgrades. 



                                   Table III.2
                     
                      Summary of Estimated Costs of Approved
                      Security Upgrades Types By Category as
                               of December 30, 1997

                                                         Estimated     Estimated
                                           Number of       capital     operating
Security category--upgrade type             upgrades         costs         costs
--------------------------------------  ------------  ------------  ------------
Perimeter Security--includes closed            2,648   $74,346,347   $31,106,567
 circuit televisions, physical
 barriers, security lighting, fences,
 gates, etc.
Entry Security--includes access                3,166    51,347,945    68,514,569
 control systems, X-rays/
 magnetometers, security guards,
 intrusion detection systems, security
 locks, etc.
Interior Security--includes employee/          1,025    12,409,656       761,464
 visitor ID, emergency power backup,
 etc.
Other security planning--intelligence          1,046     4,084,932     1,598,692
 sharing, training, tenant assignment,
 construction/renovation, etc.
================================================================================
Total                                          7,885  $142,188,880  $101,981,292
--------------------------------------------------------------------------------
Source:  Compiled by GAO from GSA/FPS's security upgrade tracking
system as of December 30, 1997. 

In August 1997, FPS headquarters staff attempted to identify regions
having unneeded upgrade funding allowances that could be shifted to
other regions needing funds to complete approved upgrades.  They were
unable to complete this effort until October 1997 because of the
numerous discrepancies they found between the upgrade obligations in
GSA's accounting system and the approved and completed upgrade data
in the tracking system.  Although not all of the discrepancies could
be explained, FPS regional staff's research provided some insight. 

In one FPS headquarters analysis, obligations totaling $5.1 million
for upgrades in 109 buildings in 10 GSA regions were found in the
accounting system, but no corresponding approved upgrades were found
in the tracking system.  These obligations ranged from $16 to
$662,912.  Regional staff were able to determine the cause for most
of this $5.1 million discrepancy between the accounting and tracking
systems--$1.2 million had been recorded in error to other buildings;
$1.6 million were valid obligations but the corresponding upgrades
had inadvertently not been entered into the tracking system; about
$0.6 million were valid, but corresponding upgrades had been
cancelled and voided in the tracking system;\9 $0.9 million had been
erroneously entered into the accounting system--the obligations were
not related to the building security upgrade program. 

In a second FPS headquarters analysis, the tracking system showed
completed upgrades for 386 buildings in 10 regions with estimated
costs of about $9.7 million, for which there were no corresponding
obligations recorded in the accounting system.  Regional staff were
able to explain some of these discrepancies:  (1) about $2 million of
the $9.7 million in estimated upgrade costs were borne by either the
tenant agencies or the building lessors, not by GSA; (2) about $0.2
million in obligations were recorded in error in the accounting
system to other FBF programs instead of the security upgrade program;
and (3) about $0.2 million related to upgrades erroneously recorded
in the tracking system as completed when, in fact, they had been
voided. 

Table III.3 compares contract security guard and security system
capital budgets and obligations obtained from GSA's accounting system
for fiscal years 1996 through March 31, 1998, with similar
obligations for fiscal year 1994, prior to the Oklahoma City bombing. 
As shown by the table, GSA's contract guard costs have risen
significantly from $23 million in 1994 to almost $63 million through
only the first 6 months of fiscal year 1998. 



                                              Table III.3
                                
                                Comparison of Fiscal Years 1996 through
                                   March 31, 1998, Building Security
                                 Upgrade Program Budget Allowances and
                                 Obligations With Fiscal Year 1994 Pre-
                                      Upgrade Program Obligations

                                (Contract security guards (K-
                                                  2x))

                                     FBF                                   FBF totals
                      ----------------------------------  --------------------------------------------
                                                Budget
                                               activity
                                              54, Basic
                                               repairs
                                                 and
                       Budget activity 61,    alteration
                       Building operations        s
                      ----------------------  ----------
                                    Security
                                     upgrade
                                     program    K-2x, K-       K-36,
Fiscal year budget      Security       (K-36  36, Budget      Budget      Budget
allowances/              systems     capital    activity    activity  activities
obligations               (K-36)      costs)          61          54   61 and 54
--------------------  ----------  ----------  ----------  ----------  ----------
($000)                 ($000) ($000) ($000)       ($000)      ($000)
                       ($000) ($000) ($000)

Fiscal year 1994 (pre-upgrade program)
------------------------------------------------------------------------------------------------------
Actual obligations      Actual obligations       $26,675          $0
 $22,951                $22,951 $3,724 $0
                        $26,675 $0 $26,675

Fiscal year 1996
------------------------------------------------------------------------------------------------------
Budget allowances       Budget allowances        $31,798     $77,758
 $26,434 to regions   $26,434 $5,364 $77,758
                         $31,798 $77,758
                       $109,556 to regions
Actual FBF 59,463     Actual FBF 59,463 778       60,241      57,719
 obligations           57,719 60,241 57,719
                       $117,960 obligations

Fiscal year 1997
------------------------------------------------------------------------------------------------------
Budget allowances       Budget allowances        124,432      63,438
 115,973 to regions    115,973 8,459 63,438
                          124,432 63,438
                       $187,869 to regions
Actual obligations      Actual obligations       104,228      53,279
 102,903               102,903 1,325 53,279
                          104,228 53,279
                             $157,507

Fiscal year 1998 (as of March 31, 1998)
------------------------------------------------------------------------------------------------------
Budget allowances       Budget allowances        130,208           0
 124,941 to regions      124,941 5,267 0
                      130,208 0 $130,208 to
                             regions
Actual obligations      Actual obligations        63,961      13,450
 62,970                 62,970 991 13,450
                      63,961 13,450 $77,411

Total--fiscal years 1996-1998 (as of March 31, 1998)
------------------------------------------------------------------------------------------------------
Budget allowances       Budget allowances       $286,438    $141,196
 $267,348 to regions     $267,348 $19,090
                        $141,196 $286,438
                       $141,196 $427,634 to
                             regions
Actual obligations      Actual obligations      $228,430    $124,447
 $225,336                $225,336 $3,094
                        $124,447 $228,430
                        $124,447 $352,877
------------------------------------------------------------------------------------------------------
Note 1:  GSA's accounting system provides for coding FBF obligations
by budget activities, such as basic repairs and alterations (BA-54)
and building operations (BA-61), which have been the primary budget
activities funding the building security upgrade program.  Within the
FBF budget activities, the system also provides for coding
obligations by functions, such as the K-series function codes that
were established for the FPS law enforcement and security programs. 
The primary K-codes applicable to the upgrade program have been the
K-1x series--uniformed operations (police officers), K-2x
series--contract guard services, and K-36--security
systems/equipment.  GSA established new, specific K-codes to enable
identifying and tracking (1) police and contract guard services for
the upgrade program (operations costs) as distinguished from the
level of contract guard services for normal security prior to the
Oklahoma City bombing and from the level of police and contract guard
services for moderate security provided since the bombing and (2) the
capital costs of upgraded security systems equipment and other
capital security measures, such as building perimeter barriers and
parking lot fencing and gates.  However, GSA did not establish the
new K-codes for the upgrade program until March 1996, nearly 6 months
into fiscal year 1996 activities.  PBS Controller staff advised us
that upgrade costs such as for police and contract guard services
were not always correctly coded as upgrade program costs and that
costs charged to normal security operations prior to the new K-codes
may not have been corrected.  Thus, for this table, we are showing
the regional budget allowances GSA provided and the obligations
reported in the accounting system for all BA-61 contract guard
services, K-2x series, and security systems upgrades, K-36, and for
BA-54, the K-36 capital upgrade obligations recorded.  However, GSA
did not issue specific BA-61 regional budget allowances for K-36, so
the budget amounts GSA gave us are for all BA-61, K-3x series
function codes.  FPS has managed its police officer operations as a
separate program from the building security upgrade program, and thus
we have not included the K-1x series in the above table.  From fiscal
year 1996 through March of fiscal year 1998, about $65.592 million
had been obligated in the K-1x series for federal protective police
officers.  Totals may not add up due to rounding. 

Note 2:  Not shown in this table are FBF funds appropriated in fiscal
year 1997 for security upgrade capital costs under GSA's new
construction program (BA-51) of about $27.3 million and major repairs
and alterations (BA-55) of $2.7 million.  Of the $27.3 million from
BA-51, GSA provided budget allowances to its regions of about $6.7
million and in fiscal year 1997 through April 30 of fiscal year 1998
had obligated only about $53,000.  None of the $2.7 million from
BA-55 had been provided as regional budget allowances or had been
obligated.  Also as of April 30, 1998, GSA added about $2.9 million
in fiscal year 1998 FBF BA-54 funds to the regional budget allowance
totals and actual obligations in fiscal year 1998 for security
upgrades had increased by $1.698 million to $15.148 million.  We did
not obtain actual BA-61 obligations for security operations as of
April 30, 1998. 

Source:  GSA Public Buildings Service Comptroller's Office staff. 


--------------------
\9 \6 According to the regions, although the approved upgrades were
voided after it was determined that the upgrades were not needed for
the buildings originally intended, the upgraded security equipment
purchased through these obligations would be used in other buildings. 


PROBLEMS HINDERED UPGRADE PROGRAM
IMPLEMENTATION
========================================================== Appendix IV

A number of problems hindered GSA's implementation of the security
upgrade program.  First, GSA officials told us that they believed it
was incumbent on GSA to implement as soon as possible security
upgrades in as many buildings as possible after the Oklahoma City
bombing incident.  However, they said they were faced with both
limited time and staff to help plan and implement the program, so
mistakes were made.  Second, GSA faced program funding source
uncertainties throughout the upgrade program.  Third, many of the
initial decisions made about the need for upgrades had to be
reevaluated, changed, or cancelled.  Finally, many of the initial
cost estimates for completing the upgrades proved to be unrealistic. 
Because of these problems, program implementation was slowed; GSA was
unable to meet program goals; and it now estimates that additional
funds will be needed in fiscal year 1998 to complete upgrades
approved through September 26, 1997.  In addition, GSA had not
established specific program effectiveness goals, outcomes, or
measures, nor had it specified in its performance plan how it
intended to verify performance data.  Thus, GSA does not know whether
or to what extent federal office buildings' vulnerability to acts of
terrorism and other forms of violence has been reduced. 


   GSA'S URGENCY TO IMPLEMENT THE
   PROGRAM
-------------------------------------------------------- Appendix IV:1

FPS regional and headquarters staff told us that the time frames
imposed on them for completing building assessments and cost
estimates for security upgrades by the DOJ report created a difficult
environment for GSA.  Thousands of building security committees had
to be organized and assisted in determining security upgrade needs
fairly quickly.  As a result, the quality of these initial efforts
may have suffered.  Further, with the first anniversary of the
Oklahoma bombing rapidly approaching, GSA wanted to place as much
added security as was possible into its buildings by the April 19,
1996, anniversary date because of concerns about further bombings or
other acts of violence that might occur. 

At the time of the Oklahoma City bombing incident in April 1995, GSA
was in the process of streamlining its operations and downsizing its
headquarters and regional staff, including those of FPS--GSA's arm
responsible for managing its nationwide physical security and law
enforcement programs.\10 GSA reduced its full-time equivalent
employees from about 20,200 in fiscal year 1993 to about 14,400 at
the end of fiscal year 1997.  FPS was responsible for coordinating
and implementing GSA's building security upgrade program, and as of
July 31, 1995, FPS employed 972 regional staff, including a force of
376 uniformed Federal Protective Police Officers, 199 physical
security specialists, 66 criminal investigators, 331 other staff, and
a number of contract security guards.  In March 1996, PBS documents
showed that it planned to hire 150 more police officers as the result
of a study that showed that PBS needed 508 additional regional
staff--347 police officers, 26 physical security specialists, 26
criminal investigators, and 109 other staff--to support the enhanced
security levels stemming from its implementation of the security
upgrades recommended by the DOJ report. 

From the beginning of the upgrade program, according to FPS staff and
a member of the DOJ report task force from the U.S.  Marshals
Service, there was little time available to develop the desired level
of implementation guidance and training for FPS staff and the
thousands of BSCs.  Further, FPS staff said that the ratio of
GSA-operated buildings to FPS physical security specialists added to
the difficulties.  For example, in one GSA region, we were told that
the region had responsibility for about 1,000 buildings but had only
15 FPS physical security specialists available to assist BSCs with
the building risk assessments.  Nationwide, a total of about 200 FPS
physical security specialists were responsible for assisting in the
assessment of over 8,000 GSA-operated buildings. 

An FPS official told us that in this challenging
environment--deadlines, staff reductions, and significant levels of
effort required by many players--it was not surprising that program
implementation mistakes occurred.  However, the FPS official believed
that GSA has taken great strides in significantly improving the level
of security in its buildings. 


--------------------
\10 Organizationally, FPS is under GSA's Public Buildings Service
(PBS), which is responsible for acquiring, managing, and maintaining
GSA facilities and employs staff at GSA headquarters and 11 regional
offices.  According to GSA's fiscal year 1997 annual report, GSA's
facilities included space in about 1,900 owned and 6,400 leased
facilities. 


   PROGRAM FUNDING UNCERTAINTIES
-------------------------------------------------------- Appendix IV:2

According to GSA officials, uncertainties over where funds could be
obtained to purchase and operate security upgrades have hindered
program implementation.  In addition, concerns about the availability
of funds for the program contributed to FPS's decisions to delay
approval of some types of more costly upgrades requested by BSCs and
to place those requests into a "pending" status.  Some of these
pending requests were subsequently cancelled and voided or removed
from the building security upgrade program by FPS because of funding
uncertainties.  Further, GSA and OMB have not yet reached agreement
on how best to fund all the costs of the security program in the
future. 


      INITIAL PROGRAM FUNDING
      SHIFTED FROM OTHER PROGRAMS
------------------------------------------------------ Appendix IV:2.1

By February 1996, GSA had received requests for security upgrades
from thousands of BSCs.  Although GSA had established the
implementation of the building security upgrade program as one of its
top priorities, GSA faced the challenge of identifying and obtaining
funds for acquiring and operating the security upgrades during a
period when overall federal budget constraints and uncertainties
existed.  No funds were included in GSA's fiscal year 1996 budget for
maintaining security at the enhanced levels that began immediately
after the bombing in Oklahoma City, or for funding the security
upgrades requested by the BSCs.  Further, GSA was experiencing a
shortfall in the Federal Buildings Fund (FBF) because of an
overestimation of rental revenue from federal agencies due to several
reasons.\11

According to GSA officials, delays in congressional approval of many
federal agencies' fiscal year 1996 appropriations were occurring and
adding to the uncertainties of how the upgrades were to be funded. 
Without knowing the available funding that could be expected from the
FBF and/or customer federal agencies, GSA officials said that it had
to proceed with what information was available in making program
decisions, setting program priorities, and working to complete
upgrades, while recognizing that planning and implementation
adjustments would be necessary. 

On February 29, 1996, the GSA Administrator asked tenant agencies to
help fund the security upgrade program.  He stated that within its
own funding constraints, GSA had been paying for certain security
enhancements, primarily additional contract guard services, for the
past 9 months.  He asked the tenant agencies to reimburse GSA about
$84 million for these cost in fiscal year 1996.  He further stated
that he would commit GSA to provide $79.5 million from the FBF to pay
for the acquisition costs of security upgrades in fiscal year 1996. 

According to GSA staff, shortly thereafter, GSA received indications
that many tenant agencies would be unable to pay their share of the
security upgrade costs in fiscal year 1996.  At about this same time,
GSA requested congressional authority to reprogram $119.8 million in
fiscal year 1996 FBF funds from other planned building activities and
to use these funds for the security program:  (1) $40 million from
GSA's installation acquisitions payment activity and (2) $79.8
million from the building repairs and alterations program consisting
of $13.5 million from the Internal Revenue Service Center
modernization project, Holtsville (Brookhaven), New York; $49.3
million from the chlorofluorocarbons replacement program; $12.6
million from the energy reduction program; and $4.4 million from the
basic building repairs and alterations program.  In April 1996, GSA
received congressional approval from the cognizant House and Senate
Appropriations Subcommittees to reprogram the $119.8 million in funds
previously made available for other FBF programs. 

According to GSA, in its fiscal year 1997 appropriation, Congress
directed GSA to spend about $240 million from the FBF for the
building security upgrade program--$175 million for the operations
costs of security upgrades and $65 million for the capital costs of
security upgrades.  However, because of GSA's overestimation of FBF
revenues, GSA made available only about $130 million of the $175
million from the buildings operations program for security
operations.  Thus, in fiscal year 1997, a total of about $195 million
was made available from the FBF for the security program. 

According to GSA, for fiscal year 1998, Congress appropriated about
$130 million for the operations costs of security upgrades but GSA
did not request nor receive from Congress any additional capital
funds for the building security upgrade program.  However, because
additional security upgrade requests were received from BSCs in the
last half of fiscal year 1997, and because additional funds were
needed to complete previously approved upgrades, GSA determined in
October 1997 that it could need an additional $7.8 million in fiscal
year 1998 to complete upgrades approved as of September 26, 1997. 
GSA planned to obtain these additional capital funds through a
reprogramming of funds from other fiscal year 1998 FBF accounts. 


--------------------
\11 In 1975 the Federal Buildings Fund (FBF), which consists of rent
that GSA charges federal agencies for space, replaced appropriations
to GSA as the primary means of financing the operating and capital
costs associated with federal space owned or managed by GSA,
including costs related to security.  PBS administers the FBF, but
Congress exercises control over it through the annual appropriations
process that sets annual limits on how much of the fund can be
expended for various activities.  In addition, Congress may
appropriate additional amounts for the FBF.  FBF annual rent revenues
have grown from about $2.5 billion in fiscal year 1987 to about $4.8
billion in fiscal year 1997.  See General Services Administration: 
Overestimation of Federal Buildings Fund Rental Revenue Projections
(GAO/T-GGD-98-69, Mar.  5, 1998). 


      SOME UPGRADES DELAYED DUE TO
      LACK OF FUNDING
------------------------------------------------------ Appendix IV:2.2

Also, because of funding uncertainties, in early 1996 FPS placed into
a "pending" status upgrade requests involving relatively expensive
items, such as the purchase of parking areas adjacent to GSA
buildings and fire suppression and fire detection systems.  The DOJ
report had included these security measures in its recommended
standards for some buildings.  Later in 1996, FPS advised its regions
that upgrade requests for these items were to be voided.  FPS decided
that security measures, such as fire suppression and fire detection
systems, would be considered separate and apart from the building
security upgrade program. 


      FUNDING SOURCE FOR FUTURE
      SECURITY PROGRAM COSTS
      UNCERTAIN
------------------------------------------------------ Appendix IV:2.3

As recommended by the DOJ report, GSA has been working with OMB to
increase future FBF revenues to more closely approximate its
expenditures for the GSA security program at its upgraded level. 
However, GSA and OMB have not yet reached complete agreement on how
and when to increase the rent that GSA charges tenant federal
agencies so that rental revenues will be sufficient to pay for the
costs of GSA's building security program. 

Rent that GSA charges federal agencies for space and services it
furnishes is set by the GSA Administrator, who is authorized by law
to charge agencies for furnished services, space, quarters,
maintenance, repair, or other facilities.  The law states that the
rates and charges shall approximate commercial charges for comparable
space and services.  The law does not require that GSA's rental
charges be based on its actual costs of providing the space and
services, which include security.  Thus, GSA's rental charges are
based primarily on GSA's periodic market price appraisals for
comparable space, not on GSA's actual costs to provide the space. 

GSA's practice when determining the amount of rent to charge federal
agencies has been to include a charge for security.  This fee
consists of two components:  (1) the basic service charge of 6 cents
per square foot that, coupled with other funds from the FBF, is used
for control center operations, criminal investigations, protective
services activities, and administration of FPS programs; and (2) a
building-specific fee that is used along with other funds from the
FBF to pay for commercial equivalent items, such as contract security
guard services, and security alarm systems' installation and
maintenance.  According to GSA, because GSA's expenditures for
security have historically exceeded the amount charged to agencies
for security, the FBF has absorbed the excess expenditures. 

According to GSA, its obligations for security have increased
significantly following the Oklahoma City bombing incident, and its
security charges billed to tenant agencies have not kept pace. 
Before the incident, GSA's records show that it obligated about $96
million for security in fiscal year 1994.  Following the incident,
GSA's records show that it obligated $257 million for security in
fiscal year 1997--an increase of nearly 168 percent in 3 years. 
According to GSA, from fiscal years 1994 through 1997, GSA's
obligations for the building security program have exceeded security
charges billed to tenant agencies by about $540 million.  GSA has
projected about $260 million in obligations for fiscal year 1998 and
has budgeted about $251 million for fiscal year 1999 for building
security.  GSA projects that its obligations for security will exceed
security related revenue by about $228 million in fiscal year 1998
and by about $112 million in fiscal year 1999. 

The DOJ report recommended that GSA consider increasing rents to
cover the added costs of upgrading security.  GSA is required to
obtain OMB approval for the rent it charges federal agencies.  GSA
and OMB officials said they were not in a position to increase rents
in fiscal years 1996 and 1997 to help pay for increased costs of
security because agencies need to know their rent costs at least 2
years in advance to provide sufficient time for annual budget
development and approval.  GSA requested an increase in rents for
fiscal years 1998 and 1999 as part of a comprehensive effort to
redesign its system for determining rent charges and fees for
services such as security. 

As a pilot project, OMB approved part of the requested rent
increase--an increase in building-specific fees to recover the cost
associated with security operations for new lease agreements made in
1998, and for all leases beginning in fiscal year 1999.  OMB also
allowed GSA to increase its basic service charge for security from 6
cents to 16 cents per square foot for new lease agreements made in
1998 and 1999. 

According to GSA and OMB officials, OMB did not allow GSA to increase
the basic service charges for existing leases for fiscal years 1998
and 1999 because a comprehensive rent reform proposal was under
development by GSA.  These officials expect to complete this action
by the end of fiscal year 1998.  Also, they are continuing to discuss
how agencies' rent charges will reflect GSA's costs for security in
fiscal year 2000 and beyond. 

Decisions about funding GSA's security program are complex and
involve tradeoffs among competing needs and funding sources.  These
decisions are important for both federal agencies and the FBF.  There
are a number of options for addressing the security funding issue. 
These include allowing the FBF to continue to fund the excess
security costs, decreasing expenditures for security, or increasing
revenues by either raising security charges or obtaining additional
direct appropriations to cover the shortfall.  The option or options
selected could affect the government's investment in the existing
inventory of federal buildings as well as GSA's ability to meet the
government's future space needs. 


   INITIAL UPGRADE DECISIONS
   REEVALUATED, MODIFIED, OR
   VOIDED
-------------------------------------------------------- Appendix IV:3

Another problem affecting the implementation of the security upgrade
program was the need to reevaluate the initial decisions about
building security upgrade needs.  According to GSA officials, many of
these decisions were changed, or even cancelled and voided, for a
number of reasons.  Because of these changes, it was more difficult
for GSA to order priorities, allocate funds, and set realistic
completion schedules and goals; delays and inefficiencies in the
program resulted.  Also, these changes created challenges for GSA in
maintaining the reliability of the tracking system, and in some
cases, the system was not updated to reflect the changes. 

Security upgrade decisions often had to be reevaluated, changed, or
voided because of several building-unique issues that surfaced after
GSA's initial efforts to identify building security upgrade needs. 
For example, many GSA-owned and -operated buildings are considered
"historic." For some of these buildings, issues raised by historical
societies about the effects of installing certain security upgrades
had to be addressed by GSA.  In one region we visited, GSA had to
find an alternative method for mounting surveillance cameras for
monitoring a building's outside perimeter because of concerns raised
by the historical society about the adverse effects of mounting the
cameras on the building.  GSA decided to attached the cameras to
poles near the building instead of to the building itself.  This
alternative method for utilizing the cameras to upgrade security
required additional design work, time, and cost for GSA. 

There were other instances in which building owners and/or
nongovernment tenants in GSA-leased buildings expressed concerns or
objections to approved security upgrades, such as the use of
magnetometers to screen people entering the building.  Some approved
and some completed upgrades subsequently had to be cancelled.  During
our building site visits, both we and the GSA OIG staff found
examples of approved, and sometimes completed, upgrades that were
voided because of subsequent reevaluations. 

Another example involves the Social Security Administration (SSA). 
During 1996 and 1997, SSA officials expressed concerns to GSA that it
did not need certain security upgrades that GSA was placing in some
SSA-occupied buildings.  SSA believed that some of the upgrades,
mainly metal detectors and security guards, were not necessary,
particularly at some SSA store-front locations that deal with the
public.  In addition, SSA expressed concern about how these security
measures would be funded.  SSA believed that some security upgrades
were requested and implemented without sound criteria.  GSA stated
that the upgrades were approved only after being requested by each
building's BSC.  SSA, however, said that the BSCs sometimes requested
upgrades without sound security knowledge and the presence and
oversight of a GSA physical security specialist.  After negotiating
with SSA, GSA removed upgrades from some SSA locations and agreed to
assess the need for upgrades at other locations. 

In still other instances, security upgrades requested and/or approved
required extensive discussion, coordination, and/or approvals from
local municipalities prior to completion.  Examples of security
upgrades involving these situations included perimeter barriers, such
as planters and concrete bollards, that were to be placed on
sidewalks or curbs owned by cities or other municipalities, or where
city-owned parking meters along the streets around the GSA-operated
building were to be eliminated. 

Changes to approved security upgrades were also necessitated when one
or more federal agency tenants moved out of or into a building, thus
changing the security needs of the building.  Also, as GSA acquired
new space in buildings not previously assessed, the related security
needs had to be assessed and addressed.  Further, FPS staff also told
us that some BSCs that initially did not request security upgrades
later reconsidered and requested upgrades for their buildings.  We
noted in the upgrade tracking system a number of requests for
upgrades initiated between April 1 and December 30, 1997.  During
this period, over 800 new approved requests for upgrades, totaling
about $20 million in estimated capital costs and $11 million in
estimated annual operating costs, were recorded in the upgrade
tracking system. 

The extent to which these upgrade program changes have occurred is
reflected by the changes in the number of buildings with approved
upgrades, the number of approved upgrades, the number of completed
upgrades, and the number of cancelled upgrades as reflected by the
upgrade tracking system.  According to the tracking system, the
number of buildings and the number of approved security upgrades
decreased between March 25, 1996, and December 30, 1997--from 2,789
total buildings with 8,577 approved upgrades to 2,564 buildings with
7,885 approved upgrades.  Also, the number of completed upgrades and
the number of voided upgrades reported increased from 6,194 to 6,841,
and from 3,373 to 3,652, respectively, between August 29, 1997, and
December 30, 1997. 


   UPGRADE COST ESTIMATES NOT
   RELIABLE
-------------------------------------------------------- Appendix IV:4

FPS's security upgrade tracking system did not provide upgrade
program managers with reliable cost estimates for completing and
operating security upgrades because initial cost estimates shown in
the system often did not reflect building-specific installation
requirements or other factors affecting cost.  Although GSA regional
staff developed more accurate cost estimates as upgrades were
completed, the upgrade tracking system was not designed to readily
add revised cost estimates to the individual upgrade records.  As a
result, upgrade cost estimates in the tracking system varied
significantly with the actual obligations recorded in the accounting
system, thus lessening the tracking system's effectiveness as a
management tool for GSA and BSC program decisionmakers.  Without
readily available and more accurate cost estimates, BSC and GSA
decisionmakers were not in a good position to judge the cost/benefit
of various upgrade options nor to determine reliable estimates of
funds needed to implement and operate the security upgrades. 

According to GSA, the DOJ report contained general cost estimating
guidelines for certain recommended security upgrades for BSC's and
FPS security specialists' use when estimating the costs of needed
building security upgrades.  FPS recorded the BSC upgrade requests
and associated cost estimates in the upgrade tracking system.  GSA
regional staff developed more accurate cost estimates after the
requests were approved, often after further engineering and design
work and consideration of building-specific conditions.  Although
regional GSA building and contracting staff could have been aware of
the revised estimates, FPS did not provide a means for readily
including the more accurate cost estimates in the upgrade tracking
system.  FPS regional staff told us that updated estimates could have
been shown in the tracking system by voiding the existing upgrade
record and then creating a new upgrade record with the revised cost
estimate, but this alternative was not often employed. 

In August 1997, FPS headquarters staff identified in the tracking
system 98 buildings for which the estimated cost of the upgrades
varied significantly from the actual obligations incurred.  They
found that the estimated capital costs of these upgrades totaled
about $10.4 million compared to $29 million in obligations recorded
in the accounting system for these upgrades--a difference of $18.6
million, or 179 percent. 

From information we obtained from FPS headquarters, we found that for
most of the buildings (57 of 98 with differences of $9.7 million),
the estimated costs were lower than the actual obligations incurred
for completing the upgrades because the estimates made by the BSC
were too low.  For example, for seven of these buildings, FPS
regional explanations to headquarters indicated that additional costs
of $2.3 million were obligated to complete the upgrades because of
unexpected problems:  for six historic buildings additional costs had
to be incurred, including three buildings where closed circuit
television cameras had to be mounted on poles rather than attached to
the buildings ($1.1 million in additional costs); and for one
building, while installing barriers around the building, old fuel oil
tanks were discovered and had to be removed ($1.2 million in
additional costs). 

Our further analysis of FPS data obtained from the tracking system
and accounting system in September 1997 showed that the estimated
costs of upgrades approved for 551 buildings in 11 GSA regions varied
significantly, both up and down, from the actual costs obligated to
complete the upgrades.  For 348 buildings, the cost estimate of the
upgrades totaled $18.2 million more than the actual costs obligated;
for 202 buildings, the estimated costs were $14.3 million less that
the actual costs obligated; and for 1 building, the estimated costs
equaled the actual costs obligated. 


   PROGRAM IMPLEMENTATION GOALS
   NOT MET
-------------------------------------------------------- Appendix IV:5

The DOJ report called for GSA to complete security assessments and
upgrade cost estimates by October 15, 1995, for its high-risk
(level-IV) buildings, and by February 1, 1996, for the remaining
lower risk buildings (level I - III).  Although the DOJ report didn't
specify goals for GSA's completion of the security upgrades, GSA
established and subsequently revised goals for completing upgrades in
level IV and lower level buildings several times over the last 2
years.  However, GSA did not fully meet the goals for completing
security assessments called for in the DOJ report, nor did it meet
goals it established for the completion of the security upgrades. 

In November 1995, GSA indicated that it had met the goals established
by the DOJ report for evaluating the security needs and estimating
the costs of upgrades for all level IV buildings.  GSA told the
Senate Subcommittee on Transportation and Infrastructure that, in
accordance with the DOJ report's recommendation and the President's
directive, it had established 429 level-IV building security
committees and had received over 2,500 upgrade requests from these
committees.  Also, later that same month, GSA told OMB that $222.6
million would be needed in fiscal years 1996 and 1997 to pay for the
upgrades in these 429 buildings.  However, we believe that GSA did
not fully meet either goal specified in the DOJ report because (1)
security evaluations and requests for upgrades were not made for some
level-IV buildings until after November 1995, and (2) in October
1997, much later than the target dates of October 15, 1995, and
February 1, 1996, we found indications that not all of GSA's
buildings, including some level-IV buildings, had been evaluated for
upgrade needs after November 1995. 

GSA reported to us that by March 1996 the number of level-IV
buildings had increased to over 700.  GSA stated that the increase
was partly because DOJ requested GSA to reclassify certain buildings
containing court-related tenants from lower levels to level IV, and
partly because additional level-IV building security committees
conducted building evaluations and provided GSA with upgrade requests
after November 1995. 

Concerning GSA's internal goals, GSA initially established a goal to
have all security upgrades completed for level-IV buildings by
September 30, 1996, but GSA didn't meet this goal.  Subsequently, GSA
established a new goal to have upgrades completed in all buildings by
September 30, 1997; this goal was not met either, and now GSA's goal
is September 30, 1998, for completing all upgrades approved as of
September 26, 1997.  GSA's tracking system indicated that GSA had
completed about 85 percent of the approved upgrades for all building
levels by October 3, 1997, and reached the 90-percent mark by March
31, 1998. 


   PROGRAM EFFECTIVENESS GOALS AND
   MEASURES
-------------------------------------------------------- Appendix IV:6

GSA has not established several key program evaluation mechanisms for
its building security program that could assist it in determining how
effective its security program has been in reducing or mitigating
building security risks or in shaping new security program
initiatives.  These features are (1) specific goals, outcomes, and
performance indicators for the security program, such as reducing the
number of thefts or unauthorized entries; (2) establishing and
implementing systematic security program evaluations that would
provide feedback on how well the security program is achieving its
objectives and contributing to GSA's strategic goals; and (3)
ensuring that a reliable performance data information system is
place. 

GSA has established goals and measures for its security program both
apart from and in connection with the Government Performance and
Results Act of 1993 (the Results Act).  However, these goals and
measures are output or activity oriented.  They do not address the
outcomes, or results, expected to be achieved by the security upgrade
program as envisioned by the Results Act and encouraged by OMB. 

As required by the Results Act, GSA prepared a strategic plan dated
September 30, 1997, for fiscal years 1998 through 2002, and also
prepared an annual performance plan for fiscal year 1999.  GSA's
building security program is specifically addressed in both the
strategic plan and the annual performance plan.  In its strategic
plan, under "Goal #4:  Anticipate Future Workforce Needs," GSA
identified the objective:  "Ensure that all Federal buildings in the
GSA inventory meet the highest Federal standards in terms of
accessibility, energy consumption, security, systems, technology and
maintenance." In its description of this objective, GSA's strategic
plan states that

     "In the wake of the Oklahoma City bombing, GSA has bolstered all
     of its security systems.  To ensure that we have the highest
     levels of security in place, we are implementing all the
     security measures recommended in the Justice Department's
     Vulnerability Assessment of Federal Facilities."

In its first annual performance plan under the Results Act for fiscal
year 1999, dated March 5, 1998, GSA identified the following two
performance goals:  (1) implement all security measures recommended
in the Department of Justice's Vulnerability Assessment of Federal
Facilities, and (2) provide for the safety of workers and visitors in
GSA space.  Further, GSA identified as performance indicators the
percentage of security countermeasures completed in levels I-III and
level-IV buildings.  This indicator serves as a measure of the
program's output, but no indicators were identified that would enable
measurement of program outcomes, particularly relating to GSA's
second performance goal for the security program.  Indicators based
on such security incidents as the number of building break-ins,
reductions in the number of thefts, and the number of weapons and
other prohibited items detected on persons and in packages are some
examples that might be considered in setting performance outcome
goals and indicators. 

Under the Results Act, GSA is required to include in its strategic
plan a schedule of evaluations to be done during the period covered
by its plan.  GSA did not include such a schedule or otherwise
identify evaluations to be done in its strategic plan.  We believe
that scheduling and carrying out continuous security program
evaluations would provide GSA managers with data to assess the
effectiveness of the security program, and would facilitate GSA
strategic planning and goal setting under the Results Act for its
security program.  In addition, at the time of the Oklahoma federal
building bombing in April 1995, GSA's building security inspection
and risk assessment program required regional physical security
specialists to periodically inspect security at GSA-operated
buildings, complete building risk assessments based on established
criteria, and recommend security improvements.  According to an FPS
official, this inspection program was curtailed after July 1995 so
that the regional physical security specialists could focus on
assisting the BSCs in determining building security needs based on
the DOJ report's recommended minimum security standards. 

After the Oklahoma bombing incident, an October 1995 internal
"lessons learned" report made 30 recommendations for improving
aspects of GSA's building security operations, including a
recommendation that GSA conduct a comprehensive review of its current
risk assessment methodology to ensure that a wider range of risks
were addressed with increased emphasis on acts of mass violence. 
Specifically, the recommendation was that GSA's current risk
assessment methodology, which addressed the safety of federal workers
from theft and assault, be revised to one that addresses acts of
terrorism and other violence.  The principal conclusion of the report
was that GSA's security and law enforcement processes currently in
place did not adequately address the threat environment. 

In a November 25, 1997, progress report that FPS sent to the PBS
Commissioner, FPS reported that actions on 20 of the 30 "lessons
learned" recommendations had been completed.  However, action had not
yet been completed to review and modify its risk assessment
methodology.  Although the November 1997 progress report stated that
FPS planned to complete actions on this recommendation by the 4th
quarter of fiscal year 1998, we believe that this is a very
significant recommendation that should be completed as soon as
possible.  The recommendations completed by FPS related to security
program aspects such as contingency planning for emergencies and
disasters involving criminal activities and acts of mass violence, as
well as intelligence sharing between agencies with security-related
missions.  Completion of revisions recommended in its building risk
assessment methodology and the resumption of FPS's periodic building
inspection and risk assessment program would provide updated
evaluations on a building-by-building basis of how well security
measures have operated and whether they continue to be appropriate
for future threats that may arise.  Further, these evaluations could
form the basis for overall evaluations of the building security
program and provide data for GSA's annual performance measurement and
evaluations under the Results Act. 


   DATA VERIFICATION AND VALIDITY
-------------------------------------------------------- Appendix IV:7

The Results Act requires GSA to describe in its annual performance
plans the means to be used to verify and validate the performance
measures it intends to use to determine whether it met its
performance goals.  GSA's 1999 annual performance plan contains a
general description of how it intends to verify performance data,
including audits of its financial records and systems and high-level
quarterly meetings to review financial and programmatic results. 
However, GSA's description does not identify specific controls to be
used to verify and validate performance data on an ongoing basis. 
Such controls could include periodic data reliability tests, computer
edit controls, and supervisory reviews of data.  The significant
problems we and GSA's OIG have identified with GSA's data on its
progress in, and costs associated with, implementing the security
upgrade program, suggest that a more detailed discussion of the
specific means GSA intends to use to verify and validate security
program data in GSA's Year 2000 performance plan would be helpful. 

The accuracy of the data in GSA's tracking system is particularly
important because Executive Order 12977, dated October 19, 1995,
requires GSA to coordinate efforts to establish a governmentwide
database of security measures in place at all federal facilities. 
Further, an accurate reflection of the status of the security upgrade
program and its cost will provide GSA, OMB, and Congress with
important information needed for determining how much money has been
spent on the program and how best to fund the costs of upgrades still
needed. 


*** End of document. ***