Certification Requirements: Guidance Governing Agency Actions Is Limited
(Statement/Record, 09/09/1999, GAO/T-GGD-99-166).

Pursuant to a congressional request, GAO discussed the certification
requirements of federal agencies, focusing on: (1) the extent and
variety of certification activities in the federal government; (2) the
extent to which any policies, procedures, or guidance exist governing
these activities, either governmentwide or within selected agencies; and
(3) an agency certification practice that could serve as an example or
best practice for other agencies.

GAO noted that: (1) GAO's preliminary results indicate that federal
agencies engage in a large number and wide variety of
certification-related activities; (2) these activities vary across
multiple dimensions, such as the targets of the certifications, the
types of organizations that actually do the certifications, and whether
the certifications are mandatory or voluntary; (3) although there are
some limits in federal procurement law and within certain programs on
the use of certification requirements, there is no governmentwide or,
within the agencies GAO contacted, agencywide guidance to direct or
assist agencies in the development, selection, or implementation of all
types of certification requirements; (4) however, the National Institute
of Standards and Technology (NIST) has prepared draft guidance for
agencies on conformity assessment activities, including certification;
(5) NIST plans to publish that guidance for public comment later this
year; (6) GAO believes that transparency, or describing the basis of
agencies' decisionmaking, is a certification best practice; (7) GAO
concluded that some agencies' certification decisions were very
transparent, clearly documenting the criteria used to select a
particular requirement or certification body; and (8) however, in other
cases--including one at the Department of Veterans Affairs--the reasons
agencies selected specific certifying bodies were not as transparent,
and organizations that were not selected to provide certifications
raised questions about the criteria the agencies used.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-GGD-99-166
     TITLE:  Certification Requirements: Guidance Governing Agency
	     Actions Is Limited
      DATE:  09/09/1999
   SUBJECT:  Standards and standardization
	     Private sector practices
	     Interagency relations
	     Quality control
	     Quality assurance
	     Internal controls

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  This text was extracted from a PDF file.        **
** Delineations within the text indicating chapter titles,      **
** headings, and bullets have not been preserved, and in some   **
** cases heading text has been incorrectly merged into          **
** body text in the adjacent column.  Graphic images have       **
** not been reproduced, but figure captions are included.       **
** Tables are included, but column deliniations have not been   **
** preserved.                                                   **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************

    United States General Accounting Office GAO
    Testimony Before the Subcommittee on Benefits Committee on
    Veterans' Affairs House of Representatives Not to be Released
    Before 10:00 a.m. EDT Thursday                 CERTIFICATION
    September 9, 1999        REQUIREMENTS Guidance Governing Agency
    Actions Is Limited Statement for the Record of L. Nye Stevens
    Director, Federal Management and Workforce Issues General
    Government Division GAO/T-GGD-99-166 Statement Certification
    Requirements:  Guidance Governing Agency Actions Is Limited Mr.
    Chairman and Members of the Committee: I am pleased to provide
    some preliminary results from our ongoing review for the House
    Committee on Small Business of federal agencies' certification
    requirements. The term "certification" generally refers to a
    process of providing written assurance that a product, process,
    service, organization, or individual conforms to specified
    requirements or standards, and includes activities such as
    accreditation, registration, and conformity assessment. The
    Committee on Small Business asked us to describe (1) the extent
    and variety of certification activities in the federal government;
    (2) the extent to which any policies, procedures, or guidance
    exist governing those activities, either governmentwide or within
    selected agencies; and (3) an agency certification practice that
    could serve as an example or "best practice" for other agencies.
    At the Committee's request, the Department of Veterans Affairs
    (VA) was one of the agencies that we contacted during our review.1
    In brief, our preliminary results indicate that federal agencies
    engage in a large number and wide variety of certification-related
    activities. These activities vary across multiple dimensions, such
    as the targets of the certifications, the types of organizations
    that actually do the certifications, and whether the
    certifications are mandatory or voluntary. Although there are some
    limits in federal procurement law and within certain programs on
    the use of certification requirements, there is currently no
    governmentwide or, within the agencies we contacted, agencywide
    guidance to direct or assist agencies in the development,
    selection, or implementation of all types of certification
    requirements. However, the Department of Commerce's National
    Institute of Standards and Technology (NIST) has prepared draft
    guidance for agencies on conformity assessment activities,
    including certification. 2   NIST plans to publish that guidance
    for public comment later this year.  Finally, we believe that
    transparency, or describing the basis of agencies' decisionmaking,
    is a certification best practice.  We concluded that some
    agencies' certification decisions were very transparent, clearly
    documenting the criteria used to select a particular requirement
    or certification body. However, in other cases-including one at
    VA-the 1The other agencies that we contacted were the Department
    of Transportation (DOT); and, within the Department of Health and
    Human Services, the Centers for Disease Control and Prevention
    (CDC), the Food and Drug Administration (FDA), and the National
    Institutes of Health (NIH). 2Congress established NIST (formerly
    the National Bureau of Standards) in 1901 to support industry,
    commerce, scientific institutions, and all branches of the
    government. It is an agency of the Department of Commerce, and its
    primary mission is to promote United States economic growth by
    working with industry to develop and apply technology,
    measurements, and standards. Page 1
    GAO/T-GGD-99-166 Certification Requirements:  Guidance Governing
    Agency Actions Is Limited reasons agencies selected specific
    certifying bodies were not as transparent, and organizations that
    were not selected to provide certifications raised questions about
    the criteria the agencies used. There is no official definition of
    "certification" that is applicable to the Background
    activities of all federal agencies. A NIST official told us that
    there are almost as many definitions of a federal certification
    program as there are agencies. Different organizations may use
    other terms to refer to the concept, such as accreditation,
    registration, approval, or listing, and may use the terms
    interchangeably.3  Federal certification requirements can be
    imposed with regard to a variety of topics and in many different
    forms.  An agency might require a physician to be board certified
    in his or her medical specialty. Before purchasing certain types
    of equipment, an agency might require that prospective sellers
    obtain a certification from a testing laboratory indicating that
    their product is safe. Federal agencies may establish
    certification requirements as prerequisite for federal contracting
    opportunities, as part of a regulatory provision, or for other
    purposes. Certifications can also have some troubling effects on
    affected parties. Businesses or individuals that wish to provide a
    particular product or service to the government might need to
    obtain multiple certifications to meet the requirements of
    different agencies. Also, an agency might select a particular
    certifying organization while not accepting certifications in the
    same subject area from other organizations with similar
    qualifications. We did not attempt to develop a compendium of
    every federal certification Agencies Engage in a     or
    certification-related activity and requirement. However, it is
    clear from Wide Variety of          the information we obtained
    that federal agencies engage in a large number and wide variety of
    certification-related activities. For example, Certification-
    Related    NIST publishes directories listing more than 200
    federal government Activities               procurement and
    regulatory programs in which agencies are actively involved in
    providing or requiring certification, accreditation, listing, or
    registration. The NIST directories provide only a partial
    inventory of agencies' certification activities, though, because
    they are primarily limited to certifications of products,
    processes, and services. Also, the directories do not cover
    individual procurement opportunities in which agencies require a
    vendor or contractor to have particular certifications or
    accreditations in order to participate. 3Adding to the confusion
    over terminology, certification is also used in a completely
    different sense to refer to many routine contract clauses and
    solicitation provisions, such as the Certification of Final
    Indirect Costs, that are not related to conformance with technical
    or professional standards. Those clauses and provisions were
    outside the scope of our review. See 41 U.S.C. 425(c) for
    limitations on the use of requirements for certification by
    offerers or contractors in the Federal Acquisition Regulation.
    Page 2
    GAO/T-GGD-99-166 Certification Requirements:  Guidance Governing
    Agency Actions Is Limited Like the standards on which they are
    based, agencies' certification activities vary across multiple
    dimensions, including (1) the origin of the requirements (e.g.,
    statutory versus agency-initiated); (2) which entity or entities
    do the certifying (e.g., governmental versus private sector
    agents); (3) whether certifications are mandatory or voluntary;
    and (4) the extent to which there is reciprocity with or
    recognition of other certifications or other organizations'
    requirements. Some of the requirements differ on multiple
    dimensions.  For example, the Department of Commerce's National
    Marine Fisheries Service has a voluntary Seafood Inspection
    Program for inspection and certification of both seafood products
    and processing operations. The program is carried out pursuant to
    the Agricultural Marketing Act of 1946, as amended; involves
    inspection by licensed federal and state agents; and provides
    certification recognized by other federal, state, and foreign
    government agencies, as well as some private and international
    organizations. Some other certification programs are mandatory in
    nature, originate with the agencies themselves, are performed by
    nongovernmental personnel, and/or may not be universally
    recognized by other agencies, countries, or the private sector.
    The Competition in Contracting Act of 1984 provides that a
    solicitation for Little Governmentwide a government contract may
    include a restrictive provision only to the Guidance Covering
    extent the provision is authorized by law or is necessary to
    satisfy the agency's needs. Some agency-specific acquisition
    regulations mirror the Certification Activities act's general
    limitation against restrictive provisions.4  In our bid protest
    decisions, we have generally not objected to a requirement that an
    item conform to a set of standards adopted by a nationally
    recognized organization in the field or a requirement for
    independent laboratory certification that such standards are met.
    However, we have found requirements unduly restrictive if they
    require approval by specific organizations without recognition of
    equivalent approvals.5 The absence of an endorsement by a
    particular private organization should not automatically exclude
    offers that might otherwise meet a procuring agency's needs.
    Neither the agency officials that we interviewed nor agency
    documents that we reviewed identified any governmentwide guidance
    or, for the selected agencies we reviewed, agencywide guidance
    focused specifically on certification activities. Agency officials
    we contacted said that their certification activities are driven
    more by the particular profession, 4See, for example, VA's
    acquisition regulations at 48 CFR 852.211-75. 5See, for example,
    Aegis Analytical Laboratories, Inc., B-252511, July 2, 1993. Page
    3
    GAO/T-GGD-99-166 Certification Requirements:  Guidance Governing
    Agency Actions Is Limited industry, or market sector involved than
    by federal government considerations. For example, officials from
    VA and NIH said that their agencies often use "nationally
    recognized" or "industry standard" certifications for a given
    sector. NIST officials said that a common finding from their
    meetings and workshops is that people tend to use the
    certification or accreditation program with which they are most
    familiar. NIST has taken a first step toward governmentwide
    guidance in this area, preparing draft guidance for federal
    agencies on certification and other conformity assessment
    activities. This guidance is currently under review at the Office
    of Management and Budget (OMB), and NIST expects to publish it in
    the Federal Register for public comment later this year. NIST
    officials explained that the guidance would apply to all agencies
    that set policy for, manage, operate, or use conformity assessment
    activities and results, both domestic and international, except
    for activities carried out pursuant to treaties. NIST expects the
    guidance to define agency responsibilities in a number of areas,
    such as *  identifying appropriate private sector conformity
    assessment practices and programs and considering use of the
    results of such practices or programs as appropriate in new or
    existing regulatory and procurement actions; *  using relevant
    guides or recommendations for conformity assessment practices
    published by domestic and international standardizing bodies as
    appropriate; and *  working with other agencies to avoid
    unnecessary duplication and complexity in federal conformity
    assessment activities. However, NIST officials pointed out that
    the guidance will not preempt the agencies' authority and
    responsibility to make regulatory or procurement decisions
    authorized by statute or required to meet programmatic objectives
    and requirements.  They also said that the guidance would not
    suggest that agencies explain why they selected one certification
    requirement or organization over other possible candidates. Agency
    officials also identified some related policies, procedures, and
    guidance that affect their certification activities. For example,
    OMB Circular A-119 provides guidance on agencies' participation in
    the development and use of voluntary consensus standards and in
    conformity assessment activities. The circular directs agencies to
    use voluntary consensus standards in lieu of government-unique
    standards except where inconsistent with law or otherwise
    impractical. Agency officials also noted that their general
    procedures and regulations governing rulemaking and procurement
    play an important role in certification activities. In particular,
    Page 4
    GAO/T-GGD-99-166 Certification Requirements:  Guidance Governing
    Agency Actions Is Limited they noted that such procedures provide
    valuable opportunities for an agency to inform the public and
    solicit feedback on proposed certification requirements. As noted
    previously, agency certification actions are numerous and vary
    Transparency of         substantially. Therefore, specification of
    a certification "best practice" Agency Certification    would
    likely depend on the context of the certifications. Rather than
    attempting to develop criteria for selecting the best among these
    Requirements Varies     procedures, we want to highlight one that
    we have supported in the regulatory arena-transparency, or clearly
    describing the basis for agency decisionmaking. Transparency in
    certification decisionmaking is important because those decisions
    can have significant implications for affected parties. Our review
    of agency certification activities indicates that the transparency
    of these actions can vary dramatically. The criteria that agencies
    used or planned to use to select particular requirements or
    certifying organizations appeared to be very clear in some
    instances and not well documented in others. FDA's mammography
    program provides a good example of transparency in certification
    decisionmaking. Making extensive use of the public rulemaking
    process, FDA established detailed procedures and criteria for
    certification of personnel and facilities providing mammography
    services, as well as the approval of accreditation bodies under
    the act. In other certification requirements, though, the agencies
    did not provide clearly documented explanations for their actions.
    In these cases, certification organizations that were not selected
    or designated raised questions about the criteria the agencies
    used. However, agency officials were able to explain to us the
    reasons for their actions. One such example was VA's
    implementation of new procedures, effective July 1, 1997,
    requiring newly-hired physicians to be board certified in the
    clinical specialty in which they will practice, unless they have
    the written approval of the Chief Patient Care Services Officer
    prior to appointment. In a subsequent information letter, the VA
    Undersecretary for Health specified that certifying bodies
    recognized for purposes of this issue are the American Board of
    Medical Specialties (ABMS) for allopathic physicians and the
    Bureau of Osteopathic Specialists (BOS) for osteopathic
    specialists. In a series of letters, the American Association of
    Physician Specialists, Inc. and this Committee questioned why only
    ABMS and BOS certification were recognized, and requested that VA
    provide the criteria used to evaluate and select those two
    organizations. In its response to this Committee, VA stated that
    certifying groups vary widely in their Page 5
    GAO/T-GGD-99-166 Certification Requirements:  Guidance Governing
    Agency Actions Is Limited requirements and that ABMS and BOS are
    "the standard certifying organizations recognized throughout
    American medicine." However, VA did not further describe how it
    selected these two certifying organizations. VA officials told us
    that the Department does not have specific written criteria or
    guidance on certification decisionmaking, and said they rely on
    consensus practices and standards of the health care profession.
    They said VA's use of ABMS and BOS certifications can be traced
    back to a 1980 decision by the Chief Medical Director to accept
    ABMS and BOS physician board certifications for Incentive Special
    Pay purposes. In 1997, VA extended those same certifications that
    were required for special pay purposes to employment,
    "grandfathering" currently employed physicians. VA officials also
    noted that they had canvassed other federal agencies involved in
    health care-including the Department of Defense, the Public Health
    Service, NIH, CDC, and the Bureau of Prisons-and found that
    essentially all recognized ABMS and BOS as the two accepted
    organizations for accreditation purposes. Finally, they pointed
    out that, by law, the Secretary for Veterans Affairs has special
    authority to make personnel decisions. Federal agencies'
    certification requirements are an invaluable tool in Concluding
    helping to ensure product quality, process reliability, and
    professional Observations    competence in a variety of venues.
    Without those requirements, federal agencies would have to
    independently evaluate the safety of products, whether certain
    procedures will yield the desired results, and whether individual
    workers possess the skills required to perform a given task.
    Agencies have broad latitude in the selection of certification
    requirements and certifying organizations, which can result in
    what appear to be inconsistencies of application. These apparent
    inconsistencies are exacerbated when the reasons behind the
    agencies' certification decisions are unclear.  Transparency of
    these decisions can improve their perceived legitimacy, and that
    transparency can be achieved in a variety of ways.  For example,
    if an agency's certification requirement is related to a
    procurement action, the agency can make clear the basis of that
    requirement in the request for proposals.  If prospective
    contractors believe the justification provided is insufficient,
    mechanisms are available in the contracting process to appeal the
    agency's determination.  Some agencies have also used the
    rulemaking process to delineate the rationale behind their
    certification requirement decisions.   Again, those who believe
    the justifications are insufficient can file comments with the
    agency as part of the notice and comment process.  Although these
    contracting and rulemaking processes are convenient mechanisms for
    certification Page 6
    GAO/T-GGD-99-166 Certification Requirements:  Guidance Governing
    Agency Actions Is Limited transparency, they are not universally
    applicable because some certification requirements do not arise in
    either environment.  The diversity of these requirements suggests
    that a governmentwide mandate for certification transparency would
    be difficult to implement. However, regardless of the venue in
    which the requirements arise, multiple channels are available for
    agencies that want to clearly explain their certification
    decisions. Contacts and Acknowledgement For further contacts
    regarding this testimony please contact L. Nye Stevens or Tim
    Bober at (202) 512-8676. Individuals making key contributions to
    this testimony included Curtis Copeland, Alan Belkin, Victor B.
    Goddard, and John Brosnan. Page 7
    GAO/T-GGD-99-166 Page 8    GAO/T-GGD-99-166 Ordering Information
    The first copy of each GAO report and testimony is free.
    Additional copies are $2 each. Orders should be sent to the
    following address, accompanied by a check or money order made out
    to the Superintendent of Documents, when necessary. VISA and
    MasterCard credit cards are accepted, also. Orders for 100 or more
    copies to be mailed to a single address are discounted 25 percent.
    Order by mail: U.S. General Accounting Office P.O. Box 37050
    Washington, DC 20013 or visit: Room 1100 700 4th St. NW (corner of
    4th and G Sts. NW) U.S. General Accounting Office Washington, DC
    Orders may also be placed by calling (202) 512-6000 or by using
    fax number (202) 512-6061, or TDD (202) 512-2537. Each day, GAO
    issues a list of newly available reports and testimony. To receive
    facsimile copies of the daily list or any list from the past 30
    days, please call (202) 512-6000 using a touch-tone phone. A
    recorded menu will provide information on how to obtain these
    lists. For information on how to access GAO reports on the
    INTERNET, send e-mail message with "info" in the body to:
    [email protected] or visit GAO's World Wide Web Home Page at:
    http://www.gao.gov United States General Accounting Office
    Bulk Rate Washington, D.C. 20548-0001     Postage & Fees Paid GAO
    Permit No. G100 Official Business Penalty for Private Use $300
    Address Correction Requested (410490)

*** End of document. ***