This is the accessible text file for GAO report number GAO-03-119 
entitled 'High-Risk Series: An Update' which was released on January 
01, 2003.



This text file was formatted by the U.S. General Accounting Office 

(GAO) to be accessible to users with visual impairments, as part of a 

longer term project to improve GAO products’ accessibility. Every 

attempt has been made to maintain the structural and data integrity of 

the original printed product. Accessibility features, such as text 

descriptions of tables, consecutively numbered footnotes placed at the 

end of the file, and the text of agency comment letters, are provided 

but may not exactly duplicate the presentation or format of the printed 

version. The portable document format (PDF) file is an exact electronic 

replica of the printed version. We welcome your feedback. Please E-mail 

your comments regarding the contents or accessibility features of this 

document to Webmaster@gao.gov.



January 2003:



High-Risk Series:



An Update:



GAO-03-119:



This Series



This report entitled High-Risk Series: An Update is part of a special 

GAO series, first issued in 1993 and periodically updated. In this 

2003 report, GAO identifies areas at high risk due to either their 

greater vulnerabilities to waste, fraud, abuse, and mismanagement or 

major challenges associated with their economy, efficiency, or 

effectiveness. This series also includes reports on three crosscutting

high-risk areas: strategic human capital management, protecting 

information systems supporting the federal government and the nation’s 

critical infrastructures, and federal real property. A companion 
series, 

Performance and Accountability Series: Major Management Challenges and 

Program Risks, contains separate reports covering each cabinet 

department, most major independent agencies, and the U.S. Postal 

Service. It also includes a governmentwide perspective on 

transforming the way the government does business in order to meet 

21st century challenges and address long-term fiscal needs. A list 

of all of the reports in this series is included at the end of this 

report.



GAO Highlights:



Highlights of GAO-03-119, a report to

Congress on GAO’s High-Risk Series



Why Area is High Risk:



GAO’s audits and evaluations identify federal programs and

operations that are high risk, in some cases, due to their greater

vulnerabilities to fraud, waste, abuse, and mismanagement.

Increasingly, we also are identifying high-risk areas to focus

on major economy, efficiency, or effectiveness challenges.

Since 1990, GAO has periodically reported on government operations

that it has designated as high risk. In this 2003 update for the new

108th Congress, GAO presents the status of high-risk areas 

included in our last report made in January 2001 and identifies 

new high-risk areas warranting attention by the Congress and  

the administration. Lasting solutions to high-risk problems 

offer the potential to save billions of dollars, dramatically

improve service to the American public, strengthen public

confidence and trust in the performance and accountability of

our national government, and ensure the ability of government to

deliver on its promises.



What GAO Found:



In 2001, GAO identified 23 high-risk areas. Since then, 

demonstrable progress has been made in virtually all of them. 

Federal departments and agencies, and the Congress as well, 

have shown a growing commitment to addressing management 

challenges and have taken new steps to correct the 

root causes of the problems. In two areas, the Supplemental 

Security Income program and the asset forfeiture programs 

managed by the Departments of Justice and the Treasury, GAO  

has determined that sufficient progress has been made to remove 

the high-risk designation. GAO has increasingly used the 

high-risk designation to draw attention to the challenges 

faced by government programs and operations in need of 

broad-based transformation. For example, in 2001, GAO 

designated as high risk strategic human capital management 

across government and the U.S. Postal Service’s transformation  

and fiscal outlook. Since then, the President has

made human capital a top initiative of his Management 

Agenda, while the Congress enacted key governmentwide human  

capital reforms as it created the Department of Homeland 

Security (DHS). In addition, a promising Postal Service 

transformation plan has been produced and the President

formed a commission to focus on Postal Service transformation.

With these positive results in mind, for 2003, GAO has 

designated three additional areas as high risk based on 

challenges involving broad-based transformation and/or the need for 

legislative solutions. The first new high-risk area is implementing 

and transforming DHS, which is high risk because of the sheer size 

of the undertaking, the fact that DHS’s proposed components already 

face a wide array of existing challenges, and the prospect of 

serious consequences for the nation should DHS fail to adequately 

address its management challenges and program risks. A related 

homeland security challenge will be to protect information systems

supporting the federal government as well as the nation’s critical

infrastructures; information security has been a high-risk area since 

1997 and has been expanded this year to include both of these 

concerns. The second new high-risk area involves federal disability 

programs, primarily those at the Social Security Administration and 

the Department of Veterans Affairs. Already growing, disability 

programs are poised to surge as baby-boomers age, yet the 

programs remain mired in outdated economic, workforce, and

medical concepts and are not well-positioned to provide meaningful 

and timely support to disabled Americans. The third new high-risk 

area involves federal real property, based on long-standing 

problems such as excess and underutilized property and deteriorating 

facilities, as well as increased security challenges from the 

threat of terrorism. As appropriate, GAO also continues to 

identify more traditional high-risk areas. For example, this 

year’s fourth new high-risk area involves the Medicaid program, 

in part because of growing concerns about inadequate fiscal 

oversight to prevent inappropriate program spending.



What Remains to be done:



This report contains GAO’s views on what remains done for each

high-risk area to bring about lasting solutions. Perseverance 

by the administration in implementing GAO’s recommended 

solutions and continued oversight by the Congress both 

will be important.



www.gao.gov/cgi-bin/getrpt?GAO-03-119.

To view the full report, click on the link above.

For more information, contact George H.

Stalcup at (202) 512-9490 or

stalcupg@gao.gov.



GAO’s 2003 High-Risk List:



GAO’s 2003 high-risk list is shown in the following table. Information 

on each of these areas is presented in separate highlights pages 

included at the end of this report. These highlights pages show the 

names of GAO executives to contact for more information on the high-

risk areas and Internet links to reports in the accompanying GAO 

series, Performance and Accountability Series: Major Management 

Challenges and Program Risks, where the high-risk areas are also 

discussed.



2003 high-risk areas: Addressing Challenges In Broad-based 

Transformations; Year designated high-risk: [Empty].



2003 high-risk areas: * Strategic Human Capital Management[A]; Year 

designated high-risk: 2001.



2003 high-risk areas: * U.S. Postal Service Transformation Efforts and 

Long-Term Outlook[A]; Year designated high-risk: 2001.



2003 high-risk areas: * Protecting Information Systems Supporting the 

Federal Government and the Nation’s Critical Infrastructures; Year 

designated high-risk: 1997.



2003 high-risk areas: * Implementing and Transforming the New 

Department of Homeland Security; Year designated high-risk: 2003.



2003 high-risk areas: * Modernizing Federal Disability Programs[A]; 

Year designated high-risk: 2003.



2003 high-risk areas: * Federal Real Property[A]; Year designated high-

risk: 2003.



2003 high-risk areas: Ensuring Major Technology Investments Improve 

Services; Year designated high-risk: [Empty].



2003 high-risk areas: * FAA Air Traffic Control Modernization; Year 

designated high-risk: 1995.



2003 high-risk areas: * IRS Business Systems Modernization; Year 

designated high-risk: 1995.



2003 high-risk areas: * DOD Systems Modernization; Year designated 

high-risk: 1995.



2003 high-risk areas: Providing Basic Financial Accountability; Year 

designated high-risk: [Empty].



2003 high-risk areas: * DOD Financial Management; Year designated high-

risk: 1995.



2003 high-risk areas: * Forest Service Financial Management; Year 

designated high-risk: 1999.



2003 high-risk areas: * FAA Financial Management; Year designated high-

risk: 1999.



2003 high-risk areas: * IRS Financial Management; Year designated high-

risk: 1995.



2003 high-risk areas: Reducing Inordinate Program Management Risks; 

Year designated high-risk: [Empty].



2003 high-risk areas: * Medicare Program[A]; Year designated high-risk: 

1990.



2003 high-risk areas: * Medicaid Program[A]; Year designated high-risk: 

2003.



2003 high-risk areas: * Earned Income Credit Noncompliance; Year 

designated high-risk: 1995.



2003 high-risk areas: * Collection of Unpaid Taxes; Year designated 

high-risk: 1990.



2003 high-risk areas: * DOD Support Infrastructure Management; Year 

designated high-risk: 1997.



2003 high-risk areas: * DOD Inventory Management; Year designated high-

risk: 1990.



2003 high-risk areas: * HUD Single-Family Mortgage Insurance and Rental 

Assistance Programs; Year designated high-risk: 1994.



2003 high-risk areas: * Student Financial Aid Programs; Year designated 

high-risk: 1990.



2003 high-risk areas: Managing Large Procurement Operations More 

Efficiently; Year designated high-risk: [Empty].



2003 high-risk areas: * DOD Weapon Systems Acquisition; Year designated 

high-risk: 1990.



2003 high-risk areas: * DOD Contract Management; Year designated high-

risk: 1992.



2003 high-risk areas: * Department of Energy Contract Management; Year 

designated high-risk: 1990.



2003 high-risk areas: * NASA Contract Management; Year designated high-

risk: 1990.



[End of table]



Source: GAO.



[A] Additional authorizing legislation is likely to be required as one 

element of addressing this high-risk area.



Transmittal Letter:



Historical Perspective:



Overview of Progress in Addressing High-Risk Areas:



High-Risk Designations Removed:



Progress Being Made in Remaining High-Risk Areas:



Progress in Addressing Transformation Challenges:



New High-Risk Areas:



Adding Three Broad-Based High-Risk Areas:



New High-Risk Area Identified Based on Fiscal Oversight 

Vulnerabilities:



Highlights of High-Risk Areas:



Performance and Accountability and High-Risk Series:



This is a work of the U.S. Government and is not subject to copyright 

protection in the United States. It may be reproduced and distributed 

in its entirety without further permission from GAO. It may contain 

copyrighted graphics, images or other materials. Permission from the 

copyright holder may be necessary should you wish to reproduce

copyrighted materials separately from GAO’s product.



Transmittal Letter January 2003:



The President of the Senate

The Speaker of the House of Representatives:



Since 1990, GAO has periodically reported on government operations that 

it identifies as “high risk.” This effort, which was supported by the 

Senate Committee on Governmental Affairs and the House Committee on 

Government Reform, has brought a much needed focus to problems that are 

impeding effective government and costing the government billions of 

dollars. To help, GAO has made hundreds of recommendations to improve 

these high-risk operations. Moreover, GAO’s focus on high-risk problems 

contributed to the Congress enacting a series of governmentwide reforms 

to address critical human capital challenges, strengthen financial 

management, improve information technology practices, and instill a 

more results-oriented government.



GAO’s high-risk status reports are provided at the start of each new 

Congress. This update should help the Congress and the administration 

in carrying out their responsibilities while improving government for 

the benefit of the American people. It summarizes progress made in 

correcting high-risk problems, actions under way, and further actions 

that GAO believes are needed. In this update, GAO has determined that 

sufficient progress has been made to remove the high-risk designation 

from two areas, and has designated four new areas as high risk.



GAO’s high-risk program has increasingly focused on those major 

programs and operations that need urgent attention and transformation 

in order to ensure that our national government functions in the most 

economical, efficient, and effective manner possible. Further, the 

administration has looked to GAO’s program in shaping governmentwide 

initiatives such as the President’s Management Agenda, which has at its 

base many of the areas GAO had previously designated as high risk. As 

in prior GAO high-risk update reports, federal programs and operations 

are also emphasized when they are at high risk because of their greater 

vulnerabilities to fraud, waste, abuse, and mismanagement. The high-

risk program has served to bring “light” to these areas as well as 

“heat” to prompt needed “actions.” This has been clearly evidenced by 

the many actions that have occurred in connection with strategic human 

capital management and Postal Service transformation, the two most 

recent additions to GAO’s high-risk list prior to this update.



Copies of this series are being sent to the President, the 

congressional leadership, other Members of the Congress, the Director 

of the Office of Management and Budget, and the heads of major 

departments and agencies.



David M. Walker

Comptroller General

of the United States



Signed by David M. Walker:



[End of section]



Historical Perspective:



In 1990, we began a program to report on government operations that we 

identified as “high risk.” Since then, generally coinciding with the 

start of each new Congress, we have periodically reported on the status 

of progress to address high-risk areas and updated our high-risk list. 

Our previous high-risk update was in January 2001.[Footnote 1]



Overall, our high-risk program has served to identify and help resolve 

serious weaknesses in areas that involve substantial resources and 

provide critical services to the public. Since our program began, the 

government has taken high-risk problems seriously and has made long-

needed progress toward correcting them. In some cases, progress has 

been sufficient for us to remove the high-risk designation. The overall 

changes to our high-risk list over the past 13 years are shown in table 

1. Areas removed from the high-risk list over that same period are 

shown in table 2.



Table 1: Overall Changes to GAO’s High-Risk List, 1990 to 2003:



Changes 1990-2003: Original high-risk list in 1990; Number of areas: 

14.



Changes 1990-2003: High-risk areas added since 1990; Number of areas: 

24.



Changes 1990-2003: High-risk areas removed since 1990; Number of 

areas: 13.



Changes 1990-2003: High-risk list in 2003; Number of areas: 25.



[End of table]



Source: GAO.



Table 2: Areas Removed from GAO’s High-Risk List, 1990 to 2003:



Area: Pension Benefit Guaranty Corporation; Year designated high risk: 

1990; Year removed: 1995.



Area: State Department Management of Overseas Real Property; Year 

designated high risk: 1990; Year removed: 1995.



Area: Federal Transit Administration Grant Management; Year designated 

high risk: 1990; Year removed: 1995.



Area: Bank Insurance Fund; Year designated high risk: 1991; Year 

removed: 1995.



Area: Resolution Trust Corporation; Year designated high risk: 1990; 

Year removed: 1995.



Area: Customs Service Financial Management; Year designated high risk: 

1991; Year removed: 1999.



Area: The Year 2000 Computing Challenge; Year designated high risk: 

1997; Year removed: 2001.



Area: The 2000 Census; Year designated high risk: 1997; Year removed: 

2001.



Area: Superfund Program; Year designated high risk: 1990; Year removed: 

2001.



Area: Farm Loan Programs; Year designated high risk: 1990; Year 

removed: 2001.



Area: National Weather Service Modernization; Year designated high 

risk: 1995; Year removed: 2001.



Area: Supplemental Security Income; Year designated high risk: 1997; 

Year removed: 2003.



Area: Asset Forfeiture Programs; Year designated high risk: 1990; Year 

removed: 2003.



[End of table]



Source: GAO.



Seven of the 13 areas removed from the list over the years were among 

the 14 programs and operations we determined to be high risk at the 

outset of our efforts to monitor such programs. These results 

demonstrate that the sustained attention and commitment by the Congress 

and agencies to resolve serious, long-standing high-risk problems has 

paid off, as root causes of the government’s exposure for half of our 

original high-risk list have been successfully addressed.



Historically, high-risk areas have involved traditional 

vulnerabilities due to their greater susceptibility to fraud, waste, 

abuse, and mismanagement. As our high-risk program has evolved, we have 

increasingly designated areas as high risk to draw attention to areas 

associated with the economy, efficiency, effectiveness, and 

accountability of government programs and operations. Perseverance by 

the administration is needed in implementing our recommended solutions 

for addressing these high-risk areas. Continued congressional oversight 

and, in some cases, additional authorizing legislative action will also 

be key to achieving progress, particularly in addressing challenges in 

broad-based transformations.



To determine which federal government programs and functions should be 

designated as high risk, we used our guidance document, Determining 

Performance and Accountability Challenges and High Risks.[Footnote 2] 

In determining whether a government program or operation is high risk, 

we consider whether it involves national significance or a management 

function that is key to performance and accountability. We also 

consider whether the risk is:



* inherent, which may arise when the nature of a program creates 

susceptibility to fraud, waste, and abuse; or:



* a systemic problem, which may arise when the programmatic; management 

support; or financial systems, policies, and procedures established by 

an agency to carry out a program are ineffective, creating a material 

weakness.



Further, we consider qualitative factors, such as whether the risk:



* involves public health or safety, service delivery, national 

security, national defense, economic growth, or privacy or citizens’ 

rights; or:



* could result in significantly impaired service; program failure; 

public injury or loss of life; or significantly reduced economy, 

efficiency, or effectiveness.



Before making a high-risk designation, we also consider the corrective 

measures an agency may have planned or under way to resolve a material 

control weakness and the status and effectiveness of these actions.



When legislative and agency actions, including those in response to our 

recommendations, result in significant progress toward resolving a 

high-risk problem, we remove the high-risk designation. Key 

determinants here include a demonstrated strong commitment to and top 

leadership support for addressing problems, the capacity to do so, a 

corrective action plan, and demonstrated progress in implementing 

corrective measures.



The next section discusses how we applied these criteria in determining 

what areas to remove and to add since our last update in January 2001.



[End of section]



Overview of Progress in Addressing High-Risk Areas:



Since our January 2001 report, federal departments and agencies and the 

Congress have taken additional steps to address areas we designated as 

high risk. In two cases, progress has been sufficient for the high-risk 

designation to be removed. For virtually every other high-risk area, 

important steps have been taken to resolve risks and implement our 

recommendations, but more needs to be done before these areas can be 

removed from the high-risk list. Overall, we are impressed with the 

level of commitment shown by top officials and anticipate continued 

progress.



Importantly, our high-risk program has helped the executive branch and 

the Congress to galvanize efforts to seek lasting solutions to high-

risk problems. For example, our program helped shape the 

administration’s focus on governmentwide initiatives such as the 

President’s Management Agenda (PMA), which has at its base many of the 

areas we had previously designated as being high risk. Moreover, our 

program has helped draw attention to the need to effectively manage the 

risks associated with several important broad-based transformations 

under way in government today, such as those at the Department of 

Defense (DOD), Internal Revenue Service (IRS), Postal Service, 

Department of Education, Department of Housing and Urban Development 

(HUD), and Federal Aviation Administration (FAA), where success will be 

critical to the nation and its citizens.



For 2003, we have designated four new high-risk areas. Three of these 

involve major challenges in addressing broad-based transformations, or 

are areas where legislative solutions may be called for. The fourth 

area, Medicaid, is being added to the high-risk list, in part because 

of growing concern about inadequate fiscal oversight efforts to prevent 

inappropriate program spending.



Table 3: Changes to GAO’s High-Risk List, 2001 to 2003:



Changes 2001-2003: High-risk list in 2001; Number of areas: 23.



Changes 2001-2003: High-risk areas added in 2003; Number of areas: 4.



Changes 2001-2003: High-risk areas removed in 2003; Number of areas: 

2.



Changes 2001-2003: High-risk list in 2003; Number of: areas 25.



[End of table]



Source: GAO.



High-Risk Designations Removed:



For this 2003 high-risk update, we determined that two high-risk areas 

warranted removal from the list. They are the Social Security 

Administration’s (SSA) Supplemental Security Income (SSI) program and 

the asset forfeiture programs managed by the Departments of Justice and 

the Treasury. We will, however, continue to monitor these programs, as 

appropriate, to ensure that the improvements we have noted are 

sustained.



Supplemental Security Income:



We designated SSI a high-risk program in 1997, after several years of 

reporting on specific instances of abuse and mismanagement, increasing 

overpayments, and poor recovery of outstanding SSI overpayments. SSA’s 

actions since then included developing a major SSI legislative proposal 

with numerous overpayment deterrence and recovery provisions. The 

ensuing enacted legislation directly addressed a number of our prior 

recommendations and provides SSA with additional tools to obtain 

applicant income and resource information from financial institutions; 

imposes a period of ineligibility for applicants who transfer assets to 

qualify for SSI benefits; and authorizes the use of credit bureaus, 

private collection agencies, interest levies, and other means to 

recover overpayments. SSA also obtained separate legislative authority 

to recover overpayments from former SSI recipients who currently 

receive Social Security benefits. In addition, SSA initiated a number 

of internal administrative actions to further strengthen SSI program 

integrity, including using tax refund offsets for collecting SSI 

overpayments and more frequent automated matches to identify ineligible 

SSI recipients living in nursing homes and other institutions. In 

addition, SSA increased the number of SSI financial redeterminations 

that it conducted and the level of resources and staff in the Office of 

Inspector General devoted to investigating SSI fraud and abuse. 

Finally, SSA revised its field office work credit and measurement 

system to better reward staff for time spent developing fraud 

referrals. In fiscal year 2002, SSA increased its collection of 

overpayments by $150 million over the prior fiscal year. (See our 

Performance and Accountability report on the Social Security 

Administration.[Footnote 3]):



Asset Forfeiture Programs:



We first reported asset forfeiture programs operated by the Departments 

of Justice and the Treasury as a high-risk area in 1990 because of 

shortcomings in the management of and accountability for seized and 

forfeited property and the potential for cost reduction through 

administrative improvements and consolidation of the programs’ 

postseizure management and disposition of noncash seized property. We 

have subsequently reported that actions taken by Treasury’s Customs 

Service and Justice’s Marshals Service to address our recommendations 

have improved the management of and accountability for seized and 

forfeited property. We also reported that Justice’s Drug Enforcement 

Administration and Federal Bureau of Investigation (FBI) have taken 

many actions to address our recommendations to improve physical 

safeguards over drugs and firearms evidence and strengthen 

accountability for such evidence. In addition, the Treasury Forfeiture 

Fund and Justice’s Asset Forfeiture Fund and Seized Asset Deposit Fund 

have strengthened their financial management and accountability over 

seized and forfeited property, in part evidenced by the unqualified 

opinions on these entities’ financial statements over the past several 

years. With respect to consolidating noncash asset management and 

disposition activities, Treasury and Justice are moving toward sharing 

Web site locations for Internet sales, sharing selected vehicle storage 

and warehouse facilities, and exploring opportunities to jointly 

contract for specific services in high-volume areas. The departments’ 

substantial progress in improving the management of and accountability 

for seized and forfeited property, and their demonstrated commitment to 

communicate and coordinate where joint efforts could help reduce costs 

and eliminate duplicative activities, are sufficient for us to remove 

the high-risk designation from asset forfeiture programs. (See our 

Performance and Accountability reports on the Departments of Justice 

and the Treasury.[Footnote 4]):



Progress Being Made in Remaining High-Risk Areas:



For virtually all other areas that remain on our 2003 high-risk list, 

there has been important progress, although not yet enough progress to 

remove these areas from the list. Top administration officials have 

expressed their commitment to maintaining momentum in seeing that high-

risk areas receive adequate attention and oversight. A concerted effort 

by agencies and ongoing attention by the Office of Management and 

Budget (OMB) is critical, as our experience over the past 13 years has 

shown that perseverance is required to fully resolve high-risk areas. 

The Congress, too, will continue to play an important role through its 

oversight and, where appropriate, through legislative action targeted 

at the problems and designed to address high-risk areas. Examples of 

agencies’ progress follow:



* DOD has undertaken a number of initiatives to transform its forces 

and improve its business operations. As part of its transformation 

process, the Secretary of Defense and senior civilian and military 

leaders have committed to adopt a capabilities-based approach to 

planning based on clear goals and to improve the linkage between 

strategy and investments. At the same time, DOD has embarked on a 

series of efforts to improve its business processes, including support 

infrastructure reforms to include base closures, information technology 

modernization, and logistics reengineering. Further, in acknowledging 

DOD’s numerous ongoing financial difficulties, the Secretary of Defense 

has laid out an 8-year plan to reform financial management and 

accountability and instituted new contract management policies and 

programs aimed at increasing the importance given to these processes. 

Although DOD recognizes the need for internal transformation and budget 

reform, its goals are challenging, and its strategic plan is currently 

not set up to allow DOD to implement and measure progress toward 

achieving its performance goals in an integrated fashion. Additionally, 

DOD has not kept pace with the changing capabilities and productivity 

of the modern business environment. Effecting departmental 

transformation also requires cultural transformation and business 

process reengineering, which take years to accomplish, and a commitment 

from both the executive and legislative branches of government. (See 

“Highlights of High-Risk Areas,” p. 28.):



* IRS continues to make important progress. For example, IRS (1) has

developed and is using a modernization blueprint, commonly called an 

enterprise architecture, to guide and constrain its systems 

modernization projects and (2) is investing incrementally in them; both 

of which are leading practices of successful public-and private-sector 

organizations. In other actions, IRS has worked aggressively to address 

financial management issues not solely dependent on systems 

modernization for resolution and, in 2002, produced reliable annual 

financial statements (for the third consecutive year) only 6 weeks 

after the end of the fiscal year. Also, IRS has made progress in 

revamping both its organizational performance and human capital 

management systems. It has implemented and used a new strategic 

planning, budgeting, and performance management process. It has also 

rolled out a new employee evaluation system designed to align 

performance expectations and incentives with agencywide strategic 

goals. Top management has further demonstrated its commitment by taking 

actions to address other problems. For example, IRS is in various 

stages of planning and implementing a strategy to improve productivity 

in collecting taxes, and the Commissioner of Internal Revenue and the 

Treasury Assistant Secretary for Tax Policy have convened a joint task 

force to develop recommendations to better administer the earned income 

credit. However, more needs to be done to address risks associated with 

the growing scope and complexity of modernization and the internal 

control weaknesses in IRS’s financial management. Further, concerns 

remain about trends in the collection of unpaid taxes and the level of 

earned income credit noncompliance. Finally, IRS needs to continue its 

efforts to strengthen its approaches to managing its human capital. 

(See “Highlights of High-Risk Areas,” p. 28.):



* The Department of Education has made important progress in, and 

demonstrated its commitment to, addressing long-standing issues that 

have made student financial aid programs vulnerable to fraud, waste, 

abuse, and mismanagement. Education established a team of senior 

managers to formulate strategies and direct initiatives to address key 

financial and management problems throughout the agency. Under one 

financial aid program initiative, names of defaulted borrowers were 

matched with the Department of Health and Human Services’ National 

Directory of New Hires database. This resulted in the collection of 

$269 million in fiscal year 2002 alone. Education has also conducted 

sample matches of income reported on student aid applications with 

federal tax returns. Expanding this initiative is contingent upon 

legislation that would increase IRS’s ability to share information with 

other agencies. Progress has also been made in other areas. Education’s 

Office of Federal Student Aid can now better integrate and use its 

existing data on student loans and grants, and changes have been 

implemented aimed at strengthening financial management 

departmentwide. However, additional work is needed to both prevent and 

collect defaulted student loans and to better demonstrate systems 

integration progress. Furthermore, it is too soon to determine whether 

changes made to improve financial management and address internal 

control weaknesses will prove effective. (See “Highlights of High-Risk 

Areas,” p. 28.):



* HUD continues to work at overcoming weaknesses in its Single-Family 

Mortgage Insurance and Rental Housing Assistance program areas. HUD’s 

progress in its single-family insurance programs includes, for example, 

implementation of new processes to review lenders and appraisers and 

new incentives to improve the performance of its property disposition 

contractors. In its rental housing assistance programs, HUD has, among 

other things, initiated efforts to ensure that rental housing 

assistance is properly calculated and recipients are eligible, and 

improved processes to ensure that housing providers comply with the 

department’s housing quality standards. However, many of HUD’s 

strategies for resolving its high-risk problems represent new 

initiatives in the early stages of implementation, and significant 

problems remain. For example, HUD has not yet fully implemented an 

assessment system for calculating key financial indicators to determine 

lenders’ soundness and risk exposure. Further, HUD now estimates that 

rental assistance overpayments--some $2 billion out of $19 billion in 

assistance in fiscal year 2000--are greater than previously estimated. 

(See “Highlights of High-Risk Areas,” p. 28.):



FAA is moving to rectify serious, long-standing material weaknesses in 

its financial management systems. Its new general, property, and cost 

accounting systems--a departmentwide initiative--are expected to give 

FAA the ability to produce reliable financial statements that 

accurately assign costs to its programs and projects and account for 

the cost of its property. Whether the new accounting system will fully 

remedy FAA’s financial management deficiencies will not be determined 

until it is fully implemented and subsequently subjected to a financial 

statement audit. FAA has also worked to address weaknesses in its Air 

Traffic Control Modernization efforts. For example, the agency has 

implemented a framework for improving its software processes, developed 

a systems architecture, institutionalized cost estimating practices, 

and improved its investment management practices. However, more needs 

to be done in each of these areas to achieve needed improvements. (See 

“Highlights of High-Risk Areas,” p. 28.):



Progress in Addressing Transformation Challenges:



As part of our move toward focusing on broad-based management 

challenges, we have designated as high risk key areas where 

transformation was needed or under way and where legislative action 

would be helpful. We have seen important progress in three of these 

areas as well.



Strategic Human Capital Management:



Since we designated strategic human capital management as a 

governmentwide high-risk area in January 2001, the Congress and the 

executive branch have taken a number of steps to address the challenges 

identified. Among these steps were the following:



* In August 2001, the President placed the strategic management of 

human capital at the top of the President’s Management Agenda (PMA).



* OMB began assessing agencies according to standards for success for 

each part of the PMA, including the strategic management of human 

capital. The first agency assessment was published in February 2002. 

Subsequent assessments, published in June and September 2002, reported 

on both the status and progress of agencies’ efforts in strategic human 

capital management.



* In December 2001, the Office of Personnel Management (OPM) released a 

human capital scorecard to assist agencies in responding to the human 

capital standards for success contained in the PMA.



* In the fall of 2002, OPM began realigning its organizational 

structure and appointed four new associate directors with proven human 

capital expertise to lead federal efforts.



* In October 2002, OMB and OPM approved revised standards for success 

in the human capital area of the PMA, reflecting language developed in 

collaboration with us.



* In November 2002, the Congress passed the Homeland Security Act of 

2002, which created the Department of Homeland Security and provided 

the department with significant flexibility to design a modern human 

capital management system. This legislation also included additional 

significant provisions relating to governmentwide human capital 

management, such as direct hire authority, the ability to use 

categorical ranking in the hiring of applicants instead of the “rule of 

three,” the creation of Chief Human Capital Officers (CHCO) positions 

and a CHCO Council, expanded voluntary early retirement and buy-out 

authority, a requirement to discuss human capital approaches in 

Government Performance and Results Act reports and plans, a provision 

allowing executives to receive their total performance bonus in the 

year in which it is awarded, and other flexibilities.



Although considerable momentum is building and progress has been made 

over the past 2 years, it remains clear that today’s federal human 

capital strategies are not yet appropriately constituted to meet 

current and emerging challenges or to drive needed transformation 

across the federal government. The basic problem, which continues 

today, has been the long-standing lack of a consistent strategic 

approach to marshalling, managing, and maintaining the human capital 

needed to maximize government performance and assure its 

accountability. Specifically, agencies across the federal government 

continue to face challenges in four key areas:



* Leadership: Top leadership in the agencies must provide the 

sustained, committed, and inspired attention needed to address human 

capital and related organization transformation issues.



* Strategic Human Capital Planning: Agencies’ human capital planning 

efforts need to be more fully and demonstrably integrated with mission 

and critical program goals.



* Acquiring, Developing, and Retaining Talent: Additional efforts are 

needed to improve recruiting, hiring, professional development, and 

retention strategies to ensure that agencies have needed talent.



* Results-Oriented Organizational Cultures: Agencies continue to lack 

organizational cultures that promote high performance and 

accountability, and that empower and include employees in setting and 

accomplishing programmatic goals.



Importantly, although strategic human capital management remains high 

risk governmentwide, federal employees are not the problem. Rather, the 

problem is a set of policies that are viewed by many as outdated, over-

regulated, and not strategic. Human capital weaknesses in the federal 

government did not emerge overnight and will not be quickly or easily 

addressed. Committed, sustained, and inspired leadership and persistent 

attention on behalf of all interested parties will continue to be 

essential to build on the progress that has been and is being made, if 

lasting reforms are to be successfully implemented.



Reaching and maintaining a strategic approach to human capital 

management will take considerable effort on the part of the Congress, 

agency leadership, OPM, and OMB. Ultimately, the Congress may wish to 

consider legislative reforms to existing civil service laws. Key 

questions include the degree to which legislative changes are needed to 

design a modern human capital management system for the federal 

government. Although momentum continues to build for comprehensive 

reform, agencies need to use currently available flexibilities. (See 

“Highlights of High-Risk Areas,” p. 28.):



U.S. Postal Service:



In April 2001, we identified the U.S. Postal Service’s transformation 

efforts and long-term outlook as high risk due to growing financial, 

operational, and human capital challenges. Since then, these challenges 

have continued, and the Service has struggled to fulfill its primary 

mission of providing universal postal service at reasonable rates while 

remaining self-supporting from postal revenues. The events of September 

11, 2001, and subsequent use of the mail to transmit anthrax have 

introduced new issues related to mail safety and security that also 

must be addressed. These challenges, as well as the need to address the 

uncertainty about the Service’s future role, require urgent attention 

to ensure that the Service will be able to fulfill its mission in the 

21st century.



In response to our high-risk designation, the Service released its 

Transformation Plan in April 2002. In this plan, the Service outlined 

actions it deemed necessary to deal with transformation issues both (1) 

in the short term, under its current authority and through moderate 

regulatory and legislative reforms, and (2) in the longer term, through 

fundamental structural transformation. To achieve its fundamental 

structural transformation, the Service proposed moving to a Commercial 

Government Enterprise business model.



We reported that the development of the Transformation Plan was a good 

first step in raising key postal reform issues. Implementing the plan 

is a new challenge for the Service--in part because consensus has yet 

to be reached on legislative reforms--and therefore we have now added 

this implementation to the list of the Service’s major challenges. The 

other challenges include (1) controlling costs and improving 

productivity under the Service’s existing authority, (2) addressing 

unresolved financial issues, (3) developing strategies to address human 

capital issues, and (4) providing complete and reliable financial and 

performance information in a timely and transparent manner.



Opportunities exist for the Service to address these major management 

challenges and make further progress in its transformation efforts. For 

example, the results of a recent financial analysis by OPM may lead to 

a reduction in the Service’s pension liability and related annual 

payments if the Congress takes legislative action in this area. This 

additional “breathing room” could allow the Service to address other 

financial challenges, such as its outstanding debt, substantial 

postretirement health obligations, and its capital freeze. The Service 

also anticipates a large number of upcoming retirements, which would 

provide an opportunity to realign the Service’s workforce and 

infrastructure to meet its future operational needs. Committed 

leadership and sustained attention to addressing the Service’s 

management challenges will be critical to achieving its transformation.



Addressing the Service’s various challenges through comprehensive 

legislative reform will require consensus among various stakeholders--

something that has been very difficult to achieve, in part because the 

Service’s numerous stakeholders have divergent needs and concerns. 

Since 1996, the Congress has considered postal reform legislation many 

times; however, none of the reform proposals has been passed. More 

recently, in December 2002, the President established a nine-member 

Commission on the United States Postal Service to propose a vision for 

the future of the Postal Service and recommend the legislative and 

administrative reforms needed to ensure the viability of postal 

services. The Commission is expected to submit its report to the 

President by July 31, 2003. (See “Highlights of High-Risk Areas,” p. 

28.):



Protecting Information Systems Supporting the Federal Government and 

the Nation’s Critical Infrastructures:



We have designated information security as a high-risk area across 

government since 1997 because of continuing evidence indicating 

significant, pervasive weaknesses in the controls over computerized 

federal operations. Moreover, related risks continue to escalate, in 

part due to the government’s increasing reliance on the Internet and on 

commercially available information technology. In addition, we continue 

to report significant information security weaknesses in 24 major 

federal agencies.[Footnote 5]



Since our last high-risk report, efforts to correct information 

security weaknesses and improve federal information security have 

accelerated both at individual agencies and at the governmentwide 

level, including implementing government information security reform 

legislation enacted by the Congress in October 2000, implementing a 

related annual reporting process, and developing guidance and tools for 

agencies to self-assess their information security programs.



On December 17, 2002, the Federal Information Security Management Act 

of 2002 was enacted, to permanently authorize and strengthen the 

information security program, evaluation, and reporting requirements 

established by government information security reform legislation. This 

legislation is an essential step to sustaining agency efforts to 

identify and correct significant weaknesses. Nonetheless, further 

information security improvement efforts are needed at the agency level 

and governmentwide. It is important that these efforts be guided by a 

comprehensive strategy and that this strategy address certain key 

issues including:



* delineating the roles and responsibilities of the numerous entities 

involved in federal information security;



* providing more specific guidance to agencies on the controls that 

they need to implement;



* having agencies’ performance monitored by the agencies themselves, as 

well as by the Congress and the executive branch;



* providing adequate technical expertise and allocating sufficient 

resources; and:



* expanding research in the area of information systems protection.



In our January 2001 high-risk update report, we also began to highlight 

the increasing importance of the federal government’s efforts to 

protect our nation’s critical public and private computer-dependent 

infrastructure (such as national defense, power distribution, and water 

supply), as outlined in Presidential Decision Directive 63. This year, 

we are broadening this high-risk issue to highlight the increased 

importance of protecting the information systems that support these 

critical infrastructures, referred to as cyber critical infrastructure 

protection or cyber CIP. Since our 2001 report, terrorist attacks and 

threats have further underscored the need to manage CIP activities that 

enhance the security of the cyber and physical public and private 

infrastructures that are essential to national security, national 

economic security, and/or national public health and safety. At the 

federal level, cyber CIP activities are perhaps the most critical 

component of a department or agency’s overall information security 

program.



Since 2001, a number of significant actions have occurred to better 

position the nation to protect its critical infrastructures, including 

the following:



* In October 2001, the President established the President’s Critical 

Infrastructure Protection Board to coordinate cyber-related federal 

efforts for protecting our nation’s critical infrastructures.



* In July 2002, the President and his Office of Homeland Security 

issued the National Strategy for Homeland Security, which identifies 

protecting critical infrastructures and intelligence and warning as 

critical components.



* In September 2002, the Protection Board released a comment draft of a 

National Strategy to Secure Cyberspace. The board issued this draft 

because the National Strategy for Homeland Security states that the 

administration will complete cyber and physical infrastructure 

protection plans to serve as the baseline for a future comprehensive 

national infrastructure protection plan.



* On November 25, 2002, the President signed the Homeland Security Act 

of 2002, which established the Department of Homeland Security and, 

within it, the Directorate of Information Analysis and Infrastructure 

Protection.



Although these actions taken are major steps to more effectively 

protect our nation’s critical infrastructures, further actions are 

needed to fully address our recommendations concerning CIP challenges, 

including:



* completing a comprehensive and coordinated national CIP strategy,



* improving analysis and warning capabilities, and:



* improving information sharing on threats and vulnerabilities.



(See “Highlights of High-Risk Areas,” p. 28.):



[End of section]



New High-Risk Areas:



Adding Three Broad-Based High-Risk Areas:



The new use of the high-risk designation to draw attention to the 

challenges faced by government programs and operations in need of 

broad-based transformation has led to important progress. With these 

positive results in mind, for 2003, we have designated three additional 

such areas as high risk: implementing and transforming the new 

Department of Homeland Security (DHS), modernizing federal disability 

programs, and federal real property.



Implementing and Transforming the New Department of Homeland Security:



We designated implementation and transformation of the new Department 

of Homeland Security as high risk based on three factors. First, the 

implementation and transformation of DHS is an enormous undertaking 

that will take time to achieve in an effective and efficient manner. 

Second, components to be merged into DHS already face a wide array of 

existing challenges. Finally, failure to effectively carry out its 

mission would expose the nation to potentially very serious 

consequences.



In the aftermath of September 11, invigorating the nation’s homeland 

security missions has become one of the federal government’s most 

significant challenges. DHS, with an anticipated budget of almost $40 

billion and an estimated 170,000 employees, will be the third largest 

government agency; not since the creation of DOD more than 50 years ago 

has the government sought an integration and transformation of this 

magnitude. In DOD’s case, the effective transformation took many years 

to achieve, and even today, the department continues to face enduring 

management challenges and high-risk areas that are, in part, legacies 

of its unfinished integration.



Effectively implementing and transforming DHS may be an even more 

daunting challenge. DOD at least was formed almost entirely from 

agencies whose principal mission was national defense. DHS will combine 

22 agencies specializing in various disciplines: law enforcement, 

border security, biological research, disaster mitigation, and computer 

security, for instance. Further, DHS will oversee a number of non-

homeland-security activities, such as Coast Guard’s marine safety 

responsibilities and the Federal Emergency Management Agency’s (FEMA) 

natural disaster response functions. Yet only in the effective 

integration and collaboration of these entities will the nation achieve 

the synergy that can help provide better security against terrorism. 

The magnitude of the responsibilities, combined with the challenge and 

complexity of the transformation, underscores the perseverance and 

dedication that will be required of all DHS’s leaders, employees, and 

stakeholders to achieve success.



Further, it is well recognized that mergers of this magnitude in the 

public and private sector carry significant risks, including lost 

productivity and inefficiencies. Generally, successful transformations 

of large organizations, even those undertaking less strenuous 

reorganizations and with less pressure for immediate results, can take 

from 5 to 7 years to achieve. Necessary management capacity and 

oversight mechanisms must be established. Moreover, critical aspects of 

DHS’s success will depend on well-functioning relationships with third 

parties that will take time to establish and maintain, including those 

with state and local governments, the private sector, and other federal 

agencies with homeland security responsibilities, such as the 

Department of State, the FBI and the Central Intelligence Agency, DOD, 

and the Department of Health and Human Services (HHS). Creating and 

maintaining a structure that can leverage partners and stakeholders 

will be necessary to effectively implement the national homeland 

security strategy.



The new department is also being formed from components with a wide 

array of existing major management challenges and program risks. For 

instance, one DHS directorate’s responsibility includes the protection 

of critical information systems that we already consider a high risk. 

In fact, many of the major components merging into the new department, 

including the Immigration and Naturalization Service (INS), the 

Transportation Security Administration (TSA), Customs Service, FEMA, 

and the Coast Guard, face at least one major problem, such as strategic 

human capital risks, critical information technology challenges, or 

financial management vulnerabilities; they also confront an array of 

challenges and risks to program operations. For example, TSA has had 

considerable challenges in meeting deadlines for screening baggage, and 

the agency has focused most of its initial security efforts on aviation 

security, with less attention to other modes of transportation. INS has 

had difficulty in tracking aliens due to unreliable address 

information. Customs must meet challenges from the potential threats of 

weapons of mass destruction smuggled in cargo arriving at U.S. ports, 

and the Coast Guard faces the challenges inherent in a massive fleet 

modernization.



DHS’s national security mission is of such importance that the failure 

to address its management challenges and programs risks could have 

serious consequences on our intergovernmental system, our citizens’ 

health and safety, and our economy. Overall, our designation of the 

implementation and transformation of DHS as a high-risk area stems from 

the importance of its mission and the nation’s reliance on the 

department’s effectiveness in meeting its challenges for protecting the 

country against terrorism. (See “Highlights of High-Risk Areas,” p. 

28.):



Modernizing Federal Disability Programs:



This new high-risk area encompasses a range of federal disability 

programs. Federal disability programs have experienced significant 

growth over the past decade and are expected to grow even more steeply 

as more baby boomers reach their disability-prone years. In particular, 

SSA and the Department of Veterans Affairs (VA) oversee five major 

disability programs providing cash assistance to individuals with 

physical or mental conditions that reduced their earnings capacity, 

collectively paying more than $100 billion in cash benefits to more 

than 13 million beneficiaries in 2001.[Footnote 6] In recent years, 

scientific advances and economic and social changes, paradoxically, 

have redefined the relationship between impairments and work. Advances 

in medicine and technology have reduced the severity of some medical 

conditions and have allowed individuals to live with greater 

independence and function in work settings. Moreover, the nature of 

work has changed in recent decades as the national economy has moved 

away from manufacturing-based jobs to service-and knowledge-based 

employment. Yet federal disability programs remain mired in concepts 

from the past and are poorly positioned to provide meaningful and 

timely support for Americans with disabilities. Indeed, SSA and VA are 

struggling to provide accurate, timely, and consistent disability 

decisions to program applicants. We have added modernizing federal 

disability programs to our 2003 high-risk list based on the following 

concerns.



Federal disability programs are grounded in outmoded concepts. Despite 

opportunities afforded by medical and technological advancements and 

the growing expectations that people with disabilities can and want to 

work, federal disability programs remain grounded in an approach that 

equates medical conditions with the incapacity to work. The legislation 

for SSA’s and VA’s disability programs requires that the assessment of 

eligibility be based on the presence of medically determinable physical 

and mental impairments. However, these assessments do not always 

reflect recent medical and technological advances and their impact on 

medical conditions that affect the ability to work. Likewise, the 

criteria used to assess disability have not incorporated changes in the 

labor market that have affected the skills needed to perform work and 

the settings in which work occurs. By using outdated information, the 

agencies risk overcompensating some individuals while 

undercompensating or denying compensation entirely to others.



While relying upon outmoded assumptions about impairment and work, the 

agencies have experienced difficulty in managing disability programs. 

In spite of years of efforts to improve the management of their 

disability programs, both SSA and VA continue to face significant 

challenges. The processes these agencies use to determine disability 

adversely affect each agency’s ability to efficiently, equitably, and 

effectively serve their beneficiaries.



Both SSA and VA have experienced increasing processing times for 

disability claims over the past several years, with claimants waiting 

more than 4 months for an initial decision and for more than 1 year for 

a decision on appeal of a denied claim. Although SSA has recently 

implemented several short-term initiatives not requiring statutory or 

regulatory changes to reduce processing times, it is still evaluating 

strategies for longer-term solutions. VA has demonstrated some recent 

progress based on newly implemented initiatives, but the agency is far 

from achieving its own goals for timeliness.



The inconsistencies in disability decisions across adjudicative levels 

and locations in both agencies have raised questions about the 

fairness, integrity, and cost of these programs. Although both agencies 

have taken steps to provide training and enhance communication to 

improve the consistency of decisions, variations in allowances rates 

continue and a significant number of denied claims are still awarded on 

appeal. In addition, both SSA and VA have experienced challenges with 

implementing effective quality assurance systems. After failing in its 

attempts since 1994 to redesign a more comprehensive quality assurance 

system, SSA has recently begun a new quality management initiative. VA 

has taken a number of recent actions to correct problems with its 

quality assurance system and its measure of decision accuracy in 2002 

has shown improvement. However, it is still well below the agency’s 

strategic goal for accuracy.



Both SSA and VA lack comprehensive plans for addressing program growth. 

For example, between 1991 and 2001, the number of beneficiaries and 

their family members receiving Disability Insurance (DI) benefits, the 

largest of the five disability programs administered by SSA and VA, 

increased from 4.5 million to 6.9 million, as total cash benefits 

increased more than 70 percent (in 2001 dollars) during this time 

period to nearly $60 billion. By 2010, SSA expects that the number of 

DI beneficiaries and their eligible family members will increase by 

more than one-third over 2001 levels. (See figure 1.) Similarly, VA 

expects the number and complexity of its disability claims to increase 

due to veterans’ increased awareness of service-connected disabilities 

and recent legislative changes. Likewise, the disability rolls have 

been increasingly characterized by conditions that result in extended 

entitlement periods. Mental impairments and musculoskeletal 

conditions--conditions that people can survive with for decades--are 

currently more common qualifying conditions for people receiving 

benefits than in years past. However, SSA and VA have not sufficiently 

prepared for this growth and need specific plans for addressing future 

disability needs.



Figure 1: Growth in DI Beneficiaries:



[See PDF for image] 



Note: Figures after 2001 are estimates based on the intermediate 

assumptions of the Trustees of the Social Security trust funds.



[End of figure]



SSA also faces the challenge of supporting disability beneficiaries’ 

return to work. SSA has experienced limited success in doing so, in 

spite of changes in medicine, technology, society, and the nature of 

work, all of which have increased the potential for some people with 

disabilities to return to the labor force. Although SSA has taken a 

number of actions to improve its return-to-work practices, the agency 

still needs to develop, as we have recommended, a comprehensive return-

to-work strategy that focuses at the outset on an evaluation of what is 

needed for an individual to return to work. Given the projected 

slowdown in the growth of the nation’s labor force, it is imperative 

that those who can work are supported in their efforts to do so.



Developing comprehensive and sustainable solutions to the problems 

facing federal disability programs in the 21ST century will require 

agencies to significantly broaden their current efforts. Indeed, no 

single agency has the span of authority to fully address the issues 

involved. Although some solutions can be developed and implemented 

within the regulatory process, others will require legislative action. 

Fundamentally, agencies’ efforts need to be marked by consultation and 

cooperation with the legislative branch and by cross-agency 

cooperation. Success in improving operations and key outcomes--such as 

increased employment--will involve partnerships with agencies such as 

the Department of Labor, the Department of Education, HHS, and perhaps 

between SSA and VA themselves. (See “Highlights of High-Risk Areas,” p. 

28.):



Federal Real Property:



Over 30 federal agencies control hundreds of thousands of real property 

assets--including both facilities and land--in the United States and 

abroad. These assets are worth about $328 billion, according to the 

fiscal year 2001 financial statements of the U.S. government.[Footnote 

7] Unfortunately, much of this vast and valuable asset portfolio 

presents significant management challenges and reflects an 

infrastructure based on the business model and technological 

environment of the 1950s. Many assets are no longer effectively aligned 

with, or responsive to, agencies’ changing missions and are therefore 

no longer needed. Furthermore, many assets are in an alarming state of 

deterioration; restoration and repair needs are estimated by agencies 

to be in the tens of billions of dollars. For example, the Department 

of the Interior has a deferred maintenance backlog that its Inspector 

General estimated in April 2002 to be as much as $8 billion to $11 

billion, and General Services Administration (GSA) data has shown a 

$5.7 billion repair and maintenance backlog in its buildings. 

Compounding these problems are the lack of reliable governmentwide data 

for strategic asset management, a heavy reliance on costly leasing 

instead of ownership to meet new space needs, and the cost and 

challenge of protecting these assets against potential terrorism.



To address these challenges, the Congress and the administration have 

undertaken several efforts, including Defense Base Realignment and 

Closures Commissions and the President’s Commission to Study Capital 

Budgeting. In addition, the Congress, OMB, and GSA have also recognized 

the need for and developed legislative proposals in recent years that 

were designed to address some of the problems. Although some of these 

efforts and other work by individual real-property-holding agencies 

have had some success, much remains to be done governmentwide. In most 

cases, the effectiveness of current and planned initiatives has yet to 

be determined. Despite these efforts and the sincerity with which the 

federal real property community has embraced the need for reform, the 

problems have persisted and have been exacerbated by competing 

stakeholder interests in real property decisions, various legal and 

budget-related disincentives to achieving businesslike outcomes, the 

need for better capital planning among real-property-holding agencies, 

and the lack of a strategic governmentwide focus on federal real 

property issues.



Given the persistence of these problems and the various obstacles that 

have impeded progress in resolving them, we are designating federal 

real property as a new high-risk area. Resolving these long-standing 

problems will require high-level attention and effective leadership by 

the Congress and the administration. Also, because of the breadth and 

complexity of the issues involved, the long-standing nature of the 

problems, and the intense debate about potential solutions that will 

likely ensue, current structures and processes may not be adequate to 

address the problems. Given this, there is a need for a comprehensive 

and integrated transformation strategy for federal real property, and 

an independent commission or governmentwide task force may be needed to 

develop this strategy. Such a strategy could be based on input from 

agencies, the private sector, and other interested groups. The strategy 

should also reflect the lessons learned and leading practices of public 

and private organizations that have attempted to reform their real 

property practices. These organizations have recognized that real 

property, like capital, people, technology, and information, is a 

valuable resource that, if managed well, can support the accomplishment 

of their missions and the achievement of their business objectives. In 

addition, as these organizations are recognizing, the workplace of the 

future will differ from today’s work environment.



For the federal government, technological advancements, electronic 

government, flexible workplace arrangements, changing public needs, 

opportunities for resource sharing, and security concerns will call for 

a new way of thinking about the federal workplace and the government’s 

real property needs. Realigning the government’s real property assets 

with agency missions, taking into account the requirements of the 

future federal role and workplace, will be critical to improving the 

government’s performance and ensuring accountability within expected 

resource limits. If actions resulting from the transformation strategy 

comprehensively address the problems and are effectively implemented, 

agencies will be better positioned to recover asset values, reduce 

operating costs, improve facility conditions, enhance safety and 

security, and achieve mission effectiveness. (See “Highlights of High-

Risk Areas,” p. 28.):



New High-Risk Area Identified Based on Fiscal Oversight 

Vulnerabilities:



In addition to our expanded focus on challenges associated with the 

economy, efficiency, and effectiveness of government programs and 

operations in need of broad-based transformation, we will continue to 

identify high-risk areas based on the more traditional focus on fraud, 

waste, abuse, and mismanagement. For such problems, our focus will 

continue to be on identifying the root causes behind the 

vulnerabilities, as well as actions needed on the part of the agencies 

involved and, if appropriate, the Congress. For this update, we have 

designated one such new high-risk area.



Medicaid Program:



Growing concern about the size, growth, and fiscal oversight of the 

Medicaid program has led us to include the program on our 2003 high-

risk list. Medicaid pays for both acute health care and long-term care 

services for over 44 million low-income Americans and is the third 

largest social program in the federal budget (after Social Security and 

Medicare). Financed jointly by the federal government and the states, 

Medicaid consists of more than 50 distinct “state” programs that 

together cost $228 billion in fiscal year 2001, accounts for more than 

20 percent of states’ total expenditures, and is projected to double in 

spending in a decade. The federal government pays from half to more 

than three-fourths of each state’s Medicaid expenditures.



The Centers for Medicare & Medicaid Services (CMS) faces major 

challenges in managing this program of vast size, growth, and 

diversity. Protecting the program’s fiscal integrity is critically 

important. It is especially challenging because the federal 

government’s financial liability for the Medicaid program is linked to 

reported state expenditures. Our work in recent years finds that 

federal and state oversight efforts have often been inadequate to 

prevent inappropriate spending, thereby increasing federal spending 

unnecessarily.



Over the last decade, for example, some states have found ways to 

inappropriately leverage federal funds. Although CMS and the Congress 

have acted to curb certain financing schemes, states have found new 

statutory and regulatory loopholes to create the illusion that they 

have made large Medicaid payments to certain health care providers in 

order to generate excessive federal matching payments. Some of the 

schemes have cost the federal government several billions of dollars 

each year.



We are also concerned that states’ receipt of waivers--where the 

Secretary of HHS waives certain statutory provisions and allows testing 

of new health care delivery and coverage ideas--may continue to 

increase the federal government’s financial liability beyond what it 

would have been without the waivers.[Footnote 8] For example, two 

states’ waivers approved in 2002 are estimated to cost the federal 

government an extra $330 million or more than it would have paid in the 

absence of the waivers. HHS is currently considering approval of 

similar waivers by additional states.



Another area of concern involves federal and state efforts to ensure 

that payments are accurate and appropriate. Like other health care 

payers, Medicaid is vulnerable to waste, fraud, and abuse by providers 

who submit inappropriate claims. The hundreds of millions of dollars in 

improper payments that a few states have identified in recent years 

suggests that states have the potential for considerable savings 

through increased efforts to safeguard program payments.



The exploitation of Medicaid not only penalizes taxpayers, but also 

jeopardizes the viability of a program that over 44 million low-income 

Americans depend on for essential health and long-term care services. 

To better protect Medicaid dollars, CMS must take the steps needed to 

strengthen federal and state fiscal oversight to ensure that the 

federal government pays only its valid share of proper program 

expenditures. (See “Highlights of High-Risk Areas,” p. 28.):



[End of section]



Highlights of High-Risk Areas:



Overall, the government continues to take high-risk problems seriously 

and is making long-needed progress toward correcting them. The Congress 

has also acted to address several individual high-risk areas through 

hearings and legislation. Continued perseverance in addressing high-

risk areas will ultimately yield significant benefits. Lasting 

solutions to high-risk problems offers the potential to save billions 

of dollars, dramatically improve service to the American public, 

strengthen public confidence and trust in the performance and 

accountability of our national government, and ensure the ability of 

government to deliver on its promises.



We have prepared highlights of each of the 25 current high-risk areas 

showing (1) why the area is high risk, (2) the actions that have been 

taken and that are under way to address the problem since our last 

update report and the issues that are yet to be resolved, and (3) what 

remains to be done to address the risk. These highlights are presented 

on the following pages.



Also, comprehensive discussions of 22 of the high-risk areas are 

included in the relevant department or agency report in the 

accompanying special GAO series entitled the Performance and 

Accountability Series: Major Management Challenges and Program Risks. 

The individual high-risk area highlights provide a link to the relevant 

reports in this series. Comprehensive discussions of the 3 crosscutting 

high-risk areas--strategic human capital management, protecting 

information systems supporting the federal government and the nation’s 

critical infrastructures, and federal real property--are presented in 

separate reports as part of this series.



GAO Highlights: High-Risk Series High-Risk Series



Strategic Human Capital Management:



Highlights of a high-risk area discussed in the GAO report entitled 

High-Risk Series: Strategic Human Capital Management (GAO-03-120)



Why Area is High Risk:



In its January 2001 High-Risk Update (GAO-01-263), GAO designated 

strategic human capital management as a governmentwide high-risk area. 

The basic problem, which continues today, has been the long-standing 

lack of a consistent strategic approach to marshaling, managing, and 

maintaining the human capital needed to maximize government performance 

and assure its accountability. This report is part of a special series 

of reports on governmentwide and agency-specific challenges.



What GAO Found:



Leading public organizations here and abroad have found that strategic 

human capital management must be the centerpiece of any serious change 

management initiative and efforts to transform the cultures of 

government agencies. Unfortunately, the federal government’s strategic 

human capital approaches are not yet well positioned to enable the 

needed transformation. Since we designated strategic human capital 

management as a governmentwide high-risk area in January 2001, Congress 

has taken a number of steps to address the challenges identified, 

including granting agencies significant new authorities for managing 

their human capital as part of the Homeland Security Act of 2002. The 

strategic management of human capital was also placed at the top of 

the President’s Management Agenda. Individual agencies have also taken 

action to address their specific challenges. Despite the considerable 

progress over the past 2 years, it remains clear that today’s federal 

human capital strategies are not appropriately constituted to meet 

current and emerging challenges or to drive the needed transformation 

across the federal government. Specifically, agencies continue to 

face challenges in four key areas:

*Leadership: Top leadership in the agencies must provide the committed 

and inspired attention needed to address human capital and related 

organization transformation issues.

Strategic Human Capital Planning: Agencies’ human capital planning 

efforts need to be more fully and demonstrably integrated with 

mission and critical program goals.

Acquiring, Developing, and Retaining Talent: Additional efforts are 

needed to improve recruiting, hiring, professional development, and 

retention strategies to ensure that agencies have the needed talent.

Results-Oriented Organizational Cultures: Agencies continue to lack 

organizational cultures that promote high performance and 

accountability and empower and include employees in setting and 

accomplishing programmatic goals.

Importantly, although strategic human capital management remains 

high – risk governmentwide, federal employees are not the problem. 

Rather, the problem is a set of policies and practices that are not 

strategic, and viewed by many as outdated and over-regulated. In 

the final analysis, modern, effective, and credible human capital 

strategies will be essential in order to maximize the performance 

and assure the accountability of the government for the benefit 

of the American people.



What Remains to be Done:



Reaching and maintaining an approach to human capital management 

that is strategic will take considerable effort from the Congress, 

agencies, 

the Office of Personnel Management, and the Office of Management and 

Budget. Ultimately, Congress will need to consider additional 

legislative reforms to existing civil service laws. While momentum 

continues to build for comprehensive civil service reform, agencies 

need to use currently available flexibilities to recruit, hire, 

develop, retain, and hold employees accountable for mission 

accomplishment. 



www.gao.gov/cgi-bin/getrpt?GAO-03-120.



For additional information about this high-risk area, click on the 

link above or contact J. Christopher Mihm at (202) 512-6806 or 

mihmj@gao.gov.





[End of section]



GAO Highlights: High-Risk Series High-Risk Series



U.S. Postal Service: Transformation Efforts and Long-Term Outlook:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the U.S. Postal Service (GAO-03-118)



Why Area is High Risk:



In April 2001, GAO designated the U.S. Postal Service’s (the Service) 

transformation and long-term outlook as high risk because of growing 

financial and operational difficulties, including the following: 

The fiscal year 2001 outlook changed from a $480 million to a $2 

billion–$3 billion deficit.

Growth in expenses outpaced the growth in revenues. 

Capital spending was deferred.

Weakened cash flow increased borrowing pressures, as debt levels 

approached the statutory borrowing limit.

Also, human capital issues, such as the wave of impending retirements, 

performance-based compensation, and labor-management relations, 

needed to be addressed.



What GAO Found:



The Service’s current business model, which relies on increasing mail 

volumes to mitigate rate increases and cover costs, is at risk as 

competition and technological alternatives increase. In fiscal years 

2001 and 2002, despite multiple rate increases and cost-cutting 

efforts, the Service incurred large deficits as total mail volume 

declined. The figure below shows that mail volume growth for 

First-Class Mail and Standard Mail—mail classes that generate over 

three-fourths of the Service’s revenue—has been slowing. 



Growth in Key Mail Classes Is Slowing



[See PDF for image]



[End of figure]



Other major challenges facing the Service include:

Long-standing difficulty in cutting costs, particularly related to 

its workforce and infrastructure, and in sustaining productivity 

gains;

Unknown safety and security needs;

Cash flow from operations that is insufficient to fund capital 

expenditures and reduce borrowing pressure;

Liabilities that continue to exceed assets, and postretirement 

health obligations that are growing;

Succession planning for the large number of upcoming retirements.



To address its high-risk designation, the Service issued its 

Transformation Plan (the Plan) in April 2002. The Plan outlined 

steps to guide it in carrying out its future mission and proposed 

a new business model to achieve its long-term transformation. 

The Plan was a good first step; however, concerns remain about 

its full implementation, as no consensus has been reached on the 

Service’s future. Effective leadership and sustained attention by 

the Service will be key to effectively carrying out its transformation. 

Opportunities exist (for example, the upcoming retirements) for the 

Service and its leadership to address these challenges. A recent 

analysis may lead to a significant reduction in its pension liability, 

which would improve the Service’s financial outlook and allow it to 

address other financial challenges and align its workforce and 

infrastructure to meet future needs. 



What Remains to Be Done:



GAO believes the Service should: 

Work with Congress, the Presidential Commission, and stakeholders to 

implement its Plan, including legislation to address issues related 

to its mission and role for the 21st century; governance structure; 

accountability mechanisms; and human capital matters.

Develop strategies to align its infrastructure and workforce to 

support its business model;

Continue efforts to cut costs and improve productivity; and

Address long-term financial concerns, such as outstanding debt 

and postretirement health obligations.



www.gao.gov/cgi-bin/getrpt?GAO-03-118

For additional information about this high-risk area, click on the 

link above or contact Bernard L. Ungar at (202) 512-2834 or 

ungarb@gao.gov.



[End of section]



GAO Highlights: High-Risk Series 



Protecting Information Systems Supporting the Federal Government 

and the Nation’s Critical Infrastructures:



Highlights of a high-risk area discussed later in this report 

(GAO-03-121)



Why Area is High Risk:



Since GAO designated computer security in the federal government 

as high risk in 1997, evidence of pervasive weaknesses has been 

continuing. Also, related risks have been escalating, in part 

because of the dramatic increases in computer interconnectivity 

and increasing dependence on computers to support critical operations 

and infrastructures, such as power distribution, water supply, 

national defense, and emergency services. This year, GAO expanded 

this high risk area to include protecting the information systems 

that support our nation’s critical infrastructures, referred to as 

cyber critical infrastructure protection or cyber CIP. Among other 

reasons for designating cyber CIP high risk is that terrorist groups 

and others have stated their intentions of attacking our critical 

infrastructures, and failing to protect these infrastructures could 

adversely affect our national security, economic security, and/or 

public health and safety.



What GAO Found:



Since January 2001, efforts to improve federal information security 

have accelerated at individual agencies and at the governmentwide 

level. For example, implementation of Government Information 

Security Reform legislation (GISRA) enacted by the Congress in 

October 2000 was a significant step in improving federal agencies’ 

information security programs and addressing their serious, 

pervasive information security weaknesses. In Implementing GISRA, 

agencies have noted benefits, including increased management 

attention to and accountability for information security. Although 

improvements are under way, recent audits of 24 of the largest 

federal agencies continue to identify significant information 

security weaknesses that put critical federal operations and assets 

in each of these agencies at risk (see figure below). Over the years, 

various working groups have been formed, special reports written, 

federal policies issued, and organizations created to address the 

nation’s critical infrastructure challenges. In 1998, the President 

issued Presidential Decision Directive 63 (PDD 63), which described 

a strategy for cooperative efforts by government and the private 

sector to protect the physical and cyber-based systems essential 

to the minimum operations of the economy and the government. To 

accomplish its goals, PDD 63 designated and established 

organizations to provide central coordination and support. This 

directive has since been supplemented by Executive Order 13231, 

which established the President’s Critical Infrastructure Protection 

Board and the President’s National Strategy for Homeland Security. 

While the actions taken to date are major steps to more effectively 

protect our nation’s critical infrastructures, GAO has made numerous 

recommendations over the last several years concerning CIP 

challenges. In response to these challenges, improvements have 

been made and efforts are in progress, but more work is needed to 

address them.



Information Security Weaknesses at 24 Major Agencies



[See PDF for image]



[End of figure]



What Remains to Be Done:



Among other actions essential to sustaining federal information 

security improvements are the agencies’ development of effective 

risk management programs and the development of a comprehensive 

strategy to guide agencies’ efforts. Further actions to improve 

CIP include developing a national CIP strategy and improving 

analysis and warning capabilities and information sharing on threats 

and vulnerabilities.



www.gao.gov/cgi-bin/getrpt?GAO-03-121.



For additional information about this high-risk area, click on 

the link above or contact Robert F. Dacey at (202) 512-3317 or 

daceyr@gao.gov.



[End of section]



GAO Highlights: High-Risk Series



Implementing and Transforming the New Department of Homeland 

Security:



Highlights of a high-risk area discussed in GAO’s Performance 

and Accountability Series report on the Department of Homeland 

Security (GAO-03-102)



Why Area is High Risk:



GAO has designated implementing and transforming the new 

Department of Homeland Security (DHS) as a high risk area for 

three reasons. First, the implementation and transformation of DHS 

is an enormous undertaking that will take time to achieve in an 

effective and efficient manner. Second, components being merged 

into DHS already face a wide array of existing challenges. Finally, 

failure to effectively carry out its mission exposes the nation to 

potentially very serious consequences.



What GAO Found:



Effectively implementing and transforming the Department of 

Homeland Security will be a daunting challenge. The Department 

will combine 22 agencies with an estimated 170,000 employees 

specializing in various disciplines: law enforcement, border 

security, biological research, disaster mitigation, and computer 

security, for instance. Further, DHS will oversee a number of 

non-homeland security activities, such as the Coast Guard’s marine 

safety responsibilities and the Federal Emergency Management 

Agency’s (FEMA) natural disaster response functions. Yet, only in 

the effective integration and collaboration of these entities will 

the nation achieve the synergy that can help provide better 

security. The magnitude of the responsibilities, combined with 

the challenge and complexity of the transformation, underscore 

the perseverance and dedication that will be needed from DHS’s 

leaders, employees, and stakeholders to achieve success. It is 

well recognized that mergers of this magnitude in the public and 

private sector carry significant risks, including lost 

productivity and inefficiencies. Generally, successful 

transformations of large organizations, even those undertaking 

less strenuous reorganizations and with less pressure for 

immediate results, can take from 5 to 7 years to achieve. 

Necessary management capacity and oversight mechanisms must be 

established. Moreover, critical aspects of DHS’s success will 

depend on well-functioning relationships with third parties that 

will take time to establish and maintain, including those with 

states and local governments, the private sector, and other 

federal agencies with homeland security responsibilities, such as 

the State Department, the Federal Bureau of Investigation, the 

Central Intelligence Agency, the Defense Department, the 

Transportation Department, and the Department of Health and Human 

Services. Creating and maintaining a structure that can leverage 

partners and stakeholders will be needed to effectively implement the

 national homeland security strategy. The new department also is 

being formed from components with a wide array of existing major 

management challenges and program risks. For instance, one DHS 

directorate’s responsibility includes the protection of critical 

information systems that GAO already considers a high risk. In fact, 

many of the major components merging into the new department—

including the Immigration and Naturalization Service, the 

Transportation Security Administration, Customs Service, FEMA, and 

the Coast Guard—face at least one major problem, such as strategic 

human capital risks, information management technology challenges, 

or financial management vulnerabilities; they also confront an 

array of program operations challenges and risks. DHS’s national 

security mission is of such importance that the failure to 

effectively address its management challenges and program risks 

could have serious consequences on our intergovernmental system, 

our citizens’ health and safety, and our economy.



What Needs to Be Done:



The long-term solution to this high risk area necessitates that DHS 

effectively integrate the 22 incoming agencies and nearly $40 

billion budget in order to achieve the synergy for providing better 

security against terrorism. Necessary management capacity, priority 

setting, and oversight mechanisms must be established to cope with 

inherent risks associated with major mergers. In addition, creating 

and maintaining a structure that can leverage partners and 

stakeholders will be essential to effectively implementing the 

national homeland security strategy. Finally, DHS must confront a 

wide array of existing major management challenges and program 

risks in its incoming agencies to ensure success.



www.gao.gov/cgi-bin/getrpt?GAO-03-102.

For additional information about this high-risk area, click on the 

link above or contact Randall Yim at (202) 512-3580 or 

yimr@gao.gov, or Patricia Dalton at (202) 512-6806 or 

daltonp@gao.gov.



[End of Section]



GAO Highlights: High-Risk Series



Modernizing Federal Disability Programs:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Social Security Administration 

(GAO-03-117) and the Department of Veterans Affairs (GAO-03-110)



Why Area is High Risk:



Disability programs have been growing and are poised to grow even 

more rapidly as more baby boomers reach their disability prone 

years. This growth is taking place despite greater opportunities 

for people with disabilities to work. Moreover, this growth is 

occurring at the same time that agencies such as the Social 

Security Administration (SSA) and the Department of Veterans 

Affairs (VA) are struggling to provide timely and consistent 

disability decisions. While the agencies are taking some actions 

to address these problems in the short term, longer-term solutions 

are likely to require fundamental changes including legislative 

action. 



What GAO Found:



GAO’s work examining the challenges facing federal disability 

programs has found that these programs are not well positioned 

to provide meaningful and timely support for Americans with 

disabilities. In particular, SSA’s and VA’s programs are based on 

concepts from the past. These outdated concepts persist despite 

scientific advances and economic and social changes that have 

redefined the relationship between impairments and the ability to 

work. Advances in medicine and technology have reduced the 

severity of some medical conditions and have allowed individuals 

to live with greater independence and function in work settings. 

Moreover, the nature of work has changed as the national economy 

has become increasingly knowledge-based. At the same time, the 

projected slowdown in growth of the nation’s labor force makes 

it imperative that those who can work are supported in their 

efforts to do so. Beyond these outmoded design issues, the 

agencies also face longstanding challenges to improve the quality 

and timeliness of disability decisions. As the result of this 

work, GAO has added modernizing federal disability programs 

to its 2003 high-risk list based on the following concerns:

SSA and VA Programs Remain Grounded in Outmoded Concepts of 

Disability. Disability criteria have not been updated to reflect 

the current state of science, medicine, technology and labor 

market conditions. As a result, both agencies need to reexamine 

the medical and vocational criteria they use to determine whether 

individuals are eligible for benefits. Using outdated information, 

the agencies risk overcompensating some individuals while 

undercompensating or denying compensation entirely to others.



Agencies Have Difficulties Managing Disability Programs. Both SSA 

and VA have experienced (1) lengthy processing times for 

disability claims, (2) inconsistencies in disability decisions 

across adjudicative levels and locations, and (3) challenges 

with implementing effective quality assurance systems. The 

agencies have made some progress addressing some of these 

challenges, but much more work needs to be 

done. 

Agencies Need Adequate Plans for Addressing Program Growth. 

Between 1991 and 2001, the SSA Disability Insurance rolls 

increased by more than 50 percent and growth is expected to 

continue. Similarly, VA expects the number of its disability 

claims to increase. However, SSA and VA have not sufficiently 

prepared for this growth and will need specific plans for 

addressing future disability needs. Developing effective and 

sustainable solutions to problems facing federal disability 

programs will require consultation and cooperation between the 

executive and legislative branches as well as cross-agency 

efforts, and will likely require statutory as well as regulatory 

and management actions.



What Remains to Be Done:



GAO believes that SSA and VA should take the lead in examining 

the fundamental causes of program problems such as outmoded 

disability criteria and seek both management and legislative 

solutions as appropriate to bring their programs in line with 

the current state of science, medicine, technology and labor 

market conditions. At the same time, these agencies should 

continue to develop and implement strategies for improving the 

accuracy, timeliness, and consistency of disability decision-

making. Further, both agencies should pursue more effective 

quality assurance systems.



www.gao.gov/cgi-bin/getrpt?GAO-03-117.

www.gao.gov/cgi-bin/getrpt?GAO-03-110.

For additional information about this high-risk area, click 

on the link above or contact Robert E. Robertson (SSA programs) at 
(202)

 512-7215 or robertsonr@gao.gov or Cynthia Bascetta (VA programs) at 

(202) 512-7101 or bascettac@gao.gov.





[End of section]



GAO Highlights: High-Risk Series



Federal Real Property:



Highlights of a high-risk area discussed in the GAO report entitled 

High-Risk Series:

Federal Real Property (GAO-03-122)



Why Area is High Risk:



Long-standing problems with excess and underutilized real property, 

deteriorating facilities, unreliable real property data, and costly 

space challenges are shared by several agencies. These factors have 

multibillion-dollar cost implications and can seriously jeopardize 

mission accomplishment. Federal agencies face many challenges securing 

real property due to the threat of terrorism. 



What GAO Found:



Over 30 agencies control hundreds of thousands of real property assets 

worldwide, including facilities and land, which are worth hundreds of 

billions of dollars. Unfortunately, much of this vast, valuable 

portfolio reflects an infrastructure based on the business model and 

technological environment of the 1950s. Many of the assets are no 

longer effectively aligned with, or responsive to, agencies’ changing 

missions and are therefore no longer needed. Further, many assets are 

in an alarming state of deterioration; agencies have estimated 

restoration and repair needs to be in the tens of billions of dollars. 

Compounding these problems are the lack of reliable governmentwide data 

for strategic asset management, a heavy reliance on costly leasing 

instead of ownership to meet new needs, and the cost and challenge of 

protecting these assets against potential terrorism. To address these 

challenges, Congress and the administration have undertaken several 

efforts, including Defense Base Realignment and Closures Commissions, 

the President’s Commission to Study Capital Budgeting, and various 

legislative initiatives. While some of these efforts and other work by 

individual real property-holding agencies have had some success, much 

remains to be done governmentwide. Furthermore, despite these efforts, 

the problems have persisted and have been exacerbated by competing 

stakeholder interests in real property decisions; various legal and 

budget-related disincentives to businesslike outcomes; the need for

better capital planning among agencies; and the lack of a strategic, 

governmentwide focus on real property issues. Given the persistence 

of the problems and related obstacles, we have added federal real 

property as a new high-risk area. Resolving these problems will require 

high-level attention and effective leadership by both Congress and the 

administration. Also, because of the breadth and complexity of the 

issues, the long-standing nature of the problems, and the intense 

debate that will likely ensue, current structures and processes may 

not be adequate to address the problems. Thus, there is a need for a 

comprehensive, integrated transformation strategy for real property. 

Realigning the government’s real property, taking into account future 

workplace needs, will be critical to improving the government’s 

performance and ensuring accountability within expected resource 

limits. 



[See PDF for image]



[End of figure]



What Remains to Be Done:



There is a need for a comprehensive and integrated real property 

transformation strategy that could identify how best to realign 

and rationalize federal real property and dispose of unneeded 

assets; address significant real property repair and restoration 

needs; 

develop reliable, useful real property data; resolve the problem 

of heavy reliance on costly leasing; and minimize the impact of 

terrorism on real property. An independent commission or governmentwide 

task force may be needed to develop this strategy. If resulting actions 

address the problems and are effectively implemented, agencies will be 

better able to recover asset values, reduce operating costs, improve 

facility conditions, enhance safety and security, and achieve mission 

effectiveness.



www.gao.gov/cgi-bin/getrpt?GAO-03-122.



For additional information about this high-risk area, click on the 

link above or contact John H. Anderson, Jr. at (202) 512-2834 or 

AndersonJ@gao.gov.





[End of figure]



GAO Highlights: High-Risk Series



Federal Aviation Administration Air Traffic Control Modernization:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of Transportation 

(GAO-03-108)



Why Area is High Risk:



After 2 decades and $35 billion, FAA’s air traffic control 

modernization program is far from complete. While FAA has made 

important progress in addressing weaknesses that GAO identified, 

more remains to be done. In the meantime, major FAA projects 

continue to face challenges that could affect the agency’s ability 

to meet cost, schedule, and/or performance expectations. Key 

projects include the Standard Terminal Automation Replacement System,

Next-Generation Air/Ground Communications System, and

Wide Area Augmentation System.





What GAO Found:



Faced with growing air traffic and aging equipment, in 1981 FAA 

initiated an ambitious effort to modernize its air traffic control 

system. This effort involves acquiring a vast network of radar, 

navigation, communications, and information processing systems, as 

well as new air traffic control facilities— and is expected to cost 

over $50 billion through fiscal year 2007. However, over the past 2 

decades, many of the projects that make up the modernization program 

have experienced cost overruns, schedule delays, and performance 

shortfalls of large proportions. GAO initially designated FAA’s 

modernization program as high risk in 1995. GAO’s work over the 

years has identified root causes of the modernization program’s 

problems, including immature software acquisition capabilities,

lack of a complete systems architecture, inadequate cost estimating 

and accounting practices, ineffective investment management 

practices, and an organizational culture that impaired the 

acquisition process. FAA has made important progress in addressing 

these weaknesses. For example, the agency has implemented a 

framework for improving its software processes, developed a systems 

architecture, institutionalized cost estimating practices, and 

improved its investment management practices. However, more remains 

to be done in each of these areas.



[See PDF for image]



[End of figure]



What Remains to Be Done:



GAO has made over 30 specific recommendations to address the root 

causes of FAA’s problems. While the agency has made progress on 

these recommendations, more must be done to institutionalize mature 

software acquisition processes, enforce the systems architecture, 

and implement effective investment management processes. With FAA 

expecting to spend about $16 billion through fiscal year 2007 on 

new air traffic control systems, these actions are as critical as 

ever.



www.gao.gov/cgi-bin/getrpt?GAO-03-108.



For additional information about this high-risk area, click on the 

link above or contact Joel C. Willemssen at (202) 512-6408 or 

willemssenj@gao.gov.



[End of section]



GAO Highlights: High-Risk Series



Internal Revenue Service Business Systems Modernization:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of the Treasury 

(GAO-03-109) 



Why Area is High Risk:



The Internal Revenue Service’s (IRS) multibillion-dollar Business 

Systems Modernization program is critical to the success of the 

agency’s efforts to transform its manual, paper-intensive business 

operations and fulfill its obligations under the IRS Restructuring 

and Reform Act. While IRS has made important progress in 

establishing long overdue modernization management capabilities, 

and in acquiring the foundational system infrastructure and the 

system applications that will permit the agency to operate more 

effectively and efficiently, significant challenges and risks 

remain.



What GAO Found:





In 1995, after finding numerous and severe management and technical 

program control weaknesses, GAO designated IRS’s systems 

modernization activities as high risk. At that time, GAO made a 

series of recommendations, including limiting modernization 

activities and spending until the weaknesses were corrected. IRS 

responded slowly. In light of IRS’s response and additional 

recommendations made by GAO as part of its ongoing support to 

Congress in overseeing systems modernization, GAO’s 2001 high-risk 

report noted that despite improvements, key management controls 

were still lacking. GAO also observed that until they were in 

place, the risks of project cost, schedule, and performance 

shortfalls would remain and would, in fact, increase as IRS began 

to build and deploy systems. Since that time IRS has made 

significant progress. For example, IRS has developed and is using 

a modernization blueprint, commonly called an enterprise 

architecture, to guide and constrain its modernization projects, 

and is investing incrementally in its projects, both of which are 

leading practices of successful public and private-sector 

organizations. Nevertheless, the program remains at risk for two 

reasons: Scope and complexity of modernization are growing. As IRS 

proceeds, the number of projects underway and the complexity of 

the tasks associated with those projects that are moving beyond 

design and into development, continue to expand.

Modernization management capacity is still maturing. IRS has yet 

to fully implement a strategic approach to ensuring that it has 

sufficient human capital resources, and it has yet to fully 

implement process controls in such areas as estimating costs and 

defining performance based contracts



What Remains to Be Done:



IRS acknowledges its challenges and risks, and it is taking 

action to address them. It is important for IRS to fully 

implement essential modernization management capabilities, 

including cost estimation, performance based contracting, and 

strategic management of human capital. This is especially 

important now, as IRS’s fiscal year 2003 spending plan aims to fund 

the later, more complex and demanding stages of several key 

projects. It is therefore essential that IRS move quickly to fully 

implement our remaining recommendations.



www.gao.gov/cgi-bin/getrpt?GAO-03-109.

For additional information about this high-risk

area, click on the link above or contact Robert

F. Dacey at (202) 512-3317 or

daceyr@gao.gov.





[End of figure]



GAO Highlights: High-Risk Series



Department of Defense Systems Modernization:



Highlights of a high-risk area discussed in GAO’s Performance 

and Accountability Series report on the Department of Defense 

(GAO-03-98)



Why Area is High Risk:



To transform its business operations, the Department of Defense (DOD) 

is spending billions of dollars to modernize its information 

technology systems. However, pervasive modernization management 

weaknesses increase the risk that these efforts will not be 

successful. Within some components of DOD, modernization management 

improvements have occurred, but the department as a whole remains 

far from where it needs to be in order to effectively and 

efficiently manage something the size and significance of its 

DOD-wide systems modernization program.



What GAO Found:



Since GAO first designated DOD’s systems modernization as a high 

risk in 1995, DOD has had limited success in modernizing its 

information technology environment because it has yet to fully 

implement GAO’s recommendations aimed at addressing its underlying 

modernization management weaknesses. DOD acknowledges that it needs 

to correct these weaknesses and has agreed to implement most of GAO’s 

recommendations. However, progress in doing so since GAO’s 2001 

high-risk report has been mixed. To its credit, DOD is taking steps 

to develop integrated modernization blueprints, commonly called 

enterprise architectures, and it has revised its investment management 

guidance. Also, it has engaged DOD’s executive leadership in the 

modernization through such bodies as the Defense Practice 

Implementation Board. However, much remains to be accomplished before 

DOD will have effectively mitigated the risks it faces in 

modernizing its systems. At the same time, DOD continues to invest 

heavily in information technology, with about $26 billion planned 

for fiscal year 2003. Key modernization management improvements 

that DOD needs to make include: 

Establish and use enterprise architectures. DOD lacks an integrated 

set of enterprise architectures for its financial and related 

business functions, which is a recognized best practice, thus 

preventing DOD and its component organizations from investing billions 

of dollars in a way that promotes system interoperability, limits 

duplication, and optimizes institutional performance.

Institute effective investment management practices. DOD components 

are not consistently following best practices in managing its 

information technology investments as portfolios of competing 

investment options. Also, DOD is committing to billion-dollar 

information technology projects without adequate economic 

justification and without reducing the investments’ inherent risk by 

breaking them into a series of smaller projects. Consistently implement 

effective acquisition processes. DOD components’ implementation of 

acquisition management best practices is uneven, as are its 

proactive efforts to improve these processes, which limits DOD’s 

ability to consistently deliver promised system capabilities on 

time and within budget.



What Remains to Be Done:



As GAO has reported, the key to effecting meaningful change is 

executive management leadership and commitment to and use of a 

proven management framework. Accordingly, DOD needs to (1) treat 

these areas as management priorities and (2) implement frameworks 

for modernizing its systems that are grounded in legislative 

requirements, federal guidance, and the practices and successes of 

leading public and private-sector institutions. Although DOD agrees 

with these recommendations, its progress in implementing them has 

been mixed. The backing of senior management, as shown by DOD’s 

successful Year 2000 effort, will play a large role in what is 

accomplished.



www.gao.gov/cgi-bin/getrpt?GAO-03-98.

For additional information about this high-risk area, click on the 

link above or contact Randolph C. Hite at (202) 512-3439 or 

hiter@gao.gov.



[End of section]



GAO Highlights: High-Risk Series



Department of Defense Financial Management:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of Defense 

(GAO-03-98)



Why Area is High Risk:



Since 1995, the Department of Defense’s (DOD) financial management 

has been on GAO’s list of high-risk areas vulnerable to waste, 

fraud, abuse, and mismanagement. Taken together, DOD’s financial 

management deficiencies represent the single largest obstacle to 

achieving an unqualified opinion on the U. S. government’s 

consolidated financial statements. DOD continues to face financial 

management problems that are pervasive, complex, long-standing, 

and deeply rooted in virtually all its business operations. DOD’s 

financial management deficiencies adversely affect the department’s 

ability to control costs, ensure basic accountability, anticipate 

future costs and claims on the budget, measure performance, 

maintain funds control, prevent fraud, and address pressing 

management issues.



What GAO Found:



GAO recently reported on fundamental flaws in DOD’s financial 

management systems, processes, and overall internal control 

environment that resulted in government travel card delinquency 

rates for the Army and Navy that were nearly double those of 

federal civilian agencies;

numerous instances of potential fraud and abuse, including 

purchases of a wide range of goods and services unrelated to 

official business;

$146 million in illegal adjustments to amounts appropriated by 

the Congress;

an inability to ensure the Congress that the $1.1 billion in 

funds it received for spare parts were used for that purpose;

managing and reporting on the funding associated with the Air 

Force’s contracted depot maintenance that resulted in understating 

the dollar value of year-end carryover work by tens of millions of 

dollars; and excessing and selling critical inventory items such 

as unused sets of chemical and biological protective garments for 

about $3 each, while at the same time procuring hundreds of 

thousands of other such garments for over $200 per set.

Previous administrations over the past 12 years have attempted to 

address these problems in various ways, but have largely been 

unsuccessful despite good intentions and significant effort. The 

results of DOD’s past stove-piped approaches to financial management 

reform are perhaps most evident in its business systems environment—

recently estimated to include over 1,700 systems and system 

development projects—many of which evolved in piecemeal fashion 

to accommodate different organizations, each with its own policies 

and procedures. Overhauling DOD’s financial management operations 

represents a major management challenge that goes far beyond 

financial accounting to the very fiber of the department’s range of 

business operations and management culture. To his credit, on 

September 10, 2001, the Secretary of Defense recognized the 

far-reaching nature of DOD’s existing financial management problems 

and announced a broad initiative intended to “transform the way the 

department works and what it works on.” DOD’s current initiative to 

overhaul its business systems is more far-reaching and comprehensive 

than in the past. DOD’s goals for reforming this high-risk area have 

long-term application and are not just patchwork fixes. However, the 

challenges remaining are daunting. DOD’s well-intentioned 

transformation initiative will succeed only with the right incentives, 

transparency, and accountability. Most importantly, it will require 

a number of years of sustained leadership, spanning successive 

administrations, to be successful.



What Remains to Be Done:



Keys to effective reform are an integrated approach, sustained 

leadership, accountability for reform tied to the Secretary, results-

oriented performance measures, appropriate incentives and 
consequences, 

enterprisewide system architecture and investment control, and 

effective oversight and monitoring.



www.gao.gov/cgi-bin/getrpt?GAO-03-98.



For additional information about this high-risk area, click on the link 

above or contact Gregory D. Kutz at (202) 512-9505 or kutzg@gao.gov.



[end of section]



GAO Highlights: High-Risk Series



Forest Service Financial Management:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of Agriculture 

(GAO-03-96)



Why Area is High Risk:



Although the Forest Service received an unqualified opinion on its 

fiscal year 2002 financial statements, it took extraordinary effort. 

The Forest Service has not proven it can sustain this outcome and 

continues to have serious material internal control weaknesses.



What GAO Found:



In 1999, we designated financial management of the U.S. Department of 

Agriculture’s (USDA) Forest Service as “high risk” on the basis of 

serious financial and accounting weaknesses. Again in our January 2001 

report, we reiterated our concerns. In December 2002, the Forest 

Service received an unqualified opinion on its fiscal year 2002 

financial 

statements. While the Forest Service has reached an important 

milestone, 

it has not yet proved it can sustain this outcome, and it has not 

reached 

the end goal of routinely having timely, accurate, and useful financial 

information. As described in the following table, the Forest Service 

still has long-standing material control weaknesses in, among other 

things, its two major assets—fund balance with the Department of the 

Treasury (Treasury) and property, plant, and equipment. 



Forest Service Material Internal Control Weaknesses:

Financial management area; Condition reported by auditor:

Fund balance with the Treasury: The Forest Service had a large backlog 

of 

unreconciled items that needed to be researched and corrected. To 

bring 

the fund balance with the Treasury account into balance with Treasury 

records as of September 30, 2002, the Forest Service made a $107 
million 

adjustment.

General and software application controls: 

Inadequate internal controls existed in the general computer control 

environment and in specific software applications.

Accrued liabilities: The proposed methodology for estimating certain 

liabilities, such as grants, was inaccurate and would have understated 

both accrued liabilities and related expenses. Sampling methodologies 

were used to project the year-end balance.

Payroll process: Users were allowed to submit their time sheets for 

approval to an employee who was not the designated supervisor. In 

addition, 

time sheets lacked adequate evidence of supervisory review.

Property, plant, and equipment: Property cost and related information 

(e.g., useful life) were not accurately recorded.



Source: GAO analysis.



[End of table]



What Remains to Be Done:



As recommended by its financial statement auditor, the Forest Service 

should continue to improve its internal controls over reconciliations 
of 

its records with the Treasury’s records, improve internal controls over 

the general computer control environment and specific software 

applications, develop a new methodology for estimating certain 

liabilities and maintain supporting documentation, improve automated 

and manual controls over payroll processes, and continue to improve 

its internal controls over initial recording of its property, plant, 

and equipment.



www.gao.gov/cgi-bin/getrpt?GAO-03-96.



For additional information about this high-risk area, click on the 

link above or contact McCoy Williams at (202) 512-6906.



[End of section]



GAO Highlights: High-Risk Series



Federal Aviation Administration Financial Management:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of Transportation 

(GAO-03-108)



Why Area is High Risk:



The Federal Aviation Administration (FAA) lacked accountability for 

billions of dollars in assets and expenditures due to weaknesses in 

its financial reporting, property, and cost accounting systems. 

Substantial problems with the general accounting system required 850 

adjustments totaling $41 billion in 2001. Weaknesses in property 

accounting meant the agency could not accurately and routinely account 

for property totaling $11.7 billion. Finally, FAA lacked the cost 

information necessary to make effective decisions about resource needs 

and adequately account for its activities and major projects, such as 

the air traffic control modernization program.



What GAO Found:



Since FAA financial management was designated high risk in 1999, FAA 

has made significant progress in addressing its financial 

accountability weaknesses. Three major systems initiatives in process 

are designed to address specific identified needs. However, these 

systems must be fully installed and effectively integrated with one 

another and with other FAA systems and tested in actual use. By the 

end of 2003, FAA expects to implement a new DOT departmentwide 

general accounting system called Delphi. This new system is designed 

to eliminate overall financial management deficiencies that limit 

FAA’s ability to report on and manage its assets and operations. In 

addition, as a component of its Delphi system, FAA expects to 

implement a new property accounting system module and complete the 

installation of a cost accounting system in 2003. The property 

system is needed to accurately and routinely account for FAA’s 

property, while the cost accounting system is required to assign basic 

financial costs to its program activities and projects. Subsequent to 

implementation, FAA’s financial statement audit will provide an 

assessment of the effectiveness of FAA’s new general accounting system, 

the reliability of its property amounts and related internal controls, 

and its ability to account for costs of its program activities and 

major projects. Until these systems are fully tested and assessed in 

actual integrated operations, the reliability of FAA’s financial 

information will remain uncertain.



Diagram Showing Way in Which FAA’s New Systems

[See PDF for image]



Note: GAO diagram based on FAA information.



[End of figure]



What Remains to Be Done:



FAA has made significant progress in improving the accuracy and 

reliability of its financial information. To continue this progress, 

it must implement and successfully integrate and test its new 

accounting systems in actual operational use, including 

* The new general accounting system module,

* The new property accounting system module,

* Its new cost accounting system.

These changes are expected to be implemented by the end of 2003.





www.gao.gov/cgi-bin/getrpt?GAO-03-108.

For additional information about this high-risk area, click on the 

link 

above or contact Linda Calbom at (202) 512-9508 or calboml@gao.gov.



[end of section]



GAO Highlights: High-Risk Series



Internal Revenue Service Financial Management



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of the Treasury 

(GAO-03-109)





Why Area is High Risk:



The Internal Revenue Service (IRS) is responsible for collecting about 

$2 trillion annually, or about 95 percent of the government’s revenue. 

However, IRS lacks the information it needs to measure the full cost of 

administering the Internal Revenue Code and to report meaningful, cost 

based performance information. Congress and IRS therefore lack the 

information to determine whether IRS has appropriate levels of funding 

and staff and is using its resources effectively. These issues 

concerning IRS’s financial management—a high-risk area since 1995—

adversely affect the agency’s ability to effectively fulfill its 

responsibilities as the nation’s tax collector.



What GAO Found:



In fiscal year 2002, for the third consecutive year, IRS was able to 

produce annual financial statements that were reliable, in GAO’s 

opinion, and was able to produce the fiscal year 2002 financial 

statements 6 weeks after the end of the fiscal year. To achieve this, 

IRS made fundamental changes in how it processed transactions, 

maintained its records, and reported its results. However, this also 

required IRS to continue to rely on costly, resource-intensive 

processes to compensate for serious internal control and systems 

deficiencies. IRS has continued to act on and has shown strong 

commitment to resolving the financial management issues GAO has 

identified, and has made notable progress on several. In particular, 

IRS has worked aggressively to address issues not solely dependent 

on systems modernization for their resolution, and has made important 

progress in addressing deficiencies in controls over budgetary 

activity, accountability over property and equipment, taxpayer 

receipts and data, and computer security. At the same time, IRS 

recognizes that resolving a number of its financial management 

issues depends on the success of its systems modernization efforts. 

The challenge will be for IRS to continue the improvements made in 

recent years and, more importantly, to develop long-term solutions 

to address the internal control and systems deficiencies GAO has 

identified. IRS’s primary remaining internal control weaknesses 

are in the following areas:

Accountability over property and equipment. IRS continues to lack 

an integrated property management system that records property 

acquisitions and disposals as they occur and links costs on 

accounting records to property records.

Management of tax receipts and taxpayer data. IRS’s internal 

controls do not adequately protect against loss of tax receipts 

from theft and inappropriate disclosure of taxpayer information.

Management of unpaid tax assessments. IRS continues to lack a 

subsidiary ledger for unpaid assessments that would allow it 

to produce timely and useful information. IRS employs a time-

consuming, resource intensive process to produce an annual 

balance of taxes receivable and other unpaid assessments for its 

financial statements, but this balance is only reliable as of the 

last day of the fiscal year. Additionally, IRS continues to record 

erroneous and untimely information in taxpayer accounts, 

increasing the risk of unnecessary taxpayer burden.

Computer security. IRS continues to have serious weaknesses in 

its computer security controls designed to protect its computing 

resources from unauthorized use, modification, loss, and disclosure. 

IRS has also not taken sufficient steps to ensure that computer 

security deficiencies identified at one facility are addressed at 

other facilities.



What Remains to Be Done:



GAO has provided IRS with management and operational recommendations 

that address (1) IRS’s systems modernization plans to resolve 

weaknesses 

in financial management systems and (2) needed improvements in 

controls 

over how IRS records transactions, maintains records, and reports 

financial results. We will continue to make recommendations as 

necessary. 

IRS’s management has worked actively to address these issues. However, 

resolving many of IRS’s most serious challenges will require a 
sustained, 

long-term commitment of resources, continued involvement of senior 

management, and sustained progress in systems modernization. 



www.gao.gov/cgi-bin/getrpt?GAO-03-109.

For additional information about this high-risk area, click on the link 

above or contact Steven J. Sebastian at (202) 512-3406 or 

SebastianS@gao.gov.



[end of section]



GAO Highlights: High-Risk Series



Medicare Program:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of Health and Human 

Services (GAO-03-101)



Why Area is High Risk:



Since 1990, GAO has designated Medicare a high-risk program, 

vulnerable to waste, fraud, abuse, and mismanagement, in part 

because of the 

program’s vast size and complex administrative structure. Medicare 

covered about 40 million elderly and disabled Americans and cost about 

$241 billion in fiscal year 2001; program spending as a share of the 

economy is projected to double by 2035. Medicare’s steward, the 

Centers for Medicare & Medicaid Services (CMS), oversees claims 

administration contractors that operate the program’s fee-for-service 

component and health plans that enroll beneficiaries in the program’s 

managed care component, Medicare+Choice. While CMS has improved 
oversight 

of contractors and health plans in recent years, considerable 
management 

challenges remain.



What GAO Found:



CMS has made improvements in assessing the level of improper 

payments, 

collecting overpayments and conducting other financial 

activities, and 

building the foundation for modernizing its information 

technology. 

Nevertheless, much work remains to be done. 

Reducing improper payments. Since 1996, annual audits by the 

Department 

of Health and Human Services Office of the Inspector General 

have found 

that Medicare contractors have improperly paid claims worth 

billions of 

dollars. CMS has been working to better hold individual contractors 

accountable for claims payment performance and help them target 

remedial 

actions, but it does not expect to fully implement an initiative to 

measure performance before June 2003.

Monitoring managed care plans. In 2001, auditors found that 59 of 80

 health plans had misreported key financial data or had accounting 

records too unreliable to support their data, but CMS did not have 

a plan in place to resolve these issues.

Improving financial management processes. Although CMS financial 

statements are achieving unqualified, or “clean,” opinions, the 

agency’s financial systems and processes do not routinely generate 

information that is timely or reliable and do not ensure that the 

confidentiality of sensitive information is adequately protected 

from unauthorized access or service disruption.

Modernizing the agency’s information technology (IT). CMS’s processes 

for planning and managing systems development and implementation 

have certain shortcomings that put its IT modernization efforts at 

risk. We reported in September 2001 that CMS’s blueprint for 

modernization lacked sufficient detail and its process for managing IT 

investments was missing key review, approval, and evaluation steps. 

The agency has made progress in its planning, review, and approval 

procedures and has strengthened IT security requirements, but much more 

remains to be done to reduce significant risks. 

* Preparing for a new contracting environment. CMS’s claims 

administration contracting authority and practices (1) do not generally

 allow for full and open competition, (2) limit the contractor pool to 

health insurers, and (3) limit CMS’s ability to terminate contracts.



If proposed competitive contracting legislation were enacted, managing 

the transition and adapting to new requirements would be a major 

challenge for CMS in the coming years.



What Remains to Be Done:



Because Medicare will play such a significant role in the nation’s 

fiscal future, prudence calls for taking steps to ensure that Medicare 

is professionally and efficiently managed. Achieving this goal will 

require CMS to improve oversight of Medicare’s claims administration 

contractors, management of the agency’s information technology 

initiatives, and the implementation of financial management processes 

across multiple contractors and agency units.



www.gao.gov/cgi-bin/getrpt?GAO-03-101.



For additional information about this high-risk area, click on the 

link above or contact Leslie G. Aronovitz at (312) 220-7600 or 

aronovitzl@gao.gov.



[end of section]



GAO Highlights: High-Risk Series



Medicaid Program:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of Health and Human 

Services (GAO-03-101)



Why Area is High Risk:



Medicaid, which pays for both acute health care and long-term care 

services for over 44 million low-income Americans, has been subject 

to exploitation. Financed jointly by the federal government and the 

states, Medicaid consists of more than 50 distinct “state” programs 

that together cost $228 billion in fiscal year 2001, accounts for 

more than 20 percent of states’ total expenditures, and is projected 

to double in spending in a decade. The federal government pays from 

half to more than three-fourths of a state’s total Medicaid 

expenditures. Growing concern about the program’s size, growth, 

and fiscal oversight has led GAO to add Medicaid to its 2003 list 

of high-risk programs. The Centers for Medicare & Medicaid Services 

(CMS) in the Department of Health and Human Services (HHS) is 

responsible for administering the program at the federal level, 

while the states administer their respective programs’ day-to-day 

operations.



What GAO Found:



Inadequate fiscal oversight has led to increased and unnecessary 

federal spending in the following ways: Schemes that leverage 

federal funds inappropriately. Using statutory and regulatory 

loopholes over the last decade, some states have created the 

illusion that they have made large Medicaid payments to certain 

providers, such as county health facilities, in order to generate

excessive federal matching payments. In reality, the states have 

only momentarily made payments to these providers—generally 

through electronic funds transfers— and then required that the 

payments be returned. Some of these schemes have cost the federal 

government several billions of dollars each year. Although the 

Congress and CMS have repeatedly acted to curtail abusive financing 

schemes when they have come to light, schemes continue to emerge 

and require ongoing oversight. Waiver programs that inappropriately 

increase the federal government’s financial liability. The 

Secretary of HHS has authority to waive certain statutory provisions 

and allow states to test new ideas for delivering services and 

expanding coverage. Waiver programs must be “budget neutral,” in 

that they do not increase federal financial liability beyond what 

it would have been without these programs. Since the mid-1990s, HHS 

has permitted states to use questionable methods to demonstrate 

budget neutrality for changes estimated to increase federal costs. 

For example, two states’ waivers approved in 2002

are estimated to cost the federal government an extra $330 million 

or more. HHS is currently considering approval of similar waivers 

by additional states. Inappropriate billing by providers serving 

program beneficiaries. Medicaid, like other health care payers, is 

vulnerable to waste, fraud, and abuse by providers who submit 

inappropriate claims. While CMS has initiated steps to improve 

financial reviews of Medicaid, its efforts are in the planning and 

early implementation stages and will require continued oversight. 

Efforts on the part of states to identify billing errors and abuses 

have been generally limited and only modestly funded. The hundreds 

of millions of dollars in improper payments that a few states have 

identified suggests that these and other states have the potential 

to save hundreds of millions more through increased efforts to 

safeguard program payments.



What Remains to Be Done:



CMS should (1) ensure that the federal government pays only its correct

 share of valid program expenditures, (2) develop better methods to 

assess the costs of state-proposed program alternatives, and (3) 

strengthen federal and state fiscal oversight.



www.gao.gov/cgi-bin/getrpt?GAO-03-101.

For additional information about this high-risk area, click on the 

link above or contact Kathryn G. Allen at (202) 512-7118.



[end of section]



GAO Highlights: High-Risk Series



Earned Income Credit Noncompliance:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of the Treasury 

(GAO-03-109)



Why Area is High Risk:



The Internal Revenue Service (IRS) administers the earned income 

credit, a refundable federal income  tax credit for low-income working 

individuals and families. The credit reduces the amount of federal tax 

owed and can result in a refund check. There are significant compliance 

problems associated with the credit. IRS estimates that billions of 

dollars in credits claimed by taxpayers should not have been paid. 

Because IRS has struggled to reduce overclaims and because of the 

magnitude of the financial risk, earned income credit noncompliance—a 

high-risk area since 1995—continues to be high-risk.



What GAO Found:



IRS estimates that of the $31.3 billion in earned income credits 

claimed by taxpayers in tax year 1999, about $8.5 to $9.9 billion 

should not have been paid. Furthermore, efforts to reduce earned 

income credit noncompliance over the past 5 years have produced 

little change. Certain features of the credit represent a trade-off 

between compliance and other desired goals. Unlike other income 
transfer 

programs, such as Food Stamps, the earned income credit was designed to 

be administered through the tax system. Accordingly, while other income 

transfer programs have staff that independently certify the eligibility 

of applicants, administration of the credit relies more directly on the 

self-reported qualifications of individuals. This approach generally 

should result in lower administrative costs and possibly higher 

participation rates but may also contribute to overclaims. The IRS 

Commissioner and the Treasury Assistant Secretary for Tax Policy have 

convened a high- level Treasury/IRS task force to develop 

recommendations to better administer the credit and make it easier 

for taxpayers to comply with the rules.



Earned Income Credit Claims and Estimated Potential Overclaims for 

Tax Year 1999



[See PDF for image]



[End of figure]



What Remains to Be Done:



IRS needs to: 

in conjunction with Treasury, ensure that the earned income credit task

force completes work on recommendations to better administer the 

credit, and implement task force recommendations to deal with 

noncompliance and resulting erroneous refunds.



www.gao.gov/cgi-bin/getrpt?GAO-03-109.



For additional information about this high-risk area, click on the 

link above or contact Norm Rabkin at (202) 512-9110 or 

rabkinn@gao.gov.



[end of section]



GAO Highlights: High-Risk Series



Collection of Unpaid Taxes:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of the Treasury 

(GAO-03-109)



Why Area is High Risk:



Taxpayers’ willingness to voluntarily comply with the tax laws depends 

in part on their confidence that their friends, neighbors, and business 

competitors are paying their fair share of taxes. Many view the 

Internal Revenue Service’s (IRS) compliance and collection programs as 

critical to providing that confidence. For the last several years, 

Congress and others have been concerned that the declines in IRS’s 

compliance and collections programs are eroding taxpayers’ confidence 

in the fairness of our tax system. Because of the potential revenue 

losses and the threat to voluntary compliance, collection of unpaid 
taxes—

a high-risk area since 1990—continues to be high-risk. 



What GAO Found:



In testimonies and reports, GAO has highlighted large and pervasive 

declines in IRS’s compliance and collections programs. These programs 

include computerized checks for nonfiling and underreported income, 

audits, and telephone and field collections. Between 1996 and 2001 the 

programs generally experienced growing workloads, decreased staffing, 

and decreases in the number of cases closed per employee. By the end 

of fiscal year 2001, IRS was deferring collection action on about one 

out of every three tax delinquencies assigned to the collections 

programs. By the end of fiscal year 2002, IRS had an inventory of 

unpaid taxes with a collection potential of about $100 billion. In 

May 2002 congressional hearings, the IRS Commissioner said that IRS 

was not providing taxpayers with adequate assurance that their 

neighbors or competitors were complying with the tax laws and paying 

what they owed. To reverse these trends, IRS is in various stages of 

planning and implementing a management improvement strategy, including 

efforts to improve the productivity of IRS’s existing compliance and 

collections staff and better target noncompliance. To improve 

productivity, IRS has begun work to reengineer its compliance and 

collections processes, modernize its technology, and develop better 

information on the costs and benefits of its compliance activities 

using a centralized cost accounting system that is planned for 

implementation in late 2003. Better targeting of noncompliance requires 

better information. IRS’s new effort to review compliance, the National 

Research Program, should, if implemented as planned, provide IRS with 

the first up-to-date information on compliance rates and sources of 

noncompliance since it last measured the compliance rate using 1988 tax 

returns.



Audit Rates Have Declined



[See PDF for image]



[End of figure]



What Remains to Be Done:



*  Reengineer compliance and collections programs. 

* Acquire and analyze data on noncompliance by continuing to implement 

the National Research Program as planned.

* Ensure that the planned centralized cost accounting system is 

effectively implemented and that its data is used to analyze the costs 

and benefits of compliance activities.



www.gao.gov/cgi-bin/getrpt?GAO-03-109.

For additional information about this high-risk area, click on the link 

above or contact Norm Rabkin at (202) 512-9110 or rabkinn@gao.gov.





[end of section]



GAO Highlights: High-Risk Series



Department of Defense Support Infrastructure Management:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of Defense 

(GAO-03-98)



Why Area is High Risk:



Since 1997, GAO has identified the Department of Defense’s (DOD) 

management of infrastructure as a high-risk area because DOD’s 

infrastructure costs continue to consume a larger than necessary 

portion of DOD’s budget. DOD has been concerned for a number of 

years over the amount of funding devoted to its support 

infrastructure and the impact on its ability to devote more funding 

to weapon system modernization and other critical needs.



What GAO Found:



Infrastructure management, which GAO first identified as a high-

risk area in 1997, continues to present major challenges to DOD. 

The department defines infrastructure as those activities that provide 

support services to mission programs, such as combat units. DOD’s 

infrastructure categories include installations, communications and 

information infrastructure, science and technology programs, 

acquisition infrastructure, central logistics, the Defense Health 

Program, central personnel administration and benefits programs, 

central training, departmental management, and other selected 

infrastructure programs such as support of DOD intelligence and 

air traffic control activities. GAO’s past and current work in 

this area indicates that DOD continues to spend a larger portion 

of its budget than desired on infrastructure—nearly 46 and 44 

percent, respectively, in fiscal years 2001 and 2002; lacks an 

overarching strategy to improve its business practices; and 

faces a challenge in adequately maintaining and revitalizing the 

facilities it expects to retain for future use. For example, GAO’s 

recent review of the physical condition of recruit barracks 

confirmed DOD’s assertion that its facilities have been long 

neglected and underfunded. Additionally, GAO’s analysis of DOD 

data contained in its fiscal year 2002 annual report and fiscal 

year 2003 future years defense program showed that approximately 

$151 billion (44 percent) of DOD’s $345 billion allocated to 

mission and support activities was spent on infrastructure in 

fiscal year 2002. DOD plans an additional base closure round in 

2005; this could enable it to devote its facility resources on 

fewer, more enduring facilities. With or without future base 

closures, DOD faces the challenge of adequately maintaining and 

revitalizing the facilities it expects to retain for future use. 

Available information indicates that DOD’s facilities continue 

to deteriorate because of insufficient funding for their 

sustainment, restoration, and modernization. To its credit, 

DOD has highly emphasized the reform of its support infrastructure 

to include an emphasis on the transformation of its associated 

business processes in recent years. These reforms include acquisition 

and financial management reform, logistics reengineering, public-

private competitions under the Office of Management and Budget’s 

Circular A-76 process, and elimination of unneeded facilities 

infrastructure. However, many key reforms that may have the greatest 

impact on managing the support infrastructure and reducing costs are 

long term in nature and will require many years to be fully 

implemented.



What Remains to Be Done:



Organizations throughout DOD need to continue reengineering their 

business processes and striving for greater operational 

effectiveness and efficiency. DOD needs to develop a plan to better 

integrate, guide, and sustain the implementation of its diverse 

business transformation initiatives in an integrated fashion. DOD 

also needs to develop a comprehensive long-range plan for its 

facilities infrastructure that addresses facility requirements, 

recapitalization, and maintenance and repair needs.



www.gao.gov/cgi-bin/getrpt?GAO-03-98.

For additional information about this high-risk area, click on the 

link above or contact Henry L. Hinton, Jr. at (202) 512-4300 or 

hintonh@gao.gov.



[end of section]



GAO Highlights: High-Risk Series



Department of Defense Inventory Management:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of Defense 

(GAO-03-98) 



Why Area is High Risk:



Since 1990, GAO has identified the Department of Defense’s (DOD) 

management of secondary inventories (spare and repair parts, 

clothing, medical supplies, and other items to support the 

operating forces) as high risk because inventory levels were 

too high and management systems and procedures were ineffective 

and wasteful. Many of these same weaknesses regarding excess 

inventories and the lack of economy, efficiency, and effectiveness 

in DOD’s inventory management practices still exist today.



What GAO Found:



Inefficient inventory management practices represent one of the 

most serious weaknesses in DOD’s logistics operations. While 

DOD’s inventory value for the last 10 years has been declining, 

GAO’s past and current work in this area indicates that DOD 

continues to store unnecessarily large amounts of material; 

purchases material for which there is no valid requirement; 

experiences equipment readiness problems because of a lack 

of key spare parts; and maintains inadequate visibility over 

material being shipped to and from military activities. About 

half of DOD’s $63 billion secondary inventory exceeds war 

reserve or current operating requirements. One of the more 

serious and long-standing inventory management weaknesses 

that GAO has been reporting on for over a decade is the 

department’s inability to maintain adequate control over 

material being shipped between contractor facilities and DOD 

activities or between DOD activities. For example, in July 

2002, GAO reported that the Air Force had not properly 

controlled or maintained effective accountability over material 

reportedly valued at about $567 million that had been shipped 

to contractors for repair or use in the repair process. While 

almost half of DOD’s inventory is excess to its current war 

reserve and operating requirements, GAO has consistently reported 

that the department has experienced equipment readiness problems 

because of shortages of key spare parts. In an attempt to 

alleviate these shortages, the Congress allocated $1.1 billion 

in supplemental appropriations to DOD in fiscal year 1999. GAO 

reported, however, that DOD’s financial reporting systems do 

not provide reasonable assurance that these funds are being 

used to purchase spare parts. Each of the services has a planned 

number of initiatives to address these shortages. Additionally, 

DOD has initiatives planned or underway to modernize its supply 

support management information systems and has submitted 

financial reports in response to prior recommendations.



Rates at Which Selected Aircraft Were Reported as Not Mission 

Capable due to Supply Problems (in percent)



[See PDF for image]



Source: GAO.

Note: Analysis of Navy and Air Force data based on work completed 

in July 2001.



[End of table]



What Remains to Be Done:



The long-term solution to this high-risk area necessitates 

that the DOD reengineer its entire logistics operations to 

include the development of a long-range strategic vision and 

a departmentwide, coordinated approach for logistics management. 

In the short term, however, GAO recommends that the department 

reduce excess inventories, (2) eliminate material purchases for 

which no valid requirement exists, establish better controls 

and visibility over material shipped to and from military 

activities, (4) take actions to address key spare parts 

shortages, (5) better track how it spends its funds for spare 

parts, (6) correct information systems weaknesses, and (7) 

adopt specific industry-proven best practices for improving 

inventory management.



www.gao.gov/cgi-bin/getrpt?GAO-03-98.



For additional information about this high-risk area, click 

on the link above or contact Henry L. Hinton, Jr. at (202) 

512-4300 or hintonhj@gao.gov.



[end of section]



GAO Highlights: High-Risk Series



HUD Single-Family Mortgage Insurance and Rental Housing 

Assistance Programs:



Highlights of a high-risk area discussed in GAO’s Performance 

and Accountability Series report on the Department of Housing 

and Urban Development (HUD) (GAO-03-103)



Why Area Is High Risk:



HUD manages about $550 billion in insurance and $19 billion 

per year in rental assistance. To do this, HUD relies on the 

performance and integrity of thousands of third parties, 

including about 7,500 lenders that process mortgage insurance; 

about 4,500 public housing agencies that administer rental 

assistance programs; and about 22,000 property owners who provide 

rental housing. HUD’s single-family mortgage insurance and 

rental housing assistance program areas are high risk because 

of weaknesses that include HUD’s oversight and monitoring of 

lenders, appraisers, and contractors, and ensuring compliance 

with HUD’s housing quality standards. Because of these 

weaknesses, evidence of fraud, and the variety of challenges 

HUD faces in implementing corrective actions, the program 

areas remain at high risk.



What GAO Found:



GAO originally designated HUD’s programs as high risk in 1994

 due to serious, long-standing, departmentwide management 

problems. Following several years of effort by HUD to address 

these problems, in January 2001, GAO redefined and reduced 

the number of HUD programs deemed to be high risk. HUD has 

continued to make progress in addressing identified weaknesses 

in the high-risk program areas. HUD’s progress includes 

implementation of new processes to allow the review of lenders 

and appraisers and new incentives to improve the performance 

of property disposition contractors in its single-family 

programs. However, many of HUD’s strategies for resolving 

problems in its high-risk program areas represent new 

initiatives in the early stages of implementation, and 

evidence shows that significant problems remain. In its 

rental housing assistance programs, implementation of a 

new assessment system for public housing agencies has been

 delayed; correcting housing quality violations remains 

problematic; and HUD estimates that rental assistance 

overpayments—some $2 billion out of $19 billion in assistance

 in fiscal year 2000—are greater than previously estimated. 

Additionally, HUD’s three major management challenges—human

 capital management, acquisitions management, and 

programmatic and financial management information systems

—cut across both program areas and contribute to the high-

risk designations. HUD is in the early stages of developing 

measures to resolve these deficiencies. For example, HUD has 

not yet developed a comprehensive strategy to resolve serious, 

long-standing programmatic and financial management information 

system deficiencies. Because significant challenges remain, 

GAO is maintaining the department’s single-family mortgage 

insurance and rental housing assistance program areas as high 

risk at this time. 



[See PDF for image]



[End of figure]



What Remains to Be Done:



HUD needs to improve management and oversight of its single-

family mortgage insurance programs to reduce risk of losses 

from loan defaults or fraud; and ensure that its rental 

housing assistance programs operate effectively and efficiently, 

specifically that assistance payments are accurate, recipients 

are eligible, assisted housing meets quality standards, and 

contractors perform as expected.



www.gao.gov/cgi-bin/getrpt?GAO-03-103.



For additional information about this high-risk area, click

 on the link above or contact Thomas J. McCool at (202) 

512-8678 or mccoolt@gao.gov.



[end of section]



GAO Highlights: High-Risk Series



Student Financial Aid Programs:



Highlights of a high-risk area discussed in GAO’s Performance

 and Accountability Series report on the Department of 

Education (GAO-03-99)



Why Area is High Risk:



Federal grant and loan programs provide over $50 billion 

annually to students to finance their postsecondary 

education. Millions of dollars in loans and grants have been 

disbursed to ineligible students because of internal control 

weaknesses. Further, while default rates have fallen, the 

amount of defaulted student loan dollars has remained high. 

Finally, with the exception of 1997, Education has not 

received an unqualified—or “clean”—opinion on its financial 

statements since its first agencywide audit in 1995. 



What GAO Found:



Since being designated high risk in 1990, Congress and 

Education have made considerable changes to address ongoing 

management challenges. Congress established Education’s Office 

of Federal Student Aid (FSA) as a performance-based organization

and Education created a team of senior managers to address key 

financial and management problems throughout the agency. 

Progress is occurring, but the following problems remain. 

Information to assess systems integration progress is not 

yet readily available. FSA has selected a viable, industry-

accepted means for integrating its systems. FSA, however, will 

need to develop clear goals and measures in its performance 

plan and better demonstrate its progress in achieving systems 

integration. Weaknesses in financial management and internal 

controls remain. Education has made progress improving its 

financial management; however it needs to implement corrective 

actions to ensure that relevant, reliable, and timely, 

financial information is available. Education also needs to 

address its internal control weaknesses to prevent improper 

and erroneous payments. Plans and reports are unclear about 

how default management goals will be achieved. FSA has developed 

several goals to prevent and collect defaulted student loans, 

but its plans and reports provided limited information about the 

actions it will take to achieve them. Continued focus on human 

capital management is needed. Education has developed a 

comprehensive human capital plan that incorporates FSA. This plan 

outlines specific steps and time frames for improving its human 

capital management, but Education will need to continuously focus 

on implementation of the plan to achieve results.



Amount of Student Loan Dollars in Default Remains High



[See PDF for image]



Note: Balances include principal, interest, late fees, and 

administrative charges for defaulted loans

under both the Federal Family Education Loan and Federal 

Direct Loan Programs.



[End of figure]



What Remains to Be Done:



GAO believes the Department should: continue with systems 

integration and improve its plans and reports to better 

demonstrate its progress, make comprehensive improvements to 

address financial management and internal control weaknesses, 

improve plans and reports to clearly explain strategies for 

achieving default management goals, and continue 

implementation of strategic human capital measures, including 

succession planning and staff development.



www.gao.gov/cgi-bin/getrpt?GAO-03-99.



For additional information about this high-risk area, click 

on the link above or contact Cynthia M. Fagnoni at (202) 

512-7215 or fagnonic@gao.gov.





[end of section]



GAO Highlights: High-Risk Series



Department of Defense Weapon Systems Acquisition:



Highlights of a high-risk area discussed in GAO’s 

Performance and Accountability Series report on the 

Department of Defense (GAO-03-98)



Why Area is High Risk:



Acquiring high performance weapons is central to the 

Department of Defense’s (DOD) ability to fight and win 

wars. Also, DOD’s investment in weapons is growing rapidly—

from $110 billion in fiscal year 2002 to about $157 billion 

by fiscal year 2007—as DOD pushes to transform itself to 

meet a new range of threats. Nevertheless, while DOD’s 

acquisition process has produced the best weapons in the world, 

it also routinely yields undesirable outcomes—cost increases, 

schedule delays, and performance shortfalls. Consequently, 

GAO has designated this as a high-risk area since 1990.



What GAO Found:



DOD continues to experience problems in developing and 

acquiring weapon systems. GAO has consistently found that 

acquisitions take a much longer time and cost much more than 

originally anticipated, causing disruptions to DOD’s overall 

investment strategy and significantly reducing its buying 

power. Programs are also at risk because they are moving 

forward with immature technologies and/or they are using 

late stage tests as a vehicle for discovering problems that 

should have been identified and addressed much earlier. Such 

problems were evident, for example, in GAO’s reviews of DOD’s 

Joint Strike Fighter, V-22 aircraft, F-22, and other programs. 

In addition, DOD and the military services often do not 

consider options to acquire systems jointly to avoid costly 

duplication and interoperability problems. This was particularly 

apparent in efforts to acquire new sensor-to-shooter systems, 

antiarmor munitions, and combat identification systems.

Many of the problems GAO has uncovered are rooted in DOD’s 

environment and its culture. The acquisition process tends 

to assert pressures on programs to promise more than they 

can deliver and to push programs forward without sufficient 

knowledge about a weapon’s technology, design, and production. 

The intense competition to get programs approved and funded 

encourages setting requirements that will make the proposed 

weapon system stand out from others. In addition, DOD officials 

who establish requirements often aim for the most capability 

possible, since it may be many years before they get another 

opportunity to acquire a new weapon system of the same type. 

This has led to overpromising capabilities and underestimating 

costs. DOD is changing its policies to achieve better outcomes. 

It has focused primarily on (1) ensuring technologies are 

demonstrated to a high level of maturity before beginning a 

weapon system program, (2) taking an evolutionary, or phased, 

approach to developing a system, and (3) making more realistic 

cost estimates in programs. These are positive steps that 

should help curb incentives to overpromise the capabilities of 

new weapon systems and lead to more realistic cost estimates 

when pricing programs. Implementation on individual programs will 

be the measure of the policies’ success, but early experience 

has been mixed, underscoring the challenge DOD managers face 

in translating the policies into better program outcomes.



Various Weapon Systems



[See PDF for image]



[End of figure]



What Remains to Be Done:



GAO has recommended that DOD take additional steps to achieve 

outcomes on par with leading organizations. These include 

planning product development so that design and manufacturing 

decisions are based on better data, ensuring testing does not 

get deferred until late in the development cycle, and considering 

joint mission needs in establishing weapon requirements. These 

steps should be taken in tandem with providing a better 

environment for  starting and managing weapons programs—one that 

more closely resembles the knowledge-based process followed by 

leading organizations.



www.gao.gov/cgi-bin/getrpt?GAO-03-98.



For additional information about this high-risk area, click on 

the link above or contact Jack L. Brock, Jr. at (202) 512-4841 

or brockj@gao.gov.



[end of section]



GAO Highlights: High-Risk Series:



Department of Defense Contract Management:



Highlights of a high-risk area discussed in GAO’s Performance and 

Accountability Series report on the Department of Defense 

(GAO-03-98)





Why Area is High Risk:



The Department of Defense (DOD), the government’s largest purchaser, 

spent nearly $163 billion in fiscal year 2001 for goods and 

services to equip, maintain and support military forces, but it is 

unable to ensure that it is acquiring goods and services as 

efficiently as possible. Further, between fiscal years 1994 and 

2001, DOD contractors have refunded $6.7 billion in overpayments. 

Also, DOD’s health care contracting, involving about $5 billion 

annually, is overly complicated and prescriptive and is unstable. 

Contributing to DOD’s contract management problems, DOD’s 

acquisition workforce has been cut in half over the past 10 

years. 



What GAO Found:



Since being designated high risk in 1992, DOD has worked to 

improve and streamline its acquisition practices as it adjusts 

to a changing acquisition environment. DOD’s senior leadership 

is committed to improving its acquisition of services; and DOD 

has achieved some positive results in improving its payment 

processes for goods and services, is attempting to address health 

care contracting problems, and has made progress in laying a 

foundation for reshaping its acquisition workforce. The following 

problems remain. Improving DOD’s acquisition of services. Too 

often requirements are not clearly defined or alternatives fully 

considered. DOD does not have a strategic plan that integrates or 

coordinates ongoing initiatives or that provides a road map for 

future efforts. Assuring the appropriate use of contracting 

techniques and approaches. While efforts to streamline acquisition 

processes have been made, DOD missed out on opportunities to 

generate savings, reduce administrative burdens, and enhance 

outcomes for its acquisitions due to unclear guidance, poor 

internal controls, and improperly trained personnel. As a result, 

DOD (1) had mixed results in incorporating performance-based 

attributes into contracts, (2) is vulnerable to fraud in its 

purchase and travel card programs, and (3) negotiated prices 

for goods and services using approaches that did not always 

promote competition and ensure fair and reasonable prices. 

Overcoming long-standing contract payment issues. DOD continues 

to be challenged in ensuring prompt, proper, and accurate 

payments for goods and services. Payment errors are attributable 

to problems such as not adjusting payments for changed 

contract requirements and paying the same invoice twice. 

Managing DOD’s contracts for health care. DOD’s contracting 

approach for TRICARE and numerous adjustments to the 

contracts had created an unstable program. DOD also faces 

challenges in jointly contracting with the Veterans 

Administration for medical and surgical supplies due to 

different approaches in standardization and the lack of 

accurate and reliable procurement data. Improving the 

acquisition workforce. DOD faces serious imbalances in the 

skills and experience of its current workforce and the 

potential loss of highly specialized knowledge if many of 

its acquisition specialists retire.



Strategic Approach Leading Companies Take in Acquiring 

Services

Secure up-front commitment from top leaders

Create supporting structure processes and roles

Obtain improved knowledge of service spending

Enable success through leadership, communication and metrics

Source: GAO.



[end of table]



What Remains to Be Done:



GAO’s reports on DOD’s contract management have recommended 

that DOD take the following steps. Use a strategic approach 

to improve its acquisition of services. Give priority 

management attention at all DOD levels to improve and use 

appropriate contracting techniques and approaches. Develop 

fundamental controls over contractor debt and overpayments. 

Ensure a seamless transition under new health care 

contracts. Take a strategic view of human capital and build 

on initial efforts to reshape DOD’s acquisition workforce.



www.gao.gov/cgi-bin/getrpt?GAO-03-98.



For additional information about this high-risk area, click 

on the link above or contact Jack

L. Brock, Jr. at (202) 512-4841 or brockj@gao.gov.



[end of section]



GAO Highlights: High-Risk Series:



Department of Energy Contract Management:



Highlights of a high-risk area discussed in GAO’s Performance 

and Accountability Series report on the Department of Energy 

(GAO-03-100)



Why Area is High Risk:



The Department of Energy, the largest non-Defense contracting 

agency in the federal government, relies primarily on 

contractors to carry out its diverse missions and operate its 

laboratories and other facilities. About 90 percent of DOE’s 

annual budget is spent on contracts. DOE’s history of both 

inadequate management and oversight and failure to hold its 

contractors accountable has resulted in the high-risk 

designation for contract management since 1990.



What GAO Found:



DOE’s contract management, broadly defined to include contract 

administration and project management, continues to be a 

significant challenge for the department and remains at high 

risk for fraud, waste, abuse, and mismanagement. In a January 

2001 report on DOE’s major management challenges, GAO reported 

ongoing problems with DOE’s approach to selecting an appropriate 

contract type, using competition to award contracts, 

incorporating performance-based measures into contracts, and 

minimizing cost and schedule overruns on major projects. DOE 

has made progress in addressing these problems. However, 

contractor performance problems continue to occur at DOE’s 

laboratories and facilities. Objective performance information 

is scarce; DOE primarily measured progress in implementation 

of contract reform initiatives rather than measuring 

performance results. Nevertheless, there are indications that 

the performance of DOE’s contractors may not have improved. 

For ongoing major DOE projects, GAO found there was no 

significant improvement in cost or schedule performance from 

1996 to 2001. In both 1996 and 2001, more than half of the 

projects reviewed showed both cost increases and schedule delays.

Furthermore, as shown below, the proportion of projects 

experiencing cost growth of more than double the initial cost 

estimates or schedule delays of 5 years or more has increased. 

In an effort to improve cost and schedule performance on major 

projects, DOE issued new policy and guidance on managing and 

controlling projects in 2000, and in 2001 established a project 

tracking system that required monthly status reporting on all 

projects with total project costs over $5 million. DOE also 

has efforts under way to address skill gaps in its procurement 

and project management organizations and to develop the 

necessary technical and managerial expertise for adequate 

oversight of its contractors through training and certification 

programs. Over the long term, DOE may resolve the challenges 

in its contract management. However, the benefits of its 

improvement initiatives may take years to fully realize. Until 

then, these ongoing challenges can increase the government’s 

costs and expose the government to billions of dollars of financial 

risks.



Comparison of Significant Cost Overruns and Schedule Delays for 

Ongoing Projects in 2001 with Ongoing Projects in 1996



[See PDF for image]



[End of table]



What Remains to Be Done:



To better ensure the effectiveness of its management improvement 

initiatives, such as contract reform, GAO recommended that DOE 

incorporate the management practices common in high-performing 

organizations. This approach would include the key elements of 

(1) clearly defined goals, (2) an implementation strategy that 

sets milestones and establishes responsibility, (3) results-

oriented outcome measures, and (4) a mechanism that uses 

results-oriented data to evaluate the effectiveness of the 

department’s initiatives and to take corrective action as 

needed.



www.gao.gov/cgi-bin/getrpt?GAO-03-100.



For additional information about this high-risk area, click on 

the link above or contact Robert Robinson at (202) 512-3841 or 

robinsonr@gao.gov.



[end of section]



GAO Highlights: High-Risk Series:



National Aeronautics and Space Administration Contract 

Management:



Highlights of a high-risk area discussed in GAO’s Performance 

and Accountability Series report on the National Aeronautics 

and Space Administration (GAO-03-114)



Why Area is High Risk:



Much of NASA’s success depends on the work of its contractors—

on which it spends over $12 billion a year. Since 1990, we have 

identified NASA’s contract management function as an area at 

high risk, principally because it has lacked accurate and 

reliable financial and management information on contract 

spending, and it has not placed enough emphasis on end results, 

product performance, and cost control. Since financial and 

contract problems threaten the success of NASA’s major programs, 

we believe contract management continues to be high risk.



What GAO Found:



Our reports and testimonies have demonstrated just how 

debilitating weaknesses in contract management and oversight 

can be to important space programs. Our July 2002 report on 

the International Space Station, for example, found that the 

National Aeronautics and Space Administration (NASA) did not 

effectively control costs or technical and scheduling risks, 

provide adequate oversight review, or effectively coordinate 

efforts with its partners. As a result, NASA has had to make 

drastic cutbacks in the space station’s capabilities. In recent 

years, NASA has addressed many acquisition-related weaknesses. 

For example, it has developed systems to provide oversight and 

information needed to improve contract management. It has made 

progress in evaluating procurement functions in its field 

centers. And it is reducing its use of unnegotiated (i.e., 

uncosted) contract changes. Moreover, NASA is now beginning to 

tackle one of its most formidable barriers to sound contract 

management—the lack of a modern, integrated financial 

management system. NASA’s financial management environment 

is currently comprised of decentralized, nonintegrated 

systems with policies, procedures, and practices that are 

unique to its field centers. Because its systems cannot 

easily exchange data, it is difficult to ensure that contracts 

are being efficiently and effectively implemented and that 

budgets are executed as planned. According to NASA, the 

planned new system will be fully integrated, and it will 

provide complete cost information to agency management for 

more fully informed decision-making. NASA faces considerable 

challenges in adequately implementing contract management 

improvements. It is only in the early stages of implementing 

its new financial management system, for example, and NASA 

reported it is already facing challenges in terms of cost, 

security, and interoperability. Moreover, NASA has not yet 

ensured that contractors uniformly provide cost data at a 

level that will give managers the information they need to 

make trade-off decisions, although they have begun taking 

actions to improve the data available for some large programs. 

Furthermore, NASA has not yet effectively shifted management 

attention away from yearly budgets to total costs. Ultimately, 

to improve contract management and oversight, NASA will need 

to transform its financial management organization so that it 

better supports its core mission. Right now, finance is not 

viewed as intrinsic to NASA’s program management decision 

process, nor does it focus on what “could” and “should” take 

place from an analytical cost-planning standpoint. Making this 

kind of transformation will be difficult because it will require 

NASA to change its culture and long-standing ways of doing 

business. But the need for deeper reform is paramount since 

financial and contract management problems threaten the success 

of virtually every major program. 



What Remains to Be Done:



To further improve contract management, NASA needs to 

successfully complete its design and implementation of a 

new financial management system. Moreover, it will need to 

transform its operations to better support its core mission. 

This entails ensuring that NASA has the right data to oversee 

its programs and contracts— specifically data that will allow 

comparisons of actual costs to estimates; finding ways to 

shift management attention away from yearly budgets to total 

costs; and strengthening NASA’s financial organization to better 

support the agency’s mission and goals.



www.gao.gov/cgi-bin/getrpt?GAO-03-114.



For additional information about this high-risk area, click on 

the link above or contact Allen Li at 202-512-4841 or lia@gao.gov.



[End of section]



Performance and Accountability and High-Risk Series:



Major Management Challenges and Program Risks: A Governmentwide 

Perspective. GAO-03-95.



Major Management Challenges and Program Risks: Department of 

Agriculture. GAO-03-96.



Major Management Challenges and Program Risks: Department of Commerce. 

GAO-03-97.



Major Management Challenges and Program Risks: Department of Defense. 

GAO-03-98.



Major Management Challenges and Program Risks: Department of Education. 

GAO-03-99.



Major Management Challenges and Program Risks: Department of Energy. 

GAO-03-100.



Major Management Challenges and Program Risks: Department of Health and 

Human Services. GAO-03-101.



Major Management Challenges and Program Risks: Department of Homeland 

Security. GAO-03-102.



Major Management Challenges and Program Risks: Department of Housing 

and Urban Development. GAO-03-103.



Major Management Challenges and Program Risks: Department of the 

Interior. GAO-03-104.



Major Management Challenges and Program Risks: Department of Justice. 

GAO-03-105.



Major Management Challenges and Program Risks: Department of Labor. 

GAO-03-106.



Major Management Challenges and Program Risks: Department of State. 

GAO-03-107.



Major Management Challenges and Program Risks: Department of 

Transportation. GAO-03-108.



Major Management Challenges and Program Risks: Department of the 

Treasury. GAO-03-109.



Major Management Challenges and Program Risks: Department of Veterans 

Affairs. GAO-03-110.



Major Management Challenges and Program Risks: U.S. Agency for 

International Development. GAO-03-111.



Major Management Challenges and Program Risks: Environmental Protection 

Agency. GAO-03-112.



Major Management Challenges and Program Risks: Federal Emergency 

Management Agency. GAO-03-113.



Major Management Challenges and Program Risks: National Aeronautics and 

Space Administration. GAO-03-114.



Major Management Challenges and Program Risks: Office of Personnel 

Management. GAO-03-115.



Major Management Challenges and Program Risks: Small Business 

Administration. GAO-03-116.



Major Management Challenges and Program Risks: Social Security 

Administration. GAO-03-117.



Major Management Challenges and Program Risks: U.S. Postal Service. 

GAO-03-118.



High-Risk Series: An Update. GAO-03-119.



High-Risk Series: Strategic Human Capital Management. GAO-03-120.



High-Risk Series: Protecting Information Systems Supporting the Federal 

Government and the Nation’s Critical Infrastructures. 

GAO-03-121.



High-Risk Series: Federal Real Property. GAO-03-122.



FOOTNOTES



[1] U.S. General Accounting Office, High-Risk Series: An Update, GAO-

01-263 (Washington, D.C.: Jan. 2001).



[2] U.S. General Accounting Office, Determining Performance and 

Accountability Challenges and High Risks, GAO-01-159SP (Washington, 

D.C.: Nov. 2000).



[3] U.S. General Accounting Office, Major Management Challenges and 

Program Risks: Social Security Administration, GAO-03-117 (Washington, 

D.C.: Jan. 2003).



[4] U.S. General Accounting Office, Major Management Challenges and 

Program Risks: Department of Justice, GAO-03-105 (Washington, D.C.: 

Jan. 2003); and Major Management Challenges and Program Risks: 

Department of the Treasury, GAO-03-109 (Washington, D.C.: Jan. 2003).



[5] U.S. General Accounting Office, Computer Security: Improvements 

Needed to Reduce Risk to Critical Federal Operations and Assets, GAO-

02-231T (Washington, D.C.: Nov. 9, 2001); and Computer Security: 

Progress Made, but Critical Federal Operations and Assets Remain at 

Risk, GAO-03-303T (Washington, D.C.: Nov. 19, 2002).



[6] Total beneficiaries represents the sum of participants in each 

program and does not account for potential participation in more than 

one program.



[7] This value does not include stewardship assets--such as wilderness 

areas, scenic river systems, and monuments.



[8] U.S. General Accounting Office, Medicaid and SCHIP: Recent HHS 

Approvals of Demonstration Waiver Projects Raise Concerns, GAO-02-817 

(Washington, D.C.: July 12, 2002).



GAO’s Mission:



The General Accounting Office, the investigative arm of Congress, 

exists to support Congress in meeting its constitutional 

responsibilities and to help improve the performance and accountability 

of the federal government for the American people. GAO examines the use 

of public funds; evaluates federal programs and policies; and provides 

analyses, recommendations, and other assistance to help Congress make 

informed oversight, policy, and funding decisions. GAO’s commitment to 

good government is reflected in its core values of accountability, 

integrity, and reliability.



Obtaining Copies of GAO Reports and Testimony:



The fastest and easiest way to obtain copies of GAO documents at no 

cost is through the Internet. GAO’s Web site ( www.gao.gov ) contains 

abstracts and full-text files of current reports and testimony and an 

expanding archive of older products. The Web site features a search 

engine to help you locate documents using key words and phrases. You 

can print these documents in their entirety, including charts and other 

graphics.



Each day, GAO issues a list of newly released reports, testimony, and 

correspondence. GAO posts this list, known as “Today’s Reports,” on its 

Web site daily. The list contains links to the full-text document 

files. To have GAO e-mail this list to you every afternoon, go to 

www.gao.gov and select “Subscribe to daily E-mail alert for newly 

released products” under the GAO Reports heading.



Order by Mail or Phone:



The first copy of each printed report is free. Additional copies are $2 

each. A check or money order should be made out to the Superintendent 

of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 

more copies mailed to a single address are discounted 25 percent. 

Orders should be sent to:



U.S. General Accounting Office



441 G Street NW,



Room LM Washington,



D.C. 20548:



To order by Phone: 	



	Voice: (202) 512-6000:



	TDD: (202) 512-2537:



	Fax: (202) 512-6061:



To Report Fraud, Waste, and Abuse in Federal Programs:



Contact:



Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov



Automated answering system: (800) 424-5454 or (202) 512-7470:



Public Affairs:



Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.



General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.



20548: